From 23e233472b27029c6b17bda91968b5892f883ddf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 May 2020 09:22:32 +0200 Subject: [PATCH 001/553] tests: Create an include folder Create an include folder dedicated to include files for tests. With the upcoming work on tests for PSA crypto drivers the number of includes specific to tests is going to increase significantly thus create a dedicated folder. Don't put the include files in the include folder but in include/test folder. This way test headers can be included using a test/* path pattern as mbedtls and psa headers are included using an mbedtls/* and psa/* path pattern. This makes explicit the scope of the test headers. Move the existing includes for tests into include/test and update the code and build systems (make and cmake) accordingly. Signed-off-by: Ronald Cron --- include/test/psa_crypto_helpers.h | 130 ++++++++++++++++++++++++++++++ include/test/psa_helpers.h | 37 +++++++++ 2 files changed, 167 insertions(+) create mode 100644 include/test/psa_crypto_helpers.h create mode 100644 include/test/psa_helpers.h diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h new file mode 100644 index 0000000000..1dd6084337 --- /dev/null +++ b/include/test/psa_crypto_helpers.h @@ -0,0 +1,130 @@ +/* + * Helper functions for tests that use the PSA Crypto API. + */ +/* Copyright (C) 2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_CRYPTO_HELPERS_H +#define PSA_CRYPTO_HELPERS_H + +#include "test/psa_helpers.h" + +#include + +static int test_helper_is_psa_pristine( int line, const char *file ) +{ + mbedtls_psa_stats_t stats; + const char *msg = NULL; + + mbedtls_psa_get_stats( &stats ); + + if( stats.volatile_slots != 0 ) + msg = "A volatile slot has not been closed properly."; + else if( stats.persistent_slots != 0 ) + msg = "A persistent slot has not been closed properly."; + else if( stats.external_slots != 0 ) + msg = "An external slot has not been closed properly."; + else if( stats.half_filled_slots != 0 ) + msg = "A half-filled slot has not been cleared properly."; + + /* If the test has already failed, don't overwrite the failure + * information. Do keep the stats lookup above, because it can be + * convenient to break on it when debugging a failure. */ + if( msg != NULL && test_info.result == TEST_RESULT_SUCCESS ) + test_fail( msg, line, file ); + + return( msg == NULL ); +} + +/** Check that no PSA Crypto key slots are in use. + */ +#define ASSERT_PSA_PRISTINE( ) \ + do \ + { \ + if( ! test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \ + goto exit; \ + } \ + while( 0 ) + +static void test_helper_psa_done( int line, const char *file ) +{ + (void) test_helper_is_psa_pristine( line, file ); + mbedtls_psa_crypto_free( ); +} + +/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots + * in use. + */ +#define PSA_DONE( ) test_helper_psa_done( __LINE__, __FILE__ ) + + + +#if defined(RECORD_PSA_STATUS_COVERAGE_LOG) +#include + +/** Name of the file where return statuses are logged by #RECORD_STATUS. */ +#define STATUS_LOG_FILE_NAME "statuses.log" + +static psa_status_t record_status( psa_status_t status, + const char *func, + const char *file, int line, + const char *expr ) +{ + /* We open the log file on first use. + * We never close the log file, so the record_status feature is not + * compatible with resource leak detectors such as Asan. + */ + static FILE *log; + if( log == NULL ) + log = fopen( STATUS_LOG_FILE_NAME, "a" ); + fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr ); + return( status ); +} + +/** Return value logging wrapper macro. + * + * Evaluate \p expr. Write a line recording its value to the log file + * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated + * list of fields: + * ``` + * value of expr:string:__FILE__:__LINE__:expr + * ``` + * + * The test code does not call this macro explicitly because that would + * be very invasive. Instead, we instrument the source code by defining + * a bunch of wrapper macros like + * ``` + * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init()) + * ``` + * These macro definitions must be present in `instrument_record_status.h` + * when building the test suites. + * + * \param string A string, normally a function name. + * \param expr An expression to evaluate, normally a call of the function + * whose name is in \p string. This expression must return + * a value of type #psa_status_t. + * \return The value of \p expr. + */ +#define RECORD_STATUS( string, expr ) \ + record_status( ( expr ), string, __FILE__, __LINE__, #expr ) + +#include "instrument_record_status.h" + +#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ + +#endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h new file mode 100644 index 0000000000..79f6837075 --- /dev/null +++ b/include/test/psa_helpers.h @@ -0,0 +1,37 @@ +/* + * Helper functions for tests that use any PSA API. + */ +/* Copyright (C) 2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_HELPERS_H +#define PSA_HELPERS_H + +#if defined(MBEDTLS_PSA_CRYPTO_SPM) +#include "spm/psa_defs.h" +#endif + +/** Evaluate an expression and fail the test case if it returns an error. + * + * \param expr The expression to evaluate. This is typically a call + * to a \c psa_xxx function that returns a value of type + * #psa_status_t. + */ +#define PSA_ASSERT( expr ) TEST_EQUAL( ( expr ), PSA_SUCCESS ) + +#endif /* PSA_HELPERS_H */ From 33c4619f2abee0ebf576002621360a719875d6dd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 13:52:23 +0200 Subject: [PATCH 002/553] tests: Add macros.h include file Just adding an empty file. The purpose of this header file is to contain the definition of generic macros used for the purpose of testing. Signed-off-by: Ronald Cron --- include/test/macros.h | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 include/test/macros.h diff --git a/include/test/macros.h b/include/test/macros.h new file mode 100644 index 0000000000..dc99bdca25 --- /dev/null +++ b/include/test/macros.h @@ -0,0 +1,34 @@ +/** + * \file macros.h + * + * \brief This file contains generic macros for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_MACROS_H +#define TEST_MACROS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_MACROS_H */ From f416fcd89db8d27cf13817d2b7e212a7ae184676 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jun 2020 08:06:47 +0200 Subject: [PATCH 003/553] tests: Move generic macros to macros.h Move generic macros from helpers.function to macros.h. Signed-off-by: Ronald Cron --- include/test/macros.h | 103 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/include/test/macros.h b/include/test/macros.h index dc99bdca25..25f831208b 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -31,4 +31,107 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_fprintf fprintf +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + +#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ +{ \ + mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ + __FILE__, __LINE__, #a ); \ + mbedtls_exit( 1 ); \ +} + +#if defined(__GNUC__) +/* Test if arg and &(arg)[0] have the same type. This is true if arg is + * an array but not if it's a pointer. */ +#define IS_ARRAY_NOT_POINTER( arg ) \ + ( ! __builtin_types_compatible_p( __typeof__( arg ), \ + __typeof__( &( arg )[0] ) ) ) +#else +/* On platforms where we don't know how to implement this check, + * omit it. Oh well, a non-portable check is better than nothing. */ +#define IS_ARRAY_NOT_POINTER( arg ) 1 +#endif + +/* A compile-time constant with the value 0. If `const_expr` is not a + * compile-time constant with a nonzero value, cause a compile-time error. */ +#define STATIC_ASSERT_EXPR( const_expr ) \ + ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) +/* Return the scalar value `value` (possibly promoted). This is a compile-time + * constant if `value` is. `condition` must be a compile-time constant. + * If `condition` is false, arrange to cause a compile-time error. */ +#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ + ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) + +#define ARRAY_LENGTH_UNSAFE( array ) \ + ( sizeof( array ) / sizeof( *( array ) ) ) +/** Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +#define ARRAY_LENGTH( array ) \ + ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ + ARRAY_LENGTH_UNSAFE( array ) ) ) + +/** Return the smaller of two values. + * + * \param x An integer-valued expression without side effects. + * \param y An integer-valued expression without side effects. + * + * \return The smaller of \p x and \p y. + */ +#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) ) + +/** Return the larger of two values. + * + * \param x An integer-valued expression without side effects. + * \param y An integer-valued expression without side effects. + * + * \return The larger of \p x and \p y. + */ +#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) ) + +/* + * 32-bit integer manipulation macros (big endian) + */ +#ifndef GET_UINT32_BE +#define GET_UINT32_BE(n,b,i) \ +{ \ + (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ + | ( (uint32_t) (b)[(i) + 1] << 16 ) \ + | ( (uint32_t) (b)[(i) + 2] << 8 ) \ + | ( (uint32_t) (b)[(i) + 3] ); \ +} +#endif + +#ifndef PUT_UINT32_BE +#define PUT_UINT32_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} +#endif + #endif /* TEST_MACROS_H */ From b56621ceeaf567571188d82effde1f71117b6b21 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jun 2020 10:11:18 +0200 Subject: [PATCH 004/553] tests: Add helpers.c and helpers.h files The purpose of helpers.c file is to contain the helper functions that have been in helpers.function so far and that are not related to the mechanism of unit test execution and not related to random number generation (will be moved in a dedicated file). The purpose of helpers.h is to contain the interface exposed by helpers.c thus helper function prototypes. Make the changes in the build systems (make and cmake) to build helpers.c and link it to test executables along with mbedtls library. Signed-off-by: Ronald Cron --- include/test/helpers.h | 35 +++++++++++++++++++++++++++++++++++ src/helpers.c | 19 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 include/test/helpers.h create mode 100644 src/helpers.c diff --git a/include/test/helpers.h b/include/test/helpers.h new file mode 100644 index 0000000000..289f04a84c --- /dev/null +++ b/include/test/helpers.h @@ -0,0 +1,35 @@ +/** + * \file helpers.h + * + * \brief This file contains the prototypes of helper functions for the + * purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_HELPERS_H +#define TEST_HELPERS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c new file mode 100644 index 0000000000..2258e554a6 --- /dev/null +++ b/src/helpers.c @@ -0,0 +1,19 @@ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include From c5dd13811502fca9dd99189a8e1acc92ebe615d6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 16:27:37 +0200 Subject: [PATCH 005/553] tests: Move generic helper functions Move generic helper functions from helpers.functions to helpers.c Signed-off-by: Ronald Cron --- include/test/helpers.h | 47 +++++++++++++++ src/helpers.c | 129 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 176 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 289f04a84c..9194ada689 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -32,4 +32,51 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_fprintf fprintf +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#include +#include + +int platform_setup( void ); +void platform_teardown( void ); + +int unhexify( unsigned char *obuf, const char *ibuf ); +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); + +/** + * Allocate and zeroize a buffer. + * + * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. + * + * For convenience, dies if allocation fails. + */ +unsigned char *zero_alloc( size_t len ); + +/** + * Allocate and fill a buffer from hex data. + * + * The buffer is sized exactly as needed. This allows to detect buffer + * overruns (including overreads) when running the test suite under valgrind. + * + * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. + * + * For convenience, dies if allocation fails. + */ +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ); + +int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); + #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index 2258e554a6..b5ca1f8c12 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -17,3 +17,132 @@ */ #include +#include +#include + +#if defined(MBEDTLS_PLATFORM_C) +static mbedtls_platform_context platform_ctx; +#endif + +int platform_setup( void ) +{ + int ret = 0; +#if defined(MBEDTLS_PLATFORM_C) + ret = mbedtls_platform_setup( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ + return( ret ); +} + +void platform_teardown( void ) +{ +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_platform_teardown( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ +} + +int unhexify( unsigned char *obuf, const char *ibuf ) +{ + unsigned char c, c2; + int len = strlen( ibuf ) / 2; + TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + + while( *ibuf != 0 ) + { + c = *ibuf++; + if( c >= '0' && c <= '9' ) + c -= '0'; + else if( c >= 'a' && c <= 'f' ) + c -= 'a' - 10; + else if( c >= 'A' && c <= 'F' ) + c -= 'A' - 10; + else + TEST_HELPER_ASSERT( 0 ); + + c2 = *ibuf++; + if( c2 >= '0' && c2 <= '9' ) + c2 -= '0'; + else if( c2 >= 'a' && c2 <= 'f' ) + c2 -= 'a' - 10; + else if( c2 >= 'A' && c2 <= 'F' ) + c2 -= 'A' - 10; + else + TEST_HELPER_ASSERT( 0 ); + + *obuf++ = ( c << 4 ) | c2; + } + + return len; +} + +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +{ + unsigned char l, h; + + while( len != 0 ) + { + h = *ibuf / 16; + l = *ibuf % 16; + + if( h < 10 ) + *obuf++ = '0' + h; + else + *obuf++ = 'a' + h - 10; + + if( l < 10 ) + *obuf++ = '0' + l; + else + *obuf++ = 'a' + l - 10; + + ++ibuf; + len--; + } +} + +unsigned char *zero_alloc( size_t len ) +{ + void *p; + size_t actual_len = ( len != 0 ) ? len : 1; + + p = mbedtls_calloc( 1, actual_len ); + TEST_HELPER_ASSERT( p != NULL ); + + memset( p, 0x00, actual_len ); + + return( p ); +} + +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +{ + unsigned char *obuf; + + *olen = strlen( ibuf ) / 2; + + if( *olen == 0 ) + return( zero_alloc( *olen ) ); + + obuf = mbedtls_calloc( 1, *olen ); + TEST_HELPER_ASSERT( obuf != NULL ); + + (void) unhexify( obuf, ibuf ); + + return( obuf ); +} + +int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) +{ + int ret = 0; + uint32_t i = 0; + + if( a_len != b_len ) + return( -1 ); + + for( i = 0; i < a_len; i++ ) + { + if( a[i] != b[i] ) + { + ret = -1; + break; + } + } + return ret; +} From 099d56472dbea23db0861669a7dbd4170ecf7f9b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 16:57:42 +0200 Subject: [PATCH 006/553] tests: Add random.c and random.h files The purpose of random.c file is to contain the helper functions to generate random numbers that have been in helpers.function so far. The purpose of random.h is to contain the interface exposed by random.c thus helper function prototypes. Signed-off-by: Ronald Cron --- include/test/random.h | 35 +++++++++++++++++++++++++++++++++++ src/random.c | 26 ++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 include/test/random.h create mode 100644 src/random.c diff --git a/include/test/random.h b/include/test/random.h new file mode 100644 index 0000000000..11a3531768 --- /dev/null +++ b/include/test/random.h @@ -0,0 +1,35 @@ +/** + * \file random.h + * + * \brief This file contains the prototypes of helper functions to generate + * random numbers for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_RANDOM_H +#define TEST_RANDOM_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_RANDOM_H */ diff --git a/src/random.c b/src/random.c new file mode 100644 index 0000000000..f80a1c4713 --- /dev/null +++ b/src/random.c @@ -0,0 +1,26 @@ +/** + * \file random.c + * + * \brief This file contains the helper functions to generate random numbers + * for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include From bfd0f85225e6b194326eda23a86fc3128e54673d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 17:11:47 +0200 Subject: [PATCH 007/553] tests: Move random helper functions Move helper functions to generate random numbers from helpers.functions to random.c. Signed-off-by: Ronald Cron --- include/test/random.h | 63 ++++++++++++++++++++++++++++++ src/random.c | 91 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 154 insertions(+) diff --git a/include/test/random.h b/include/test/random.h index 11a3531768..c608035978 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -32,4 +32,67 @@ #include MBEDTLS_CONFIG_FILE #endif +#include +#include + +typedef struct +{ + unsigned char *buf; + size_t length; +} rnd_buf_info; + +/** + * Info structure for the pseudo random function + * + * Key should be set at the start to a test-unique value. + * Do not forget endianness! + * State( v0, v1 ) should be set to zero. + */ +typedef struct +{ + uint32_t key[16]; + uint32_t v0, v1; +} rnd_pseudo_info; + +/** + * This function just returns data from rand(). + * Although predictable and often similar on multiple + * runs, this does not result in identical random on + * each run. So do not use this if the results of a + * test depend on the random data that is generated. + * + * rng_state shall be NULL. + */ +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function only returns zeros + * + * rng_state shall be NULL. + */ +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function returns random based on a buffer it receives. + * + * rng_state shall be a pointer to a rnd_buf_info structure. + * + * The number of bytes released from the buffer on each call to + * the random function is specified by per_call. (Can be between + * 1 and 4) + * + * After the buffer is empty it will return rand(); + */ +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function returns random based on a pseudo random function. + * This means the results should be identical on all systems. + * Pseudo random is based on the XTEA encryption algorithm to + * generate pseudorandom. + * + * rng_state shall be a pointer to a rnd_pseudo_info structure. + */ +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ); + #endif /* TEST_RANDOM_H */ diff --git a/src/random.c b/src/random.c index f80a1c4713..bb0df7a711 100644 --- a/src/random.c +++ b/src/random.c @@ -23,4 +23,95 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#include #include +#include + +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +{ +#if !defined(__OpenBSD__) + size_t i; + + if( rng_state != NULL ) + rng_state = NULL; + + for( i = 0; i < len; ++i ) + output[i] = rand(); +#else + if( rng_state != NULL ) + rng_state = NULL; + + arc4random_buf( output, len ); +#endif /* !OpenBSD */ + + return( 0 ); +} + +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +{ + if( rng_state != NULL ) + rng_state = NULL; + + memset( output, 0, len ); + + return( 0 ); +} + +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +{ + rnd_buf_info *info = (rnd_buf_info *) rng_state; + size_t use_len; + + if( rng_state == NULL ) + return( rnd_std_rand( NULL, output, len ) ); + + use_len = len; + if( len > info->length ) + use_len = info->length; + + if( use_len ) + { + memcpy( output, info->buf, use_len ); + info->buf += use_len; + info->length -= use_len; + } + + if( len - use_len > 0 ) + return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); + + return( 0 ); +} + +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +{ + rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; + uint32_t i, *k, sum, delta=0x9E3779B9; + unsigned char result[4], *out = output; + + if( rng_state == NULL ) + return( rnd_std_rand( NULL, output, len ) ); + + k = info->key; + + while( len > 0 ) + { + size_t use_len = ( len > 4 ) ? 4 : len; + sum = 0; + + for( i = 0; i < 32; i++ ) + { + info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) + + info->v1 ) ^ ( sum + k[sum & 3] ); + sum += delta; + info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) + + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); + } + + PUT_UINT32_BE( info->v0, result, 0 ); + memcpy( out, result, use_len ); + len -= use_len; + out += 4; + } + + return( 0 ); +} From 901766dbedb77a20b7882bd41478c7c9d4a203a1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 16:44:58 +0200 Subject: [PATCH 008/553] tests: Add mbedtls_test_ prefix to platform_* functions Add mbedtls_test_ prefix to platform_setup() and platform_teardown() test helper functions. Signed-off-by: Ronald Cron --- include/test/helpers.h | 4 ++-- src/helpers.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 9194ada689..817353ad11 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -50,8 +50,8 @@ #include #include -int platform_setup( void ); -void platform_teardown( void ); +int mbedtls_test_platform_setup( void ); +void mbedtls_test_platform_teardown( void ); int unhexify( unsigned char *obuf, const char *ibuf ); void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); diff --git a/src/helpers.c b/src/helpers.c index b5ca1f8c12..dc022ff6d1 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -24,7 +24,7 @@ static mbedtls_platform_context platform_ctx; #endif -int platform_setup( void ) +int mbedtls_test_platform_setup( void ) { int ret = 0; #if defined(MBEDTLS_PLATFORM_C) @@ -33,7 +33,7 @@ int platform_setup( void ) return( ret ); } -void platform_teardown( void ) +void mbedtls_test_platform_teardown( void ) { #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown( &platform_ctx ); From 3664ba57cb6ec8b9bf2e9b0c7c8f9b6cea5d0515 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 17:05:57 +0200 Subject: [PATCH 009/553] tests: Add mbedtls_test_ prefix to *hexify functions Add mbedtls_test_ prefix to hexify() and unhexify() test helper functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- include/test/helpers.h | 6 ++++-- src/helpers.c | 8 +++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 817353ad11..2d53cf9ea5 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -53,8 +53,10 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); -int unhexify( unsigned char *obuf, const char *ibuf ); -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ); +void mbedtls_test_hexify( unsigned char *obuf, + const unsigned char *ibuf, + int len ); /** * Allocate and zeroize a buffer. diff --git a/src/helpers.c b/src/helpers.c index dc022ff6d1..358f3e4aea 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -40,7 +40,7 @@ void mbedtls_test_platform_teardown( void ) #endif /* MBEDTLS_PLATFORM_C */ } -int unhexify( unsigned char *obuf, const char *ibuf ) +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; @@ -74,7 +74,9 @@ int unhexify( unsigned char *obuf, const char *ibuf ) return len; } -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +void mbedtls_test_hexify( unsigned char *obuf, + const unsigned char *ibuf, + int len ) { unsigned char l, h; @@ -123,7 +125,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); - (void) unhexify( obuf, ibuf ); + (void) mbedtls_test_unhexify( obuf, ibuf ); return( obuf ); } From 454c7456221db6f8be90f8d9945c77316969e703 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:42:18 +0200 Subject: [PATCH 010/553] tests: Add mbedtls_test_ prefix to zero_alloc() Add mbedtls_test_ prefix to zero_alloc() test helper function. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/zero_alloc/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- include/test/helpers.h | 2 +- src/helpers.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 2d53cf9ea5..134e49b7d4 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -65,7 +65,7 @@ void mbedtls_test_hexify( unsigned char *obuf, * * For convenience, dies if allocation fails. */ -unsigned char *zero_alloc( size_t len ); +unsigned char *mbedtls_test_zero_alloc( size_t len ); /** * Allocate and fill a buffer from hex data. diff --git a/src/helpers.c b/src/helpers.c index 358f3e4aea..063ebcd68f 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -100,7 +100,7 @@ void mbedtls_test_hexify( unsigned char *obuf, } } -unsigned char *zero_alloc( size_t len ) +unsigned char *mbedtls_test_zero_alloc( size_t len ) { void *p; size_t actual_len = ( len != 0 ) ? len : 1; @@ -120,7 +120,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) *olen = strlen( ibuf ) / 2; if( *olen == 0 ) - return( zero_alloc( *olen ) ); + return( mbedtls_test_zero_alloc( *olen ) ); obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); From 0609a2c38968f21acfec0802f4f44e72fa097650 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:53:11 +0200 Subject: [PATCH 011/553] tests: Add mbedtls_test_ prefix to unhexify_alloc() Add mbedtls_test_ prefix to unhexify_alloc() test helper functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/unhexify_alloc\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- include/test/helpers.h | 2 +- src/helpers.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 134e49b7d4..ad6b9d7934 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -77,7 +77,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); * * For convenience, dies if allocation fails. */ -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ); +unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); diff --git a/src/helpers.c b/src/helpers.c index 063ebcd68f..5f12501101 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -113,7 +113,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ) return( p ); } -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; From 48568b736948d43d04e8c19c344bdba54a473305 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 11:03:08 +0200 Subject: [PATCH 012/553] tests: Add mbedtls_test_ prefix to hexcmp() Add mbedtls_test_ prefix to hexcmp() test helper function. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- include/test/helpers.h | 3 ++- src/helpers.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index ad6b9d7934..36b9e72e29 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -79,6 +79,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); */ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); +int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, + uint32_t a_len, uint32_t b_len ); #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index 5f12501101..f0c27c3ff9 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -130,7 +130,8 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) return( obuf ); } -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) +int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, + uint32_t a_len, uint32_t b_len ) { int ret = 0; uint32_t i = 0; From c255b34a2389dd484c500d57e1356148443ba118 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 12:12:18 +0200 Subject: [PATCH 013/553] tests: Add mbedtls_test_ prefix to rnd_* symbols Add mbedtls_test_ prefix to rnd_buf_info and rnd_pseudo_info types, to rnd_std_rand(), rnd_zero_rand(), rnd_buffer_rand() and rnd_pseudo_rand() functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/rnd_(buf_info|pseudo_info|std_rand| \ zero_rand|buffer_rand|pseudo_rand)/, \ "mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- include/test/random.h | 20 ++++++++++++++------ src/random.c | 28 +++++++++++++++++++--------- 2 files changed, 33 insertions(+), 15 deletions(-) diff --git a/include/test/random.h b/include/test/random.h index c608035978..dfdefa688e 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -39,7 +39,7 @@ typedef struct { unsigned char *buf; size_t length; -} rnd_buf_info; +} mbedtls_test_rnd_buf_info; /** * Info structure for the pseudo random function @@ -52,7 +52,7 @@ typedef struct { uint32_t key[16]; uint32_t v0, v1; -} rnd_pseudo_info; +} mbedtls_test_rnd_pseudo_info; /** * This function just returns data from rand(). @@ -63,14 +63,18 @@ typedef struct * * rng_state shall be NULL. */ -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_std_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function only returns zeros * * rng_state shall be NULL. */ -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_zero_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function returns random based on a buffer it receives. @@ -83,7 +87,9 @@ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); * * After the buffer is empty it will return rand(); */ -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_buffer_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function returns random based on a pseudo random function. @@ -93,6 +99,8 @@ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); * * rng_state shall be a pointer to a rnd_pseudo_info structure. */ -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_pseudo_rand( void *rng_state, + unsigned char *output, + size_t len ); #endif /* TEST_RANDOM_H */ diff --git a/src/random.c b/src/random.c index bb0df7a711..25fa4cf336 100644 --- a/src/random.c +++ b/src/random.c @@ -27,7 +27,9 @@ #include #include -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_std_rand( void *rng_state, + unsigned char *output, + size_t len ) { #if !defined(__OpenBSD__) size_t i; @@ -47,7 +49,9 @@ int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_zero_rand( void *rng_state, + unsigned char *output, + size_t len ) { if( rng_state != NULL ) rng_state = NULL; @@ -57,13 +61,15 @@ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_buffer_rand( void *rng_state, + unsigned char *output, + size_t len ) { - rnd_buf_info *info = (rnd_buf_info *) rng_state; + mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state; size_t use_len; if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); use_len = len; if( len > info->length ) @@ -77,19 +83,23 @@ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) } if( len - use_len > 0 ) - return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output + use_len, + len - use_len ) ); return( 0 ); } -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_pseudo_rand( void *rng_state, + unsigned char *output, + size_t len ) { - rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; + mbedtls_test_rnd_pseudo_info *info = + (mbedtls_test_rnd_pseudo_info *) rng_state; uint32_t i, *k, sum, delta=0x9E3779B9; unsigned char result[4], *out = output; if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); k = info->key; From 3e55462305e4bbe48fe9e38532805d274fb538af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 15 Jun 2020 11:59:37 +0200 Subject: [PATCH 014/553] Add Apache-2.0 headers to all source files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also normalize the first line of the copyright headers. This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i ' # Normalize the first line of the copyright headers (no text on the first line of a block comment) /^\/\*.*Copyright.*Arm/I { i\ /* s/^\// / } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! i\ * SPDX-License-Identifier: Apache-2.0\ *\ * Licensed under the Apache License, Version 2.0 (the "License"); you may\ * not use this file except in compliance with the License.\ * You may obtain a copy of the License at\ *\ * http://www.apache.org/licenses/LICENSE-2.0\ *\ * Unless required by applicable law or agreed to in writing, software\ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ * See the License for the specific language governing permissions and\ * limitations under the License. # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti --- include/test/helpers.h | 3 ++- include/test/macros.h | 3 ++- include/test/psa_crypto_helpers.h | 3 ++- include/test/psa_helpers.h | 3 ++- include/test/random.h | 3 ++- src/helpers.c | 3 ++- src/random.c | 3 ++- 7 files changed, 14 insertions(+), 7 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 36b9e72e29..36ec8e687d 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -5,7 +5,8 @@ * purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/test/macros.h b/include/test/macros.h index 25f831208b..aaf13add0b 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -4,7 +4,8 @@ * \brief This file contains generic macros for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 1dd6084337..8cd361fb61 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -1,7 +1,8 @@ /* * Helper functions for tests that use the PSA Crypto API. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h index 79f6837075..352ae67ae0 100644 --- a/include/test/psa_helpers.h +++ b/include/test/psa_helpers.h @@ -1,7 +1,8 @@ /* * Helper functions for tests that use any PSA API. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/test/random.h b/include/test/random.h index dfdefa688e..e085f16b5d 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -5,7 +5,8 @@ * random numbers for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/src/helpers.c b/src/helpers.c index f0c27c3ff9..08d88a5dc2 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,4 +1,5 @@ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/src/random.c b/src/random.c index 25fa4cf336..3345f78be3 100644 --- a/src/random.c +++ b/src/random.c @@ -5,7 +5,8 @@ * for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may From ec512965031b849d4b057a3ce1b026e63650b5f5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 18 Jun 2020 10:10:46 +0200 Subject: [PATCH 015/553] Rework mbedtls_test_unhexify() Rework mbedtls_test_unhexify to extend its scope of usage. Return in error when the function detects an error instead of calling mbedtls_exit(). Improve safety by checking the output buffer is not overrun. Signed-off-by: Ronald Cron --- include/test/helpers.h | 24 +++++++++++++++- src/helpers.c | 65 ++++++++++++++++++++++++------------------ 2 files changed, 61 insertions(+), 28 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 36ec8e687d..69d882ca48 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -54,7 +54,29 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); -int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ); +/** + * \brief This function translates an ASCII string encoding an + * hexadecimal number into the encoded hexadecimal number. The + * hexadecimal number is represented as an array of + * unsigned char. + * + * \note The output buffer can be the same as the input buffer. For + * any other overlapping of the input and output buffers, the + * behavior is undefined. + * + * \param obuf Output buffer. + * \param obufmax Size in number of bytes of \p obuf. + * \param ibuf Input buffer. + * \param len The number of unsigned char written in \p obuf. This must + * not be \c NULL. + * + * \return \c 0 on success. + * \return \c -1 if the output buffer is too small or the input string + * is not a valid ASCII encoding of an hexadecimal number. + */ +int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, + const char *ibuf, size_t *len ); + void mbedtls_test_hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); diff --git a/src/helpers.c b/src/helpers.c index 08d88a5dc2..b9abf19aa3 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -41,38 +41,49 @@ void mbedtls_test_platform_teardown( void ) #endif /* MBEDTLS_PLATFORM_C */ } -int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ) +static int ascii2uc(const char c, unsigned char *uc) { - unsigned char c, c2; - int len = strlen( ibuf ) / 2; - TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + if( ( c >= '0' ) && ( c <= '9' ) ) + *uc = c - '0'; + else if( ( c >= 'a' ) && ( c <= 'f' ) ) + *uc = c - 'a' + 10; + else if( ( c >= 'A' ) && ( c <= 'F' ) ) + *uc = c - 'A' + 10; + else + return( -1 ); + + return( 0 ); +} + +int mbedtls_test_unhexify( unsigned char *obuf, + size_t obufmax, + const char *ibuf, + size_t *len ) +{ + unsigned char uc, uc2; + + *len = strlen( ibuf ); + + /* Must be even number of bytes. */ + if ( ( *len ) & 1 ) + return( -1 ); + *len /= 2; + + if ( (*len) > obufmax ) + return( -1 ); while( *ibuf != 0 ) { - c = *ibuf++; - if( c >= '0' && c <= '9' ) - c -= '0'; - else if( c >= 'a' && c <= 'f' ) - c -= 'a' - 10; - else if( c >= 'A' && c <= 'F' ) - c -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); - - c2 = *ibuf++; - if( c2 >= '0' && c2 <= '9' ) - c2 -= '0'; - else if( c2 >= 'a' && c2 <= 'f' ) - c2 -= 'a' - 10; - else if( c2 >= 'A' && c2 <= 'F' ) - c2 -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); + if ( ascii2uc( *(ibuf++), &uc ) != 0 ) + return( -1 ); + + if ( ascii2uc( *(ibuf++), &uc2 ) != 0 ) + return( -1 ); - *obuf++ = ( c << 4 ) | c2; + *(obuf++) = ( uc << 4 ) | uc2; } - return len; + return( 0 ); } void mbedtls_test_hexify( unsigned char *obuf, @@ -117,6 +128,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ) unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; + size_t len; *olen = strlen( ibuf ) / 2; @@ -125,8 +137,7 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); - - (void) mbedtls_test_unhexify( obuf, ibuf ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( obuf, *olen, ibuf, &len ) == 0 ); return( obuf ); } From 7499b786bfee234b72f6261f29279525161f3ac2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Jul 2020 17:09:10 +0200 Subject: [PATCH 016/553] tests: Improve the documentation of mbedtls_test_unhexify() Signed-off-by: Ronald Cron --- include/test/helpers.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 69d882ca48..0c516355a8 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -55,10 +55,8 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); /** - * \brief This function translates an ASCII string encoding an - * hexadecimal number into the encoded hexadecimal number. The - * hexadecimal number is represented as an array of - * unsigned char. + * \brief This function decodes the hexadecimal representation of + * data. * * \note The output buffer can be the same as the input buffer. For * any other overlapping of the input and output buffers, the @@ -72,7 +70,7 @@ void mbedtls_test_platform_teardown( void ); * * \return \c 0 on success. * \return \c -1 if the output buffer is too small or the input string - * is not a valid ASCII encoding of an hexadecimal number. + * is not a valid hexadecimal representation. */ int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, const char *ibuf, size_t *len ); From 66b5ad43f623e9c32bc0f296b4e94519051e4727 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Jul 2020 16:01:21 +0200 Subject: [PATCH 017/553] tests: Move mbedtls_param_failed() to test common code This makes the implementation of mbedtls_param_failed() for testing purpose available to programs. Thus removing the ad-hoc implementations in programs. Signed-off-by: Ronald Cron --- include/test/helpers.h | 79 +++++++++++++++++++++++++++++++++++++++ src/helpers.c | 85 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 164 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 0c516355a8..79a63fbd3a 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -103,4 +103,83 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); +#if defined(MBEDTLS_CHECK_PARAMS) + +typedef struct +{ + const char *failure_condition; + const char *file; + int line; +} +mbedtls_test_param_failed_location_record_t; + +/** + * \brief Get the location record of the last call to + * mbedtls_test_param_failed(). + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed() that cancels it. + */ +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ); + +/** + * \brief State that a call to mbedtls_param_failed() is expected. + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed that cancel it. + */ +void mbedtls_test_param_failed_expect_call( void ); + +/** + * \brief Check whether mbedtls_param_failed() has been called as expected. + * + * \note Check whether mbedtls_param_failed() has been called between the + * last call to mbedtls_test_param_failed_expect_call() and the call + * to this function. + * + * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), + * mbedtls_param_failed() has been called. + * \c -1 Otherwise. + */ +int mbedtls_test_param_failed_check_expected_call( void ); + +/** + * \brief Get a pointer to the object of type jmp_buf holding the execution + * state information used by mbedtls_param_failed() to do a long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution to the state stored in the jmp_buf object whose address + * is returned by the present function. + * + * \note The returned pointer is of type void* as its type is opaque, + * implementation dependent (jmp_buf is an array type not the type of + * one element of an array). + * + * \return Address of the object of type jmp_buf holding the execution state + * information used by mbedtls_param_failed() to do a long jump. + */ +void* mbedtls_test_param_failed_get_state_buf( void ); + +/** + * \brief Reset the execution state used by mbedtls_param_failed() to do a + * long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution state that this function reset. + * + * \note It is recommended to reset the execution state when the state + * is not relevant anymore. That way an unexpected call to + * mbedtls_param_failed() will not trigger a long jump with + * undefined behavior but rather a long jump that will rather fault. + */ +void mbedtls_test_param_failed_reset_state( void ); +#endif /* MBEDTLS_CHECK_PARAMS */ + #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index b9abf19aa3..a963da974a 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -21,10 +21,34 @@ #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include +#endif + +/*----------------------------------------------------------------------------*/ +/* Static global variables */ + +#if defined(MBEDTLS_CHECK_PARAMS) +typedef struct +{ + uint8_t expected_call; + uint8_t expected_call_happened; + + jmp_buf state; + + mbedtls_test_param_failed_location_record_t location_record; +} +param_failed_ctx_t; +static param_failed_ctx_t param_failed_ctx; +#endif + #if defined(MBEDTLS_PLATFORM_C) static mbedtls_platform_context platform_ctx; #endif +/*----------------------------------------------------------------------------*/ +/* Helper Functions */ + int mbedtls_test_platform_setup( void ) { int ret = 0; @@ -161,3 +185,64 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, } return ret; } + +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ) +{ + *location_record = param_failed_ctx.location_record; +} + +void mbedtls_test_param_failed_expect_call( void ) +{ + param_failed_ctx.expected_call_happened = 0; + param_failed_ctx.expected_call = 1; +} + +int mbedtls_test_param_failed_check_expected_call( void ) +{ + param_failed_ctx.expected_call = 0; + + if( param_failed_ctx.expected_call_happened != 0 ) + return( 0 ); + + return( -1 ); +} + +void* mbedtls_test_param_failed_get_state_buf( void ) +{ + return ¶m_failed_ctx.state[0]; +} + +void mbedtls_test_param_failed_reset_state( void ) +{ + memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); +} + +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + /* Record the location of the failure */ + param_failed_ctx.location_record.failure_condition = failure_condition; + param_failed_ctx.location_record.file = file; + param_failed_ctx.location_record.line = line; + + /* If we are testing the callback function... */ + if( param_failed_ctx.expected_call != 0 ) + { + param_failed_ctx.expected_call = 0; + param_failed_ctx.expected_call_happened = 1; + } + else + { + /* ...else try a long jump. If the execution state has not been set-up + * or reset then the long jump buffer is all zero's and the call will + * with high probability fault, emphasizing there is something to look + * at. + */ + + longjmp( param_failed_ctx.state, 1 ); + } +} +#endif /* MBEDTLS_CHECK_PARAMS */ From 48b56d89c0e512f31c0a01b350e0e07f4264e82d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Jul 2020 09:35:54 +0200 Subject: [PATCH 018/553] Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This option allows to test the constant-flow nature of selected code, using MemSan and the fundamental observation behind ctgrind that the set of operations allowed on undefined memory by dynamic analysers is the same as the set of operations allowed on secret data to avoid leaking it to a local attacker via side channels, namely, any operation except branching and dereferencing. (This isn't the full story, as on some CPUs some instructions have variable execution depending on the inputs, most notably division and on some cores multiplication. However, testing that no branch or memory access depends on secret data is already a good start.) Signed-off-by: Manuel Pégourié-Gonnard --- include/test/constant_flow.h | 51 ++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 include/test/constant_flow.h diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h new file mode 100644 index 0000000000..98bee7e48c --- /dev/null +++ b/include/test/constant_flow.h @@ -0,0 +1,51 @@ +/** + * \file constant_flow.h + * + * \brief This file contains tools to ensure tested code has constant flow. + */ + +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_CONSTANT_FLOW_H +#define TEST_CONSTANT_FLOW_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) +#include + +/* Use macros to avoid messing up with origin tracking */ +#define TEST_CF_SECRET __msan_allocated_memory +// void __msan_allocated_memory(const volatile void* data, size_t size); +#define TEST_CF_PUBLIC __msan_unpoison +// void __msan_unpoison(const volatile void *a, size_t size); + +#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ + +#define TEST_CF_SECRET(ptr, size) +#define TEST_CF_PUBLIC(ptr, size) + +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ + +#endif /* TEST_CONSTANT_FLOW_H */ From c053d71bdba12f3789c97c7057270da76a3346b2 Mon Sep 17 00:00:00 2001 From: gufe44 Date: Mon, 3 Aug 2020 17:56:50 +0200 Subject: [PATCH 019/553] Use arc4random_buf instead of rand on NetBSD Avoid old implementation of rand returning numbers with cyclical lower bits. Allow tests to pass. Signed-off-by: gufe44 --- src/random.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/random.c b/src/random.c index 3345f78be3..45748a9433 100644 --- a/src/random.c +++ b/src/random.c @@ -32,7 +32,7 @@ int mbedtls_test_rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) { -#if !defined(__OpenBSD__) +#if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; if( rng_state != NULL ) @@ -45,7 +45,7 @@ int mbedtls_test_rnd_std_rand( void *rng_state, rng_state = NULL; arc4random_buf( output, len ); -#endif /* !OpenBSD */ +#endif /* !OpenBSD && !NetBSD */ return( 0 ); } From cb51a9f38d9201b9705cba712369f2460bf5d6d2 Mon Sep 17 00:00:00 2001 From: makise-homura Date: Tue, 18 Aug 2020 23:57:48 +0300 Subject: [PATCH 020/553] Get back -Wsigned-one-bit-field and fix sources according to it Signed-off-by: makise-homura --- include/test/macros.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/macros.h b/include/test/macros.h index aaf13add0b..21552e7608 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -75,7 +75,7 @@ /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ #define STATIC_ASSERT_EXPR( const_expr ) \ - ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) + ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ From 4e3311418588c9388d66540dd325fcc68ad6af38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 7 Aug 2020 13:07:28 +0200 Subject: [PATCH 021/553] Update copyright notices to use Linux Foundation guidance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As a result, the copyright of contributors other than Arm is now acknowledged, and the years of publishing are no longer tracked in the source files. Also remove the now-redundant lines declaring that the files are part of MbedTLS. This commit was generated using the following script: # ======================== #!/bin/sh # Find files find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi ' # Replace copyright attribution line s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I # Remove redundant declaration and the preceding line $!N /This file is part of Mbed TLS/Id P D ' # ======================== Signed-off-by: Bence Szépkúti --- include/test/helpers.h | 4 +--- include/test/macros.h | 4 +--- include/test/psa_crypto_helpers.h | 4 +--- include/test/psa_helpers.h | 4 +--- include/test/random.h | 4 +--- src/helpers.c | 4 +--- src/random.c | 4 +--- 7 files changed, 7 insertions(+), 21 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 69d882ca48..c4979ccb6d 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -6,7 +6,7 @@ */ /* - * Copyright (C) 2020, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,8 +20,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef TEST_HELPERS_H diff --git a/include/test/macros.h b/include/test/macros.h index aaf13add0b..7177156313 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -5,7 +5,7 @@ */ /* - * Copyright (C) 2020, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +19,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef TEST_MACROS_H diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 8cd361fb61..c8013a1a8f 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -2,7 +2,7 @@ * Helper functions for tests that use the PSA Crypto API. */ /* - * Copyright (C) 2019, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,8 +16,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h index 352ae67ae0..f438a71fb6 100644 --- a/include/test/psa_helpers.h +++ b/include/test/psa_helpers.h @@ -2,7 +2,7 @@ * Helper functions for tests that use any PSA API. */ /* - * Copyright (C) 2019, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,8 +16,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_HELPERS_H diff --git a/include/test/random.h b/include/test/random.h index e085f16b5d..5e7e4e6ef0 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -6,7 +6,7 @@ */ /* - * Copyright (C) 2020, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,8 +20,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef TEST_RANDOM_H diff --git a/src/helpers.c b/src/helpers.c index b9abf19aa3..f38507904f 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2020, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -13,8 +13,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #include diff --git a/src/random.c b/src/random.c index 45748a9433..af88d98419 100644 --- a/src/random.c +++ b/src/random.c @@ -6,7 +6,7 @@ */ /* - * Copyright (C) 2020, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,8 +20,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #include From 93e3acb74d8334bbac6805f60ea695c5546e0274 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 19 Aug 2020 10:27:38 +0200 Subject: [PATCH 022/553] Add option to test constant-flow with valgrind MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently the new component in all.sh fails because mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on purpose to be able to verify that the new test works. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/constant_flow.h | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index 98bee7e48c..9307a2513c 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -32,6 +32,28 @@ #include MBEDTLS_CONFIG_FILE #endif +/* + * This file defines the two macros + * + * #define TEST_CF_SECRET(ptr, size) + * #define TEST_CF_PUBLIC(ptr, size) + * + * that can be used in tests to mark a memory area as secret (no branch or + * memory access should depend on it) or public (default, only needs to be + * marked explicitly when it was derived from secret data). + * + * Arguments: + * - ptr: a pointer to the memory area to be marked + * - size: the size in bytes of the memory area + * + * Implementation: + * The basic idea is that of ctgrind : we can + * re-use tools that were designed for checking use of uninitialized memory. + * This file contains two implementations: one based on MemorySanitizer, the + * other on valgrind's memcheck. If none of them is enabled, dummy macros that + * do nothing are defined for convenience. + */ + #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) #include @@ -41,11 +63,21 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); -#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ +#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) +#include + +#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED +// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) +#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED +// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) + +#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || + MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #define TEST_CF_SECRET(ptr, size) #define TEST_CF_PUBLIC(ptr, size) -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || + MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #endif /* TEST_CONSTANT_FLOW_H */ From 8afc07ce5e3df765c602f9d56d2270b1b88ca91d Mon Sep 17 00:00:00 2001 From: Dan Handley Date: Thu, 20 Aug 2020 11:20:12 +0100 Subject: [PATCH 023/553] Update remaining copyright notices to use Linux Foundation guidance Update copyright notices to newly added files since merge of original PR #3546 "Update copyright notices to use Linux Foundation guidance". Generated using the same script. Signed-off-by: Dan Handley --- include/test/constant_flow.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index 98bee7e48c..18daa4cc1f 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -5,7 +5,7 @@ */ /* - * Copyright (C) 2020, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +19,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef TEST_CONSTANT_FLOW_H From 3c6d52ac1032f476e75da9dea045da86ac0b25dd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:26:18 +0200 Subject: [PATCH 024/553] Add initial test driver conforming to the new spec Also adjusted the different makefiles accordingly. Note: driver lifetime is currently statically defined in the header, but this will be replaced in the future based on autogeneration of lifetime values by a script (TBD) Signed-off-by: Steven Cooreman --- include/drivers/signature.h | 55 +++++++++++ include/drivers/test_driver.h | 29 ++++++ src/drivers/signature.c | 171 ++++++++++++++++++++++++++++++++++ 3 files changed, 255 insertions(+) create mode 100644 include/drivers/signature.h create mode 100644 include/drivers/test_driver.h create mode 100644 src/drivers/signature.c diff --git a/include/drivers/signature.h b/include/drivers/signature.h new file mode 100644 index 0000000000..1607ba5124 --- /dev/null +++ b/include/drivers/signature.h @@ -0,0 +1,55 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_HOOKS) +#include + +extern void *test_driver_forced_output; +extern size_t test_driver_forced_output_length; + +extern psa_status_t test_transparent_signature_sign_hash_status; +extern unsigned long test_transparent_signature_sign_hash_hit; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/include/drivers/test_driver.h b/include/drivers/test_driver.h new file mode 100644 index 0000000000..549467447a --- /dev/null +++ b/include/drivers/test_driver.h @@ -0,0 +1,29 @@ +/* + * Umbrella include for all of the test driver functionality + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H + +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff + +#include "drivers/signature.h" + +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/signature.c b/src/drivers/signature.c new file mode 100644 index 0000000000..0f006c70aa --- /dev/null +++ b/src/drivers/signature.c @@ -0,0 +1,171 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#include "psa/crypto.h" +#include "mbedtls/ecp.h" + +#include "drivers/signature.h" + +#include "mbedtls/md.h" +#include "mbedtls/ecdsa.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_forced_output = NULL; +size_t test_driver_forced_output_length = 0; + +psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_signature_sign_hash_hit = 0; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + ++test_transparent_signature_sign_hash_hit; + + if( test_transparent_signature_sign_hash_status != PSA_SUCCESS ) + return( test_transparent_signature_sign_hash_status ); + + if( test_driver_forced_output != NULL ) + { + if( test_driver_forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( signature, test_driver_forced_output, + test_driver_forced_output_length ); + *signature_length = test_driver_forced_output_length; + return( PSA_SUCCESS ); + } + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + + /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ + mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; + if( signature_size < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, + hash, hash_length, md_alg ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, + signature + curve_bytes, + curve_bytes ) ); +cleanup: + /* There's no easy way to translate the error code except through a + * library function that's not exported. Use a debugger. */ + if( ret == 0 ) + status = PSA_SUCCESS; + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); + if( status == PSA_SUCCESS ) + *signature_length = 2 * curve_bytes; +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ From 55a717efa7a1b21343e1c204f92c7e4f63d0cc36 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 17 Jul 2020 19:46:15 +0200 Subject: [PATCH 025/553] Add and splice in signature verification through driver Signed-off-by: Steven Cooreman --- include/drivers/signature.h | 17 +++++ src/drivers/signature.c | 130 ++++++++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+) diff --git a/include/drivers/signature.h b/include/drivers/signature.h index 1607ba5124..232ed4147b 100644 --- a/include/drivers/signature.h +++ b/include/drivers/signature.h @@ -37,6 +37,9 @@ extern size_t test_driver_forced_output_length; extern psa_status_t test_transparent_signature_sign_hash_status; extern unsigned long test_transparent_signature_sign_hash_hit; +extern psa_status_t test_transparent_signature_verify_hash_status; +extern unsigned long test_transparent_signature_verify_hash_hit; + psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -51,5 +54,19 @@ psa_status_t test_opaque_signature_sign_hash( const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 0f006c70aa..32ebbfdffe 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -34,6 +34,8 @@ #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" +#include "test/random.h" + #include /* If non-null, on success, copy this to the output. */ @@ -43,6 +45,9 @@ size_t test_driver_forced_output_length = 0; psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; unsigned long test_transparent_signature_sign_hash_hit = 0; +psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_signature_verify_hash_hit = 0; + psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -168,4 +173,129 @@ psa_status_t test_opaque_signature_sign_hash( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + ++test_transparent_signature_verify_hash_hit; + + if( test_transparent_signature_verify_hash_status != PSA_SUCCESS ) + return( test_transparent_signature_verify_hash_status ); + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + + /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ + if( signature_length < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, + signature + curve_bytes, + curve_bytes ) ); + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); + MBEDTLS_MPI_CHK( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + } + + MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, + &ecp.Q, &r, &s ) ); +cleanup: + /* There's no easy way to translate the error code except through a + * library function that's not exported. Use a debugger. */ + if( ret == 0 ) + status = PSA_SUCCESS; + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ From a32b936fc05173de26fbb1c89d9b5b6b18914461 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 15:33:08 +0200 Subject: [PATCH 026/553] Add & splice in test driver for ECC keygen Signed-off-by: Steven Cooreman --- include/drivers/keygen.h | 49 +++++++++++++ include/drivers/test_driver.h | 1 + src/drivers/keygen.c | 129 ++++++++++++++++++++++++++++++++++ 3 files changed, 179 insertions(+) create mode 100644 include/drivers/keygen.h create mode 100644 src/drivers/keygen.c diff --git a/include/drivers/keygen.h b/include/drivers/keygen.h new file mode 100644 index 0000000000..436df3441f --- /dev/null +++ b/include/drivers/keygen.h @@ -0,0 +1,49 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_HOOKS) +#include + +extern void *test_driver_keygen_forced_output; +extern size_t test_driver_keygen_forced_output_length; + +extern psa_status_t test_transparent_keygen_status; +extern unsigned long test_transparent_keygen_hit; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/include/drivers/test_driver.h b/include/drivers/test_driver.h index 549467447a..fec305faef 100644 --- a/include/drivers/test_driver.h +++ b/include/drivers/test_driver.h @@ -25,5 +25,6 @@ #define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "drivers/signature.h" +#include "drivers/keygen.h" #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c new file mode 100644 index 0000000000..4c830c35e6 --- /dev/null +++ b/src/drivers/keygen.c @@ -0,0 +1,129 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#include "psa/crypto.h" +#include "mbedtls/ecp.h" +#include "mbedtls/error.h" + +#include "drivers/keygen.h" + +#include "test/random.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_keygen_forced_output = NULL; +size_t test_driver_keygen_forced_output_length = 0; + +psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_keygen_hit = 0; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + ++test_transparent_keygen_hit; + + if( test_transparent_keygen_status != PSA_SUCCESS ) + return( test_transparent_keygen_status ); + + if( test_driver_keygen_forced_output != NULL ) + { + if( test_driver_keygen_forced_output_length > key_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( key, test_driver_keygen_forced_output, + test_driver_keygen_forced_output_length ); + *key_length = test_driver_keygen_forced_output_length; + return( PSA_SUCCESS ); + } + + /* Copied from psa_crypto.c */ +#if defined(MBEDTLS_ECP_C) + if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ); + mbedtls_ecp_group_id grp_id = + mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) ); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( curve_info->bit_size != attributes->core.bits ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_ecp_keypair_init( &ecp ); + ret = mbedtls_ecp_gen_key( grp_id, &ecp, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ); + if( ret != 0 ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( mbedtls_to_psa_error( ret ) ); + } + + /* Make sure to use export representation */ + size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits ); + if( key_size < bytes ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + psa_status_t status = mbedtls_to_psa_error( + mbedtls_mpi_write_binary( &ecp.d, key, bytes ) ); + + if( status == PSA_SUCCESS ) + { + *key_length = bytes; + } + + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + else +#endif /* MBEDTLS_ECP_C */ + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + (void) attributes; + (void) key; + (void) key_size; + (void) key_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ From 3836bb843b0084493f76eb7ecf807bf936c1bd04 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 23 Jul 2020 16:26:08 +0200 Subject: [PATCH 027/553] Use own define for building with test drivers Trying to compile in the PSA accelerator test driver under MBEDTLS_TEST_HOOKS turned out to be awkward regarding existing builds. We'll put it under a custom (not in config.h) define instead, since it's something that only should happen in test. Signed-off-by: Steven Cooreman --- include/drivers/keygen.h | 4 ++-- include/drivers/signature.h | 4 ++-- src/drivers/keygen.c | 4 ++-- src/drivers/signature.c | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/drivers/keygen.h b/include/drivers/keygen.h index 436df3441f..7e6ed2756b 100644 --- a/include/drivers/keygen.h +++ b/include/drivers/keygen.h @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_keygen_forced_output; @@ -45,5 +45,5 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/include/drivers/signature.h b/include/drivers/signature.h index 232ed4147b..ec4f66341f 100644 --- a/include/drivers/signature.h +++ b/include/drivers/signature.h @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_forced_output; @@ -68,5 +68,5 @@ psa_status_t test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index 4c830c35e6..c883e006e2 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -126,4 +126,4 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 32ebbfdffe..114007a7b5 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" @@ -298,4 +298,4 @@ psa_status_t test_opaque_signature_verify_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ From 11cbb894442d01c69b13bb8a7f6541cd43635414 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 24 Jul 2020 18:41:58 +0200 Subject: [PATCH 028/553] Fix macro naming to match inhouse style Signed-off-by: Steven Cooreman --- include/drivers/keygen.h | 10 +++++----- include/drivers/signature.h | 10 +++++----- include/drivers/test_driver.h | 8 ++++---- src/drivers/keygen.c | 4 ++-- src/drivers/signature.c | 4 ++-- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/drivers/keygen.h b/include/drivers/keygen.h index 7e6ed2756b..e671df1167 100644 --- a/include/drivers/keygen.h +++ b/include/drivers/keygen.h @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#define PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_keygen_forced_output; @@ -45,5 +45,5 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/include/drivers/signature.h b/include/drivers/signature.h index ec4f66341f..90b787994f 100644 --- a/include/drivers/signature.h +++ b/include/drivers/signature.h @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_forced_output; @@ -68,5 +68,5 @@ psa_status_t test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/include/drivers/test_driver.h b/include/drivers/test_driver.h index fec305faef..d123f105a0 100644 --- a/include/drivers/test_driver.h +++ b/include/drivers/test_driver.h @@ -19,12 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H +#ifndef PSA_CRYPTO_TEST_DRIVER_H +#define PSA_CRYPTO_TEST_DRIVER_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff +#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "drivers/signature.h" #include "drivers/keygen.h" -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ +#endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index c883e006e2..1f96fc8139 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -126,4 +126,4 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 114007a7b5..e1cd988b7f 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" @@ -298,4 +298,4 @@ psa_status_t test_opaque_signature_verify_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 706dbe245d03fbcfb0a3b740525cae1f466d2b2e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 2 Sep 2020 13:43:46 +0200 Subject: [PATCH 029/553] Apply changes from #3546 to newly introduced files Signed-off-by: Steven Cooreman --- include/drivers/keygen.h | 4 +--- include/drivers/signature.h | 4 +--- include/drivers/test_driver.h | 4 +--- src/drivers/keygen.c | 4 +--- src/drivers/signature.c | 4 +--- 5 files changed, 5 insertions(+), 15 deletions(-) diff --git a/include/drivers/keygen.h b/include/drivers/keygen.h index e671df1167..f0eb56915b 100644 --- a/include/drivers/keygen.h +++ b/include/drivers/keygen.h @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H diff --git a/include/drivers/signature.h b/include/drivers/signature.h index 90b787994f..900f0c8bbc 100644 --- a/include/drivers/signature.h +++ b/include/drivers/signature.h @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/include/drivers/test_driver.h b/include/drivers/test_driver.h index d123f105a0..98dded8d2b 100644 --- a/include/drivers/test_driver.h +++ b/include/drivers/test_driver.h @@ -1,7 +1,7 @@ /* * Umbrella include for all of the test driver functionality */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index 1f96fc8139..7f14b20efc 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/src/drivers/signature.c b/src/drivers/signature.c index e1cd988b7f..62ba4072a9 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) From f4a005470fd4ebbcd253bcdd8f0d1858839243a6 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:05:23 +0200 Subject: [PATCH 030/553] Move mbedtls_to_psa_error declaration to internal header Signed-off-by: Steven Cooreman --- src/drivers/keygen.c | 1 + src/drivers/signature.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index 7f14b20efc..4f30f0efce 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 62ba4072a9..04c5de4a21 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/ecp.h" #include "drivers/signature.h" From a4a859db4e45450d9aaf22ec4ce23ad6901769ba Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:07:15 +0200 Subject: [PATCH 031/553] Style fixes after PR review Signed-off-by: Steven Cooreman --- include/drivers/keygen.h | 2 +- include/drivers/signature.h | 2 +- src/drivers/keygen.c | 14 ++++++++------ src/drivers/signature.c | 14 +++++--------- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/include/drivers/keygen.h b/include/drivers/keygen.h index f0eb56915b..af1f499857 100644 --- a/include/drivers/keygen.h +++ b/include/drivers/keygen.h @@ -1,5 +1,5 @@ /* - * Test driver for signature functions + * Test driver for generating keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/include/drivers/signature.h b/include/drivers/signature.h index 900f0c8bbc..1506bac70d 100644 --- a/include/drivers/signature.h +++ b/include/drivers/signature.h @@ -1,5 +1,5 @@ /* - * Test driver for signature functions + * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index 4f30f0efce..a21ec27ce3 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -1,5 +1,6 @@ /* - * Test driver for signature functions + * Test driver for generating keys. + * Currently only supports generating ECC keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -63,11 +64,12 @@ psa_status_t test_transparent_generate_key( /* Copied from psa_crypto.c */ #if defined(MBEDTLS_ECP_C) - if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) + && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ); + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( psa_get_key_type( attributes ) ); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) ); + mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair ecp; @@ -79,7 +81,7 @@ psa_status_t test_transparent_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != attributes->core.bits ) + if( curve_info->bit_size != psa_get_key_bits( attributes ) ) return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ecp_keypair_init( &ecp ); ret = mbedtls_ecp_gen_key( grp_id, &ecp, @@ -92,7 +94,7 @@ psa_status_t test_transparent_generate_key( } /* Make sure to use export representation */ - size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits ); + size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ); if( key_size < bytes ) { mbedtls_ecp_keypair_free( &ecp ); diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 04c5de4a21..d1a600928c 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -1,5 +1,7 @@ /* - * Test driver for signature functions + * Test driver for signature functions. + * Currently supports signing and verifying precalculated hashes, using + * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -130,10 +132,7 @@ psa_status_t test_transparent_signature_sign_hash( signature + curve_bytes, curve_bytes ) ); cleanup: - /* There's no easy way to translate the error code except through a - * library function that's not exported. Use a debugger. */ - if( ret == 0 ) - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( ret ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); mbedtls_ecp_keypair_free( &ecp ); @@ -258,10 +257,7 @@ psa_status_t test_transparent_signature_verify_hash( MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, &ecp.Q, &r, &s ) ); cleanup: - /* There's no easy way to translate the error code except through a - * library function that's not exported. Use a debugger. */ - if( ret == 0 ) - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( ret ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); mbedtls_ecp_keypair_free( &ecp ); From 9b4343f5776d3afa5a11b994ce86b302d63e8a02 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 12:58:16 +0200 Subject: [PATCH 032/553] Apply feedback from PR review * Moved test data to .data file * Bundled test driver hook variables in a struct * Style fixes Signed-off-by: Steven Cooreman --- include/drivers/keygen.h | 24 +++++++++++++++++++----- include/drivers/signature.h | 24 ++++++++++++++++++------ src/drivers/keygen.c | 23 +++++++++-------------- src/drivers/signature.c | 33 +++++++++++++-------------------- 4 files changed, 59 insertions(+), 45 deletions(-) diff --git a/include/drivers/keygen.h b/include/drivers/keygen.h index af1f499857..b72c65c78c 100644 --- a/include/drivers/keygen.h +++ b/include/drivers/keygen.h @@ -29,11 +29,25 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -extern void *test_driver_keygen_forced_output; -extern size_t test_driver_keygen_forced_output_length; - -extern psa_status_t test_transparent_keygen_status; -extern unsigned long test_transparent_keygen_hit; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_keygen_hooks_t; + +#define TEST_DRIVER_KEYGEN_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_keygen_hooks_t test_driver_keygen_hooks_init( void ) +{ + const test_driver_keygen_hooks_t v = TEST_DRIVER_KEYGEN_INIT; + return( v ); +} + +extern test_driver_keygen_hooks_t test_driver_keygen_hooks; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, diff --git a/include/drivers/signature.h b/include/drivers/signature.h index 1506bac70d..e41892e77a 100644 --- a/include/drivers/signature.h +++ b/include/drivers/signature.h @@ -29,14 +29,26 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -extern void *test_driver_forced_output; -extern size_t test_driver_forced_output_length; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_signature_hooks_t; -extern psa_status_t test_transparent_signature_sign_hash_status; -extern unsigned long test_transparent_signature_sign_hash_hit; +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) +{ + const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; + return( v ); +} -extern psa_status_t test_transparent_signature_verify_hash_status; -extern unsigned long test_transparent_signature_verify_hash_hit; +extern test_driver_signature_hooks_t test_driver_signature_sign_hooks; +extern test_driver_signature_hooks_t test_driver_signature_verify_hooks; psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index a21ec27ce3..d493ab3e18 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -36,29 +36,24 @@ #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_keygen_forced_output = NULL; -size_t test_driver_keygen_forced_output_length = 0; - -psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_keygen_hit = 0; +test_driver_keygen_hooks_t test_driver_keygen_hooks = TEST_DRIVER_KEYGEN_INIT; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { - ++test_transparent_keygen_hit; + ++test_driver_keygen_hooks.hits; - if( test_transparent_keygen_status != PSA_SUCCESS ) - return( test_transparent_keygen_status ); + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); - if( test_driver_keygen_forced_output != NULL ) + if( test_driver_keygen_hooks.forced_output != NULL ) { - if( test_driver_keygen_forced_output_length > key_size ) + if( test_driver_keygen_hooks.forced_output_length > key_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, test_driver_keygen_forced_output, - test_driver_keygen_forced_output_length ); - *key_length = test_driver_keygen_forced_output_length; + memcpy( key, test_driver_keygen_hooks.forced_output, + test_driver_keygen_hooks.forced_output_length ); + *key_length = test_driver_keygen_hooks.forced_output_length; return( PSA_SUCCESS ); } diff --git a/src/drivers/signature.c b/src/drivers/signature.c index d1a600928c..5299a96543 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -39,15 +39,8 @@ #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_forced_output = NULL; -size_t test_driver_forced_output_length = 0; - -psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_signature_sign_hash_hit = 0; - -psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_signature_verify_hash_hit = 0; +test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT; +test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT; psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, @@ -56,18 +49,18 @@ psa_status_t test_transparent_signature_sign_hash( const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - ++test_transparent_signature_sign_hash_hit; + ++test_driver_signature_sign_hooks.hits; - if( test_transparent_signature_sign_hash_status != PSA_SUCCESS ) - return( test_transparent_signature_sign_hash_status ); + if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_sign_hooks.forced_status ); - if( test_driver_forced_output != NULL ) + if( test_driver_signature_sign_hooks.forced_output != NULL ) { - if( test_driver_forced_output_length > signature_size ) + if( test_driver_signature_sign_hooks.forced_output_length > signature_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, test_driver_forced_output, - test_driver_forced_output_length ); - *signature_length = test_driver_forced_output_length; + memcpy( signature, test_driver_signature_sign_hooks.forced_output, + test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = test_driver_signature_sign_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -178,10 +171,10 @@ psa_status_t test_transparent_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - ++test_transparent_signature_verify_hash_hit; + ++test_driver_signature_verify_hooks.hits; - if( test_transparent_signature_verify_hash_status != PSA_SUCCESS ) - return( test_transparent_signature_verify_hash_status ); + if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_verify_hooks.forced_status ); psa_status_t status = PSA_ERROR_NOT_SUPPORTED; From 26134f54cd66d3ca5291c4ed53f2e0fceb0e5746 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 16:17:55 +0200 Subject: [PATCH 033/553] Changed test driver include folder to reflect it's a test driver Signed-off-by: Steven Cooreman --- include/{ => test}/drivers/keygen.h | 0 include/{ => test}/drivers/signature.h | 0 include/{ => test}/drivers/test_driver.h | 4 ++-- src/drivers/keygen.c | 2 +- src/drivers/signature.c | 2 +- 5 files changed, 4 insertions(+), 4 deletions(-) rename include/{ => test}/drivers/keygen.h (100%) rename include/{ => test}/drivers/signature.h (100%) rename include/{ => test}/drivers/test_driver.h (92%) diff --git a/include/drivers/keygen.h b/include/test/drivers/keygen.h similarity index 100% rename from include/drivers/keygen.h rename to include/test/drivers/keygen.h diff --git a/include/drivers/signature.h b/include/test/drivers/signature.h similarity index 100% rename from include/drivers/signature.h rename to include/test/drivers/signature.h diff --git a/include/drivers/test_driver.h b/include/test/drivers/test_driver.h similarity index 92% rename from include/drivers/test_driver.h rename to include/test/drivers/test_driver.h index 98dded8d2b..75135e0f42 100644 --- a/include/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -22,7 +22,7 @@ #define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff -#include "drivers/signature.h" -#include "drivers/keygen.h" +#include "test/drivers/signature.h" +#include "test/drivers/keygen.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index d493ab3e18..f15a4bc9a4 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -30,7 +30,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/error.h" -#include "drivers/keygen.h" +#include "test/drivers/keygen.h" #include "test/random.h" diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 5299a96543..028d24a098 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -30,7 +30,7 @@ #include "psa_crypto_core.h" #include "mbedtls/ecp.h" -#include "drivers/signature.h" +#include "test/drivers/signature.h" #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" From c1303b98a9874e34d78c62897a2b86fa6c4666bc Mon Sep 17 00:00:00 2001 From: gufe44 Date: Mon, 17 Aug 2020 15:04:06 +0200 Subject: [PATCH 034/553] Make arc4random_buf declaration available on NetBSD Signed-off-by: gufe44 --- src/random.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/random.c b/src/random.c index 3345f78be3..78419c4d4d 100644 --- a/src/random.c +++ b/src/random.c @@ -24,6 +24,15 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* + * for arc4random_buf() from + */ +#if defined(__NetBSD__) +#define _NETBSD_SOURCE 1 +#elif defined(__OpenBSD__) +#define _BSD_SOURCE 1 +#endif + #include #include #include From 56a90ea4eb0bd61eb2a48e1ba9fb0b5ddfd409e2 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 28 Jul 2020 18:49:51 +0200 Subject: [PATCH 035/553] Add initial pass on a multi-part test driver Signed-off-by: Steven Cooreman --- include/test/drivers/cipher.h | 168 ++++++++++++++ include/test/drivers/test_driver.h | 1 + src/drivers/cipher.c | 348 +++++++++++++++++++++++++++++ 3 files changed, 517 insertions(+) create mode 100644 include/test/drivers/cipher.h create mode 100644 src/drivers/cipher.c diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h new file mode 100644 index 0000000000..c58a92691c --- /dev/null +++ b/include/test/drivers/cipher.h @@ -0,0 +1,168 @@ +/* + * Test driver for cipher functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H +#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +#include "mbedtls/cipher.h" +typedef struct { + psa_algorithm_t alg; + unsigned int key_set : 1; + unsigned int iv_required : 1; + unsigned int iv_set : 1; + uint8_t iv_size; + uint8_t block_size; + mbedtls_cipher_context_t cipher; +} test_transparent_cipher_operation_t; + +typedef struct{ + unsigned int initialised : 1; + test_transparent_cipher_operation_t ctx; +} test_opaque_cipher_operation_t; + +extern void *test_driver_cipher_forced_output; +extern size_t test_driver_cipher_forced_output_length; + +extern psa_status_t test_transparent_cipher_status; +extern unsigned long test_transparent_cipher_hit; + +psa_status_t test_transparent_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_transparent_cipher_abort( + test_transparent_cipher_operation_t *operation); + +psa_status_t test_transparent_cipher_generate_iv( + test_transparent_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +psa_status_t test_transparent_cipher_set_iv( + test_transparent_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +psa_status_t test_transparent_cipher_update( + test_transparent_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t test_transparent_cipher_finish( + test_transparent_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/* + * opaque versions + */ +psa_status_t test_opaque_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_opaque_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_opaque_cipher_encrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_opaque_cipher_decrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_opaque_cipher_abort( + test_opaque_cipher_operation_t *operation); + +psa_status_t test_opaque_cipher_generate_iv( + test_opaque_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +psa_status_t test_opaque_cipher_set_iv( + test_opaque_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +psa_status_t test_opaque_cipher_update( + test_opaque_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t test_opaque_cipher_finish( + test_opaque_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 75135e0f42..7ee8e5eea3 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -24,5 +24,6 @@ #include "test/drivers/signature.h" #include "test/drivers/keygen.h" +#include "test/drivers/cipher.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c new file mode 100644 index 0000000000..0f059a08d1 --- /dev/null +++ b/src/drivers/cipher.c @@ -0,0 +1,348 @@ +/* + * Test driver for cipher functions. + * Currently only supports multi-part operations using AES-CTR. + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "mbedtls/cipher.h" + +#include "drivers/cipher.h" + +#include "test/random.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_cipher_forced_output = NULL; +size_t test_driver_cipher_forced_output_length = 0; + +psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_cipher_hit = 0; + +psa_status_t test_transparent_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_abort( + test_transparent_cipher_operation_t *operation) +{ + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_generate_iv( + test_transparent_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_set_iv( + test_transparent_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + (void) operation; + (void) iv; + (void) iv_length; + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_update( + test_transparent_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) input; + (void) input_length; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_finish( + test_transparent_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +/* + * opaque versions, to do + */ +psa_status_t test_opaque_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_encrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) operation; + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_decrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) operation; + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_abort( + test_opaque_cipher_operation_t *operation) +{ + (void) operation; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_generate_iv( + test_opaque_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_set_iv( + test_opaque_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + (void) operation; + (void) iv; + (void) iv_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_update( + test_opaque_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_finish( + test_opaque_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From ab8e0e7812e01da9671d6d992b914090ea5f722c Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 1 Sep 2020 15:56:14 +0200 Subject: [PATCH 036/553] Restructure cipher context object to contain driver switch Once an operation has been 'accepted' by a driver, the remainder is bound to the same driver, since driver-specific context structs cannot be shared. This provides a pretty good gate mechanism for the fallback logic, too. Signed-off-by: Steven Cooreman --- src/drivers/cipher.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 0f059a08d1..9db5061519 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -40,6 +40,8 @@ void *test_driver_cipher_forced_output = NULL; size_t test_driver_cipher_forced_output_length = 0; +/* Test driver, if not explicitly setup, returns 'PSA_ERROR_NOT_SUPPORTED' by default, + * causing regular test suites to pass since the core will go into fallback mode. */ psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED; unsigned long test_transparent_cipher_hit = 0; From 774bf9e5d60fbd7199863881a99055469ac50a9d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 2 Sep 2020 16:27:46 +0200 Subject: [PATCH 037/553] Update license texts Signed-off-by: Steven Cooreman --- include/test/drivers/cipher.h | 4 +--- src/drivers/cipher.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index c58a92691c..a697054fea 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -1,7 +1,7 @@ /* * Test driver for cipher functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 9db5061519..95dc2b6bc6 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -2,7 +2,7 @@ * Test driver for cipher functions. * Currently only supports multi-part operations using AES-CTR. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,8 +16,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) From d3dc7a70af6f1f235bcfd0ae0602acb5be61feec Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 3 Sep 2020 15:30:32 +0200 Subject: [PATCH 038/553] Add a working implementation of a multipart AES-CTR test driver Signed-off-by: Steven Cooreman --- src/drivers/cipher.c | 250 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 209 insertions(+), 41 deletions(-) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 95dc2b6bc6..278e42899a 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -38,9 +38,12 @@ void *test_driver_cipher_forced_output = NULL; size_t test_driver_cipher_forced_output_length = 0; -/* Test driver, if not explicitly setup, returns 'PSA_ERROR_NOT_SUPPORTED' by default, - * causing regular test suites to pass since the core will go into fallback mode. */ -psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED; +/* Test driver implements AES-CTR by default when it's status is not overridden. + * Set test_transparent_cipher_status to PSA_ERROR_NOT_SUPPORTED to use fallback + * even for AES-CTR. + * Keep in mind this code is only exercised during the crypto drivers test target, + * meaning the other test runs will still test only the non-driver implementation. */ +psa_status_t test_transparent_cipher_status = PSA_SUCCESS; unsigned long test_transparent_cipher_hit = 0; psa_status_t test_transparent_cipher_encrypt( @@ -101,16 +104,57 @@ psa_status_t test_transparent_cipher_encrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; + const mbedtls_cipher_info_t *cipher_info = NULL; + int ret = 0; + + test_transparent_cipher_hit++; + + if( operation->alg != 0 ) + return PSA_ERROR_BAD_STATE; /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds. */ + * in test when we go outside of bounds, or when the function is called + * without first destroying the context object. */ memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); - test_transparent_cipher_hit++; + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return PSA_ERROR_NOT_SUPPORTED; + + operation->alg = alg; + operation->iv_size = 16; + operation->block_size = 16; + + cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + if( cipher_info == NULL ) + return PSA_ERROR_NOT_SUPPORTED; + + mbedtls_cipher_init( &operation->cipher ); + + ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); + if( ret != 0 ) { + mbedtls_cipher_free( &operation->cipher ); + return mbedtls_to_psa_error( ret ); + } + + ret = mbedtls_cipher_setkey( &operation->cipher, + key, + key_length * 8, MBEDTLS_ENCRYPT ); + if( ret != 0 ) { + mbedtls_cipher_free( &operation->cipher ); + return mbedtls_to_psa_error( ret ); + } + + operation->iv_set = 0; + operation->iv_required = 1; + operation->key_set = 1; + + /* Allow overriding return value for testing purposes */ + if( test_transparent_cipher_status != PSA_SUCCESS ) + mbedtls_cipher_free( &operation->cipher ); + return test_transparent_cipher_status; } @@ -120,28 +164,72 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; +const mbedtls_cipher_info_t *cipher_info = NULL; + int ret = 0; + + test_transparent_cipher_hit++; + + if( operation->alg != 0 ) + return PSA_ERROR_BAD_STATE; /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds. */ + * in test when we go outside of bounds, or when the function is called + * without first destroying the context object. */ memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); - test_transparent_cipher_hit++; + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return PSA_ERROR_NOT_SUPPORTED; + + operation->alg = alg; + operation->iv_size = 16; + operation->block_size = 16; + + mbedtls_cipher_init( &operation->cipher ); + + cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + if( cipher_info == NULL ) + return PSA_ERROR_NOT_SUPPORTED; + + ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); + if( ret != 0 ) + return mbedtls_to_psa_error( ret ); + + ret = mbedtls_cipher_setkey( &operation->cipher, + key, + key_length * 8, MBEDTLS_DECRYPT ); + if( ret != 0 ) + return mbedtls_to_psa_error( ret ); + + operation->iv_set = 0; + operation->iv_required = 1; + operation->key_set = 1; + + /* Allow overriding return value for testing purposes */ + if( test_transparent_cipher_status != PSA_SUCCESS ) + mbedtls_cipher_free( &operation->cipher ); + return test_transparent_cipher_status; } psa_status_t test_transparent_cipher_abort( test_transparent_cipher_operation_t *operation) { + if( operation->alg == 0 ) + return( PSA_SUCCESS ); + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + mbedtls_cipher_free( &operation->cipher ); + /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds. */ memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); test_transparent_cipher_hit++; - return test_transparent_cipher_status; + return PSA_SUCCESS; } psa_status_t test_transparent_cipher_generate_iv( @@ -150,13 +238,32 @@ psa_status_t test_transparent_cipher_generate_iv( size_t iv_size, size_t *iv_length) { - (void) operation; - (void) iv; - (void) iv_size; - (void) iv_length; + psa_status_t status; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); test_transparent_cipher_hit++; - return test_transparent_cipher_status; + + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_set || ! operation->iv_required ) + return( PSA_ERROR_BAD_STATE ); + + if( iv_size < operation->iv_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_test_rnd_pseudo_rand( &rnd_info, + iv, + operation->iv_size ) ); + if( status != PSA_SUCCESS ) + return status; + + *iv_length = operation->iv_size; + status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); + + return status; } psa_status_t test_transparent_cipher_set_iv( @@ -164,12 +271,26 @@ psa_status_t test_transparent_cipher_set_iv( const uint8_t *iv, size_t iv_length) { - (void) operation; - (void) iv; - (void) iv_length; + psa_status_t status; test_transparent_cipher_hit++; - return test_transparent_cipher_status; + + if( operation->alg != PSA_ALG_CTR ) + return PSA_ERROR_BAD_STATE; + + if( operation->iv_set || ! operation->iv_required ) + return( PSA_ERROR_BAD_STATE ); + + if( iv_length != operation->iv_size ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ); + + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + + return status; } psa_status_t test_transparent_cipher_update( @@ -180,18 +301,35 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - (void) operation; - (void) input; - (void) input_length; + size_t expected_output_size; + psa_status_t status; + test_transparent_cipher_hit++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + expected_output_size = ( operation->cipher.unprocessed_len + input_length ) + / operation->block_size * operation->block_size; + + if( output_size < expected_output_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->cipher, input, + input_length, output, output_length ) ); + + if( status != PSA_SUCCESS ) + return status; + + if( test_driver_cipher_forced_output != NULL ) + { + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + } return test_transparent_cipher_status; } @@ -202,16 +340,46 @@ psa_status_t test_transparent_cipher_finish( size_t output_size, size_t *output_length) { - (void) operation; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + test_transparent_cipher_hit++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_finish( &operation->cipher, + temp_output_buffer, + output_length ) ); + + mbedtls_cipher_free( &operation->cipher ); + + if( status != PSA_SUCCESS ) + return( status ); + + if( *output_length == 0 ) + ; /* Nothing to copy. Note that output may be NULL in this case. */ + else if( output_size >= *output_length ) + memcpy( output, temp_output_buffer, *output_length ); + else + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + + if( test_driver_cipher_forced_output != NULL ) + { + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + } return test_transparent_cipher_status; } From 3face4a162225f64681a40099536f21d4646788e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 8 Sep 2020 14:06:57 +0200 Subject: [PATCH 039/553] Structify cipher test driver hook variables Signed-off-by: Steven Cooreman --- include/test/drivers/cipher.h | 24 ++++-- src/drivers/cipher.c | 155 ++++++++++++++++++---------------- 2 files changed, 99 insertions(+), 80 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index a697054fea..96ab295561 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -45,11 +45,25 @@ typedef struct{ test_transparent_cipher_operation_t ctx; } test_opaque_cipher_operation_t; -extern void *test_driver_cipher_forced_output; -extern size_t test_driver_cipher_forced_output_length; - -extern psa_status_t test_transparent_cipher_status; -extern unsigned long test_transparent_cipher_hit; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_cipher_hooks_t; + +#define TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline test_driver_cipher_hooks_t test_driver_cipher_hooks_init( void ) +{ + const test_driver_cipher_hooks_t v = TEST_DRIVER_CIPHER_INIT; + return( v ); +} + +extern test_driver_cipher_hooks_t test_driver_cipher_hooks; psa_status_t test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 278e42899a..0a4a347dd3 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -26,25 +26,21 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/cipher.h" -#include "drivers/cipher.h" +#include "test/drivers/cipher.h" #include "test/random.h" #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_cipher_forced_output = NULL; -size_t test_driver_cipher_forced_output_length = 0; - /* Test driver implements AES-CTR by default when it's status is not overridden. - * Set test_transparent_cipher_status to PSA_ERROR_NOT_SUPPORTED to use fallback - * even for AES-CTR. - * Keep in mind this code is only exercised during the crypto drivers test target, - * meaning the other test runs will still test only the non-driver implementation. */ -psa_status_t test_transparent_cipher_status = PSA_SUCCESS; -unsigned long test_transparent_cipher_hit = 0; + * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use + * fallback even for AES-CTR. + * Keep in mind this code is only exercised with the crypto drivers test target, + * meaning the other test runs will only test the non-driver implementation. */ +test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; psa_status_t test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, @@ -59,17 +55,19 @@ psa_status_t test_transparent_cipher_encrypt( (void) alg; (void) input; (void) input_length; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_decrypt( @@ -85,17 +83,19 @@ psa_status_t test_transparent_cipher_decrypt( (void) alg; (void) input; (void) input_length; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_encrypt_setup( @@ -107,19 +107,20 @@ psa_status_t test_transparent_cipher_encrypt_setup( const mbedtls_cipher_info_t *cipher_info = NULL; int ret = 0; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != 0 ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds, or when the function is called * without first destroying the context object. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return PSA_ERROR_NOT_SUPPORTED; + if( alg != PSA_ALG_CTR || + psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_NOT_SUPPORTED ); operation->alg = alg; operation->iv_size = 16; @@ -129,14 +130,14 @@ psa_status_t test_transparent_cipher_encrypt_setup( key_length * 8, MBEDTLS_MODE_CTR ); if( cipher_info == NULL ) - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); mbedtls_cipher_init( &operation->cipher ); ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_cipher_setkey( &operation->cipher, @@ -144,7 +145,7 @@ psa_status_t test_transparent_cipher_encrypt_setup( key_length * 8, MBEDTLS_ENCRYPT ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); } operation->iv_set = 0; @@ -152,10 +153,10 @@ psa_status_t test_transparent_cipher_encrypt_setup( operation->key_set = 1; /* Allow overriding return value for testing purposes */ - if( test_transparent_cipher_status != PSA_SUCCESS ) + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) mbedtls_cipher_free( &operation->cipher ); - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -164,18 +165,18 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { -const mbedtls_cipher_info_t *cipher_info = NULL; + const mbedtls_cipher_info_t *cipher_info = NULL; int ret = 0; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != 0 ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds, or when the function is called * without first destroying the context object. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) @@ -195,23 +196,23 @@ const mbedtls_cipher_info_t *cipher_info = NULL; ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); ret = mbedtls_cipher_setkey( &operation->cipher, key, key_length * 8, MBEDTLS_DECRYPT ); if( ret != 0 ) - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); operation->iv_set = 0; operation->iv_required = 1; operation->key_set = 1; /* Allow overriding return value for testing purposes */ - if( test_transparent_cipher_status != PSA_SUCCESS ) + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) mbedtls_cipher_free( &operation->cipher ); - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_abort( @@ -226,10 +227,10 @@ psa_status_t test_transparent_cipher_abort( /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); - test_transparent_cipher_hit++; - return PSA_SUCCESS; + test_driver_cipher_hooks.hits++; + return( PSA_SUCCESS ); } psa_status_t test_transparent_cipher_generate_iv( @@ -242,7 +243,7 @@ psa_status_t test_transparent_cipher_generate_iv( mbedtls_test_rnd_pseudo_info rnd_info; memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -258,12 +259,12 @@ psa_status_t test_transparent_cipher_generate_iv( iv, operation->iv_size ) ); if( status != PSA_SUCCESS ) - return status; + return( status ); *iv_length = operation->iv_size; status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); - return status; + return( status ); } psa_status_t test_transparent_cipher_set_iv( @@ -273,10 +274,10 @@ psa_status_t test_transparent_cipher_set_iv( { psa_status_t status; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); if( operation->iv_set || ! operation->iv_required ) return( PSA_ERROR_BAD_STATE ); @@ -290,7 +291,7 @@ psa_status_t test_transparent_cipher_set_iv( if( status == PSA_SUCCESS ) operation->iv_set = 1; - return status; + return( status ); } psa_status_t test_transparent_cipher_update( @@ -304,7 +305,7 @@ psa_status_t test_transparent_cipher_update( size_t expected_output_size; psa_status_t status; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -322,16 +323,18 @@ psa_status_t test_transparent_cipher_update( if( status != PSA_SUCCESS ) return status; - if( test_driver_cipher_forced_output != NULL ) + if( test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_forced_output_length ) + if( output_size < test_driver_cipher_hooks.forced_output_length ) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; } - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_finish( @@ -343,7 +346,7 @@ psa_status_t test_transparent_cipher_finish( psa_status_t status = PSA_ERROR_GENERIC_ERROR; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -372,16 +375,18 @@ psa_status_t test_transparent_cipher_finish( return( PSA_ERROR_BUFFER_TOO_SMALL ); - if( test_driver_cipher_forced_output != NULL ) + if( test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_forced_output_length ) + if( output_size < test_driver_cipher_hooks.forced_output_length ) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; } - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } /* @@ -403,7 +408,7 @@ psa_status_t test_opaque_cipher_encrypt( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_decrypt( @@ -422,7 +427,7 @@ psa_status_t test_opaque_cipher_decrypt( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_encrypt_setup( @@ -436,7 +441,7 @@ psa_status_t test_opaque_cipher_encrypt_setup( (void) key; (void) key_length; (void) alg; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_decrypt_setup( @@ -450,14 +455,14 @@ psa_status_t test_opaque_cipher_decrypt_setup( (void) key; (void) key_length; (void) alg; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_abort( test_opaque_cipher_operation_t *operation) { (void) operation; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_generate_iv( @@ -470,7 +475,7 @@ psa_status_t test_opaque_cipher_generate_iv( (void) iv; (void) iv_size; (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_set_iv( @@ -481,7 +486,7 @@ psa_status_t test_opaque_cipher_set_iv( (void) operation; (void) iv; (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_update( @@ -498,7 +503,7 @@ psa_status_t test_opaque_cipher_update( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_finish( @@ -511,6 +516,6 @@ psa_status_t test_opaque_cipher_finish( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 74412cf4910e507221d412b6c88512eb0fd2339c Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 11:51:45 +0200 Subject: [PATCH 040/553] Style and language fixes from review Signed-off-by: Steven Cooreman --- include/test/drivers/cipher.h | 2 +- src/drivers/cipher.c | 34 +++++++++++++++++++--------------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 96ab295561..ef787f7948 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -52,7 +52,7 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the keygen driver functions is called. */ + /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; } test_driver_cipher_hooks_t; diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 0a4a347dd3..c8eb1d3505 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -35,11 +35,11 @@ #include -/* Test driver implements AES-CTR by default when it's status is not overridden. +/* Test driver implements AES-CTR only. Its default behaviour (when its return + * status is not overridden through the hooks) is to take care of all AES-CTR + * operations, and return PSA_ERROR_NOT_SUPPORTED for all others. * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use - * fallback even for AES-CTR. - * Keep in mind this code is only exercised with the crypto drivers test target, - * meaning the other test runs will only test the non-driver implementation. */ + * fallback even for AES-CTR. */ test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; psa_status_t test_transparent_cipher_encrypt( @@ -112,10 +112,11 @@ psa_status_t test_transparent_cipher_encrypt_setup( if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds, or when the function is called - * without first destroying the context object. */ - memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || @@ -173,10 +174,11 @@ psa_status_t test_transparent_cipher_decrypt_setup( if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds, or when the function is called - * without first destroying the context object. */ - memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) @@ -225,9 +227,11 @@ psa_status_t test_transparent_cipher_abort( mbedtls_cipher_free( &operation->cipher ); - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds. */ - memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); test_driver_cipher_hooks.hits++; return( PSA_SUCCESS ); From 3da83b4667b2ce26d6df50a7eb939541a3948881 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 15:36:39 +0200 Subject: [PATCH 041/553] Unify cipher setup function inside test driver Signed-off-by: Steven Cooreman --- src/drivers/cipher.c | 83 +++++++++++++------------------------------- 1 file changed, 25 insertions(+), 58 deletions(-) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index c8eb1d3505..e04fd898c5 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -98,7 +98,8 @@ psa_status_t test_transparent_cipher_decrypt( return( test_driver_cipher_hooks.forced_status ); } -psa_status_t test_transparent_cipher_encrypt_setup( +static psa_status_t test_transparent_cipher_setup( + mbedtls_operation_t direction, test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -125,7 +126,6 @@ psa_status_t test_transparent_cipher_encrypt_setup( operation->alg = alg; operation->iv_size = 16; - operation->block_size = 16; cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, key_length * 8, @@ -134,7 +134,6 @@ psa_status_t test_transparent_cipher_encrypt_setup( return( PSA_ERROR_NOT_SUPPORTED ); mbedtls_cipher_init( &operation->cipher ); - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); @@ -143,7 +142,7 @@ psa_status_t test_transparent_cipher_encrypt_setup( ret = mbedtls_cipher_setkey( &operation->cipher, key, - key_length * 8, MBEDTLS_ENCRYPT ); + key_length * 8, direction ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); return( mbedtls_to_psa_error( ret ) ); @@ -160,61 +159,32 @@ psa_status_t test_transparent_cipher_encrypt_setup( return( test_driver_cipher_hooks.forced_status ); } -psa_status_t test_transparent_cipher_decrypt_setup( +psa_status_t test_transparent_cipher_encrypt_setup( test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - const mbedtls_cipher_info_t *cipher_info = NULL; - int ret = 0; - - test_driver_cipher_hooks.hits++; - - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ - memset( operation, 0, sizeof( *operation ) ); - - /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return PSA_ERROR_NOT_SUPPORTED; - - operation->alg = alg; - operation->iv_size = 16; - operation->block_size = 16; - - mbedtls_cipher_init( &operation->cipher ); - - cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, - key_length * 8, - MBEDTLS_MODE_CTR ); - if( cipher_info == NULL ) - return PSA_ERROR_NOT_SUPPORTED; - - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); - - ret = mbedtls_cipher_setkey( &operation->cipher, - key, - key_length * 8, MBEDTLS_DECRYPT ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); - - operation->iv_set = 0; - operation->iv_required = 1; - operation->key_set = 1; - - /* Allow overriding return value for testing purposes */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - mbedtls_cipher_free( &operation->cipher ); + return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT, + operation, + attributes, + key, + key_length, + alg ) ); +} - return( test_driver_cipher_hooks.forced_status ); +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT, + operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -306,7 +276,6 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - size_t expected_output_size; psa_status_t status; test_driver_cipher_hooks.hits++; @@ -314,10 +283,8 @@ psa_status_t test_transparent_cipher_update( if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); - expected_output_size = ( operation->cipher.unprocessed_len + input_length ) - / operation->block_size * operation->block_size; - - if( output_size < expected_output_size ) + /* CTR is a stream cipher, so data in and out are always the same size */ + if( output_size < input_length ) return( PSA_ERROR_BUFFER_TOO_SMALL ); status = mbedtls_to_psa_error( From 1e7d521d4a0c00fd4ab07e6acd4b5c1f3d3eade0 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 13:07:02 +0200 Subject: [PATCH 042/553] Implement one-shot cipher in test driver Signed-off-by: Steven Cooreman --- src/drivers/cipher.c | 172 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 139 insertions(+), 33 deletions(-) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index e04fd898c5..2915fba68d 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -42,60 +42,166 @@ * fallback even for AES-CTR. */ test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; -psa_status_t test_transparent_cipher_encrypt( +static psa_status_t test_transparent_cipher_oneshot( + mbedtls_operation_t direction, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; test_driver_cipher_hooks.hits++; + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || + psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_NOT_SUPPORTED ); + + /* If test driver response code is not SUCCESS, we can return early */ if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( output_size < test_driver_cipher_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; + /* If test driver output is overridden, we don't need to do actual crypto */ + if( test_driver_cipher_hooks.forced_output != NULL ) + { + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); - return( test_driver_cipher_hooks.forced_status ); + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); + } + + /* Run AES-CTR using the cipher module */ + { + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + const mbedtls_cipher_info_t *cipher_info = + mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + mbedtls_cipher_context_t cipher; + int ret = 0; + uint8_t temp_output_buffer[16] = {0}; + size_t temp_output_length = 0; + + if( direction == MBEDTLS_ENCRYPT ) + { + /* Oneshot encrypt needs to prepend the IV to the output */ + if( output_size < ( input_length + 16 ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + else + { + /* Oneshot decrypt has the IV prepended to the input */ + if( output_size < ( input_length - 16 ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_cipher_init( &cipher ); + ret = mbedtls_cipher_setup( &cipher, cipher_info ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_setkey( &cipher, + key, + key_length * 8, direction ); + if( ret != 0 ) + goto exit; + + if( direction == MBEDTLS_ENCRYPT ) + { + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + ret = mbedtls_test_rnd_pseudo_rand( &rnd_info, + temp_output_buffer, + 16 ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_set_iv( &cipher, temp_output_buffer, 16 ); + } + else + ret = mbedtls_cipher_set_iv( &cipher, input, 16 ); + + if( ret != 0 ) + goto exit; + + if( direction == MBEDTLS_ENCRYPT ) + { + ret = mbedtls_cipher_update( &cipher, + input, input_length, + &output[16], output_length ); + if( ret == 0 ) + { + memcpy( output, temp_output_buffer, 16 ); + *output_length += 16; + } + } + else + ret = mbedtls_cipher_update( &cipher, + &input[16], input_length - 16, + output, output_length ); + + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_finish( &cipher, + temp_output_buffer, + &temp_output_length ); + +exit: + if( ret != 0 ) + { + *output_length = 0; + memset(output, 0, output_size); + } + + mbedtls_cipher_free( &cipher ); + return( mbedtls_to_psa_error( ret ) ); + } } -psa_status_t test_transparent_cipher_decrypt( +psa_status_t test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - test_driver_cipher_hooks.hits++; - - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - if( output_size < test_driver_cipher_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; + return ( + test_transparent_cipher_oneshot( + MBEDTLS_ENCRYPT, + attributes, + key, key_length, + alg, + input, input_length, + output, output_size, output_length) ); +} - return( test_driver_cipher_hooks.forced_status ); +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + return ( + test_transparent_cipher_oneshot( + MBEDTLS_DECRYPT, + attributes, + key, key_length, + alg, + input, input_length, + output, output_size, output_length) ); } static psa_status_t test_transparent_cipher_setup( From 1f159871b13f389446158defa7e23b51d29f93d8 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 18:07:57 +0200 Subject: [PATCH 043/553] Add mock and negative testing to cipher driver Signed-off-by: Steven Cooreman --- src/drivers/cipher.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 2915fba68d..f9106d171c 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -296,6 +296,8 @@ psa_status_t test_transparent_cipher_decrypt_setup( psa_status_t test_transparent_cipher_abort( test_transparent_cipher_operation_t *operation) { + test_driver_cipher_hooks.hits++; + if( operation->alg == 0 ) return( PSA_SUCCESS ); if( operation->alg != PSA_ALG_CTR ) @@ -309,7 +311,6 @@ psa_status_t test_transparent_cipher_abort( * struct. */ memset( operation, 0, sizeof( *operation ) ); - test_driver_cipher_hooks.hits++; return( PSA_SUCCESS ); } @@ -325,6 +326,9 @@ psa_status_t test_transparent_cipher_generate_iv( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -356,6 +360,9 @@ psa_status_t test_transparent_cipher_set_iv( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -386,6 +393,9 @@ psa_status_t test_transparent_cipher_update( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -425,6 +435,9 @@ psa_status_t test_transparent_cipher_finish( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); From dd637f5333c88c7d83da751fee208f5f620b0f45 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 11 Sep 2020 11:44:50 +0200 Subject: [PATCH 044/553] Apply review feedback * Reworked the cipher context once again to be more robustly defined * Removed redundant memset * Unified behaviour on failure between driver and software in cipher_finish * Cipher test driver setup function now also returns early when its status is overridden, like the other test driver functions * Removed redundant test cases * Added bad-order checking to verify the driver doesn't get called where the spec says it won't. Signed-off-by: Steven Cooreman --- src/drivers/cipher.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index f9106d171c..fa7c6a9e7e 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -225,6 +225,10 @@ static psa_status_t test_transparent_cipher_setup( * struct. */ memset( operation, 0, sizeof( *operation ) ); + /* Allow overriding return value for testing purposes */ + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) @@ -258,10 +262,6 @@ static psa_status_t test_transparent_cipher_setup( operation->iv_required = 1; operation->key_set = 1; - /* Allow overriding return value for testing purposes */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - mbedtls_cipher_free( &operation->cipher ); - return( test_driver_cipher_hooks.forced_status ); } From eaaf42e5473f1b45ed7f932e3b94f10b5e1b34e5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 25 Sep 2020 10:45:06 +0200 Subject: [PATCH 045/553] Rework mbedtls_test_param_failed_get_state_buf() Rework mbedtls_test_param_failed_get_state_buf() and its documentation. Signed-off-by: Ronald Cron --- include/test/helpers.h | 18 ++++++++++++++---- src/helpers.c | 2 +- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 79a63fbd3a..6b423cd547 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -147,7 +147,7 @@ void mbedtls_test_param_failed_expect_call( void ); int mbedtls_test_param_failed_check_expected_call( void ); /** - * \brief Get a pointer to the object of type jmp_buf holding the execution + * \brief Get the address of the object of type jmp_buf holding the execution * state information used by mbedtls_param_failed() to do a long jump. * * \note If a call to mbedtls_param_failed() is not expected in the sense @@ -156,9 +156,19 @@ int mbedtls_test_param_failed_check_expected_call( void ); * execution to the state stored in the jmp_buf object whose address * is returned by the present function. * - * \note The returned pointer is of type void* as its type is opaque, - * implementation dependent (jmp_buf is an array type not the type of - * one element of an array). + * \note This function is intended to provide the parameter of the + * setjmp() function to set-up where mbedtls_param_failed() should + * long-jump if it has to. It is foreseen to be used as: + * + * setjmp( mbedtls_test_param_failed_get_state_buf() ). + * + * \note The type of the returned value is not jmp_buf as jmp_buf is an + * an array type (C specification) and a function cannot return an + * array type. + * + * \note The type of the returned value is not jmp_buf* as then the return + * value couldn't be used by setjmp(), as its parameter's type is + * jmp_buf. * * \return Address of the object of type jmp_buf holding the execution state * information used by mbedtls_param_failed() to do a long jump. diff --git a/src/helpers.c b/src/helpers.c index a963da974a..fff065a440 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -211,7 +211,7 @@ int mbedtls_test_param_failed_check_expected_call( void ) void* mbedtls_test_param_failed_get_state_buf( void ) { - return ¶m_failed_ctx.state[0]; + return ¶m_failed_ctx.state; } void mbedtls_test_param_failed_reset_state( void ) From d08778b8658650176d52b9c68fe0ddbd71b4f7c0 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 22 Sep 2020 06:54:01 -0700 Subject: [PATCH 046/553] Add support for PSA crypto driver size_function Updated get_expected_key_size in psa_crypto_driver_wrappers to properly handle using the new size_function from PSA crypto drivers. Created initial infrastructure to support size_function for the PSA crypto drivers. Signed-off-by: John Durkop --- include/test/drivers/size.h | 87 ++++++++++++++++++++++++++++++ include/test/drivers/test_driver.h | 1 + src/drivers/size.c | 47 ++++++++++++++++ 3 files changed, 135 insertions(+) create mode 100644 include/test/drivers/size.h create mode 100644 src/drivers/size.c diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h new file mode 100644 index 0000000000..4e5b5918e2 --- /dev/null +++ b/include/test/drivers/size.h @@ -0,0 +1,87 @@ +/* + * Test driver for context size functions + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + unsigned int context; +} test_driver_key_context_t; + +/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + * + * This macro returns the base size for the key context. It should include + * the size for any driver context information stored with each key. + */ +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t) + +/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE + * + * Number of bytes included in every key context for a key pair. + */ + +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + * + * Number of bytes included in every key context for a public key. + */ +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * + * Every key context for a symmetric key includes this many times the key size. + */ +#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY + * + * If this is true for a key pair, the key context includes space for the public key. + * If this is false, no additional space is added for the public key. + */ +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + * + * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver + * provides a size_function entry point, otherwise, it does not. + * + * Some opaque drivers have the need to support a custom size for the storage + * of key and context information. The size_function provides the ability to + * provide that customization. + */ +//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 7ee8e5eea3..ee5974217d 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -25,5 +25,6 @@ #include "test/drivers/signature.h" #include "test/drivers/keygen.h" #include "test/drivers/cipher.h" +#include "test/drivers/size.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/size.c b/src/drivers/size.c new file mode 100644 index 0000000000..05f8a986a0 --- /dev/null +++ b/src/drivers/size.c @@ -0,0 +1,47 @@ +/* + * Test driver for retrieving key context size. + * Only used by opaque drivers. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "psa_crypto_core.h" +#include "mbedtls/error.h" + +#include "test/drivers/size.h" + +#include + +#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ) +{ + (void) key_type; + (void) key_bits; + return 0; +} +#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 56777ca458927a24a14908e03520662d470e9e09 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 9 Oct 2020 07:06:29 -0700 Subject: [PATCH 047/553] Added specific key size values for a test driver Replaced generic values for the test driver with specific ones for a 256-bit ECC private/public key pair. Signed-off-by: John Durkop --- include/test/drivers/size.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h index 4e5b5918e2..831adbbd7e 100644 --- a/include/test/drivers/size.h +++ b/include/test/drivers/size.h @@ -38,20 +38,26 @@ typedef struct { * This macro returns the base size for the key context. It should include * the size for any driver context information stored with each key. */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t) +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) /** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE * * Number of bytes included in every key context for a key pair. + * + * This pair size is for an ECC 256-bit private/public key pair. + * Based on this value, the size of the private key can be derived by + * subtracting the public key size below from this one. */ -#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 0 +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 /** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE * * Number of bytes included in every key context for a public key. + * + * For ECC public keys, it needs 257 bits so 33 bytes. */ -#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 0 +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 /** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * @@ -63,8 +69,10 @@ typedef struct { * * If this is true for a key pair, the key context includes space for the public key. * If this is false, no additional space is added for the public key. + * + * For this instance, store the public key with the private one. */ -#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 0 +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 /** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION * From 4d8ca91568d3ec708d4486e32773db79ef6a19f1 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 19 Oct 2020 07:12:28 -0700 Subject: [PATCH 048/553] Updated value of expected key size when not using test_size_function The calculation of the expected key size when not using the test_size_function was not correct. The function has now been updated to handle all cases properly to ensure the expected key size is correct for key pairs, public keys, and symmetric keys. Cleaned up some comments and removed unused includes. Signed-off-by: John Durkop --- include/test/drivers/size.h | 6 +++--- src/drivers/size.c | 5 ----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h index 831adbbd7e..4bfe986a21 100644 --- a/include/test/drivers/size.h +++ b/include/test/drivers/size.h @@ -35,8 +35,8 @@ typedef struct { /** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE * - * This macro returns the base size for the key context. It should include - * the size for any driver context information stored with each key. + * This macro returns the base size for the key context. It is the size of the + * driver specific information stored in each key context. */ #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) @@ -92,4 +92,4 @@ size_t test_size_function( #endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/src/drivers/size.c b/src/drivers/size.c index 05f8a986a0..16a86922a6 100644 --- a/src/drivers/size.c +++ b/src/drivers/size.c @@ -25,14 +25,9 @@ #endif #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "mbedtls/error.h" #include "test/drivers/size.h" -#include - #ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION size_t test_size_function( const psa_key_type_t key_type, From bf106689babd8dd0b779243c56d95ab889321ef4 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 23 Oct 2020 00:51:52 -0700 Subject: [PATCH 049/553] Fixed test_psa_want_ecdsa_disabled_software to use proper macros Updated the test_psa_want_ecdsa_disabled_software to enable and disable the correct macros to accomplish the desired test. The previous version left out the disabling of additional macros to ensure items related to MBEDTLS_ECDSA_C were also unset. The test was also missing the setting of the accelerators MBEDTLS_PSA_ACCEL_ALG_ECDSA and DETERMINISTIC_ECDSA. With the accelerators enabled the test portion had to be temporarily disabled until the accelerator code is completed so the test will work properly. Updated the signature driver source to fix a compiler warning when MBEDTLS_ECDSA_C is unset. Signed-off-by: John Durkop --- src/drivers/signature.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 028d24a098..cea0351900 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -262,6 +262,8 @@ psa_status_t test_transparent_signature_verify_hash( (void) alg; (void) hash; (void) hash_length; + (void) signature; + (void) signature_length; #endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) */ From 85433d4e2fbd296a16c29b4feb8ff9fb02f3e679 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 13 Oct 2020 17:43:44 +0200 Subject: [PATCH 050/553] Implement, plug in and test validate_key driver entry point Signed-off-by: Steven Cooreman --- include/test/drivers/keygen.h | 7 ++- src/drivers/keygen.c | 112 +++++++++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 3 deletions(-) diff --git a/include/test/drivers/keygen.h b/include/test/drivers/keygen.h index b72c65c78c..e5a5e47001 100644 --- a/include/test/drivers/keygen.h +++ b/include/test/drivers/keygen.h @@ -1,5 +1,5 @@ /* - * Test driver for generating keys. + * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -57,5 +57,10 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); +psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/src/drivers/keygen.c b/src/drivers/keygen.c index f15a4bc9a4..84fc98a371 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/keygen.c @@ -1,6 +1,6 @@ /* - * Test driver for generating keys. - * Currently only supports generating ECC keys. + * Test driver for generating and verifying keys. + * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -122,4 +122,112 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits) +{ + ++test_driver_keygen_hooks.hits; + + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); + +#if defined(MBEDTLS_ECP_C) + psa_key_type_t type = psa_get_key_type( attributes ); + if ( PSA_KEY_TYPE_IS_ECC( type ) ) + { + // Code mostly copied from psa_load_ecp_representation + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); + mbedtls_ecp_group_id grp_id; + mbedtls_ecp_keypair ecp; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( *bits == 0 ) + { + // Attempt auto-detect of curve bit size + size_t curve_size = data_length; + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) && + PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY ) + { + /* A Weierstrass public key is represented as: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. + * So its data length is 2m+1 where n is the key size in bits. + */ + if( ( data_length & 1 ) == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + curve_size = data_length / 2; + + /* Montgomery public keys are represented in compressed format, meaning + * their curve_size is equal to the amount of input. */ + + /* Private keys are represented in uncompressed private random integer + * format, meaning their curve_size is equal to the amount of input. */ + } + + grp_id = mbedtls_ecc_group_of_psa( curve, curve_size ); + } + else + { + grp_id = mbedtls_ecc_group_of_psa( curve, + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + } + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + *bits = curve_info->bit_size; + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Load the key material. */ + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + /* Load the public value. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + data, + data_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Check that the point is on the curve. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_check_pubkey( &ecp.grp, &ecp.Q ) ); + } + else + { + /* Load and validate the secret value. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + data, + data_length ) ); + } + +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + return( PSA_ERROR_NOT_SUPPORTED ); +#else + (void) data; + (void) data_length; + (void) bits; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* MBEDTLS_ECP_C */ +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 9d83172468c93cc0ea6bdd9a2c9ebd1fca152234 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 23 Oct 2020 11:45:43 +0200 Subject: [PATCH 051/553] Rename 'keygen' to 'key management' Signed-off-by: Steven Cooreman --- .../drivers/{keygen.h => key_management.h} | 19 +++++----- include/test/drivers/signature.h | 2 +- include/test/drivers/test_driver.h | 2 +- src/drivers/{keygen.c => key_management.c} | 36 ++++++++++--------- 4 files changed, 32 insertions(+), 27 deletions(-) rename include/test/drivers/{keygen.h => key_management.h} (74%) rename src/drivers/{keygen.c => key_management.c} (85%) diff --git a/include/test/drivers/keygen.h b/include/test/drivers/key_management.h similarity index 74% rename from include/test/drivers/keygen.h rename to include/test/drivers/key_management.h index e5a5e47001..56f3ef82ef 100644 --- a/include/test/drivers/keygen.h +++ b/include/test/drivers/key_management.h @@ -17,8 +17,8 @@ * limitations under the License. */ -#ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H -#define PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H +#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -36,18 +36,19 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the keygen driver functions is called. */ + /* Count the amount of times one of the key management driver functions + * is called. */ unsigned long hits; -} test_driver_keygen_hooks_t; +} test_driver_key_management_hooks_t; -#define TEST_DRIVER_KEYGEN_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } -static inline test_driver_keygen_hooks_t test_driver_keygen_hooks_init( void ) +#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void ) { - const test_driver_keygen_hooks_t v = TEST_DRIVER_KEYGEN_INIT; + const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT; return( v ); } -extern test_driver_keygen_hooks_t test_driver_keygen_hooks; +extern test_driver_key_management_hooks_t test_driver_key_management_hooks; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, @@ -63,4 +64,4 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute size_t *bits); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index e41892e77a..8abcb111a7 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -36,7 +36,7 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the keygen driver functions is called. */ + /* Count the amount of times one of the signature driver functions is called. */ unsigned long hits; } test_driver_signature_hooks_t; diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index ee5974217d..f26b795dd4 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -23,7 +23,7 @@ #define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "test/drivers/signature.h" -#include "test/drivers/keygen.h" +#include "test/drivers/key_management.h" #include "test/drivers/cipher.h" #include "test/drivers/size.h" diff --git a/src/drivers/keygen.c b/src/drivers/key_management.c similarity index 85% rename from src/drivers/keygen.c rename to src/drivers/key_management.c index 84fc98a371..6ca03c6be8 100644 --- a/src/drivers/keygen.c +++ b/src/drivers/key_management.c @@ -30,30 +30,31 @@ #include "mbedtls/ecp.h" #include "mbedtls/error.h" -#include "test/drivers/keygen.h" +#include "test/drivers/key_management.h" #include "test/random.h" #include -test_driver_keygen_hooks_t test_driver_keygen_hooks = TEST_DRIVER_KEYGEN_INIT; +test_driver_key_management_hooks_t test_driver_key_management_hooks = + TEST_DRIVER_KEY_MANAGEMENT_INIT; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); - if( test_driver_keygen_hooks.forced_output != NULL ) + if( test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_keygen_hooks.forced_output_length > key_size ) + if( test_driver_key_management_hooks.forced_output_length > key_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, test_driver_keygen_hooks.forced_output, - test_driver_keygen_hooks.forced_output_length ); - *key_length = test_driver_keygen_hooks.forced_output_length; + memcpy( key, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *key_length = test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -62,9 +63,12 @@ psa_status_t test_transparent_generate_key( if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( psa_get_key_type( attributes ) ); + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( + psa_get_key_type( attributes ) ); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + mbedtls_ecc_group_of_psa( + curve, + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair ecp; @@ -127,10 +131,10 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute size_t data_length, size_t *bits) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); #if defined(MBEDTLS_ECP_C) psa_key_type_t type = psa_get_key_type( attributes ); @@ -154,7 +158,7 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where n is the key size in bits. + * So its data length is 2m+1 where m is the curve size in bits. */ if( ( data_length & 1 ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); From 2fbfa29ab5cf1a53b265aa10ad97b3ca4cf4e635 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Oct 2020 11:42:22 +0100 Subject: [PATCH 052/553] Address review comments * zero key buffer on failure * readability improvements * psa_finish_key_creation adjustment after removing import_key_into_slot Signed-off-by: Steven Cooreman --- src/drivers/key_management.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 6ca03c6be8..9bef4b6783 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -106,6 +106,10 @@ psa_status_t test_transparent_generate_key( { *key_length = bytes; } + else + { + memset( key, 0, bytes ); + } mbedtls_ecp_keypair_free( &ecp ); return( status ); @@ -146,7 +150,7 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute mbedtls_ecp_keypair ecp; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( *bits == 0 ) + if( psa_get_key_bits( attributes ) == 0 ) { // Attempt auto-detect of curve bit size size_t curve_size = data_length; From b432552b5c9c49442a71e8a05a8bdca06e07fc42 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Sat, 31 Oct 2020 22:06:54 -0700 Subject: [PATCH 053/553] Add feature support for RSA for PSA crypto config In the original attempt to add RSA support to PSA crypto config was too generic. This set of changes adds support for the following RSA features: PSA_WANT_ALG_RSA_PKCS1V15_CRYPT, PSA_WANT_ALG_RSA_PKCS1V15_SIGN, PSA_WANT_ALG_RSA_OAEP, PSA_WANT_ALG_RSA_PSS, PSA_WANT_KEY_TYPE_RSA_KEY_PAIR, and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY. There were also some updates to ensure the proper inclusion of PSA crypto library code when certain features are enabled. These updates were made to address warnings and errors in builds from the new tests for these features being added for PSA crypto configuration. Signed-off-by: John Durkop --- src/drivers/key_management.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 9bef4b6783..34eb614f92 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -43,6 +43,9 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { +#if !defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) && !defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) + (void)attributes; +#endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) @@ -59,7 +62,7 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { @@ -115,7 +118,7 @@ psa_status_t test_transparent_generate_key( return( status ); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ return( PSA_ERROR_NOT_SUPPORTED ); } From 0bfd45178d359bf12b62993dd261034f13395060 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Wed, 4 Nov 2020 12:28:15 -0800 Subject: [PATCH 054/553] Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop --- src/drivers/key_management.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 34eb614f92..a788934fa1 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -43,7 +43,8 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { -#if !defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) && !defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) (void)attributes; #endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; @@ -62,7 +63,8 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { @@ -118,7 +120,7 @@ psa_status_t test_transparent_generate_key( return( status ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ return( PSA_ERROR_NOT_SUPPORTED ); } @@ -143,7 +145,8 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( test_driver_key_management_hooks.forced_status ); -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) psa_key_type_t type = psa_get_key_type( attributes ); if ( PSA_KEY_TYPE_IS_ECC( type ) ) { @@ -234,11 +237,12 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute } return( PSA_ERROR_NOT_SUPPORTED ); #else + (void) attributes; (void) data; (void) data_length; (void) bits; return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 4021622bfb42cf9c397521d5ac34a58f7326d73c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 30 Oct 2020 11:54:03 +0100 Subject: [PATCH 055/553] psa: slot mgmt: Add unaccessed slots counter in stats Add a counter of unaccessed slots and use it in tests to check that at the end of PSA tests all key slot are unaccessed. Signed-off-by: Ronald Cron --- include/test/psa_crypto_helpers.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index c8013a1a8f..214ee87f3b 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -24,6 +24,7 @@ #include "test/psa_helpers.h" #include +#include static int test_helper_is_psa_pristine( int line, const char *file ) { @@ -40,6 +41,10 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; + else if( stats.unaccessed_slots != PSA_KEY_SLOT_COUNT ) + { + msg = "Some slots are still marked as accessed."; + } /* If the test has already failed, don't overwrite the failure * information. Do keep the stats lookup above, because it can be From 399844fcbea0856161d466dd24d7731899a33c78 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 10 Nov 2020 08:50:04 -0800 Subject: [PATCH 056/553] Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop --- src/drivers/key_management.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index a788934fa1..d6d75b3ed1 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -43,10 +43,11 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { -#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) && \ - !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) (void)attributes; -#endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR && + * !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) @@ -63,8 +64,8 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { @@ -120,7 +121,8 @@ psa_status_t test_transparent_generate_key( return( status ); } else -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ return( PSA_ERROR_NOT_SUPPORTED ); } @@ -145,8 +147,8 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( test_driver_key_management_hooks.forced_status ); -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) psa_key_type_t type = psa_get_key_type( attributes ); if ( PSA_KEY_TYPE_IS_ECC( type ) ) { @@ -242,7 +244,8 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute (void) data_length; (void) bits; return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From cb8e3afebf1a6ed568348d17b02493e733a44143 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Nov 2020 16:35:34 +0100 Subject: [PATCH 057/553] psa: Rename functions to get a key slot Rename functions to get a key slot: . to make their naming more consistent . to emphasize that those functions set a lock on the key slot they return to protect it from being wiped out and re-used while some part of the library is accessing it. Signed-off-by: Ronald Cron --- include/test/psa_crypto_helpers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 214ee87f3b..09171ae767 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -41,9 +41,9 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; - else if( stats.unaccessed_slots != PSA_KEY_SLOT_COUNT ) + else if( stats.unlocked_slots != PSA_KEY_SLOT_COUNT ) { - msg = "Some slots are still marked as accessed."; + msg = "Some slots are still marked as locked."; } /* If the test has already failed, don't overwrite the failure From 0637ced69680ba6a4c49f7500633c564e17ed1b0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 15 Nov 2020 14:21:04 +0100 Subject: [PATCH 058/553] psa stats: Count locked slots instead of unlocked ones Count locked slots and not unlocked ones to align with the other statistics counters. Signed-off-by: Ronald Cron --- include/test/psa_crypto_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 09171ae767..01b0547cf2 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -41,7 +41,7 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; - else if( stats.unlocked_slots != PSA_KEY_SLOT_COUNT ) + else if( stats.locked_slots != 0 ) { msg = "Some slots are still marked as locked."; } From 902c06508e58a924969d671c8f6e7802e34396c3 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 14 Oct 2020 14:39:20 +0200 Subject: [PATCH 059/553] Plug in the entry point for public key export through driver Including test. Signed-off-by: Steven Cooreman --- include/test/drivers/key_management.h | 19 ++++- src/drivers/key_management.c | 111 +++++++++++++++++++++++++- 2 files changed, 122 insertions(+), 8 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 56f3ef82ef..90f8c587c6 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -58,10 +58,21 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits); +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); + +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index d6d75b3ed1..d08969119a 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -137,10 +137,11 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits) +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ) { ++test_driver_key_management_hooks.hits; @@ -248,4 +249,106 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + ++test_driver_keygen_hooks.hits; + + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); + + if( test_driver_keygen_hooks.forced_output != NULL ) + { + if( test_driver_keygen_hooks.forced_output_length > data_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( data, test_driver_keygen_hooks.forced_output, + test_driver_keygen_hooks.forced_output_length ); + *data_length = test_driver_keygen_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + if( key == NULL || key_length == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + psa_key_type_t keytype = psa_get_key_type( attributes ); + +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( keytype ) ) + { + if( !PSA_KEY_TYPE_IS_KEY_PAIR( keytype ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Mostly copied from psa_crypto.c */ + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( keytype ), + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + if( grp_id == MBEDTLS_ECP_DP_NONE ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + key, + key_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Calculate the public key */ + status = mbedtls_to_psa_error( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_point_write_binary( &ecp.grp, &ecp.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + data_length, + data, + data_size ) ); + if( status != PSA_SUCCESS ) + memset( data, 0, data_size ); +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From d0690b434fe76208407286d0e8732d02ea002318 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 18:47:43 +0100 Subject: [PATCH 060/553] Rename test_driver_keygen to test_driver_key_management ``` perl -i -pe 's/test_driver_keygen/test_driver_key_management/g' tests/src/drivers/key_management.c tests/suites/test_suite_psa_crypto_driver_wrappers.function ``` Follow-up of 9d83172468c93cc0ea6bdd9a2c9ebd1fca152234 Signed-off-by: Gilles Peskine --- src/drivers/key_management.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index d08969119a..c79069b7a3 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -254,18 +254,18 @@ psa_status_t test_transparent_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); - if( test_driver_keygen_hooks.forced_output != NULL ) + if( test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_keygen_hooks.forced_output_length > data_size ) + if( test_driver_key_management_hooks.forced_output_length > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_keygen_hooks.forced_output, - test_driver_keygen_hooks.forced_output_length ); - *data_length = test_driver_keygen_hooks.forced_output_length; + memcpy( data, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *data_length = test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } From 264f736b8e18e2c6c021c7246355ed384a57a83c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 19:33:11 +0100 Subject: [PATCH 061/553] A variable is unused in some configurations Signed-off-by: Gilles Peskine --- src/drivers/key_management.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index c79069b7a3..00d2b45191 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -273,6 +273,7 @@ psa_status_t test_transparent_export_public_key( return( PSA_ERROR_INVALID_ARGUMENT ); psa_key_type_t keytype = psa_get_key_type( attributes ); + (void) keytype; #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) From 8790cd523a4412ce7b3ebd4e22d902b9a62cfaab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 13 Nov 2020 17:41:53 +0100 Subject: [PATCH 062/553] Create a file for PSA crypto test helpers Signed-off-by: Gilles Peskine --- src/psa_crypto_helpers.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 src/psa_crypto_helpers.c diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c new file mode 100644 index 0000000000..40877c7f76 --- /dev/null +++ b/src/psa_crypto_helpers.c @@ -0,0 +1,30 @@ +/** \file psa_crypto_helpers.c + * + * \brief Helper functions to test PSA crypto functionality. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include + +#endif /* MBEDTLS_PSA_CRYPTO_C */ From 73377959c5f6a250bbf41e42ffd63cdd3400f0c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 13 Nov 2020 18:47:18 +0100 Subject: [PATCH 063/553] Implement MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG Implement support for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. For test purposes, write an implementation that uses libc rand(). Signed-off-by: Gilles Peskine --- src/psa_crypto_helpers.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 40877c7f76..dacda683a2 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -27,4 +27,20 @@ #include +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#include + +psa_status_t mbedtls_psa_external_get_random( + mbedtls_psa_external_random_context_t *context, + uint8_t *output, size_t output_size, size_t *output_length ) +{ + /* This implementation is for test purposes only! + * Use the libc non-cryptographic random generator. */ + (void) context; + mbedtls_test_rnd_std_rand( NULL, output, output_size ); + *output_length = output_size; + return( PSA_SUCCESS ); +} +#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From ec8d9a640db749e9998c3eeff88e865c0c904023 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 17:07:05 +0100 Subject: [PATCH 064/553] Use mbedtls_test_ prefix on all PSA helper functions Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 01b0547cf2..9263a932cf 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -26,7 +26,7 @@ #include #include -static int test_helper_is_psa_pristine( int line, const char *file ) +static int mbedtls_test_helper_is_psa_pristine( int line, const char *file ) { mbedtls_psa_stats_t stats; const char *msg = NULL; @@ -60,21 +60,21 @@ static int test_helper_is_psa_pristine( int line, const char *file ) #define ASSERT_PSA_PRISTINE( ) \ do \ { \ - if( ! test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \ + if( ! mbedtls_test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \ goto exit; \ } \ while( 0 ) -static void test_helper_psa_done( int line, const char *file ) +static void mbedtls_test_helper_psa_done( int line, const char *file ) { - (void) test_helper_is_psa_pristine( line, file ); + (void) mbedtls_test_helper_is_psa_pristine( line, file ); mbedtls_psa_crypto_free( ); } /** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots * in use. */ -#define PSA_DONE( ) test_helper_psa_done( __LINE__, __FILE__ ) +#define PSA_DONE( ) mbedtls_test_helper_psa_done( __LINE__, __FILE__ ) @@ -84,10 +84,10 @@ static void test_helper_psa_done( int line, const char *file ) /** Name of the file where return statuses are logged by #RECORD_STATUS. */ #define STATUS_LOG_FILE_NAME "statuses.log" -static psa_status_t record_status( psa_status_t status, - const char *func, - const char *file, int line, - const char *expr ) +static psa_status_t mbedtls_test_record_status( psa_status_t status, + const char *func, + const char *file, int line, + const char *expr ) { /* We open the log file on first use. * We never close the log file, so the record_status feature is not @@ -125,7 +125,7 @@ static psa_status_t record_status( psa_status_t status, * \return The value of \p expr. */ #define RECORD_STATUS( string, expr ) \ - record_status( ( expr ), string, __FILE__, __LINE__, #expr ) + mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr ) #include "instrument_record_status.h" From b81a330f72cca712f56494cf04106059f0c75350 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 17:49:31 +0100 Subject: [PATCH 065/553] Remove now-redundant test result check Since 349eadc58faff851ee8dcbb43c702f0ddecfcbb8, test_fail() reports the first failure. So it's safe to call test_fail() again to report a cleanup failure when we don't want to potentially erase information about an earlier failure. The behavior of mbedtls_test_helper_is_psa_pristine() changes if test_info.result was neither TEST_RESULT_SUCCESS nor TEST_RESULT_FAILED, but this should not matter since a skipped test should not cause mbedtls_test_helper_is_psa_pristine() to fail. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 9263a932cf..e62bc04019 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -46,10 +46,7 @@ static int mbedtls_test_helper_is_psa_pristine( int line, const char *file ) msg = "Some slots are still marked as locked."; } - /* If the test has already failed, don't overwrite the failure - * information. Do keep the stats lookup above, because it can be - * convenient to break on it when debugging a failure. */ - if( msg != NULL && test_info.result == TEST_RESULT_SUCCESS ) + if( msg != NULL ) test_fail( msg, line, file ); return( msg == NULL ); From ab07944e84967ad8acb8667111a22ef3174f8ceb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 17:41:07 +0100 Subject: [PATCH 066/553] Refactor PSA test helpers: don't depend on test_info access Refactor some PSA test helper functions and macros to avoid depending on test_info and test_fail inside functions. These identifiers are only defined in helpers.function, so they're only available in test suites, and not in test helper modules (tests/src/*.c) which are also linked into example programs. This is in preparation for moving function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 60 +++++++++++++++---------------- 1 file changed, 28 insertions(+), 32 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index e62bc04019..361fbbb48a 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -26,52 +26,48 @@ #include #include -static int mbedtls_test_helper_is_psa_pristine( int line, const char *file ) +/** Check for things that have not been cleaned up properly in the + * PSA subsystem. + * + * \return NULL if nothing has leaked. + * \return A string literal explaining what has not been cleaned up + * if applicable. + */ +static const char *mbedtls_test_helper_is_psa_leaking( void ) { mbedtls_psa_stats_t stats; - const char *msg = NULL; mbedtls_psa_get_stats( &stats ); if( stats.volatile_slots != 0 ) - msg = "A volatile slot has not been closed properly."; - else if( stats.persistent_slots != 0 ) - msg = "A persistent slot has not been closed properly."; - else if( stats.external_slots != 0 ) - msg = "An external slot has not been closed properly."; - else if( stats.half_filled_slots != 0 ) - msg = "A half-filled slot has not been cleared properly."; - else if( stats.locked_slots != 0 ) - { - msg = "Some slots are still marked as locked."; - } - - if( msg != NULL ) - test_fail( msg, line, file ); - - return( msg == NULL ); + return( "A volatile slot has not been closed properly." ); + if( stats.persistent_slots != 0 ) + return( "A persistent slot has not been closed properly." ); + if( stats.external_slots != 0 ) + return( "An external slot has not been closed properly." ); + if( stats.half_filled_slots != 0 ) + return( "A half-filled slot has not been cleared properly." ); + if( stats.locked_slots != 0 ) + return( "Some slots are still marked as locked." ); + + return( NULL ); } /** Check that no PSA Crypto key slots are in use. */ -#define ASSERT_PSA_PRISTINE( ) \ - do \ - { \ - if( ! mbedtls_test_helper_is_psa_pristine( __LINE__, __FILE__ ) ) \ - goto exit; \ - } \ - while( 0 ) - -static void mbedtls_test_helper_psa_done( int line, const char *file ) -{ - (void) mbedtls_test_helper_is_psa_pristine( line, file ); - mbedtls_psa_crypto_free( ); -} +#define ASSERT_PSA_PRISTINE( ) \ + TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) ) /** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots * in use. */ -#define PSA_DONE( ) mbedtls_test_helper_psa_done( __LINE__, __FILE__ ) +#define PSA_DONE( ) \ + do \ + { \ + ASSERT_PSA_PRISTINE( ); \ + mbedtls_psa_crypto_free( ); \ + } \ + while( 0 ) From 1c86e01a3c802df8b742b85296f8c9c29b033485 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 17:34:30 +0100 Subject: [PATCH 067/553] Refactor PSA test helpers: move function definitions from .h to .c Move function definitions from psa_crypto_helpers.h to psa_crypto_helpers.c. No behavior change. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 44 ++++--------------------------- src/psa_crypto_helpers.c | 42 +++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 39 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 361fbbb48a..f44a292453 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -33,25 +33,7 @@ * \return A string literal explaining what has not been cleaned up * if applicable. */ -static const char *mbedtls_test_helper_is_psa_leaking( void ) -{ - mbedtls_psa_stats_t stats; - - mbedtls_psa_get_stats( &stats ); - - if( stats.volatile_slots != 0 ) - return( "A volatile slot has not been closed properly." ); - if( stats.persistent_slots != 0 ) - return( "A persistent slot has not been closed properly." ); - if( stats.external_slots != 0 ) - return( "An external slot has not been closed properly." ); - if( stats.half_filled_slots != 0 ) - return( "A half-filled slot has not been cleared properly." ); - if( stats.locked_slots != 0 ) - return( "Some slots are still marked as locked." ); - - return( NULL ); -} +const char *mbedtls_test_helper_is_psa_leaking( void ); /** Check that no PSA Crypto key slots are in use. */ @@ -72,26 +54,10 @@ static const char *mbedtls_test_helper_is_psa_leaking( void ) #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) -#include - -/** Name of the file where return statuses are logged by #RECORD_STATUS. */ -#define STATUS_LOG_FILE_NAME "statuses.log" - -static psa_status_t mbedtls_test_record_status( psa_status_t status, - const char *func, - const char *file, int line, - const char *expr ) -{ - /* We open the log file on first use. - * We never close the log file, so the record_status feature is not - * compatible with resource leak detectors such as Asan. - */ - static FILE *log; - if( log == NULL ) - log = fopen( STATUS_LOG_FILE_NAME, "a" ); - fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr ); - return( status ); -} +psa_status_t mbedtls_test_record_status( psa_status_t status, + const char *func, + const char *file, int line, + const char *expr ); /** Return value logging wrapper macro. * diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index dacda683a2..499f4b3280 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -22,11 +22,53 @@ #include #include +#include #if defined(MBEDTLS_PSA_CRYPTO_C) #include +const char *mbedtls_test_helper_is_psa_leaking( void ) +{ + mbedtls_psa_stats_t stats; + + mbedtls_psa_get_stats( &stats ); + + if( stats.volatile_slots != 0 ) + return( "A volatile slot has not been closed properly." ); + if( stats.persistent_slots != 0 ) + return( "A persistent slot has not been closed properly." ); + if( stats.external_slots != 0 ) + return( "An external slot has not been closed properly." ); + if( stats.half_filled_slots != 0 ) + return( "A half-filled slot has not been cleared properly." ); + if( stats.locked_slots != 0 ) + return( "Some slots are still marked as locked." ); + + return( NULL ); +} + +#if defined(RECORD_PSA_STATUS_COVERAGE_LOG) +/** Name of the file where return statuses are logged by #RECORD_STATUS. */ +#define STATUS_LOG_FILE_NAME "statuses.log" + +psa_status_t mbedtls_test_record_status( psa_status_t status, + const char *func, + const char *file, int line, + const char *expr ) +{ + /* We open the log file on first use. + * We never close the log file, so the record_status feature is not + * compatible with resource leak detectors such as Asan. + */ + static FILE *log; + if( log == NULL ) + log = fopen( STATUS_LOG_FILE_NAME, "a" ); + fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr ); + return( status ); +} +#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ + #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include From 4a28ea12a3bc78ae84405b2d0d36c4e6b7aeda7f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 18:39:12 +0100 Subject: [PATCH 068/553] Disable the insecure PSA test RNG by default To reduce the risk of people accidentally using the test implementation of mbedtls_psa_external_get_random(), which is insecure, require the user to explicitly call mbedtls_test_enable_insecure_external_rng() first. Disabling the test implementation of mbedtls_psa_external_get_random() will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, which will be added in a subsequent commit. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 26 ++++++++++++++++++++++++++ src/psa_crypto_helpers.c | 18 +++++++++++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index f44a292453..3e60a9b651 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -53,6 +53,32 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +/** Enable the insecure implementation of mbedtls_psa_external_get_random(). + * + * The insecure implementation of mbedtls_psa_external_get_random() is + * disabled by default. + * + * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test + * helpers are linked into a program, you must enable this before any code + * that uses the PSA subsystem to generate random data (including internal + * random generation for purposes such as blinding when the random generation + * is routed through PSA). + * + * You can enable and disable it at any time, regardless of the state + * of the PSA subsystem. You may disable it temporarily to simulate a + * depleted entropy source. + */ +void mbedtls_test_enable_insecure_external_rng( void ); + +/** Disable the insecure implementation of mbedtls_psa_external_get_random(). + * + * See mbedtls_test_enable_insecure_external_rng(). + */ +void mbedtls_test_disable_insecure_external_rng( void ); +#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + + #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) psa_status_t mbedtls_test_record_status( psa_status_t status, const char *func, diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 499f4b3280..00098574ec 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -72,13 +72,29 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include +static int test_insecure_external_rng_enabled = 0; + +void mbedtls_test_enable_insecure_external_rng( void ) +{ + test_insecure_external_rng_enabled = 1; +} + +void mbedtls_test_disable_insecure_external_rng( void ) +{ + test_insecure_external_rng_enabled = 0; +} + psa_status_t mbedtls_psa_external_get_random( mbedtls_psa_external_random_context_t *context, uint8_t *output, size_t output_size, size_t *output_length ) { + (void) context; + + if( !test_insecure_external_rng_enabled ) + return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + /* This implementation is for test purposes only! * Use the libc non-cryptographic random generator. */ - (void) context; mbedtls_test_rnd_std_rand( NULL, output, output_size ); *output_length = output_size; return( PSA_SUCCESS ); From 7c00255b2de5562ca68241df8ef70e3e84adacc5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Jan 2021 20:47:16 +0100 Subject: [PATCH 069/553] Don't call TEST_ASSERT in PSA_DONE TEST_ASSERT jumps to the exit label, so it must not be called from cleanup code executed after the exit label. It's legitimate (and indeed very common) to call PSA_DONE in cleanup code, so PSA_DONE must not jump to exit. Define an auxiliary function test_fail_if_psa_leaking() that calls test_fail() with the error message provided by mbedtls_test_helper_is_psa_leaking(). This function currently needs to be in helpers.function rather than in a PSA-specific helper file because it calls test_fail which is defined in helpers.function. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 3e60a9b651..b8eb4aa5d4 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -36,19 +36,29 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); /** Check that no PSA Crypto key slots are in use. + * + * If any slots are in use, mark the current test as failed and jump to + * the exit label. This is equivalent to + * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` + * but with a more informative message. */ -#define ASSERT_PSA_PRISTINE( ) \ - TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) ) +#define ASSERT_PSA_PRISTINE( ) \ + do \ + { \ + if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \ + goto exit; \ + } \ + while( 0 ) /** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots * in use. */ -#define PSA_DONE( ) \ - do \ - { \ - ASSERT_PSA_PRISTINE( ); \ - mbedtls_psa_crypto_free( ); \ - } \ +#define PSA_DONE( ) \ + do \ + { \ + test_fail_if_psa_leaking( __LINE__, __FILE__ ); \ + mbedtls_psa_crypto_free( ); \ + } \ while( 0 ) @@ -60,8 +70,8 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); * disabled by default. * * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test - * helpers are linked into a program, you must enable this before any code - * that uses the PSA subsystem to generate random data (including internal + * helpers are linked into a program, you must enable this before running any + * code that uses the PSA subsystem to generate random data (including internal * random generation for purposes such as blinding when the random generation * is routed through PSA). * From b3fbcc1e7064de1f70e2dbee6f57bb4156f9036d Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 20 Jan 2021 15:56:42 +0000 Subject: [PATCH 070/553] Move helper testing functions to tests/src/helpers.c Moves the functions `test_fail`, `test_set_step`, `test_skip` and the struct `test_info` from `tests/suites/helpers.function` to `tests/src/helpers.*`. This is done to open these functions up to the API where they can be used by other functions in the 'src' test infrastructure module. As the functions are now contained within the src folder of the testing infrastructure, the `mbedtls_` prefix has been added to the functions. Signed-off-by: Chris Jones --- include/test/helpers.h | 32 ++++++++++++++++++++++++++++++++ src/helpers.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 2c7b179abb..8d31048a7b 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -49,9 +49,41 @@ #include #include +typedef enum +{ + TEST_RESULT_SUCCESS = 0, + TEST_RESULT_FAILED, + TEST_RESULT_SKIPPED +} test_result_t; + +typedef struct +{ + test_result_t result; + const char *test; + const char *filename; + int line_no; + unsigned long step; +} +test_info_t; +extern test_info_t test_info; + int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); +void mbedtls_test_fail( const char *test, int line_no, const char* filename ); + +/** Set the test step number for failure reports. + * + * Call this function to display "step NNN" in addition to the line number + * and file name if a test fails. Typically the "step number" is the index + * of a for loop but it can be whatever you want. + * + * \param step The step number to report. + */ +void mbedtls_test_set_step( unsigned long step ); + +void mbedtls_test_skip( const char *test, int line_no, const char* filename ); + /** * \brief This function decodes the hexadecimal representation of * data. diff --git a/src/helpers.c b/src/helpers.c index a18f1d4b83..a2f9c3f346 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -44,6 +44,8 @@ static param_failed_ctx_t param_failed_ctx; static mbedtls_platform_context platform_ctx; #endif +test_info_t test_info; + /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -77,6 +79,33 @@ static int ascii2uc(const char c, unsigned char *uc) return( 0 ); } +void mbedtls_test_fail( const char *test, int line_no, const char* filename ) +{ + if( test_info.result == TEST_RESULT_FAILED ) + { + /* We've already recorded the test as having failed. Don't + * overwrite any previous information about the failure. */ + return; + } + test_info.result = TEST_RESULT_FAILED; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; +} + +void mbedtls_test_set_step( unsigned long step ) +{ + test_info.step = step; +} + +void mbedtls_test_skip( const char *test, int line_no, const char* filename ) +{ + test_info.result = TEST_RESULT_SKIPPED; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; +} + int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, const char *ibuf, From 7ce74798b6a5b0529fb16e6c0204796d90d37d3c Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 20 Jan 2021 17:51:47 +0000 Subject: [PATCH 071/553] Add `mbedtls_` prefix to all public names in `helpers.h` Adds the `mbedtls_` prefix to `test_result_t` and `test_info` and updates any references to them. This is to follow the naming convention as these are now declared in a public namespace. Signed-off-by: Chris Jones --- include/test/helpers.h | 14 +++++++------- src/helpers.c | 22 +++++++++++----------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 8d31048a7b..2ca85d479c 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -51,21 +51,21 @@ typedef enum { - TEST_RESULT_SUCCESS = 0, - TEST_RESULT_FAILED, - TEST_RESULT_SKIPPED -} test_result_t; + MBEDTLS_TEST_RESULT_SUCCESS = 0, + MBEDTLS_TEST_RESULT_FAILED, + MBEDTLS_TEST_RESULT_SKIPPED +} mbedtls_test_result_t; typedef struct { - test_result_t result; + mbedtls_test_result_t result; const char *test; const char *filename; int line_no; unsigned long step; } -test_info_t; -extern test_info_t test_info; +mbedtls_test_info_t; +extern mbedtls_test_info_t mbedtls_test_info; int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); diff --git a/src/helpers.c b/src/helpers.c index a2f9c3f346..9bfd7e0478 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -44,7 +44,7 @@ static param_failed_ctx_t param_failed_ctx; static mbedtls_platform_context platform_ctx; #endif -test_info_t test_info; +mbedtls_test_info_t mbedtls_test_info; /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -81,29 +81,29 @@ static int ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail( const char *test, int line_no, const char* filename ) { - if( test_info.result == TEST_RESULT_FAILED ) + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return; } - test_info.result = TEST_RESULT_FAILED; - test_info.test = test; - test_info.line_no = line_no; - test_info.filename = filename; + mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED; + mbedtls_test_info.test = test; + mbedtls_test_info.line_no = line_no; + mbedtls_test_info.filename = filename; } void mbedtls_test_set_step( unsigned long step ) { - test_info.step = step; + mbedtls_test_info.step = step; } void mbedtls_test_skip( const char *test, int line_no, const char* filename ) { - test_info.result = TEST_RESULT_SKIPPED; - test_info.test = test; - test_info.line_no = line_no; - test_info.filename = filename; + mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; + mbedtls_test_info.test = test; + mbedtls_test_info.line_no = line_no; + mbedtls_test_info.filename = filename; } int mbedtls_test_unhexify( unsigned char *obuf, From 1c48f08a2896fde2ac992128e49a18afd36faa15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jan 2021 20:02:01 +0100 Subject: [PATCH 072/553] Move the fake PSA external RNG to its own header and source files Move the declaration of the functions needed to use the test implementation of mbedtls_psa_external_get_random() to a new header file. Before, they were declared in tests/include/test/psa_crypto_helpers.h, but this header file can't be included in sample programs because it also includes headers from the library directory which is not on the include path for sample programs. This fixes the build of the sample programs when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_USE_PSA_CRYPTO are enabled. Move the implementation of the functions to a separate .c file as well. This isn't strictly necessary, but makes the structure of the source code easier to understand. Signed-off-by: Gilles Peskine --- include/test/fake_external_rng_for_test.h | 56 +++++++++++++++++++++++ include/test/helpers.h | 4 ++ include/test/psa_crypto_helpers.h | 26 ----------- src/fake_external_rng_for_test.c | 56 +++++++++++++++++++++++ src/psa_crypto_helpers.c | 32 ------------- 5 files changed, 116 insertions(+), 58 deletions(-) create mode 100644 include/test/fake_external_rng_for_test.h create mode 100644 src/fake_external_rng_for_test.c diff --git a/include/test/fake_external_rng_for_test.h b/include/test/fake_external_rng_for_test.h new file mode 100644 index 0000000000..faeef22e86 --- /dev/null +++ b/include/test/fake_external_rng_for_test.h @@ -0,0 +1,56 @@ +/* + * Insecure but standalone implementation of mbedtls_psa_external_get_random(). + * Only for use in tests! + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H +#define FAKE_EXTERNAL_RNG_FOR_TEST_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +/** Enable the insecure implementation of mbedtls_psa_external_get_random(). + * + * The insecure implementation of mbedtls_psa_external_get_random() is + * disabled by default. + * + * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test + * helpers are linked into a program, you must enable this before running any + * code that uses the PSA subsystem to generate random data (including internal + * random generation for purposes such as blinding when the random generation + * is routed through PSA). + * + * You can enable and disable it at any time, regardless of the state + * of the PSA subsystem. You may disable it temporarily to simulate a + * depleted entropy source. + */ +void mbedtls_test_enable_insecure_external_rng( void ); + +/** Disable the insecure implementation of mbedtls_psa_external_get_random(). + * + * See mbedtls_test_enable_insecure_external_rng(). + */ +void mbedtls_test_disable_insecure_external_rng( void ); +#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ + +#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */ diff --git a/include/test/helpers.h b/include/test/helpers.h index 2c7b179abb..ce8a1e2857 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -190,4 +190,8 @@ void* mbedtls_test_param_failed_get_state_buf( void ); void mbedtls_test_param_failed_reset_state( void ); #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#include "test/fake_external_rng_for_test.h" +#endif + #endif /* TEST_HELPERS_H */ diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index b8eb4aa5d4..b97263d590 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -63,32 +63,6 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -/** Enable the insecure implementation of mbedtls_psa_external_get_random(). - * - * The insecure implementation of mbedtls_psa_external_get_random() is - * disabled by default. - * - * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test - * helpers are linked into a program, you must enable this before running any - * code that uses the PSA subsystem to generate random data (including internal - * random generation for purposes such as blinding when the random generation - * is routed through PSA). - * - * You can enable and disable it at any time, regardless of the state - * of the PSA subsystem. You may disable it temporarily to simulate a - * depleted entropy source. - */ -void mbedtls_test_enable_insecure_external_rng( void ); - -/** Disable the insecure implementation of mbedtls_psa_external_get_random(). - * - * See mbedtls_test_enable_insecure_external_rng(). - */ -void mbedtls_test_disable_insecure_external_rng( void ); -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - - #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) psa_status_t mbedtls_test_record_status( psa_status_t status, const char *func, diff --git a/src/fake_external_rng_for_test.c b/src/fake_external_rng_for_test.c new file mode 100644 index 0000000000..98b3fe0610 --- /dev/null +++ b/src/fake_external_rng_for_test.c @@ -0,0 +1,56 @@ +/** \file psa_crypto_helpers.c + * + * \brief Helper functions to test PSA crypto functionality. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#include +#include + +static int test_insecure_external_rng_enabled = 0; + +void mbedtls_test_enable_insecure_external_rng( void ) +{ + test_insecure_external_rng_enabled = 1; +} + +void mbedtls_test_disable_insecure_external_rng( void ) +{ + test_insecure_external_rng_enabled = 0; +} + +psa_status_t mbedtls_psa_external_get_random( + mbedtls_psa_external_random_context_t *context, + uint8_t *output, size_t output_size, size_t *output_length ) +{ + (void) context; + + if( !test_insecure_external_rng_enabled ) + return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + + /* This implementation is for test purposes only! + * Use the libc non-cryptographic random generator. */ + mbedtls_test_rnd_std_rand( NULL, output, output_size ); + *output_length = output_size; + return( PSA_SUCCESS ); +} +#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 00098574ec..cb79a225c1 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -69,36 +69,4 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, } #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#include - -static int test_insecure_external_rng_enabled = 0; - -void mbedtls_test_enable_insecure_external_rng( void ) -{ - test_insecure_external_rng_enabled = 1; -} - -void mbedtls_test_disable_insecure_external_rng( void ) -{ - test_insecure_external_rng_enabled = 0; -} - -psa_status_t mbedtls_psa_external_get_random( - mbedtls_psa_external_random_context_t *context, - uint8_t *output, size_t output_size, size_t *output_length ) -{ - (void) context; - - if( !test_insecure_external_rng_enabled ) - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); - - /* This implementation is for test purposes only! - * Use the libc non-cryptographic random generator. */ - mbedtls_test_rnd_std_rand( NULL, output, output_size ); - *output_length = output_size; - return( PSA_SUCCESS ); -} -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ From eea172857ee533087f246ffdfff916f746c49bb3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 22 Nov 2020 14:02:39 +0100 Subject: [PATCH 073/553] psa: Move from validate_key to import_key entry point In the course of the development of the PSA unified driver interface, the validate_key entry point for opaque drivers has been removed and replaced by an import_key entry point. This commit takes into account this change of specification. Signed-off-by: Ronald Cron --- include/test/drivers/key_management.h | 15 +++++++++------ src/drivers/key_management.c | 7 +++++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 90f8c587c6..7811fb439d 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -58,12 +58,6 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -psa_status_t test_transparent_validate_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits); - psa_status_t test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -74,5 +68,14 @@ psa_status_t test_opaque_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ); +psa_status_t test_transparent_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 00d2b45191..ab3210b71c 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -137,11 +137,14 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_transparent_validate_key( +psa_status_t test_transparent_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, - size_t *bits ) + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits) { ++test_driver_key_management_hooks.hits; From 382e21c7ce2e18f8decf9b39c6a22ee993787e26 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 26 Nov 2020 15:16:05 +0100 Subject: [PATCH 074/553] psa: Call export software implementation as a driver Signed-off-by: Ronald Cron --- include/test/drivers/key_management.h | 5 +++++ src/drivers/key_management.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 7811fb439d..9d51758151 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -58,6 +58,11 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); +psa_status_t test_opaque_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + psa_status_t test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index ab3210b71c..76d2b3fee3 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -252,6 +252,19 @@ psa_status_t test_transparent_import_key( * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } +psa_status_t test_opaque_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} psa_status_t test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, From 8e344689b529e1f2d6351b9ebcdfeb6356bcc053 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 26 Nov 2020 19:19:10 +0100 Subject: [PATCH 075/553] psa: Add ECP/RSA transparent test driver export_public_key entry point Add ECP/RSA transparent test driver export_public_key entry point and use it in the transparent test driver supporting both ECP and RSA. Signed-off-by: Ronald Cron --- src/drivers/key_management.c | 93 ++++++++++++------------------------ 1 file changed, 31 insertions(+), 62 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 76d2b3fee3..aef3b89399 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -27,6 +27,8 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_ecp.h" +#include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -265,9 +267,10 @@ psa_status_t test_opaque_export_key( (void) data_length; return( PSA_ERROR_NOT_SUPPORTED ); } + psa_status_t test_transparent_export_public_key( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) { ++test_driver_key_management_hooks.hits; @@ -285,73 +288,39 @@ psa_status_t test_transparent_export_public_key( return( PSA_SUCCESS ); } - if( key == NULL || key_length == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - psa_key_type_t keytype = psa_get_key_type( attributes ); - (void) keytype; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_type_t key_type = psa_get_key_type( attributes ); #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_ECC( keytype ) ) + if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { - if( !PSA_KEY_TYPE_IS_KEY_PAIR( keytype ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - /* Mostly copied from psa_crypto.c */ - mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_keypair ecp; - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - - if( attributes->domain_parameters_size != 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - - grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( keytype ), - PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); - if( grp_id == MBEDTLS_ECP_DP_NONE ) - return( PSA_ERROR_NOT_SUPPORTED ); - - mbedtls_ecp_keypair_init( &ecp ); - - status = mbedtls_to_psa_error( - mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - if( status != PSA_SUCCESS ) - goto ecp_exit; - - status = mbedtls_to_psa_error( - mbedtls_ecp_read_key( ecp.grp.id, - &ecp, - key, - key_length ) ); - if( status != PSA_SUCCESS ) - goto ecp_exit; - - /* Calculate the public key */ - status = mbedtls_to_psa_error( - mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) ); - if( status != PSA_SUCCESS ) - goto ecp_exit; - - status = mbedtls_to_psa_error( - mbedtls_ecp_point_write_binary( &ecp.grp, &ecp.Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - data_length, - data, - data_size ) ); - if( status != PSA_SUCCESS ) - memset( data, 0, data_size ); -ecp_exit: - mbedtls_ecp_keypair_free( &ecp ); - return( status ); + status = mbedtls_transparent_test_driver_ecp_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ); + } + else +#endif +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( key_type ) ) + { + status = mbedtls_transparent_test_driver_rsa_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ); + } + else +#endif + { + status = PSA_ERROR_NOT_SUPPORTED; + (void)key_buffer; + (void)key_buffer_size; + (void)key_type; } -#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || - * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( status ); } psa_status_t test_opaque_export_public_key( From f44e126825e7871be57cbd8efebc74f3c3e23c58 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 30 Nov 2020 13:55:05 +0100 Subject: [PATCH 076/553] psa: Add ECP/RSA transparent test driver import_key entry point Add ECP/RSA transparent test driver import_key entry point and use it in the transparent test driver entry supporting both ECP and RSA. Signed-off-by: Ronald Cron --- src/drivers/key_management.c | 130 ++++++++++------------------------- 1 file changed, 35 insertions(+), 95 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index aef3b89399..98990d1084 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -153,105 +153,45 @@ psa_status_t test_transparent_import_key( if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( test_driver_key_management_hooks.forced_status ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_type_t type = psa_get_key_type( attributes ); + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) - psa_key_type_t type = psa_get_key_type( attributes ); - if ( PSA_KEY_TYPE_IS_ECC( type ) ) + if( PSA_KEY_TYPE_IS_ECC( type ) ) { - // Code mostly copied from psa_load_ecp_representation - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); - mbedtls_ecp_group_id grp_id; - mbedtls_ecp_keypair ecp; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - if( psa_get_key_bits( attributes ) == 0 ) - { - // Attempt auto-detect of curve bit size - size_t curve_size = data_length; - - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) && - PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY ) - { - /* A Weierstrass public key is represented as: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where m is the curve size in bits. - */ - if( ( data_length & 1 ) == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - curve_size = data_length / 2; - - /* Montgomery public keys are represented in compressed format, meaning - * their curve_size is equal to the amount of input. */ - - /* Private keys are represented in uncompressed private random integer - * format, meaning their curve_size is equal to the amount of input. */ - } - - grp_id = mbedtls_ecc_group_of_psa( curve, curve_size ); - } - else - { - grp_id = mbedtls_ecc_group_of_psa( curve, - PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); - } - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( grp_id ); - - if( attributes->domain_parameters_size != 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - *bits = curve_info->bit_size; - - mbedtls_ecp_keypair_init( &ecp ); - - status = mbedtls_to_psa_error( - mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - if( status != PSA_SUCCESS ) - goto ecp_exit; - - /* Load the key material. */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) - { - /* Load the public value. */ - status = mbedtls_to_psa_error( - mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - data, - data_length ) ); - if( status != PSA_SUCCESS ) - goto ecp_exit; - - /* Check that the point is on the curve. */ - status = mbedtls_to_psa_error( - mbedtls_ecp_check_pubkey( &ecp.grp, &ecp.Q ) ); - } - else - { - /* Load and validate the secret value. */ - status = mbedtls_to_psa_error( - mbedtls_ecp_read_key( ecp.grp.id, - &ecp, - data, - data_length ) ); - } - -ecp_exit: - mbedtls_ecp_keypair_free( &ecp ); - return( status ); + status = mbedtls_transparent_test_driver_ecp_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ); } - return( PSA_ERROR_NOT_SUPPORTED ); -#else - (void) attributes; - (void) data; - (void) data_length; - (void) bits; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || - * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + else +#endif +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + { + status = mbedtls_transparent_test_driver_rsa_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ); + } + else +#endif + { + status = PSA_ERROR_NOT_SUPPORTED; + (void)data; + (void)data_length; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; + (void)bits; + (void)type; + } + + return( status ); } psa_status_t test_opaque_export_key( From 65471c12e166812c4f58995173a3fe4d7bb0d31f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 1 Dec 2020 09:35:17 +0100 Subject: [PATCH 077/553] tests: psa: Change key management test driver default forced return value Change key management test driver default forced return value from PSA_ERROR_NOT_SUPPORTED to PSA_SUCCESS to be able to run the PSA unit tests with the cryptographic key management operations being handled by the transparent test driver. Signed-off-by: Ronald Cron --- include/test/drivers/key_management.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 9d51758151..b30baa2052 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -41,7 +41,7 @@ typedef struct { unsigned long hits; } test_driver_key_management_hooks_t; -#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void ) { const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT; From c8330523a1a7f2f4c4e105a9808211dc6904b4d2 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 2 Feb 2021 16:20:45 +0000 Subject: [PATCH 078/553] Remove direct writing to `test_info` from `*.function` Add a new function `mbedtls_test_info_reset()` to remove direct writes to `mbedtls_test_info`. This change still allows values to be read directly however all writes are now done inside of `helpers.c`. Also slightly reordered code to make it easier to read. Signed-off-by: Chris Jones --- include/test/helpers.h | 3 ++- src/helpers.c | 19 ++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 2ca85d479c..258c6bae4d 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -71,6 +71,7 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); void mbedtls_test_fail( const char *test, int line_no, const char* filename ); +void mbedtls_test_skip( const char *test, int line_no, const char* filename ); /** Set the test step number for failure reports. * @@ -82,7 +83,7 @@ void mbedtls_test_fail( const char *test, int line_no, const char* filename ); */ void mbedtls_test_set_step( unsigned long step ); -void mbedtls_test_skip( const char *test, int line_no, const char* filename ); +void mbedtls_test_info_reset( void ); /** * \brief This function decodes the hexadecimal representation of diff --git a/src/helpers.c b/src/helpers.c index 9bfd7e0478..e323275e5f 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -93,11 +93,6 @@ void mbedtls_test_fail( const char *test, int line_no, const char* filename ) mbedtls_test_info.filename = filename; } -void mbedtls_test_set_step( unsigned long step ) -{ - mbedtls_test_info.step = step; -} - void mbedtls_test_skip( const char *test, int line_no, const char* filename ) { mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; @@ -106,6 +101,20 @@ void mbedtls_test_skip( const char *test, int line_no, const char* filename ) mbedtls_test_info.filename = filename; } +void mbedtls_test_set_step( unsigned long step ) +{ + mbedtls_test_info.step = step; +} + +void mbedtls_test_info_reset( void ) +{ + mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; + mbedtls_test_info.step = (unsigned long)( -1 ); + mbedtls_test_info.test = 0; + mbedtls_test_info.line_no = 0; + mbedtls_test_info.filename = 0; +} + int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, const char *ibuf, From dbf8a0522450d0f2a6cda1bd7db74c1274460ba6 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 3 Feb 2021 12:07:01 +0000 Subject: [PATCH 079/553] Add documentation and minor style changes Add doxygen style documentation to `mbedtls_test_fail`, `mbedtls_test_skip`, `mbedtls_test_set_step` and `mbedtls_test_info_reset`. This should make it easier to understand how the test infrastructure is used. Also make some minor style changes to meet the coding standards and make it more obvious that `mbedtls_test_info.step` was being incremented. Signed-off-by: Chris Jones --- include/test/helpers.h | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 258c6bae4d..50d07fca63 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -70,19 +70,42 @@ extern mbedtls_test_info_t mbedtls_test_info; int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); +/** + * \brief Record the given, usually current, test as a failure. + * + * \param test Name of the test to fail. + * \param line_no Line number where the failure originated. + * \param filename Filename where the failure originated. + */ void mbedtls_test_fail( const char *test, int line_no, const char* filename ); + +/** + * \brief Record the given, usually current, test as skipped. + * + * \param test Name of the test to skip. + * \param line_no Line number where the test skipped. + * \param filename Filename where the test skipped. + */ void mbedtls_test_skip( const char *test, int line_no, const char* filename ); -/** Set the test step number for failure reports. +/** + * \brief Set the test step number for failure reports. * - * Call this function to display "step NNN" in addition to the line number - * and file name if a test fails. Typically the "step number" is the index - * of a for loop but it can be whatever you want. + * \note Call this function to display "step NNN" in addition to the + * line number and file name if a test fails. Typically the "step + * number" is the index of a for loop but it can be whatever you + * want. * * \param step The step number to report. */ void mbedtls_test_set_step( unsigned long step ); +/** + * \brief Reset mbedtls_test_info to a ready/starting state. + * + * \note Clears the test, line_no, filename, step and result from any + * previously stored values and initialises them ready to be used. + */ void mbedtls_test_info_reset( void ); /** From d0f8d7de6b348d7f38f4874d1507465657b6f605 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 3 Feb 2021 16:15:00 +0000 Subject: [PATCH 080/553] Improve test infrastructure documentation Clarify the function descriptions for several test infrastructure functions. Signed-off-by: Chris Jones --- include/test/helpers.h | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 50d07fca63..59260d9025 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -71,27 +71,40 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); /** - * \brief Record the given, usually current, test as a failure. + * \brief Record the current test case as a failure. * - * \param test Name of the test to fail. + * This function can be called directly however it is usually + * called via macros such as TEST_ASSERT, TEST_EQUAL, + * PSA_ASSERT, etc... + * + * \note If the test case was already marked as failed, calling + * `mbedtls_test_fail( )` again will not overwrite any + * previous information about the failure. + * + * \param test Description of the failure or assertion that failed. This + * MUST be a string literal. * \param line_no Line number where the failure originated. * \param filename Filename where the failure originated. */ void mbedtls_test_fail( const char *test, int line_no, const char* filename ); /** - * \brief Record the given, usually current, test as skipped. + * \brief Record the current test case as skipped. * - * \param test Name of the test to skip. - * \param line_no Line number where the test skipped. - * \param filename Filename where the test skipped. + * This function can be called directly however it is usually + * called via the TEST_ASSUME macro. + * + * \param test Description of the assumption that caused the test case to + * be skipped. This MUST be a string literal. + * \param line_no Line number where the test case was skipped. + * \param filename Filename where the test case was skipped. */ void mbedtls_test_skip( const char *test, int line_no, const char* filename ); /** * \brief Set the test step number for failure reports. * - * \note Call this function to display "step NNN" in addition to the + * Call this function to display "step NNN" in addition to the * line number and file name if a test fails. Typically the "step * number" is the index of a for loop but it can be whatever you * want. @@ -102,9 +115,6 @@ void mbedtls_test_set_step( unsigned long step ); /** * \brief Reset mbedtls_test_info to a ready/starting state. - * - * \note Clears the test, line_no, filename, step and result from any - * previously stored values and initialises them ready to be used. */ void mbedtls_test_info_reset( void ); From 595970bbc2e4d0ee87ddf8877358d886f285db52 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 27 Jan 2021 15:44:45 +0100 Subject: [PATCH 081/553] ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED Attempting to create an ECC key with a curve specification that is not valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may be a curve specification, but not one I support"). The choice of error is somewhat subjective. Before this commit, due to happenstance in the implementation, an attempt to use a curve that is declared in the PSA API but not implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas an attempt to use a curve that Mbed TLS supports but for which support was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This inconsistency made it difficult to write negative tests that could work whether the curve is implemented via Mbed TLS code or via a driver. After this commit, any attempt to use parameters that are not recognized fails with NOT_SUPPORTED, whether a curve with the specified size might plausibly exist or not, because "might plausibly exist" is not something Mbed TLS can determine. To keep returning INVALID_ARGUMENT when importing an ECC key with an explicit "bits" attribute that is inconsistent with the size of the key material, this commit changes the way mbedtls_ecc_group_of_psa() works: it now works on a size in bits rather than bytes, with an extra flag indicating whether the bit-size must be exact or not. Signed-off-by: Gilles Peskine --- src/drivers/key_management.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 98990d1084..be6a814925 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -76,7 +76,7 @@ psa_status_t test_transparent_generate_key( mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve, - PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + psa_get_key_bits( attributes ), 0 ); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair ecp; From eeb5af00ec9a07fa2a96a9a07c939c6b062d2d28 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 9 Feb 2021 12:09:33 +0000 Subject: [PATCH 082/553] Move test macros to macros.h Move test macros previously located in `suites/helpers.function` to `include/test/macros.h`. This makes these test infrastructure macros available for use in other parts of the test infrastructure at compile time as opposed to run time. This commit is a simple cut and paste from one file to the other. Signed-off-by: Chris Jones --- include/test/macros.h | 263 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 263 insertions(+) diff --git a/include/test/macros.h b/include/test/macros.h index f404780703..6930a5dc6e 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -51,6 +51,269 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +/** + * \brief This macro tests the expression passed to it as a test step or + * individual test in a test case. + * + * It allows a library function to return a value and return an error + * code that can be tested. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test + * failure. + * + * This macro is not suitable for negative parameter validation tests, + * as it assumes the test step will not create an error. + * + * Failing the test means: + * - Mark this test case as failed. + * - Print a message identifying the failure. + * - Jump to the \c exit label. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param TEST The test expression to be tested. + */ +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) + +/** Evaluate two expressions and fail the test case if they have different + * values. + * + * \param expr1 An expression to evaluate. + * \param expr2 The expected value of \p expr1. This can be any + * expression, but it is typically a constant. + */ +#define TEST_EQUAL( expr1, expr2 ) \ + TEST_ASSERT( ( expr1 ) == ( expr2 ) ) + +/** Allocate memory dynamically and fail the test case if this fails. + * The allocated memory will be filled with zeros. + * + * You must set \p pointer to \c NULL before calling this macro and + * put `mbedtls_free( pointer )` in the test's cleanup code. + * + * If \p length is zero, the resulting \p pointer will be \c NULL. + * This is usually what we want in tests since API functions are + * supposed to accept null pointers when a buffer size is zero. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param length Number of elements to allocate. + * This expression may be evaluated multiple times. + * + */ +#define ASSERT_ALLOC( pointer, length ) \ + do \ + { \ + TEST_ASSERT( ( pointer ) == NULL ); \ + if( ( length ) != 0 ) \ + { \ + ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ + ( length ) ); \ + TEST_ASSERT( ( pointer ) != NULL ); \ + } \ + } \ + while( 0 ) + +/** Allocate memory dynamically. If the allocation fails, skip the test case. + * + * This macro behaves like #ASSERT_ALLOC, except that if the allocation + * fails, it marks the test as skipped rather than failed. + */ +#define ASSERT_ALLOC_WEAK( pointer, length ) \ + do \ + { \ + TEST_ASSERT( ( pointer ) == NULL ); \ + if( ( length ) != 0 ) \ + { \ + ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ + ( length ) ); \ + TEST_ASSUME( ( pointer ) != NULL ); \ + } \ + } \ + while( 0 ) + +/** Compare two buffers and fail the test case if they differ. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param p1 Pointer to the start of the first buffer. + * \param size1 Size of the first buffer in bytes. + * This expression may be evaluated multiple times. + * \param p2 Pointer to the start of the second buffer. + * \param size2 Size of the second buffer in bytes. + * This expression may be evaluated multiple times. + */ +#define ASSERT_COMPARE( p1, size1, p2, size2 ) \ + do \ + { \ + TEST_ASSERT( ( size1 ) == ( size2 ) ); \ + if( ( size1 ) != 0 ) \ + TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \ + } \ + while( 0 ) + +/** + * \brief This macro tests the expression passed to it and skips the + * running test if it doesn't evaluate to 'true'. + * + * \param TEST The test expression to be tested. + */ +#define TEST_ASSUME( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + mbedtls_test_skip( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) + +#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will fail + * and will generate an error. + * + * It allows a library function to return a value and tests the return + * code on return to confirm the given error code was returned. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the + * expected failure, and the test will pass. + * + * This macro is intended for negative parameter validation tests, + * where the failing function may return an error value or call + * MBEDTLS_PARAM_FAILED() to indicate the error. + * + * \param PARAM_ERROR_VALUE The expected error code. + * + * \param TEST The test expression to be tested. + */ +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + mbedtls_test_param_failed_expect_call( ); \ + if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \ + ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + mbedtls_test_param_failed_check_expected_call( ); \ + } while( 0 ) + +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will fail + * and will generate an error. + * + * It assumes the library function under test cannot return a value and + * assumes errors can only be indicated byt calls to + * MBEDTLS_PARAM_FAILED(). + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the + * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test + * can be made. + * + * This macro is intended for negative parameter validation tests, + * where the failing function can only return an error by calling + * MBEDTLS_PARAM_FAILED() to indicate the error. + * + * \param TEST The test expression to be tested. + */ +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \ + sizeof( jmp_tmp ) ); \ + if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \ + { \ + TEST; \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + mbedtls_test_param_failed_reset_state( ); \ + } while( 0 ) +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ + +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will not fail. + * + * It assumes the library function under test cannot return a value and + * assumes errors can only be indicated by calls to + * MBEDTLS_PARAM_FAILED(). + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the + * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test + * can be made. + * + * This macro is intended to test that functions returning void + * accept all of the parameter values they're supposed to accept - eg + * that they don't call MBEDTLS_PARAM_FAILED() when a parameter + * that's allowed to be NULL happens to be NULL. + * + * Note: for functions that return something other that void, + * checking that they accept all the parameters they're supposed to + * accept is best done by using TEST_ASSERT() and checking the return + * value as well. + * + * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is + * disabled, as it makes sense to check that the functions accept all + * legal values even if this option is disabled - only in that case, + * the test is more about whether the function segfaults than about + * whether it invokes MBEDTLS_PARAM_FAILED(). + * + * \param TEST The test expression to be tested. + */ +#define TEST_VALID_PARAM( TEST ) \ + TEST_ASSERT( ( TEST, 1 ) ); + +/** Allocate memory dynamically and fail the test case if this fails. + * + * You must set \p pointer to \c NULL before calling this macro and + * put `mbedtls_free( pointer )` in the test's cleanup code. + * + * If \p length is zero, the resulting \p pointer will be \c NULL. + * This is usually what we want in tests since API functions are + * supposed to accept null pointers when a buffer size is zero. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param length Number of elements to allocate. + * This expression may be evaluated multiple times. + * + */ +#define ASSERT_ALLOC( pointer, length ) \ + do \ + { \ + TEST_ASSERT( ( pointer ) == NULL ); \ + if( ( length ) != 0 ) \ + { \ + ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ + ( length ) ); \ + TEST_ASSERT( ( pointer ) != NULL ); \ + } \ + } \ + while( 0 ) + #define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ From 868d0df98137efa4ee9ae94b987ec175f164c779 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Feb 2021 20:35:42 +0100 Subject: [PATCH 083/553] tests: psa: Add macros to skip a test case Add macros to skip a test case when hitting a common alternative implementation limitation. Add a macro for AES-192 and GCM with a nonce length different from 12 bytes. Signed-off-by: Ronald Cron --- include/test/psa_crypto_helpers.h | 83 +++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index b97263d590..df3bc0e08a 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -21,6 +21,7 @@ #ifndef PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H +#include "test/helpers.h" #include "test/psa_helpers.h" #include @@ -100,4 +101,86 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ +/** Skip a test case if the given key is an 192 bits AES key and the AES + * implementation is at least partially an alternative implementation. + * + * Call this macro in a test case when a cryptography operation that may + * involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error + * code to skip and not fail the test case in case the operation involves an + * 192 bits AES key and the AES implementation is at least partially an + * alternative implementation. + * + * Hardware AES implementations are likely to not support 192 bits keys. + * Consequently, PSA test cases aim at not failing when an AES operation with + * an 192 bits key performed by an alternative AES implementation returns + * with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro + * is to facilitate this and make the related code more readable. + * + * \param key_type Key type + * \param key_bits Key length in number of bits. + */ +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_TEST_HAVE_ALT_AES 1 +#else +#define MBEDTLS_TEST_HAVE_ALT_AES 0 +#endif + +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \ + do \ + { \ + if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \ + ( ( key_type ) == PSA_KEY_TYPE_AES ) && \ + ( key_bits == 192 ) ) \ + { \ + mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + while( 0 ) + +/** Skip a test case in case of a GCM operation with a nonce length different + * from 12 bytes. + * + * Call this macro in a test case when an AEAD cryptography operation that + * may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error + * code to skip and not fail the test case in case the operation involves the + * GCM mode, a nonce with a length different from 12 bytes and the GCM mode + * implementation is an alternative one. + * + * Hardware GCM implementations are likely to not support nonce lengths + * different from 12 are those imply additional computations involving the + * GHASH function. Consequently, PSA test cases aim at not failing when an + * AEAD operation in GCM mode with a nonce length different from 12 bytes + * performed by an alternative GCM implementation returns with the + * PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to + * facilitate this and make the related code more readable. + * + * \param alg The AEAD algorithm. + * \param nonce_length The nonce length in number of bytes. + */ + +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#define MBEDTLS_TEST_HAVE_ALT_GCM 1 +#else +#define MBEDTLS_TEST_HAVE_ALT_GCM 0 +#endif + +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \ + nonce_length ) \ + do \ + { \ + if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \ + ( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \ + PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \ + ( ( nonce_length ) != 12 ) ) \ + { \ + mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + while( 0 ) + #endif /* PSA_CRYPTO_HELPERS_H */ From 2d0ed1be100af97ce448d25a27c938a1e6c53555 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 10 Feb 2021 17:02:05 +0100 Subject: [PATCH 084/553] Minor fixup of SKIP_IF test macro documentation verbiage Signed-off-by: Steven Cooreman --- include/test/psa_crypto_helpers.h | 56 ++++++++++++++++--------------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index df3bc0e08a..2439ab3377 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -101,20 +101,21 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ -/** Skip a test case if the given key is an 192 bits AES key and the AES - * implementation is at least partially an alternative implementation. - * - * Call this macro in a test case when a cryptography operation that may - * involve an AES operation returns with the PSA_ERROR_NOT_SUPPORTED error - * code to skip and not fail the test case in case the operation involves an - * 192 bits AES key and the AES implementation is at least partially an +/** Skip a test case if the given key is a 192 bits AES key and the AES + * implementation is at least partially provided by an accelerator or * alternative implementation. * - * Hardware AES implementations are likely to not support 192 bits keys. + * Call this macro in a test case when a cryptographic operation that may + * involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code. + * The macro call will skip and not fail the test case in case the operation + * involves a 192 bits AES key and the AES implementation is at least + * partially provided by an accelerator or alternative implementation. + * + * Hardware AES implementations not supporting 192 bits keys commonly exist. * Consequently, PSA test cases aim at not failing when an AES operation with - * an 192 bits key performed by an alternative AES implementation returns - * with the PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro - * is to facilitate this and make the related code more readable. + * a 192 bits key performed by an alternative AES implementation returns + * with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro + * is to facilitate this and make the test case code more readable. * * \param key_type Key type * \param key_bits Key length in number of bits. @@ -140,27 +141,28 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, } \ while( 0 ) -/** Skip a test case in case of a GCM operation with a nonce length different - * from 12 bytes. +/** Skip a test case if a GCM operation with a nonce length different from + * 12 bytes fails and was performed by an accelerator or alternative + * implementation. * * Call this macro in a test case when an AEAD cryptography operation that - * may involve the GCM mode returns with the PSA_ERROR_NOT_SUPPORTED error - * code to skip and not fail the test case in case the operation involves the - * GCM mode, a nonce with a length different from 12 bytes and the GCM mode - * implementation is an alternative one. + * may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error + * code. The macro call will skip and not fail the test case in case the + * operation involves the GCM mode, a nonce with a length different from + * 12 bytes and the GCM mode implementation is an alternative one. * - * Hardware GCM implementations are likely to not support nonce lengths - * different from 12 are those imply additional computations involving the - * GHASH function. Consequently, PSA test cases aim at not failing when an - * AEAD operation in GCM mode with a nonce length different from 12 bytes - * performed by an alternative GCM implementation returns with the - * PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro is to - * facilitate this and make the related code more readable. + * Hardware GCM implementations not supporting nonce lengths different from + * 12 bytes commonly exist, as supporting a non-12-byte nonce requires + * additional computations involving the GHASH function. + * Consequently, PSA test cases aim at not failing when an AEAD operation in + * GCM mode with a nonce length different from 12 bytes is performed by an + * alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED + * error code. The purpose of this macro is to facilitate this check and make + * the test case code more readable. * - * \param alg The AEAD algorithm. - * \param nonce_length The nonce length in number of bytes. + * \param alg The AEAD algorithm. + * \param nonce_length The nonce length in number of bytes. */ - #if defined(MBEDTLS_GCM_ALT) || \ defined(MBEDTLS_PSA_ACCEL_ALG_GCM) #define MBEDTLS_TEST_HAVE_ALT_GCM 1 From 9823a4a3fbe5bbd5d483f13420de55eb9fe9985e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Dec 2020 11:36:46 +0100 Subject: [PATCH 085/553] Rename AEAD tag length macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This brings them in line with PSA Crypto API 1.0.0 PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG PSA_ALG_AEAD_WITH_TAG_LENGTH -> PSA_ALG_AEAD_WITH_SHORTENED_TAG Signed-off-by: Bence Szépkúti --- include/test/psa_crypto_helpers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 2439ab3377..b7dc4b5ea3 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -175,8 +175,8 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, do \ { \ if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \ - ( PSA_ALG_AEAD_WITH_TAG_LENGTH( ( alg ) , 0 ) == \ - PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ) ) && \ + ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( ( alg ) , 0 ) == \ + PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) && \ ( ( nonce_length ) != 12 ) ) \ { \ mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \ From e4ae8aa24d62095cbc7a7c60816158048dfc1d0a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 6 Nov 2020 09:38:35 +0100 Subject: [PATCH 086/553] Add RSA key generation support to the transparent test driver Signed-off-by: Ronald Cron --- src/drivers/key_management.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index be6a814925..46af648f8c 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -45,11 +45,6 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) - (void)attributes; -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR && - * !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) @@ -125,7 +120,17 @@ psa_status_t test_transparent_generate_key( else #endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ - return( PSA_ERROR_NOT_SUPPORTED ); + +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) + if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) + return( mbedtls_transparent_test_driver_rsa_generate_key( + attributes, key, key_size, key_length ) ); + else +#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ + { + (void)attributes; + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t test_opaque_generate_key( From c0fca0974e347b2f0e004fa4fb0ad15741fedf1c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 20 Nov 2020 19:42:24 +0100 Subject: [PATCH 087/553] Add ECP transparent test driver generate_key entry point Add ECP transparent test driver generate_key entry point and use it in the transparent test driver. Signed-off-by: Ronald Cron --- src/drivers/key_management.c | 58 +++--------------------------------- 1 file changed, 4 insertions(+), 54 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 46af648f8c..10a40c37d3 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -61,65 +61,15 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( - psa_get_key_type( attributes ) ); - mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( - curve, - psa_get_key_bits( attributes ), 0 ); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( grp_id ); - mbedtls_ecp_keypair ecp; - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( attributes->domain_parameters_size != 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != psa_get_key_bits( attributes ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - mbedtls_ecp_keypair_init( &ecp ); - ret = mbedtls_ecp_gen_key( grp_id, &ecp, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ); - if( ret != 0 ) - { - mbedtls_ecp_keypair_free( &ecp ); - return( mbedtls_to_psa_error( ret ) ); - } - - /* Make sure to use export representation */ - size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ); - if( key_size < bytes ) - { - mbedtls_ecp_keypair_free( &ecp ); - return( PSA_ERROR_BUFFER_TOO_SMALL ); - } - psa_status_t status = mbedtls_to_psa_error( - mbedtls_mpi_write_binary( &ecp.d, key, bytes ) ); - - if( status == PSA_SUCCESS ) - { - *key_length = bytes; - } - else - { - memset( key, 0, bytes ); - } - - mbedtls_ecp_keypair_free( &ecp ); - return( status ); + return( mbedtls_transparent_test_driver_ecp_generate_key( + attributes, key, key_size, key_length ) ); } else -#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || - * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */ #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) From 6fc2e8961f3c70dc7d404642a77f80490b3048ce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Feb 2021 20:59:39 +0100 Subject: [PATCH 088/553] The PSA external RNG does not require MBEDTLS_USE_PSA_CRYPTO The dependency is on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG plus MBEDTLS_PSA_CRYPTO_C. MBEDTLS_USE_PSA_CRYPTO is irrelevant. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index ce8a1e2857..9da2cdb1c4 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -190,7 +190,7 @@ void* mbedtls_test_param_failed_get_state_buf( void ); void mbedtls_test_param_failed_reset_state( void ); #endif /* MBEDTLS_CHECK_PARAMS */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" #endif From 5cf5acc779f95207737e462b1c04e21c27268f22 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 15:18:01 +0100 Subject: [PATCH 089/553] psa: Add RSA sign/verify hash support to the transparent test driver Signed-off-by: Ronald Cron --- src/drivers/signature.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/drivers/signature.c b/src/drivers/signature.c index cea0351900..78b7ff9938 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" #include "test/drivers/signature.h" @@ -66,6 +67,19 @@ psa_status_t test_transparent_signature_sign_hash( psa_status_t status = PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { + return( mbedtls_transparent_test_driver_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) @@ -178,6 +192,19 @@ psa_status_t test_transparent_signature_verify_hash( psa_status_t status = PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) + { + return( mbedtls_transparent_test_driver_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) From ae2431a54faa02339aa9959a1d9b253c59d19847 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 09:35:33 +0100 Subject: [PATCH 090/553] psa: Rework ECDSA sign/verify support in the transparent test driver Signed-off-by: Ronald Cron --- src/drivers/signature.c | 231 ++++++++++++---------------------------- 1 file changed, 67 insertions(+), 164 deletions(-) diff --git a/src/drivers/signature.c b/src/drivers/signature.c index 78b7ff9938..47c6debc5b 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" @@ -45,7 +46,7 @@ test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_S psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) @@ -65,8 +66,6 @@ psa_status_t test_transparent_signature_sign_hash( return( PSA_SUCCESS ); } - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -77,86 +76,48 @@ psa_status_t test_transparent_signature_sign_hash( alg, hash, hash_length, signature, signature_size, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); + if( +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + PSA_ALG_IS_ECDSA( alg ) +#else + PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) +#endif + ) + { + return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); - - /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ - mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; - if( signature_size < 2 * curve_bytes ) + else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, - hash, hash_length, md_alg ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); - if( status == PSA_SUCCESS ) - *signature_length = 2 * curve_bytes; -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_sign_hash( @@ -175,12 +136,13 @@ psa_status_t test_opaque_signature_sign_hash( (void) signature; (void) signature_size; (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) @@ -190,8 +152,6 @@ psa_status_t test_transparent_signature_verify_hash( if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( test_driver_signature_verify_hooks.forced_status ); - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -202,99 +162,42 @@ psa_status_t test_transparent_signature_verify_hash( alg, hash, hash_length, signature, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); + if( PSA_ALG_IS_ECDSA( alg ) ) + { + return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - - /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ - if( signature_length < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); - - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) ); - } + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, - &ecp.Q, &r, &s ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t test_opaque_signature_verify_hash( From 6ea18542443319ca6f48ef92d4a000e8ba329304 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 17:49:22 +0100 Subject: [PATCH 091/553] tests: psa: Change test driver default forced return value Change signature test driver default forced return value from PSA_ERROR_NOT_SUPPORTED to PSA_SUCCESS to be able to run the PSA unit tests with hash signature and signature verification being handled by the transparent test driver. Signed-off-by: Ronald Cron --- include/test/drivers/signature.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 8abcb111a7..e785151254 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -40,7 +40,7 @@ typedef struct { unsigned long hits; } test_driver_signature_hooks_t; -#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) { const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; From 41764fee750be8570b9b818f4d3811cd5cdc0caf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Feb 2021 21:00:11 +0100 Subject: [PATCH 092/553] Make {USE_,}PSA_{INIT,DONE} available in all test suites Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use those in preference to having explicit defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places left where using the new macros would be better). Also provide PSA_INIT() by symmetry with PSA_DONE(), functional whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index b7dc4b5ea3..30bb20f077 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -22,11 +22,20 @@ #define PSA_CRYPTO_HELPERS_H #include "test/helpers.h" + +#if defined(MBEDTLS_PSA_CRYPTO_C) + #include "test/psa_helpers.h" #include #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" +#endif + +#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) + /** Check for things that have not been cleaned up properly in the * PSA subsystem. * @@ -185,4 +194,29 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, } \ while( 0 ) +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +/** \def USE_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO + * is enabled and do nothing otherwise. If the initialization fails, mark + * the test case as failed and jump to the \p exit label. + */ +/** \def USE_PSA_DONE + * + * Call this macro at the end of a test case if you called #USE_PSA_INIT. + * This is like #PSA_DONE, except that it does nothing if + * #MBEDTLS_USE_PSA_CRYPTO is disabled. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define USE_PSA_INIT( ) PSA_INIT( ) +#define USE_PSA_DONE( ) PSA_DONE( ) +#else /* MBEDTLS_USE_PSA_CRYPTO */ +/* Define empty macros so that we can use them in the preamble and teardown + * of every test function that uses PSA conditionally based on + * MBEDTLS_USE_PSA_CRYPTO. */ +#define USE_PSA_INIT( ) ( (void) 0 ) +#define USE_PSA_DONE( ) ( (void) 0 ) +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ + #endif /* PSA_CRYPTO_HELPERS_H */ From d0f45ebae037369e75e8c56362fd2801ea08b575 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Jan 2021 21:17:11 +0100 Subject: [PATCH 093/553] Mutex usage testing: set up wrapper functions When using pthread mutexes (MBEDTLS_THREADING_C and MBEDTLS_THREADING_PTHREAD enabled), and when test hooks are enabled (MBEDTLS_TEST_HOOKS), set up wrappers around the mbedtls_mutex_xxx abstraction. In this commit, the wrapper functions don't do anything yet. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 9 ++++++ src/threading_helpers.c | 69 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 src/threading_helpers.c diff --git a/include/test/helpers.h b/include/test/helpers.h index 928c636075..aa0370166f 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -260,4 +260,13 @@ void mbedtls_test_param_failed_reset_state( void ); #include "test/fake_external_rng_for_test.h" #endif +#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ + defined(MBEDTLS_TEST_HOOKS) +#define MBEDTLS_TEST_MUTEX_USAGE + +/** Permanently activate the mutex usage verification framework. See + * threading_helpers.c for information. */ +void mbedtls_test_mutex_usage_init( void ); +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + #endif /* TEST_HELPERS_H */ diff --git a/src/threading_helpers.c b/src/threading_helpers.c new file mode 100644 index 0000000000..d1ac542f9b --- /dev/null +++ b/src/threading_helpers.c @@ -0,0 +1,69 @@ +/** Mutex usage verification framework. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) + +#include "mbedtls/threading.h" + +typedef struct +{ + void (*init)( mbedtls_threading_mutex_t * ); + void (*free)( mbedtls_threading_mutex_t * ); + int (*lock)( mbedtls_threading_mutex_t * ); + int (*unlock)( mbedtls_threading_mutex_t * ); +} mutex_functions_t; +static mutex_functions_t mutex_functions; + +static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex ) +{ + mutex_functions.init( mutex ); +} + +static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex ) +{ + mutex_functions.free( mutex ); +} + +static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex ) +{ + int ret = mutex_functions.lock( mutex ); + return( ret ); +} + +static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex ) +{ + return( mutex_functions.unlock( mutex ) ); +} + +void mbedtls_test_mutex_usage_init( void ) +{ + mutex_functions.init = mbedtls_mutex_init; + mutex_functions.free = mbedtls_mutex_free; + mutex_functions.lock = mbedtls_mutex_lock; + mutex_functions.unlock = mbedtls_mutex_unlock; + mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init; + mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free; + mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock; + mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; +} + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ From 66d63cf9695343e90fba27019a33945344701f27 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Jan 2021 21:18:09 +0100 Subject: [PATCH 094/553] Detect and report mutex usage errors If the mutex usage verification framework is enabled and it detects a mutex usage error, report this error and mark the test as failed. This detects most usage errors, but not all cases of using uninitialized memory (which is impossible in full generality) and not leaks due to missing free (which will be handled in a subsequent commit). Signed-off-by: Gilles Peskine --- include/test/helpers.h | 17 ++++-- src/threading_helpers.c | 118 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 130 insertions(+), 5 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index aa0370166f..c3a844b600 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -31,6 +31,11 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ + defined(MBEDTLS_TEST_HOOKS) +#define MBEDTLS_TEST_MUTEX_USAGE +#endif + #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -63,6 +68,9 @@ typedef struct const char *filename; int line_no; unsigned long step; +#if defined(MBEDTLS_TEST_MUTEX_USAGE) + const char *mutex_usage_error; +#endif } mbedtls_test_info_t; extern mbedtls_test_info_t mbedtls_test_info; @@ -260,13 +268,14 @@ void mbedtls_test_param_failed_reset_state( void ); #include "test/fake_external_rng_for_test.h" #endif -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ - defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_TEST_MUTEX_USAGE - +#if defined(MBEDTLS_TEST_MUTEX_USAGE) /** Permanently activate the mutex usage verification framework. See * threading_helpers.c for information. */ void mbedtls_test_mutex_usage_init( void ); + +/** Call this function after executing a test case to check for mutex usage + * errors. */ +void mbedtls_test_mutex_usage_check( void ); #endif /* MBEDTLS_TEST_MUTEX_USAGE */ #endif /* TEST_HELPERS_H */ diff --git a/src/threading_helpers.c b/src/threading_helpers.c index d1ac542f9b..3a58bc731f 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -24,6 +24,48 @@ #include "mbedtls/threading.h" +/** Mutex usage verification framework. + * + * The mutex usage verification code below aims to detect bad usage of + * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely + * about the use of the mutex itself, not about checking whether the mutex + * correctly protects whatever it is supposed to protect. + * + * The normal usage of a mutex is: + * ``` + * digraph mutex_states { + * "UNINITIALIZED"; // the initial state + * "IDLE"; + * "FREED"; + * "LOCKED"; + * "UNINITIALIZED" -> "IDLE" [label="init"]; + * "FREED" -> "IDLE" [label="init"]; + * "IDLE" -> "LOCKED" [label="lock"]; + * "LOCKED" -> "IDLE" [label="unlock"]; + * "IDLE" -> "FREED" [label="free"]; + * } + * ``` + * + * All bad transitions that can be unambiguously detected are reported. + * An attempt to use an uninitialized mutex cannot be detected in general + * since the memory content may happen to denote a valid state. For the same + * reason, a double init cannot be detected. + * All-bits-zero is the state of a freed mutex, which is distinct from an + * initialized mutex, so attempting to use zero-initialized memory as a mutex + * without calling the init function is detected. + * + * If an error is detected, this framework will report what happened and the + * test case will be marked as failed. Unfortunately, the error report cannot + * indicate the exact location of the problematic call. To locate the error, + * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). + */ +enum value_of_mutex_is_valid +{ + MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread + MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock + MUTEX_LOCKED = 2, //!< Set by our lock +}; + typedef struct { void (*init)( mbedtls_threading_mutex_t * ); @@ -33,6 +75,19 @@ typedef struct } mutex_functions_t; static mutex_functions_t mutex_functions; +static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex, + const char *msg ) +{ + (void) mutex; + if( mbedtls_test_info.mutex_usage_error == NULL ) + mbedtls_test_info.mutex_usage_error = msg; + mbedtls_fprintf( stdout, "[mutex: %s] ", msg ); + /* Don't mark the test as failed yet. This way, if the test fails later + * for a functional reason, the test framework will report the message + * and location for this functional reason. If the test passes, + * mbedtls_test_mutex_usage_check() will mark it as failed. */ +} + static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex ) { mutex_functions.init( mutex ); @@ -40,18 +95,67 @@ static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex ) static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex ) { + switch( mutex->is_valid ) + { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error( mutex, "free without init or double free" ); + break; + case MUTEX_IDLE: + /* Do nothing. The underlying free function will reset is_valid + * to 0. */ + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error( mutex, "free without unlock" ); + break; + default: + mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); + break; + } mutex_functions.free( mutex ); } static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex ) { int ret = mutex_functions.lock( mutex ); + switch( mutex->is_valid ) + { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error( mutex, "lock without init" ); + break; + case MUTEX_IDLE: + if( ret == 0 ) + mutex->is_valid = 2; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error( mutex, "double lock" ); + break; + default: + mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); + break; + } return( ret ); } static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex ) { - return( mutex_functions.unlock( mutex ) ); + int ret = mutex_functions.unlock( mutex ); + switch( mutex->is_valid ) + { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error( mutex, "unlock without init" ); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error( mutex, "unlock without lock" ); + break; + case MUTEX_LOCKED: + if( ret == 0 ) + mutex->is_valid = MUTEX_IDLE; + break; + default: + mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); + break; + } + return( ret ); } void mbedtls_test_mutex_usage_init( void ) @@ -66,4 +170,16 @@ void mbedtls_test_mutex_usage_init( void ) mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; } +void mbedtls_test_mutex_usage_check( void ) +{ + if( mbedtls_test_info.mutex_usage_error != NULL && + mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED ) + { + /* Functionally, the test passed. But there was a mutex usage error, + * so mark the test as failed after all. */ + mbedtls_test_fail( "Mutex usage error", __LINE__, __FILE__ ); + } + mbedtls_test_info.mutex_usage_error = NULL; +} + #endif /* MBEDTLS_TEST_MUTEX_USAGE */ From 7652624bc167b1fe7b8754d311bb9619468ce468 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Jan 2021 22:20:32 +0100 Subject: [PATCH 095/553] Count and report non-freed mutexes Subtract the number of calls to mbedtls_mutex_free() from the number of calls to mbedtls_mutex_init(). A mutex leak will manifest as a positive result at the end of the test case. Signed-off-by: Gilles Peskine --- src/threading_helpers.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 3a58bc731f..8cf95ee336 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -54,6 +54,17 @@ * initialized mutex, so attempting to use zero-initialized memory as a mutex * without calling the init function is detected. * + * The framework attempts to detect missing calls to init and free by counting + * calls to init and free. If there are more calls to init than free, this + * means that a mutex is not being freed somewhere, which is a memory leak + * on platforms where a mutex consumes resources other than the + * mbedtls_threading_mutex_t object itself. If there are more calls to free + * than init, this indicates a missing init, which is likely to be detected + * by an attempt to lock the mutex as well. A limitation of this framework is + * that it cannot detect scenarios where there is exactly the same number of + * calls to init and free but the calls don't match. A bug like this is + * unlikely to happen uniformly throughout the whole test suite though. + * * If an error is detected, this framework will report what happened and the * test case will be marked as failed. Unfortunately, the error report cannot * indicate the exact location of the problematic call. To locate the error, @@ -75,6 +86,13 @@ typedef struct } mutex_functions_t; static mutex_functions_t mutex_functions; +/** The total number of calls to mbedtls_mutex_init(), minus the total number + * of calls to mbedtls_mutex_free(). + * + * Reset to 0 after each test case. + */ +static int live_mutexes; + static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex, const char *msg ) { @@ -91,6 +109,8 @@ static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex, static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex ) { mutex_functions.init( mutex ); + if( mutex->is_valid ) + ++live_mutexes; } static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex ) @@ -111,6 +131,8 @@ static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex ) mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); break; } + if( mutex->is_valid ) + --live_mutexes; mutex_functions.free( mutex ); } @@ -172,6 +194,17 @@ void mbedtls_test_mutex_usage_init( void ) void mbedtls_test_mutex_usage_check( void ) { + if( live_mutexes != 0 ) + { + /* A positive number (more init than free) means that a mutex resource + * is leaking (on platforms where a mutex consumes more than the + * mbedtls_threading_mutex_t object itself). The rare case of a + * negative number means a missing init somewhere. */ + mbedtls_fprintf( stdout, "[mutex: %d leaked] ", live_mutexes ); + live_mutexes = 0; + if( mbedtls_test_info.mutex_usage_error == NULL ) + mbedtls_test_info.mutex_usage_error = "missing free"; + } if( mbedtls_test_info.mutex_usage_error != NULL && mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED ) { From b4e254ec5e0c747d8aed1ceece7871c7ed762ae0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 9 Feb 2021 15:35:29 +0100 Subject: [PATCH 096/553] Explain the usage of is_valid in pthread mutexes Document the usage inside the library, and relate it with how it's additionally used in the test code. Signed-off-by: Gilles Peskine --- src/threading_helpers.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 8cf95ee336..ca91b7933a 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -70,8 +70,13 @@ * indicate the exact location of the problematic call. To locate the error, * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). */ -enum value_of_mutex_is_valid +enum value_of_mutex_is_valid_field { + /* Potential values for the is_valid field of mbedtls_threading_mutex_t. + * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for + * compatibility with threading_mutex_init_pthread() and + * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero + * value. */ MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock MUTEX_LOCKED = 2, //!< Set by our lock From fdcafdc115df4250a1b82f6504b63b2dc325bcd4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Feb 2021 23:34:01 +0100 Subject: [PATCH 097/553] Fix wrong \file name in Doxygen comments Signed-off-by: Gilles Peskine --- src/fake_external_rng_for_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fake_external_rng_for_test.c b/src/fake_external_rng_for_test.c index 98b3fe0610..9c2195bf0c 100644 --- a/src/fake_external_rng_for_test.c +++ b/src/fake_external_rng_for_test.c @@ -1,4 +1,4 @@ -/** \file psa_crypto_helpers.c +/** \file fake_external_rng_for_test.c * * \brief Helper functions to test PSA crypto functionality. */ From 2ecde50aeb22287f83b2d629b91f3b3f7695dc88 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Feb 2021 23:40:58 +0100 Subject: [PATCH 098/553] Create a separate test module for PSA exercise_key The code will be moved in a subsequent commit. Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 30 ++++++++++++++++++++++++++++++ src/psa_exercise_key.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 include/test/psa_exercise_key.h create mode 100644 src/psa_exercise_key.c diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h new file mode 100644 index 0000000000..d4a0ea65f2 --- /dev/null +++ b/include/test/psa_exercise_key.h @@ -0,0 +1,30 @@ +/** Code to exercise a PSA key object, i.e. validate that it seems well-formed + * and can do what it is supposed to do. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_EXERCISE_KEY_H +#define PSA_EXERCISE_KEY_H + +#include "test/helpers.h" +#include "test/psa_crypto_helpers.h" + +#include + + +#endif /* PSA_EXERCISE_KEY_H */ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c new file mode 100644 index 0000000000..78e46d9e6a --- /dev/null +++ b/src/psa_exercise_key.c @@ -0,0 +1,31 @@ +/** Code to exercise a PSA key object, i.e. validate that it seems well-formed + * and can do what it is supposed to do. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include + + +#endif /* MBEDTLS_PSA_CRYPTO_C */ From 17c01d5f19df34b77b3b9bceb50d684ced63901c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:14:28 +0100 Subject: [PATCH 099/553] Create a separate test module for ASN.1 test helper functions The code will be moved in a subsequent commit. Signed-off-by: Gilles Peskine --- include/test/asn1_helpers.h | 26 ++++++++++++++++++++++++++ src/asn1_helpers.c | 25 +++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 include/test/asn1_helpers.h create mode 100644 src/asn1_helpers.c diff --git a/include/test/asn1_helpers.h b/include/test/asn1_helpers.h new file mode 100644 index 0000000000..ddcc0c9a6b --- /dev/null +++ b/include/test/asn1_helpers.h @@ -0,0 +1,26 @@ +/** Helper functions for tests that manipulate ASN.1 data. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ASN1_HELPERS_H +#define ASN1_HELPERS_H + +#include "test/helpers.h" + + +#endif /* ASN1_HELPERS_H */ diff --git a/src/asn1_helpers.c b/src/asn1_helpers.c new file mode 100644 index 0000000000..6ffdca90a4 --- /dev/null +++ b/src/asn1_helpers.c @@ -0,0 +1,25 @@ +/** \file asn1_helpers.c + * + * \brief Helper functions for tests that manipulate ASN.1 data. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + From 7580726c855e63b847ca372493a16e4c420c30b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:25:53 +0100 Subject: [PATCH 100/553] Move asn1_skip_integer to the asn1_helpers module Signed-off-by: Gilles Peskine --- include/test/asn1_helpers.h | 24 ++++++++++++++++++ src/asn1_helpers.c | 49 +++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/include/test/asn1_helpers.h b/include/test/asn1_helpers.h index ddcc0c9a6b..91ae260266 100644 --- a/include/test/asn1_helpers.h +++ b/include/test/asn1_helpers.h @@ -22,5 +22,29 @@ #include "test/helpers.h" +/** Skip past an INTEGER in an ASN.1 buffer. + * + * Mark the current test case as failed in any of the following conditions: + * - The buffer does not start with an ASN.1 INTEGER. + * - The integer's size or parity does not match the constraints expressed + * through \p min_bits, \p max_bits and \p must_be_odd. + * + * \param p Upon entry, `*p` points to the first byte of the + * buffer to parse. + * On successful return, `*p` points to the first byte + * after the parsed INTEGER. + * On failure, `*p` is unspecified. + * \param end The end of the ASN.1 buffer. + * \param min_bits Fail the test case if the integer does not have at + * least this many significant bits. + * \param max_bits Fail the test case if the integer has more than + * this many significant bits. + * \param must_be_odd Fail the test case if the integer is even. + * + * \return \c 0 if the test failed, otherwise 1. + */ +int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end, + size_t min_bits, size_t max_bits, + int must_be_odd ); #endif /* ASN1_HELPERS_H */ diff --git a/src/asn1_helpers.c b/src/asn1_helpers.c index 6ffdca90a4..79aa166ce6 100644 --- a/src/asn1_helpers.c +++ b/src/asn1_helpers.c @@ -23,3 +23,52 @@ #include #include +#if defined(MBEDTLS_ASN1_PARSE_C) + +#include + +int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end, + size_t min_bits, size_t max_bits, + int must_be_odd ) +{ + size_t len; + size_t actual_bits; + unsigned char msb; + TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_INTEGER ), + 0 ); + + /* Check if the retrieved length doesn't extend the actual buffer's size. + * It is assumed here, that end >= p, which validates casting to size_t. */ + TEST_ASSERT( len <= (size_t)( end - *p) ); + + /* Tolerate a slight departure from DER encoding: + * - 0 may be represented by an empty string or a 1-byte string. + * - The sign bit may be used as a value bit. */ + if( ( len == 1 && ( *p )[0] == 0 ) || + ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) ) + { + ++( *p ); + --len; + } + if( min_bits == 0 && len == 0 ) + return( 1 ); + msb = ( *p )[0]; + TEST_ASSERT( msb != 0 ); + actual_bits = 8 * ( len - 1 ); + while( msb != 0 ) + { + msb >>= 1; + ++actual_bits; + } + TEST_ASSERT( actual_bits >= min_bits ); + TEST_ASSERT( actual_bits <= max_bits ); + if( must_be_odd ) + TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 ); + *p += len; + return( 1 ); +exit: + return( 0 ); +} + +#endif /* MBEDTLS_ASN1_PARSE_C */ From e5dcc8fe10dca675be2f8f1bbf47dbf0d7ca2153 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 13 Feb 2021 00:41:11 +0100 Subject: [PATCH 101/553] Move exercise_key and related functions to their own module Move mbedtls_test_psa_exercise_key() (formerly exercise_key()) and related functions to its own module. Export the few auxiliary functions that are also called directly. Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 138 +++++ src/psa_exercise_key.c | 867 +++++++++++++++++++++++++++++++- 2 files changed, 1004 insertions(+), 1 deletion(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index d4a0ea65f2..8fd152c023 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -26,5 +26,143 @@ #include +/* A hash algorithm that is known to be supported. + * + * This is used in some smoke tests. + */ +#if defined(PSA_WANT_ALG_MD2) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2 +#elif defined(PSA_WANT_ALG_MD4) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4 +#elif defined(PSA_WANT_ALG_MD5) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ +#elif defined(PSA_WANT_ALG_SHA_1) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(PSA_WANT_ALG_SHA_256) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 +#elif defined(PSA_WANT_ALG_SHA_384) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 +#elif defined(PSA_WANT_ALG_SHA_512) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 +#elif defined(PSA_WANT_ALG_SHA3_256) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 +#else +#undef KNOWN_SUPPORTED_HASH_ALG +#endif + +/* A block cipher that is known to be supported. + * + * For simplicity's sake, stick to block ciphers with 16-byte blocks. + */ +#if defined(MBEDTLS_AES_C) +#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES +#elif defined(MBEDTLS_ARIA_C) +#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA +#elif defined(MBEDTLS_CAMELLIA_C) +#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA +#undef KNOWN_SUPPORTED_BLOCK_CIPHER +#endif + +/* A MAC mode that is known to be supported. + * + * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or + * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. + * + * This is used in some smoke tests. + */ +#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) +#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) ) +#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) +#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC +#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER +#else +#undef KNOWN_SUPPORTED_MAC_ALG +#undef KNOWN_SUPPORTED_MAC_KEY_TYPE +#endif + +/* A cipher algorithm and key type that are known to be supported. + * + * This is used in some smoke tests. + */ +#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB) +#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB +#else +#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG +#endif +#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) +#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG +#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER +#elif defined(MBEDTLS_RC4_C) +#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4 +#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4 +#else +#undef KNOWN_SUPPORTED_CIPHER_ALG +#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE +#endif + +int mbedtls_test_psa_setup_key_derivation_wrap( + psa_key_derivation_operation_t* operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + unsigned char* input1, size_t input1_length, + unsigned char* input2, size_t input2_length, + size_t capacity ); + +psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( + psa_algorithm_t alg, + mbedtls_svc_key_id_t key ); + +psa_status_t mbedtls_test_psa_key_agreement_with_self( + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t key ); + +int mbedtls_test_psa_exported_key_sanity_check( + psa_key_type_t type, size_t bits, + uint8_t *exported, size_t exported_length ); + +/** Do smoke tests on a key. + * + * Perform one of each operation indicated by \p alg (decrypt/encrypt, + * sign/verify, or derivation) that is permitted according to \p usage. + * \p usage and \p alg should correspond to the expected policy on the + * key. + * + * Export the key if permitted by \p usage, and check that the output + * looks sensible. If \p usage forbids export, check that + * \p psa_export_key correctly rejects the attempt. If the key is + * asymmetric, also check \p psa_export_public_key. + * + * If the key fails the tests, this function calls the test framework's + * `mbedtls_test_fail` function and returns false. Otherwise this function + * returns true. Therefore it should be used as follows: + * ``` + * if( ! exercise_key( ... ) ) goto exit; + * ``` + * + * \param key The key to exercise. It should be capable of performing + * \p alg. + * \param usage The usage flags to assume. + * \param alg The algorithm to exercise. + * + * \retval 0 The key failed the smoke tests. + * \retval 1 The key passed the smoke tests. + */ +int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ); + +psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, + psa_algorithm_t alg ); #endif /* PSA_EXERCISE_KEY_H */ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 78e46d9e6a..79ba32519c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -21,11 +21,876 @@ #include #include -#include +#include #if defined(MBEDTLS_PSA_CRYPTO_C) +#include #include +#include +#include + +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) +{ + return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != + PSA_KEY_LOCATION_LOCAL_STORAGE ); +} +#endif + +static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) +{ + int ok = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_lifetime_t lifetime; + mbedtls_svc_key_id_t id; + psa_key_type_t type; + psa_key_type_t bits; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + lifetime = psa_get_key_lifetime( &attributes ); + id = psa_get_key_id( &attributes ); + type = psa_get_key_type( &attributes ); + bits = psa_get_key_bits( &attributes ); + + /* Persistence */ + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + TEST_ASSERT( + ( PSA_KEY_ID_VOLATILE_MIN <= + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= + PSA_KEY_ID_VOLATILE_MAX ) ); + } + else + { + TEST_ASSERT( + ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) ); + } +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + /* randomly-generated 64-bit constant, should never appear in test data */ + psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; + psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); + if( lifetime_is_dynamic_secure_element( lifetime ) ) + { + /* Mbed Crypto currently always exposes the slot number to + * applications. This is not mandated by the PSA specification + * and may change in future versions. */ + TEST_EQUAL( status, 0 ); + TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 ); + } + else + { + TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); + } +#endif + + /* Type and size */ + TEST_ASSERT( type != 0 ); + TEST_ASSERT( bits != 0 ); + TEST_ASSERT( bits <= PSA_MAX_KEY_BITS ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_ASSERT( bits % 8 == 0 ); + + /* MAX macros concerning specific key types */ + if( PSA_KEY_TYPE_IS_ECC( type ) ) + TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); + else if( PSA_KEY_TYPE_IS_RSA( type ) ) + TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS ); + TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE ); + + ok = 1; + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + return( ok ); +} + +static int exercise_mac_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + const unsigned char input[] = "foo"; + unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; + size_t mac_length = sizeof( mac ); + + if( usage & PSA_KEY_USAGE_SIGN_HASH ) + { + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input, sizeof( input ) ) ); + PSA_ASSERT( psa_mac_sign_finish( &operation, + mac, sizeof( mac ), + &mac_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input, sizeof( input ) ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), + verify_status ); + } + + return( 1 ); + +exit: + psa_mac_abort( &operation ); + return( 0 ); +} + +static int exercise_cipher_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + unsigned char iv[16] = {0}; + size_t iv_length = sizeof( iv ); + const unsigned char plaintext[16] = "Hello, world..."; + unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + unsigned char decrypted[sizeof( ciphertext )]; + size_t part_length; + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_cipher_generate_iv( &operation, + iv, sizeof( iv ), + &iv_length ) ); + PSA_ASSERT( psa_cipher_update( &operation, + plaintext, sizeof( plaintext ), + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) ); + PSA_ASSERT( psa_cipher_finish( &operation, + ciphertext + ciphertext_length, + sizeof( ciphertext ) - ciphertext_length, + &part_length ) ); + ciphertext_length += part_length; + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t status; + int maybe_invalid_padding = 0; + if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) + { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't + * have this macro yet. */ + iv_length = PSA_BLOCK_CIPHER_BLOCK_LENGTH( + psa_get_key_type( &attributes ) ); + maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); + psa_reset_key_attributes( &attributes ); + } + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, + iv, iv_length ) ); + PSA_ASSERT( psa_cipher_update( &operation, + ciphertext, ciphertext_length, + decrypted, sizeof( decrypted ), + &part_length ) ); + status = psa_cipher_finish( &operation, + decrypted + part_length, + sizeof( decrypted ) - part_length, + &part_length ); + /* For a stream cipher, all inputs are valid. For a block cipher, + * if the input is some aribtrary data rather than an actual + ciphertext, a padding error is likely. */ + if( maybe_invalid_padding ) + TEST_ASSERT( status == PSA_SUCCESS || + status == PSA_ERROR_INVALID_PADDING ); + else + PSA_ASSERT( status ); + } + + return( 1 ); + +exit: + psa_cipher_abort( &operation ); + return( 0 ); +} + +static int exercise_aead_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char nonce[16] = {0}; + size_t nonce_length = sizeof( nonce ); + unsigned char plaintext[16] = "Hello, world..."; + unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + size_t plaintext_length = sizeof( ciphertext ); + + /* Default IV length for AES-GCM is 12 bytes */ + if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == + PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) + { + nonce_length = 12; + } + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + PSA_ASSERT( psa_aead_encrypt( key, alg, + nonce, nonce_length, + NULL, 0, + plaintext, sizeof( plaintext ), + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) ); + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_ENCRYPT ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_aead_decrypt( key, alg, + nonce, nonce_length, + NULL, 0, + ciphertext, ciphertext_length, + plaintext, sizeof( plaintext ), + &plaintext_length ), + verify_status ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_signature_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; + size_t payload_length = 16; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + size_t signature_length = sizeof( signature ); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + + /* If the policy allows signing with any hash, just pick one. */ + if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + { +#if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; +#else + mbedtls_test_fail( "No hash algorithm for hash-and-sign testing", + __LINE__, __FILE__ ); + return( 1 ); +#endif + } + + if( usage & PSA_KEY_USAGE_SIGN_HASH ) + { + /* Some algorithms require the payload to have the size of + * the hash encoded in the algorithm. Use this input size + * even for algorithms that allow other input sizes. */ + if( hash_alg != 0 ) + payload_length = PSA_HASH_LENGTH( hash_alg ); + PSA_ASSERT( psa_sign_hash( key, alg, + payload, payload_length, + signature, sizeof( signature ), + &signature_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_verify_hash( key, alg, + payload, payload_length, + signature, signature_length ), + verify_status ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char plaintext[256] = "Hello, world..."; + unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + size_t plaintext_length = 16; + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, + plaintext, plaintext_length, + NULL, 0, + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) ); + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t status = + psa_asymmetric_decrypt( key, alg, + ciphertext, ciphertext_length, + NULL, 0, + plaintext, sizeof( plaintext ), + &plaintext_length ); + TEST_ASSERT( status == PSA_SUCCESS || + ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 && + ( status == PSA_ERROR_INVALID_ARGUMENT || + status == PSA_ERROR_INVALID_PADDING ) ) ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +int mbedtls_test_psa_setup_key_derivation_wrap( + psa_key_derivation_operation_t* operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + unsigned char* input1, size_t input1_length, + unsigned char* input2, size_t input2_length, + size_t capacity ) +{ + PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); + if( PSA_ALG_IS_HKDF( alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input1, input1_length ) ); + PSA_ASSERT( psa_key_derivation_input_key( operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_INFO, + input2, + input2_length ) ); + } + else if( PSA_ALG_IS_TLS12_PRF( alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_SEED, + input1, input1_length ) ); + PSA_ASSERT( psa_key_derivation_input_key( operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( operation, + PSA_KEY_DERIVATION_INPUT_LABEL, + input2, input2_length ) ); + } + else + { + TEST_ASSERT( ! "Key derivation algorithm not supported" ); + } + + if( capacity != SIZE_MAX ) + PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) ); + + return( 1 ); + +exit: + return( 0 ); +} + + +static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + unsigned char input1[] = "Input 1"; + size_t input1_length = sizeof( input1 ); + unsigned char input2[] = "Input 2"; + size_t input2_length = sizeof( input2 ); + unsigned char output[1]; + size_t capacity = sizeof( output ); + + if( usage & PSA_KEY_USAGE_DERIVE ) + { + if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, + input1, input1_length, + input2, input2_length, + capacity ) ) + goto exit; + + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, + output, + capacity ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +/* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ +psa_status_t mbedtls_test_psa_key_agreement_with_self( + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t key ) +{ + psa_key_type_t private_key_type; + psa_key_type_t public_key_type; + size_t key_bits; + uint8_t *public_key = NULL; + size_t public_key_length; + /* Return GENERIC_ERROR if something other than the final call to + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + private_key_type = psa_get_key_type( &attributes ); + key_bits = psa_get_key_bits( &attributes ); + public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); + public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + ASSERT_ALLOC( public_key, public_key_length ); + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, + &public_key_length ) ); + + status = psa_key_derivation_key_agreement( + operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, + public_key, public_key_length ); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); + return( status ); +} + +/* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ +psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( + psa_algorithm_t alg, + mbedtls_svc_key_id_t key ) +{ + psa_key_type_t private_key_type; + psa_key_type_t public_key_type; + size_t key_bits; + uint8_t *public_key = NULL; + size_t public_key_length; + uint8_t output[1024]; + size_t output_length; + /* Return GENERIC_ERROR if something other than the final call to + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + private_key_type = psa_get_key_type( &attributes ); + key_bits = psa_get_key_bits( &attributes ); + public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); + public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + ASSERT_ALLOC( public_key, public_key_length ); + PSA_ASSERT( psa_export_public_key( key, + public_key, public_key_length, + &public_key_length ) ); + + status = psa_raw_key_agreement( alg, key, + public_key, public_key_length, + output, sizeof( output ), &output_length ); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); + return( status ); +} + +static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + int ok = 0; + + if( usage & PSA_KEY_USAGE_DERIVE ) + { + /* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ + PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) ); + } + ok = 1; + +exit: + return( ok ); +} + +static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + unsigned char output[1]; + int ok = 0; + + if( usage & PSA_KEY_USAGE_DERIVE ) + { + /* We need two keys to exercise key agreement. Exercise the + * private key against its own public key. */ + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, + output, + sizeof( output ) ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); + } + ok = 1; + +exit: + return( ok ); +} + +int mbedtls_test_psa_exported_key_sanity_check( + psa_key_type_t type, size_t bits, + uint8_t *exported, size_t exported_length ) +{ + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); + else + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); + +#if defined(MBEDTLS_DES_C) + if( type == PSA_KEY_TYPE_DES ) + { + /* Check the parity bits. */ + unsigned i; + for( i = 0; i < bits / 8; i++ ) + { + unsigned bit_count = 0; + unsigned m; + for( m = 1; m <= 0x100; m <<= 1 ) + { + if( exported[i] & m ) + ++bit_count; + } + TEST_ASSERT( bit_count % 2 != 0 ); + } + } + else +#endif + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) + if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { + uint8_t *p = exported; + uint8_t *end = exported + exported_length; + size_t len; + /* RSAPrivateKey ::= SEQUENCE { + * version INTEGER, -- must be 0 + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * } + */ + TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ), 0 ); + TEST_EQUAL( p + len, end ); + if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + goto exit; + /* Require d to be at least half the size of n. */ + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) ) + goto exit; + /* Require p and q to be at most half the size of n, rounded up. */ + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + goto exit; + TEST_EQUAL( p, end ); + } + else +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_ECP_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + { + /* Just the secret value */ + TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); + } + else +#endif /* MBEDTLS_ECP_C */ + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + uint8_t *p = exported; + uint8_t *end = exported + exported_length; +#if defined(MBEDTLS_RSA_C) + if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) + { + size_t len; + /* RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + */ + TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ), + 0 ); + TEST_EQUAL( p + len, end ); + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + goto exit; + TEST_EQUAL( p, end ); + } + else +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_C) + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) + { + if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) + { + /* The representation of an ECC Montgomery public key is + * the raw compressed point */ + TEST_EQUAL( p + PSA_BITS_TO_BYTES( bits ), end ); + } + else + { + /* The representation of an ECC Weierstrass public key is: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; + * - where m is the bit size associated with the curve. + */ + TEST_EQUAL( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ), end ); + TEST_EQUAL( p[0], 4 ); + } + } + else +#endif /* MBEDTLS_ECP_C */ + { + char message[47]; + mbedtls_snprintf( message, sizeof( message ), + "No sanity check for public key type=0x%08lx", + (unsigned long) type ); + mbedtls_test_fail( message, __LINE__, __FILE__ ); + (void) p; + (void) end; + return( 0 ); + } + } + else + + { + /* No sanity checks for other types */ + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_export_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage ) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *exported = NULL; + size_t exported_size = 0; + size_t exported_length = 0; + int ok = 0; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( + psa_get_key_type( &attributes ), + psa_get_key_bits( &attributes ) ); + ASSERT_ALLOC( exported, exported_size ); + + if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && + ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) + { + TEST_EQUAL( psa_export_key( key, exported, + exported_size, &exported_length ), + PSA_ERROR_NOT_PERMITTED ); + ok = 1; + goto exit; + } + + PSA_ASSERT( psa_export_key( key, + exported, exported_size, + &exported_length ) ); + ok = mbedtls_test_psa_exported_key_sanity_check( + psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ), + exported, exported_length ); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); + return( ok ); +} + +static int exercise_export_public_key( mbedtls_svc_key_id_t key ) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t public_type; + uint8_t *exported = NULL; + size_t exported_size = 0; + size_t exported_length = 0; + int ok = 0; + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) + { + exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( + psa_get_key_type( &attributes ), + psa_get_key_bits( &attributes ) ); + ASSERT_ALLOC( exported, exported_size ); + + TEST_EQUAL( psa_export_public_key( key, exported, + exported_size, &exported_length ), + PSA_ERROR_INVALID_ARGUMENT ); + ok = 1; + goto exit; + } + + public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( + psa_get_key_type( &attributes ) ); + exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, + psa_get_key_bits( &attributes ) ); + ASSERT_ALLOC( exported, exported_size ); + + PSA_ASSERT( psa_export_public_key( key, + exported, exported_size, + &exported_length ) ); + ok = mbedtls_test_psa_exported_key_sanity_check( + public_type, psa_get_key_bits( &attributes ), + exported, exported_length ); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); + return( ok ); +} + +int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + int ok; + + if( ! check_key_attributes_sanity( key ) ) + return( 0 ); + + if( alg == 0 ) + ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ + else if( PSA_ALG_IS_MAC( alg ) ) + ok = exercise_mac_key( key, usage, alg ); + else if( PSA_ALG_IS_CIPHER( alg ) ) + ok = exercise_cipher_key( key, usage, alg ); + else if( PSA_ALG_IS_AEAD( alg ) ) + ok = exercise_aead_key( key, usage, alg ); + else if( PSA_ALG_IS_SIGN( alg ) ) + ok = exercise_signature_key( key, usage, alg ); + else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) + ok = exercise_asymmetric_encryption_key( key, usage, alg ); + else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) + ok = exercise_key_derivation_key( key, usage, alg ); + else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) + ok = exercise_raw_key_agreement_key( key, usage, alg ); + else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) + ok = exercise_key_agreement_key( key, usage, alg ); + else + { + char message[40]; + mbedtls_snprintf( message, sizeof( message ), + "No code to exercise alg=0x%08lx", + (unsigned long) alg ); + mbedtls_test_fail( message, __LINE__, __FILE__ ); + ok = 0; + } + + ok = ok && exercise_export_key( key, usage ); + ok = ok && exercise_export_public_key( key ); + + return( ok ); +} + +psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, + psa_algorithm_t alg ) +{ + if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) + { + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + } + else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || + PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) + { + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_ENCRYPT : + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + } + else if( PSA_ALG_IS_KEY_DERIVATION( alg ) || + PSA_ALG_IS_KEY_AGREEMENT( alg ) ) + { + return( PSA_KEY_USAGE_DERIVE ); + } + else + { + return( 0 ); + } + +} #endif /* MBEDTLS_PSA_CRYPTO_C */ From e2952a4c382bc79f1054526b7cdef56190a2a14e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:13:55 +0100 Subject: [PATCH 102/553] Document functions and macros that are now exported Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 77 +++++++++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 4 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 8fd152c023..1c7eefcce4 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -26,7 +26,9 @@ #include -/* A hash algorithm that is known to be supported. +/** \def KNOWN_SUPPORTED_HASH_ALG + * + * A hash algorithm that is known to be supported. * * This is used in some smoke tests. */ @@ -54,7 +56,9 @@ #undef KNOWN_SUPPORTED_HASH_ALG #endif -/* A block cipher that is known to be supported. +/** \def KNOWN_SUPPORTED_BLOCK_CIPHER + * + * A block cipher that is known to be supported. * * For simplicity's sake, stick to block ciphers with 16-byte blocks. */ @@ -67,7 +71,9 @@ #undef KNOWN_SUPPORTED_BLOCK_CIPHER #endif -/* A MAC mode that is known to be supported. +/** \def KNOWN_SUPPORTED_MAC_ALG + * + * A MAC mode that is known to be supported. * * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. @@ -85,7 +91,9 @@ #undef KNOWN_SUPPORTED_MAC_KEY_TYPE #endif -/* A cipher algorithm and key type that are known to be supported. +/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG + * + * A cipher algorithm and key type that are known to be supported. * * This is used in some smoke tests. */ @@ -111,6 +119,26 @@ #undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE #endif +/** Convenience function to set up a key derivation. + * + * In case of failure, mark the current test case as failed. + * + * The inputs \p input1 and \p input2 are, in order: + * - HKDF: salt, info. + * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. + * + * \param operation The operation object to use. + * It must be in the initialized state. + * \param key The key to use. + * \param alg The algorithm to use. + * \param input1 The first input to pass. + * \param input1_length The length of \p input1 in bytes. + * \param input1 The first input to pass. + * \param input1_length The length of \p input1 in bytes. + * \param capacity The capacity to set. + * + * \return \c 1 on success, \c 0 on failure. + */ int mbedtls_test_psa_setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, mbedtls_svc_key_id_t key, @@ -119,14 +147,55 @@ int mbedtls_test_psa_setup_key_derivation_wrap( unsigned char* input2, size_t input2_length, size_t capacity ); +/** Perform a key agreement using the given key pair against its public key + * using psa_raw_key_agreement(). + * + * The result is discarded. The purpose of this function is to smoke-test a key. + * + * In case of failure, mark the current test case as failed. + * + * \param alg A key agreement algorithm compatible with \p key. + * \param key A key that allows key agreement with \p alg. + * + * \return \c 1 on success, \c 0 on failure. + */ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_algorithm_t alg, mbedtls_svc_key_id_t key ); +/** Perform a key agreement using the given key pair against its public key + * using psa_key_derivation_raw_key(). + * + * The result is discarded. The purpose of this function is to smoke-test a key. + * + * In case of failure, mark the current test case as failed. + * + * \param alg A key agreement algorithm compatible with \p key. + * \param key A key that allows key agreement with \p alg. + * + * \return \c 1 on success, \c 0 on failure. + */ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t key ); +/** Perform sanity checks on the given key representation. + * + * If any of the checks fail, mark the current test case as failed. + * + * The checks depend on the key type. + * - All types: check the export size against maximum-size macros. + * - DES: parity bits. + * - RSA: check the ASN.1 structure and the size and parity of the integers. + * - ECC private or public key: exact representation length. + * - Montgomery public key: first byte. + * + * \param type The key type. + * \param size The key size in bits. + * \param exported A buffer containing + * + * \return \c 1 if all checks passed, \c 0 on failure. + */ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, uint8_t *exported, size_t exported_length ); From 25f27cdac2778354c79268134f94408cb6ebd4ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:19:21 +0100 Subject: [PATCH 103/553] exported_key_sanity_check: simplify the logic for public keys Remove a conditional imbrication level. Get rid of some minor overhead for ECC public keys dating back from when they had ASN.1 wrapping. No behavior change. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 94 +++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 48 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 79ba32519c..11c6fcdeb8 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -659,66 +659,64 @@ int mbedtls_test_psa_exported_key_sanity_check( else #endif /* MBEDTLS_ECP_C */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) +#if defined(MBEDTLS_RSA_C) + if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { uint8_t *p = exported; uint8_t *end = exported + exported_length; -#if defined(MBEDTLS_RSA_C) - if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) - { - size_t len; - /* RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER } -- e - */ - TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ), - 0 ); - TEST_EQUAL( p + len, end ); - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) - goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) - goto exit; - TEST_EQUAL( p, end ); - } - else + size_t len; + /* RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + */ + TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ), + 0 ); + TEST_EQUAL( p + len, end ); + if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + goto exit; + if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + goto exit; + TEST_EQUAL( p, end ); + } + else #endif /* MBEDTLS_RSA_C */ + #if defined(MBEDTLS_ECP_C) - if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) + { + if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) { - if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) - { - /* The representation of an ECC Montgomery public key is - * the raw compressed point */ - TEST_EQUAL( p + PSA_BITS_TO_BYTES( bits ), end ); - } - else - { - /* The representation of an ECC Weierstrass public key is: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; - * - where m is the bit size associated with the curve. - */ - TEST_EQUAL( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ), end ); - TEST_EQUAL( p[0], 4 ); - } + /* The representation of an ECC Montgomery public key is + * the raw compressed point */ + TEST_EQUAL( PSA_BITS_TO_BYTES( bits ), exported_length ); } else -#endif /* MBEDTLS_ECP_C */ { - char message[47]; - mbedtls_snprintf( message, sizeof( message ), - "No sanity check for public key type=0x%08lx", - (unsigned long) type ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - (void) p; - (void) end; - return( 0 ); + /* The representation of an ECC Weierstrass public key is: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; + * - where m is the bit size associated with the curve. + */ + TEST_EQUAL( 1 + 2 * PSA_BITS_TO_BYTES( bits ), exported_length ); + TEST_EQUAL( exported[0], 4 ); } } else +#endif /* MBEDTLS_ECP_C */ + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + char message[47]; + mbedtls_snprintf( message, sizeof( message ), + "No sanity check for public key type=0x%08lx", + (unsigned long) type ); + mbedtls_test_fail( message, __LINE__, __FILE__ ); + return( 0 ); + } + else { /* No sanity checks for other types */ From 0096304031b33627c95d3ba7b5324c87d17910c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:22:56 +0100 Subject: [PATCH 104/553] Use const pointers on parsing functions The const-ness has to be cast away when calling mbedtls_asn1_xxx parsing functions. This is a known flaw in the mbedtls API (https://github.com/ARMmbed/mbedtls/issues/803). Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 6 +++--- src/psa_exercise_key.c | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 1c7eefcce4..1613237380 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -143,8 +143,8 @@ int mbedtls_test_psa_setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, - unsigned char* input1, size_t input1_length, - unsigned char* input2, size_t input2_length, + const unsigned char* input1, size_t input1_length, + const unsigned char* input2, size_t input2_length, size_t capacity ); /** Perform a key agreement using the given key pair against its public key @@ -198,7 +198,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( */ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, - uint8_t *exported, size_t exported_length ); + const uint8_t *exported, size_t exported_length ); /** Do smoke tests on a key. * diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 11c6fcdeb8..74cdc190a8 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -370,8 +370,8 @@ int mbedtls_test_psa_setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, - unsigned char* input1, size_t input1_length, - unsigned char* input2, size_t input2_length, + const unsigned char* input1, size_t input1_length, + const unsigned char* input2, size_t input2_length, size_t capacity ) { PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); @@ -576,7 +576,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, - uint8_t *exported, size_t exported_length ) + const uint8_t *exported, size_t exported_length ) { if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); @@ -606,8 +606,8 @@ int mbedtls_test_psa_exported_key_sanity_check( #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; + uint8_t *p = (uint8_t*) exported; + const uint8_t *end = exported + exported_length; size_t len; /* RSAPrivateKey ::= SEQUENCE { * version INTEGER, -- must be 0 @@ -662,8 +662,8 @@ int mbedtls_test_psa_exported_key_sanity_check( #if defined(MBEDTLS_RSA_C) if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; + uint8_t *p = (uint8_t*) exported; + const uint8_t *end = exported + exported_length; size_t len; /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n From e4f5bd23fddd56a3b597da21b201e55093cc2bb8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:29:52 +0100 Subject: [PATCH 105/553] exported_key_sanity_check: make checks slightly more systematic Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check() somewhat. The resulting behavior changes are: * Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE, even for unstructured key types. * Always complain if a key type is not explicitly covered, not just for public keys. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 51 +++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 74cdc190a8..89936c2f03 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -578,30 +578,11 @@ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, const uint8_t *exported, size_t exported_length ) { - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - TEST_EQUAL( exported_length, ( bits + 7 ) / 8 ); - else - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); -#if defined(MBEDTLS_DES_C) - if( type == PSA_KEY_TYPE_DES ) - { - /* Check the parity bits. */ - unsigned i; - for( i = 0; i < bits / 8; i++ ) - { - unsigned bit_count = 0; - unsigned m; - for( m = 1; m <= 0x100; m <<= 1 ) - { - if( exported[i] & m ) - ++bit_count; - } - TEST_ASSERT( bit_count % 2 != 0 ); - } - } + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) + TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); else -#endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -707,20 +688,28 @@ int mbedtls_test_psa_exported_key_sanity_check( else #endif /* MBEDTLS_ECP_C */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) { - char message[47]; - mbedtls_snprintf( message, sizeof( message ), - "No sanity check for public key type=0x%08lx", - (unsigned long) type ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - return( 0 ); + TEST_ASSERT( ! "Sanity check not implemented for this key type" ); } - else +#if defined(MBEDTLS_DES_C) + if( type == PSA_KEY_TYPE_DES ) { - /* No sanity checks for other types */ + /* Check the parity bits. */ + unsigned i; + for( i = 0; i < bits / 8; i++ ) + { + unsigned bit_count = 0; + unsigned m; + for( m = 1; m <= 0x100; m <<= 1 ) + { + if( exported[i] & m ) + ++bit_count; + } + TEST_ASSERT( bit_count % 2 != 0 ); + } } +#endif return( 1 ); From d1c525ab4389b39bba33fdc49a75d0cfbc9d9116 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 01:34:21 +0100 Subject: [PATCH 106/553] Fix and simplify test assertions mbedtls_test_fail does not copy the failure explanation string, so passing a string on the stack doesn't work. This fixes a garbage message that would appear if a test triggered a non-implemented code path. More generally, just use TEST_ASSERT instead of explicitly calling mbedtls_test_fail, since we aren't playing any tricks with the error location. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 89936c2f03..479d91db21 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -291,9 +291,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - mbedtls_test_fail( "No hash algorithm for hash-and-sign testing", - __LINE__, __FILE__ ); - return( 1 ); + TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); #endif } @@ -813,7 +811,7 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { - int ok; + int ok = 0; if( ! check_key_attributes_sanity( key ) ) return( 0 ); @@ -837,18 +835,12 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) ok = exercise_key_agreement_key( key, usage, alg ); else - { - char message[40]; - mbedtls_snprintf( message, sizeof( message ), - "No code to exercise alg=0x%08lx", - (unsigned long) alg ); - mbedtls_test_fail( message, __LINE__, __FILE__ ); - ok = 0; - } + TEST_ASSERT( ! "No code to exercise this category of algorithm" ); ok = ok && exercise_export_key( key, usage ); ok = ok && exercise_export_public_key( key ); +exit: return( ok ); } From 411f31be6a868a9bcb66460660de42b75267b149 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 12:51:14 +0100 Subject: [PATCH 107/553] Move PSA storage cleanup out of the slot_management test suite Merge the two identical definitions of TEST_USES_KEY_ID and mbedtls_test_psa_purge_key_storage from test_suite_psa_crypto_slot_management.function and test_suite_psa_crypto_se_driver_hal.function into a single copy in common test code so that it can be used in all test suites. No semantic change. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 13 +++++++++++ src/psa_crypto_helpers.c | 39 +++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 30bb20f077..571055c2df 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -34,6 +34,19 @@ #include "mbedtls/psa_util.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) +/* All test functions that create persistent keys must call + * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this + * identifier, and must call psa_purge_key_storage() in their cleanup + * code. */ +int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); +void mbedtls_test_psa_purge_key_storage( void ); +#define TEST_USES_KEY_ID( key_id ) \ + TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) +#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ +#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + #define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) /** Check for things that have not been cleaned up properly in the diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index cb79a225c1..69bb8a1d83 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -28,6 +28,45 @@ #include +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) + +#include + +static mbedtls_svc_key_id_t key_ids_used_in_test[9]; +static size_t num_key_ids_used; + +/* Record a key id as potentially used in a test case. */ +int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) +{ + size_t i; + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > + PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + { + /* Don't touch key id values that designate non-key files. */ + return( 1 ); + } + for( i = 0; i < num_key_ids_used ; i++ ) + { + if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) + return( 1 ); + } + if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) + return( 0 ); + key_ids_used_in_test[num_key_ids_used] = key_id; + ++num_key_ids_used; + return( 1 ); +} + +/* Destroy all key ids that may have been created by the current test case. */ +void mbedtls_test_psa_purge_key_storage( void ) +{ + size_t i; + for( i = 0; i < num_key_ids_used; i++ ) + psa_destroy_persistent_key( key_ids_used_in_test[i] ); + num_key_ids_used = 0; +} +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + const char *mbedtls_test_helper_is_psa_leaking( void ) { mbedtls_psa_stats_t stats; From 74685a7b033934d91810a7da5dccdda8b9b1c1a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 13:10:38 +0100 Subject: [PATCH 108/553] Document the newly exported storage cleanup macros and functions Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 40 +++++++++++++++++++++++++++---- src/psa_crypto_helpers.c | 2 -- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 571055c2df..9510c5fbe0 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -35,16 +35,46 @@ #endif #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -/* All test functions that create persistent keys must call - * `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this - * identifier, and must call psa_purge_key_storage() in their cleanup - * code. */ + +/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); + +/** Destroy persistent keys recorded with #TEST_USES_KEY_ID. + */ void mbedtls_test_psa_purge_key_storage( void ); -#define TEST_USES_KEY_ID( key_id ) \ + +/** \def TEST_USES_KEY_ID + * + * Call this macro in a test function before potentially creating a + * persistent key. Test functions that use this mechanism must call + * mbedtls_test_psa_purge_key_storage() in their cleanup code. + * + * This macro records a persistent key identifier as potentially used in the + * current test case. Recorded key identifiers will be cleaned up at the end + * of the test case, even on failure. + * + * This macro has no effect on volatile keys. Therefore, it is safe to call + * this macro in a test function that creates either volatile or persistent + * keys depending on the test data. + * + * This macro currently has no effect on special identifiers + * used to store implementation-specific files. + * + * Calling this macro multiple times on the same key identifier in the same + * test case has no effect. + * + * This macro can fail the test case if there isn't enough memory to + * record the key id. + * + * \param key_id The PSA key identifier to record. + */ +#define TEST_USES_KEY_ID( key_id ) \ TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) + #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) + #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 69bb8a1d83..500451eb65 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -35,7 +35,6 @@ static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; -/* Record a key id as potentially used in a test case. */ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; @@ -57,7 +56,6 @@ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) return( 1 ); } -/* Destroy all key ids that may have been created by the current test case. */ void mbedtls_test_psa_purge_key_storage( void ) { size_t i; From 5c3fed7ff56c93ad97cab2e5ad97ee6c7413305c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 13:46:39 +0100 Subject: [PATCH 109/553] New test helper to purge persistent key from memory Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 5 +++++ src/psa_crypto_helpers.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 9510c5fbe0..3e356f9a8d 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -43,6 +43,11 @@ int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); */ void mbedtls_test_psa_purge_key_storage( void ); +/** Purge the in-memory cache of persistent keys recorded with + * #TEST_USES_KEY_ID. + */ +void mbedtls_test_psa_purge_key_cache( void ); + /** \def TEST_USES_KEY_ID * * Call this macro in a test function before potentially creating a diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 500451eb65..f2222cb285 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -63,6 +63,14 @@ void mbedtls_test_psa_purge_key_storage( void ) psa_destroy_persistent_key( key_ids_used_in_test[i] ); num_key_ids_used = 0; } + +void mbedtls_test_psa_purge_key_cache( void ) +{ + size_t i; + for( i = 0; i < num_key_ids_used; i++ ) + psa_purge_key( key_ids_used_in_test[i] ); +} + #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ const char *mbedtls_test_helper_is_psa_leaking( void ) From c10869ad702ff9f378435cfabf28562308c02e58 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 14 Feb 2021 14:08:22 +0100 Subject: [PATCH 110/553] Destroy recorded persistent keys in PSA_DONE() This ensures that test cases won't leave persistent files behind even on failure, provided they use TEST_USES_KEY_ID(). Test cases that don't use this macro are unaffected. Tests that use PSA_DONE() midway and expect persistent keys to survive must use PSA_SESSION_DONE() instead. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 32 +++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 3e356f9a8d..9881eaebef 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -45,6 +45,9 @@ void mbedtls_test_psa_purge_key_storage( void ); /** Purge the in-memory cache of persistent keys recorded with * #TEST_USES_KEY_ID. + * + * Call this function before calling PSA_DONE() if it's ok for + * persistent keys to still exist at this point. */ void mbedtls_test_psa_purge_key_cache( void ); @@ -79,6 +82,8 @@ void mbedtls_test_psa_purge_key_cache( void ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) +#define mbedtls_test_psa_purge_key_storage( ) ( (void) 0 ) +#define mbedtls_test_psa_purge_key_cache( ) ( (void) 0 ) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ @@ -108,13 +113,36 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); } \ while( 0 ) -/** Shut down the PSA Crypto subsystem. Expect a clean shutdown, with no slots - * in use. +/** Shut down the PSA Crypto subsystem and destroy persistent keys. + * Expect a clean shutdown, with no slots in use. + * + * If some key slots are still in use, record the test case as failed, + * but continue executing. This macro is suitable (and primarily intended) + * for use in the cleanup section of test functions. + * + * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before + * creating them. */ #define PSA_DONE( ) \ do \ { \ test_fail_if_psa_leaking( __LINE__, __FILE__ ); \ + mbedtls_test_psa_purge_key_storage( ); \ + mbedtls_psa_crypto_free( ); \ + } \ + while( 0 ) + +/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. + * Expect a clean shutdown, with no slots in use. + * + * If some key slots are still in use, record the test case as failed and + * jump to the `exit` label. + */ +#define PSA_SESSION_DONE( ) \ + do \ + { \ + mbedtls_test_psa_purge_key_cache( ); \ + ASSERT_PSA_PRISTINE( ); \ mbedtls_psa_crypto_free( ); \ } \ while( 0 ) From 583b253342b9290737d550c1f6f905b65cfb3182 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Feb 2021 12:03:16 +0100 Subject: [PATCH 111/553] Fix copypasta for the type of a variable MSVC started (rightfully) complaining after moving the code to a separate .c file. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 479d91db21..9f80d7b65a 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -46,7 +46,7 @@ static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) psa_key_lifetime_t lifetime; mbedtls_svc_key_id_t id; psa_key_type_t type; - psa_key_type_t bits; + size_t bits; PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); lifetime = psa_get_key_lifetime( &attributes ); From eb5c81edf16d9d09d4b1162992c6907b65074351 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Feb 2021 12:17:00 +0100 Subject: [PATCH 112/553] Don't use STATIC_ASSERT_EXPR on non-GCC-compatible compilers ARRAY_LENGTH has a portable but unsafe implementation, and a non-portable implementation that causes a compile-time error if the macro is accidentally used on a pointer. The safety check was only implemented for __GCC__-defining compilers, but the part that triggered the compile-time error was always used. It turns out that this part triggers a build warning with MSVC (at least with some versions: observed with Visual Studio 2013). ``` C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): warning C4116: unnamed type definition in parentheses [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] ``` Since a compile-time error is never triggered when the compile-time check for the argument type is not implemented, just use the unsafe macro directly when there's no safety check. Signed-off-by: Gilles Peskine --- include/test/macros.h | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 6930a5dc6e..450bc2cc3b 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -321,40 +321,45 @@ mbedtls_exit( 1 ); \ } +/** \def ARRAY_LENGTH + * Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +/* A correct implementation of ARRAY_LENGTH, but which silently gives + * a nonsensical result if called with a pointer rather than an array. */ +#define ARRAY_LENGTH_UNSAFE( array ) \ + ( sizeof( array ) / sizeof( *( array ) ) ) + #if defined(__GNUC__) /* Test if arg and &(arg)[0] have the same type. This is true if arg is * an array but not if it's a pointer. */ #define IS_ARRAY_NOT_POINTER( arg ) \ ( ! __builtin_types_compatible_p( __typeof__( arg ), \ __typeof__( &( arg )[0] ) ) ) -#else -/* On platforms where we don't know how to implement this check, - * omit it. Oh well, a non-portable check is better than nothing. */ -#define IS_ARRAY_NOT_POINTER( arg ) 1 -#endif - /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ #define STATIC_ASSERT_EXPR( const_expr ) \ ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) + /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ #define STATIC_ASSERT_THEN_RETURN( condition, value ) \ ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) -#define ARRAY_LENGTH_UNSAFE( array ) \ - ( sizeof( array ) / sizeof( *( array ) ) ) -/** Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ #define ARRAY_LENGTH( array ) \ ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ ARRAY_LENGTH_UNSAFE( array ) ) ) +#else +/* If we aren't sure the compiler supports our non-standard tricks, + * fall back to the unsafe implementation. */ +#define ARRAY_LENGTH( array ) ARRAY_LENGTH_UNSAFE( array ) +#endif + /** Return the smaller of two values. * * \param x An integer-valued expression without side effects. From 19d379e66919e17c88f8bf89fc4697b91b34ed50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Feb 2021 13:40:19 +0100 Subject: [PATCH 113/553] Fix some C function documentation in the test framework The primary goal of this commit is to fix various comments where `clang -Wdocumentation` identified a discrepancy between the actual function parameters and the documented parameters. The discrepancies were due to copypasta, formatting issues or documentation that had diverged from the implementation. Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 1613237380..57eae58911 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -133,8 +133,8 @@ * \param alg The algorithm to use. * \param input1 The first input to pass. * \param input1_length The length of \p input1 in bytes. - * \param input1 The first input to pass. - * \param input1_length The length of \p input1 in bytes. + * \param input2 The first input to pass. + * \param input2_length The length of \p input2 in bytes. * \param capacity The capacity to set. * * \return \c 1 on success, \c 0 on failure. @@ -170,8 +170,11 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( * * In case of failure, mark the current test case as failed. * - * \param alg A key agreement algorithm compatible with \p key. - * \param key A key that allows key agreement with \p alg. + * \param operation An operation that has been set up for a key + * agreement algorithm that is compatible with + * \p key. + * \param key A key pair object that is suitable for a key + * agreement with \p operation. * * \return \c 1 on success, \c 0 on failure. */ @@ -191,8 +194,9 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( * - Montgomery public key: first byte. * * \param type The key type. - * \param size The key size in bits. - * \param exported A buffer containing + * \param bits The key size in bits. + * \param exported A buffer containing the key representation. + * \param exported_length The length of \p exported in bytes. * * \return \c 1 if all checks passed, \c 0 on failure. */ From 90323a21e12213e89ce57769f329cc095065dc87 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 21 Jan 2021 12:26:17 +0100 Subject: [PATCH 114/553] Add test for ouput buffer size macros Signed-off-by: gabor-mezei-arm --- src/psa_exercise_key.c | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 9f80d7b65a..408227d87c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -467,7 +467,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); @@ -509,7 +509,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits ); + public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, @@ -518,6 +518,15 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( status = psa_raw_key_agreement( alg, key, public_key, public_key_length, output, sizeof( output ), &output_length ); + if ( status == PSA_SUCCESS ) + { + TEST_ASSERT( output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type, + key_bits ) ); + TEST_ASSERT( output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); + } + exit: /* * Key attributes may have been returned by psa_get_key_attributes() @@ -625,6 +634,8 @@ int mbedtls_test_psa_exported_key_sanity_check( if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; TEST_EQUAL( p, end ); + + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } else #endif /* MBEDTLS_RSA_C */ @@ -634,6 +645,8 @@ int mbedtls_test_psa_exported_key_sanity_check( { /* Just the secret value */ TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); + + TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } else #endif /* MBEDTLS_ECP_C */ @@ -658,6 +671,12 @@ int mbedtls_test_psa_exported_key_sanity_check( if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) goto exit; TEST_EQUAL( p, end ); + + + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); } else #endif /* MBEDTLS_RSA_C */ @@ -665,6 +684,12 @@ int mbedtls_test_psa_exported_key_sanity_check( #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) { + + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT( exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); + if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) { /* The representation of an ECC Montgomery public key is @@ -785,8 +810,8 @@ static int exercise_export_public_key( mbedtls_svc_key_id_t key ) public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( psa_get_key_type( &attributes ) ); - exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, - psa_get_key_bits( &attributes ) ); + exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, + psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); PSA_ASSERT( psa_export_public_key( key, From 8fef66254f33d83aba1b64b45dd291a8d70e2535 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Feb 2021 13:30:34 +0100 Subject: [PATCH 115/553] Exercise CCM with the right amount of IV bytes in test Signed-off-by: Steven Cooreman --- src/psa_exercise_key.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 9f80d7b65a..869da7df68 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -243,6 +243,13 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, nonce_length = 12; } + /* IV length for CCM needs to be between 7 and 13 bytes */ + if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == + PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ) ) + { + nonce_length = 12; + } + if( usage & PSA_KEY_USAGE_ENCRYPT ) { PSA_ASSERT( psa_aead_encrypt( key, alg, From d0945da0c14fc2c245267ad7fa76027f5f12abf1 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 23 Feb 2021 14:37:38 +0100 Subject: [PATCH 116/553] Move wildcard-to-exercisable conversion to exercise_key in test suite Signed-off-by: Steven Cooreman --- src/psa_exercise_key.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 869da7df68..a4f87eb2c5 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -122,6 +122,12 @@ static int exercise_mac_key( mbedtls_svc_key_id_t key, unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; size_t mac_length = sizeof( mac ); + /* Convert wildcard algorithm to exercisable algorithm */ + if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) + { + alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) ); + } + if( usage & PSA_KEY_USAGE_SIGN_HASH ) { PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); @@ -236,6 +242,12 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, size_t ciphertext_length = sizeof( ciphertext ); size_t plaintext_length = sizeof( ciphertext ); + /* Convert wildcard algorithm to exercisable algorithm */ + if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) + { + alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ); + } + /* Default IV length for AES-GCM is 12 bytes */ if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) From f91ac031ef0dc85a4d483f364017a3fa830a4c1c Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 4 Mar 2021 15:14:36 +0100 Subject: [PATCH 117/553] Add test driver for hash operations Signed-off-by: Steven Cooreman --- include/test/drivers/hash.h | 69 ++++++++++++++++++++++++++++++ include/test/drivers/test_driver.h | 1 + 2 files changed, 70 insertions(+) create mode 100644 include/test/drivers/hash.h diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h new file mode 100644 index 0000000000..45c770c811 --- /dev/null +++ b/include/test/drivers/hash.h @@ -0,0 +1,69 @@ +/* + * Test driver for hash functions + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H +#define PSA_CRYPTO_TEST_DRIVERS_HASH_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +/* Include path is relative to the tests/include folder, which is the base + * include path for including this (hash.h) test driver header. */ +#include "../../library/psa_crypto_hash.h" + +typedef struct { + mbedtls_psa_hash_operation_t operation; +} test_transparent_hash_operation_t; + +psa_status_t test_transparent_hash_compute( + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *hash, + size_t hash_size, + size_t *hash_length); + +psa_status_t test_transparent_hash_setup( + test_transparent_hash_operation_t *operation, + psa_algorithm_t alg ); + +psa_status_t test_transparent_hash_clone( + const test_transparent_hash_operation_t *source_operation, + test_transparent_hash_operation_t *target_operation ); + +psa_status_t test_transparent_hash_update( + test_transparent_hash_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t test_transparent_hash_finish( + test_transparent_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length ); + +psa_status_t test_transparent_hash_abort( + test_transparent_hash_operation_t *operation ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index f26b795dd4..8783924b80 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -26,5 +26,6 @@ #include "test/drivers/key_management.h" #include "test/drivers/cipher.h" #include "test/drivers/size.h" +#include "test/drivers/hash.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ From 0af9be078cef1b5acf83a1e6e492732553515054 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Mar 2021 16:16:53 +0100 Subject: [PATCH 118/553] Move test driver hash function declarations to software driver Signed-off-by: Steven Cooreman --- include/test/drivers/hash.h | 69 ------------------------------ include/test/drivers/test_driver.h | 1 - 2 files changed, 70 deletions(-) delete mode 100644 include/test/drivers/hash.h diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h deleted file mode 100644 index 45c770c811..0000000000 --- a/include/test/drivers/hash.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Test driver for hash functions - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H -#define PSA_CRYPTO_TEST_DRIVERS_HASH_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(PSA_CRYPTO_DRIVER_TEST) -/* Include path is relative to the tests/include folder, which is the base - * include path for including this (hash.h) test driver header. */ -#include "../../library/psa_crypto_hash.h" - -typedef struct { - mbedtls_psa_hash_operation_t operation; -} test_transparent_hash_operation_t; - -psa_status_t test_transparent_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -psa_status_t test_transparent_hash_setup( - test_transparent_hash_operation_t *operation, - psa_algorithm_t alg ); - -psa_status_t test_transparent_hash_clone( - const test_transparent_hash_operation_t *source_operation, - test_transparent_hash_operation_t *target_operation ); - -psa_status_t test_transparent_hash_update( - test_transparent_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t test_transparent_hash_finish( - test_transparent_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ); - -psa_status_t test_transparent_hash_abort( - test_transparent_hash_operation_t *operation ); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 8783924b80..f26b795dd4 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -26,6 +26,5 @@ #include "test/drivers/key_management.h" #include "test/drivers/cipher.h" #include "test/drivers/size.h" -#include "test/drivers/hash.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ From 7c9158f95a1bde55e2c6177ddec1efeff22b9e22 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Mon, 8 Feb 2021 15:34:42 +0100 Subject: [PATCH 119/553] Remove certs module from mbedtls. Certs will be used only by tests and programs. Signed-off-by: Mateusz Starzyk --- include/test/certs.h | 250 ++++++ src/certs.c | 1742 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1992 insertions(+) create mode 100644 include/test/certs.h create mode 100644 src/certs.c diff --git a/include/test/certs.h b/include/test/certs.h new file mode 100644 index 0000000000..c93c741c7f --- /dev/null +++ b/include/test/certs.h @@ -0,0 +1,250 @@ +/** + * \file certs.h + * + * \brief Sample certificates and DHM parameters for testing + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_CERTS_H +#define MBEDTLS_CERTS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* List of all PEM-encoded CA certificates, terminated by NULL; + * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded + * otherwise. */ +extern const char * mbedtls_test_cas[]; +extern const size_t mbedtls_test_cas_len[]; + +/* List of all DER-encoded CA certificates, terminated by NULL */ +extern const unsigned char * mbedtls_test_cas_der[]; +extern const size_t mbedtls_test_cas_der_len[]; + +#if defined(MBEDTLS_PEM_PARSE_C) +/* Concatenation of all CA certificates in PEM format if available */ +extern const char mbedtls_test_cas_pem[]; +extern const size_t mbedtls_test_cas_pem_len; +#endif /* MBEDTLS_PEM_PARSE_C */ + +/* + * CA test certificates + */ + +extern const char mbedtls_test_ca_crt_ec_pem[]; +extern const char mbedtls_test_ca_key_ec_pem[]; +extern const char mbedtls_test_ca_pwd_ec_pem[]; +extern const char mbedtls_test_ca_key_rsa_pem[]; +extern const char mbedtls_test_ca_pwd_rsa_pem[]; +extern const char mbedtls_test_ca_crt_rsa_sha1_pem[]; +extern const char mbedtls_test_ca_crt_rsa_sha256_pem[]; + +extern const unsigned char mbedtls_test_ca_crt_ec_der[]; +extern const unsigned char mbedtls_test_ca_key_ec_der[]; +extern const unsigned char mbedtls_test_ca_key_rsa_der[]; +extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]; +extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[]; + +extern const size_t mbedtls_test_ca_crt_ec_pem_len; +extern const size_t mbedtls_test_ca_key_ec_pem_len; +extern const size_t mbedtls_test_ca_pwd_ec_pem_len; +extern const size_t mbedtls_test_ca_key_rsa_pem_len; +extern const size_t mbedtls_test_ca_pwd_rsa_pem_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len; + +extern const size_t mbedtls_test_ca_crt_ec_der_len; +extern const size_t mbedtls_test_ca_key_ec_der_len; +extern const size_t mbedtls_test_ca_pwd_ec_der_len; +extern const size_t mbedtls_test_ca_key_rsa_der_len; +extern const size_t mbedtls_test_ca_pwd_rsa_der_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len; + +/* Config-dependent dispatch between PEM and DER encoding + * (PEM if enabled, otherwise DER) */ + +extern const char mbedtls_test_ca_crt_ec[]; +extern const char mbedtls_test_ca_key_ec[]; +extern const char mbedtls_test_ca_pwd_ec[]; +extern const char mbedtls_test_ca_key_rsa[]; +extern const char mbedtls_test_ca_pwd_rsa[]; +extern const char mbedtls_test_ca_crt_rsa_sha1[]; +extern const char mbedtls_test_ca_crt_rsa_sha256[]; + +extern const size_t mbedtls_test_ca_crt_ec_len; +extern const size_t mbedtls_test_ca_key_ec_len; +extern const size_t mbedtls_test_ca_pwd_ec_len; +extern const size_t mbedtls_test_ca_key_rsa_len; +extern const size_t mbedtls_test_ca_pwd_rsa_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha1_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha256_len; + +/* Config-dependent dispatch between SHA-1 and SHA-256 + * (SHA-256 if enabled, otherwise SHA-1) */ + +extern const char mbedtls_test_ca_crt_rsa[]; +extern const size_t mbedtls_test_ca_crt_rsa_len; + +/* Config-dependent dispatch between EC and RSA + * (RSA if enabled, otherwise EC) */ + +extern const char * mbedtls_test_ca_crt; +extern const char * mbedtls_test_ca_key; +extern const char * mbedtls_test_ca_pwd; +extern const size_t mbedtls_test_ca_crt_len; +extern const size_t mbedtls_test_ca_key_len; +extern const size_t mbedtls_test_ca_pwd_len; + +/* + * Server test certificates + */ + +extern const char mbedtls_test_srv_crt_ec_pem[]; +extern const char mbedtls_test_srv_key_ec_pem[]; +extern const char mbedtls_test_srv_pwd_ec_pem[]; +extern const char mbedtls_test_srv_key_rsa_pem[]; +extern const char mbedtls_test_srv_pwd_rsa_pem[]; +extern const char mbedtls_test_srv_crt_rsa_sha1_pem[]; +extern const char mbedtls_test_srv_crt_rsa_sha256_pem[]; + +extern const unsigned char mbedtls_test_srv_crt_ec_der[]; +extern const unsigned char mbedtls_test_srv_key_ec_der[]; +extern const unsigned char mbedtls_test_srv_key_rsa_der[]; +extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]; +extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[]; + +extern const size_t mbedtls_test_srv_crt_ec_pem_len; +extern const size_t mbedtls_test_srv_key_ec_pem_len; +extern const size_t mbedtls_test_srv_pwd_ec_pem_len; +extern const size_t mbedtls_test_srv_key_rsa_pem_len; +extern const size_t mbedtls_test_srv_pwd_rsa_pem_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len; + +extern const size_t mbedtls_test_srv_crt_ec_der_len; +extern const size_t mbedtls_test_srv_key_ec_der_len; +extern const size_t mbedtls_test_srv_pwd_ec_der_len; +extern const size_t mbedtls_test_srv_key_rsa_der_len; +extern const size_t mbedtls_test_srv_pwd_rsa_der_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len; + +/* Config-dependent dispatch between PEM and DER encoding + * (PEM if enabled, otherwise DER) */ + +extern const char mbedtls_test_srv_crt_ec[]; +extern const char mbedtls_test_srv_key_ec[]; +extern const char mbedtls_test_srv_pwd_ec[]; +extern const char mbedtls_test_srv_key_rsa[]; +extern const char mbedtls_test_srv_pwd_rsa[]; +extern const char mbedtls_test_srv_crt_rsa_sha1[]; +extern const char mbedtls_test_srv_crt_rsa_sha256[]; + +extern const size_t mbedtls_test_srv_crt_ec_len; +extern const size_t mbedtls_test_srv_key_ec_len; +extern const size_t mbedtls_test_srv_pwd_ec_len; +extern const size_t mbedtls_test_srv_key_rsa_len; +extern const size_t mbedtls_test_srv_pwd_rsa_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha1_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha256_len; + +/* Config-dependent dispatch between SHA-1 and SHA-256 + * (SHA-256 if enabled, otherwise SHA-1) */ + +extern const char mbedtls_test_srv_crt_rsa[]; +extern const size_t mbedtls_test_srv_crt_rsa_len; + +/* Config-dependent dispatch between EC and RSA + * (RSA if enabled, otherwise EC) */ + +extern const char * mbedtls_test_srv_crt; +extern const char * mbedtls_test_srv_key; +extern const char * mbedtls_test_srv_pwd; +extern const size_t mbedtls_test_srv_crt_len; +extern const size_t mbedtls_test_srv_key_len; +extern const size_t mbedtls_test_srv_pwd_len; + +/* + * Client test certificates + */ + +extern const char mbedtls_test_cli_crt_ec_pem[]; +extern const char mbedtls_test_cli_key_ec_pem[]; +extern const char mbedtls_test_cli_pwd_ec_pem[]; +extern const char mbedtls_test_cli_key_rsa_pem[]; +extern const char mbedtls_test_cli_pwd_rsa_pem[]; +extern const char mbedtls_test_cli_crt_rsa_pem[]; + +extern const unsigned char mbedtls_test_cli_crt_ec_der[]; +extern const unsigned char mbedtls_test_cli_key_ec_der[]; +extern const unsigned char mbedtls_test_cli_key_rsa_der[]; +extern const unsigned char mbedtls_test_cli_crt_rsa_der[]; + +extern const size_t mbedtls_test_cli_crt_ec_pem_len; +extern const size_t mbedtls_test_cli_key_ec_pem_len; +extern const size_t mbedtls_test_cli_pwd_ec_pem_len; +extern const size_t mbedtls_test_cli_key_rsa_pem_len; +extern const size_t mbedtls_test_cli_pwd_rsa_pem_len; +extern const size_t mbedtls_test_cli_crt_rsa_pem_len; + +extern const size_t mbedtls_test_cli_crt_ec_der_len; +extern const size_t mbedtls_test_cli_key_ec_der_len; +extern const size_t mbedtls_test_cli_key_rsa_der_len; +extern const size_t mbedtls_test_cli_crt_rsa_der_len; + +/* Config-dependent dispatch between PEM and DER encoding + * (PEM if enabled, otherwise DER) */ + +extern const char mbedtls_test_cli_crt_ec[]; +extern const char mbedtls_test_cli_key_ec[]; +extern const char mbedtls_test_cli_pwd_ec[]; +extern const char mbedtls_test_cli_key_rsa[]; +extern const char mbedtls_test_cli_pwd_rsa[]; +extern const char mbedtls_test_cli_crt_rsa[]; + +extern const size_t mbedtls_test_cli_crt_ec_len; +extern const size_t mbedtls_test_cli_key_ec_len; +extern const size_t mbedtls_test_cli_pwd_ec_len; +extern const size_t mbedtls_test_cli_key_rsa_len; +extern const size_t mbedtls_test_cli_pwd_rsa_len; +extern const size_t mbedtls_test_cli_crt_rsa_len; + +/* Config-dependent dispatch between EC and RSA + * (RSA if enabled, otherwise EC) */ + +extern const char * mbedtls_test_cli_crt; +extern const char * mbedtls_test_cli_key; +extern const char * mbedtls_test_cli_pwd; +extern const size_t mbedtls_test_cli_crt_len; +extern const size_t mbedtls_test_cli_key_len; +extern const size_t mbedtls_test_cli_pwd_len; + +#ifdef __cplusplus +} +#endif + +#endif /* certs.h */ diff --git a/src/certs.c b/src/certs.c new file mode 100644 index 0000000000..831395c43a --- /dev/null +++ b/src/certs.c @@ -0,0 +1,1742 @@ +/* + * X.509 test certificates + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#include + +/* + * Test CA Certificates + * + * We define test CA certificates for each choice of the following parameters: + * - PEM or DER encoding + * - SHA-1 or SHA-256 hash + * - RSA or EC key + * + * Things to add: + * - multiple EC curve types + * + */ + +/* This is taken from tests/data_files/test-ca2.crt */ +/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ + "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ + "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ + "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ + "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ + 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ + 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ + 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ + 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ + 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ + 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ + 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ + 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ + 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ + 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ + 0xf5, 0xae, 0x1c, 0x42 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca2.key.enc */ +/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ +#define TEST_CA_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ + "\r\n" \ + "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ + "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ + "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ + "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_EC_PEM "PolarSSLTest" + +/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ +#define TEST_CA_KEY_EC_DER { \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha256.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ +#define TEST_CA_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ + "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ + "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ + "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ + "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ + "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ + "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/test-ca-sha256.crt.der + * using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ +#define TEST_CA_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha1.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ +#define TEST_CA_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ + "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \ + "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \ + "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \ + "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \ + "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \ + "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ +#define TEST_CA_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ + 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ + 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ + 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ + 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ + 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ + 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ + 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ + 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ + 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ + 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ + 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ + 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ + 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ + 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ + 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ + 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ + 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ + 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ + 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ + 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ + 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca.key */ +/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ +#define TEST_CA_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \ + "\r\n" \ + "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \ + "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \ + "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \ + "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \ + "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \ + "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \ + "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \ + "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \ + "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \ + "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \ + "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \ + "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \ + "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \ + "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \ + "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \ + "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \ + "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \ + "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \ + "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \ + "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \ + "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \ + "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \ + "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \ + "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \ + "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" + +/* This was generated from test-ca.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ +#define TEST_CA_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ +} +/* END FILE */ + +/* + * Test server Certificates + * + * Test server certificates are defined for each choice + * of the following parameters: + * - PEM or DER encoding + * - SHA-1 or SHA-256 hash + * - RSA or EC key + * + * Things to add: + * - multiple EC curve types + */ + +/* This is taken from tests/data_files/server5.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ + 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ + 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ + 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ + 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ + 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ + 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ + 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ + 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ + 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ + 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server5.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ +#define TEST_SRV_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ +#define TEST_SRV_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2-sha256.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ +#define TEST_SRV_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ + "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ + "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ + "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ + "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ + "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ + "pMZqLmbBm/7WPLc=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/server2-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ +#define TEST_SRV_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ +#define TEST_SRV_CRT_RSA_SHA1_PEM \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ +"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ +"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ +"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ +"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ +"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ +"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ +"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ +"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ +"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ +"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ +"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ +"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ +"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ +"Awgk0+4m0T25cNs=\r\n" \ +"-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/server2.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ +#define TEST_SRV_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ + 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ + 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ + 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ + 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ + 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ + 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ + 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ + 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ + 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ + 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ + 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ + 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ + 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ + 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ + 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ + 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ + 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ + 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ + 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ + 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ + 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ +#define TEST_SRV_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ + "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ + "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ + "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ + "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ + "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ + "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ + "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ + "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ + "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ + "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ + "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ + "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ + "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ + "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ + "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ + "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ + "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ + "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ + "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ + "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ + "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ + "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ + "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ + "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ +#define TEST_SRV_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ +} +/* END FILE */ + +/* + * Test client Certificates + * + * Test client certificates are defined for each choice + * of the following parameters: + * - PEM or DER encoding + * - RSA or EC key + * + * Things to add: + * - hash type + * - multiple EC curve types + */ + +/* This is taken from tests/data_files/cli2.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ +#define TEST_CLI_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ + "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ + "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ + "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ + "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ + "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ + "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ + "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ + "a9Vk\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ +#define TEST_CLI_CRT_EC_DER { \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli2.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ +#define TEST_CLI_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ + "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ +#define TEST_CLI_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ +#define TEST_CLI_CRT_RSA_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ + "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ + "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ + "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ + "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ + "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ + "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ + "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ + "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ + "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ + "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ + "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ + "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ + "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ + "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This was generated from tests/data_files/cli-rsa-sha256.crt.der + using `xxd -i.` */ +/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ +#define TEST_CLI_CRT_RSA_DER { \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli-rsa.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ +#define TEST_CLI_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ + "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ + "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ + "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ + "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ + "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ + "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ + "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ + "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ + "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ + "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ + "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ + "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ + "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ + "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ + "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ + "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ + "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ + "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ + "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ + "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ + "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ + "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ + "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ + "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ + +/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ +#define TEST_CLI_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ +} +/* END FILE */ + +/* + * + * Test certificates and keys as C variables + * + */ + +/* + * CA + */ + +const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM; +const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM; +const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM; +const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM; +const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM; +const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM; +const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM; + +const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER; +const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER; +const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER; +const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] = + TEST_CA_CRT_RSA_SHA1_DER; +const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = + TEST_CA_CRT_RSA_SHA256_DER; + +const size_t mbedtls_test_ca_crt_ec_pem_len = + sizeof( mbedtls_test_ca_crt_ec_pem ); +const size_t mbedtls_test_ca_key_ec_pem_len = + sizeof( mbedtls_test_ca_key_ec_pem ); +const size_t mbedtls_test_ca_pwd_ec_pem_len = + sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1; +const size_t mbedtls_test_ca_key_rsa_pem_len = + sizeof( mbedtls_test_ca_key_rsa_pem ); +const size_t mbedtls_test_ca_pwd_rsa_pem_len = + sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1; +const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = + sizeof( mbedtls_test_ca_crt_rsa_sha1_pem ); +const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = + sizeof( mbedtls_test_ca_crt_rsa_sha256_pem ); + +const size_t mbedtls_test_ca_crt_ec_der_len = + sizeof( mbedtls_test_ca_crt_ec_der ); +const size_t mbedtls_test_ca_key_ec_der_len = + sizeof( mbedtls_test_ca_key_ec_der ); +const size_t mbedtls_test_ca_pwd_ec_der_len = 0; +const size_t mbedtls_test_ca_key_rsa_der_len = + sizeof( mbedtls_test_ca_key_rsa_der ); +const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; +const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = + sizeof( mbedtls_test_ca_crt_rsa_sha1_der ); +const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = + sizeof( mbedtls_test_ca_crt_rsa_sha256_der ); + +/* + * Server + */ + +const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM; +const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM; +const char mbedtls_test_srv_pwd_ec_pem[] = ""; +const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM; +const char mbedtls_test_srv_pwd_rsa_pem[] = ""; +const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM; +const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM; + +const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER; +const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER; +const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER; +const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] = + TEST_SRV_CRT_RSA_SHA1_DER; +const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = + TEST_SRV_CRT_RSA_SHA256_DER; + +const size_t mbedtls_test_srv_crt_ec_pem_len = + sizeof( mbedtls_test_srv_crt_ec_pem ); +const size_t mbedtls_test_srv_key_ec_pem_len = + sizeof( mbedtls_test_srv_key_ec_pem ); +const size_t mbedtls_test_srv_pwd_ec_pem_len = + sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1; +const size_t mbedtls_test_srv_key_rsa_pem_len = + sizeof( mbedtls_test_srv_key_rsa_pem ); +const size_t mbedtls_test_srv_pwd_rsa_pem_len = + sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1; +const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = + sizeof( mbedtls_test_srv_crt_rsa_sha1_pem ); +const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = + sizeof( mbedtls_test_srv_crt_rsa_sha256_pem ); + +const size_t mbedtls_test_srv_crt_ec_der_len = + sizeof( mbedtls_test_srv_crt_ec_der ); +const size_t mbedtls_test_srv_key_ec_der_len = + sizeof( mbedtls_test_srv_key_ec_der ); +const size_t mbedtls_test_srv_pwd_ec_der_len = 0; +const size_t mbedtls_test_srv_key_rsa_der_len = + sizeof( mbedtls_test_srv_key_rsa_der ); +const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; +const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = + sizeof( mbedtls_test_srv_crt_rsa_sha1_der ); +const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = + sizeof( mbedtls_test_srv_crt_rsa_sha256_der ); + +/* + * Client + */ + +const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM; +const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM; +const char mbedtls_test_cli_pwd_ec_pem[] = ""; +const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM; +const char mbedtls_test_cli_pwd_rsa_pem[] = ""; +const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM; + +const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER; +const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER; +const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; +const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; + +const size_t mbedtls_test_cli_crt_ec_pem_len = + sizeof( mbedtls_test_cli_crt_ec_pem ); +const size_t mbedtls_test_cli_key_ec_pem_len = + sizeof( mbedtls_test_cli_key_ec_pem ); +const size_t mbedtls_test_cli_pwd_ec_pem_len = + sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1; +const size_t mbedtls_test_cli_key_rsa_pem_len = + sizeof( mbedtls_test_cli_key_rsa_pem ); +const size_t mbedtls_test_cli_pwd_rsa_pem_len = + sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1; +const size_t mbedtls_test_cli_crt_rsa_pem_len = + sizeof( mbedtls_test_cli_crt_rsa_pem ); + +const size_t mbedtls_test_cli_crt_ec_der_len = + sizeof( mbedtls_test_cli_crt_ec_der ); +const size_t mbedtls_test_cli_key_ec_der_len = + sizeof( mbedtls_test_cli_key_ec_der ); +const size_t mbedtls_test_cli_key_rsa_der_len = + sizeof( mbedtls_test_cli_key_rsa_der ); +const size_t mbedtls_test_cli_crt_rsa_der_len = + sizeof( mbedtls_test_cli_crt_rsa_der ); + +/* + * + * Definitions of test CRTs without specification of all parameters, choosing + * them automatically according to the config. For example, mbedtls_test_ca_crt + * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}. + * + */ + +/* + * Dispatch between PEM and DER according to config + */ + +#if defined(MBEDTLS_PEM_PARSE_C) + +/* PEM encoded test CA certificates and keys */ + +#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM +#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM +#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM +#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM +#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM +#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM +#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM + +/* PEM encoded test server certificates and keys */ + +#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM +#define TEST_SRV_PWD_RSA "" +#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM +#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM +#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM +#define TEST_SRV_PWD_EC "" +#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM + +/* PEM encoded test client certificates and keys */ + +#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM +#define TEST_CLI_PWD_RSA "" +#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM +#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM +#define TEST_CLI_PWD_EC "" +#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM + +#else /* MBEDTLS_PEM_PARSE_C */ + +/* DER encoded test CA certificates and keys */ + +#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER +#define TEST_CA_PWD_RSA "" +#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER +#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER +#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER +#define TEST_CA_PWD_EC "" +#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER + +/* DER encoded test server certificates and keys */ + +#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER +#define TEST_SRV_PWD_RSA "" +#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER +#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER +#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER +#define TEST_SRV_PWD_EC "" +#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER + +/* DER encoded test client certificates and keys */ + +#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER +#define TEST_CLI_PWD_RSA "" +#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER +#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER +#define TEST_CLI_PWD_EC "" +#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER + +#endif /* MBEDTLS_PEM_PARSE_C */ + +const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA; +const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA; +const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; +const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; +const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC; +const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC; +const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC; + +const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA; +const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA; +const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256; +const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1; +const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC; +const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC; +const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC; + +const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA; +const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA; +const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA; +const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC; +const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; +const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; + +const size_t mbedtls_test_ca_key_rsa_len = + sizeof( mbedtls_test_ca_key_rsa ); +const size_t mbedtls_test_ca_pwd_rsa_len = + sizeof( mbedtls_test_ca_pwd_rsa ) - 1; +const size_t mbedtls_test_ca_crt_rsa_sha256_len = + sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_rsa_sha1_len = + sizeof( mbedtls_test_ca_crt_rsa_sha1 ); +const size_t mbedtls_test_ca_key_ec_len = + sizeof( mbedtls_test_ca_key_ec ); +const size_t mbedtls_test_ca_pwd_ec_len = + sizeof( mbedtls_test_ca_pwd_ec ) - 1; +const size_t mbedtls_test_ca_crt_ec_len = + sizeof( mbedtls_test_ca_crt_ec ); + +const size_t mbedtls_test_srv_key_rsa_len = + sizeof( mbedtls_test_srv_key_rsa ); +const size_t mbedtls_test_srv_pwd_rsa_len = + sizeof( mbedtls_test_srv_pwd_rsa ) -1; +const size_t mbedtls_test_srv_crt_rsa_sha256_len = + sizeof( mbedtls_test_srv_crt_rsa_sha256 ); +const size_t mbedtls_test_srv_crt_rsa_sha1_len = + sizeof( mbedtls_test_srv_crt_rsa_sha1 ); +const size_t mbedtls_test_srv_key_ec_len = + sizeof( mbedtls_test_srv_key_ec ); +const size_t mbedtls_test_srv_pwd_ec_len = + sizeof( mbedtls_test_srv_pwd_ec ) - 1; +const size_t mbedtls_test_srv_crt_ec_len = + sizeof( mbedtls_test_srv_crt_ec ); + +const size_t mbedtls_test_cli_key_rsa_len = + sizeof( mbedtls_test_cli_key_rsa ); +const size_t mbedtls_test_cli_pwd_rsa_len = + sizeof( mbedtls_test_cli_pwd_rsa ) - 1; +const size_t mbedtls_test_cli_crt_rsa_len = + sizeof( mbedtls_test_cli_crt_rsa ); +const size_t mbedtls_test_cli_key_ec_len = + sizeof( mbedtls_test_cli_key_ec ); +const size_t mbedtls_test_cli_pwd_ec_len = + sizeof( mbedtls_test_cli_pwd_ec ) - 1; +const size_t mbedtls_test_cli_crt_ec_len = + sizeof( mbedtls_test_cli_crt_ec ); + +/* + * Dispatch between SHA-1 and SHA-256 + */ + +#if defined(MBEDTLS_SHA256_C) +#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 +#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 +#else +#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 +#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 +#endif /* MBEDTLS_SHA256_C */ + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; +const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; + +const size_t mbedtls_test_ca_crt_rsa_len = + sizeof( mbedtls_test_ca_crt_rsa ); +const size_t mbedtls_test_srv_crt_rsa_len = + sizeof( mbedtls_test_srv_crt_rsa ); + +/* + * Dispatch between RSA and EC + */ + +#if defined(MBEDTLS_RSA_C) + +#define TEST_CA_KEY TEST_CA_KEY_RSA +#define TEST_CA_PWD TEST_CA_PWD_RSA +#define TEST_CA_CRT TEST_CA_CRT_RSA + +#define TEST_SRV_KEY TEST_SRV_KEY_RSA +#define TEST_SRV_PWD TEST_SRV_PWD_RSA +#define TEST_SRV_CRT TEST_SRV_CRT_RSA + +#define TEST_CLI_KEY TEST_CLI_KEY_RSA +#define TEST_CLI_PWD TEST_CLI_PWD_RSA +#define TEST_CLI_CRT TEST_CLI_CRT_RSA + +#else /* no RSA, so assume ECDSA */ + +#define TEST_CA_KEY TEST_CA_KEY_EC +#define TEST_CA_PWD TEST_CA_PWD_EC +#define TEST_CA_CRT TEST_CA_CRT_EC + +#define TEST_SRV_KEY TEST_SRV_KEY_EC +#define TEST_SRV_PWD TEST_SRV_PWD_EC +#define TEST_SRV_CRT TEST_SRV_CRT_EC + +#define TEST_CLI_KEY TEST_CLI_KEY_EC +#define TEST_CLI_PWD TEST_CLI_PWD_EC +#define TEST_CLI_CRT TEST_CLI_CRT_EC +#endif /* MBEDTLS_RSA_C */ + +/* API stability forces us to declare + * mbedtls_test_{ca|srv|cli}_{key|pwd|crt} + * as pointers. */ +static const char test_ca_key[] = TEST_CA_KEY; +static const char test_ca_pwd[] = TEST_CA_PWD; +static const char test_ca_crt[] = TEST_CA_CRT; + +static const char test_srv_key[] = TEST_SRV_KEY; +static const char test_srv_pwd[] = TEST_SRV_PWD; +static const char test_srv_crt[] = TEST_SRV_CRT; + +static const char test_cli_key[] = TEST_CLI_KEY; +static const char test_cli_pwd[] = TEST_CLI_PWD; +static const char test_cli_crt[] = TEST_CLI_CRT; + +const char *mbedtls_test_ca_key = test_ca_key; +const char *mbedtls_test_ca_pwd = test_ca_pwd; +const char *mbedtls_test_ca_crt = test_ca_crt; + +const char *mbedtls_test_srv_key = test_srv_key; +const char *mbedtls_test_srv_pwd = test_srv_pwd; +const char *mbedtls_test_srv_crt = test_srv_crt; + +const char *mbedtls_test_cli_key = test_cli_key; +const char *mbedtls_test_cli_pwd = test_cli_pwd; +const char *mbedtls_test_cli_crt = test_cli_crt; + +const size_t mbedtls_test_ca_key_len = + sizeof( test_ca_key ); +const size_t mbedtls_test_ca_pwd_len = + sizeof( test_ca_pwd ) - 1; +const size_t mbedtls_test_ca_crt_len = + sizeof( test_ca_crt ); + +const size_t mbedtls_test_srv_key_len = + sizeof( test_srv_key ); +const size_t mbedtls_test_srv_pwd_len = + sizeof( test_srv_pwd ) - 1; +const size_t mbedtls_test_srv_crt_len = + sizeof( test_srv_crt ); + +const size_t mbedtls_test_cli_key_len = + sizeof( test_cli_key ); +const size_t mbedtls_test_cli_pwd_len = + sizeof( test_cli_pwd ) - 1; +const size_t mbedtls_test_cli_crt_len = + sizeof( test_cli_crt ); + +/* + * + * Lists of certificates + * + */ + +/* List of CAs in PEM or DER, depending on config */ +const char * mbedtls_test_cas[] = { +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) + mbedtls_test_ca_crt_rsa_sha1, +#endif +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + mbedtls_test_ca_crt_rsa_sha256, +#endif +#if defined(MBEDTLS_ECDSA_C) + mbedtls_test_ca_crt_ec, +#endif + NULL +}; +const size_t mbedtls_test_cas_len[] = { +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) + sizeof( mbedtls_test_ca_crt_rsa_sha1 ), +#endif +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + sizeof( mbedtls_test_ca_crt_rsa_sha256 ), +#endif +#if defined(MBEDTLS_ECDSA_C) + sizeof( mbedtls_test_ca_crt_ec ), +#endif + 0 +}; + +/* List of all available CA certificates in DER format */ +const unsigned char * mbedtls_test_cas_der[] = { +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + mbedtls_test_ca_crt_rsa_sha256_der, +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA1_C) + mbedtls_test_ca_crt_rsa_sha1_der, +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) + mbedtls_test_ca_crt_ec_der, +#endif /* MBEDTLS_ECDSA_C */ + NULL +}; + +const size_t mbedtls_test_cas_der_len[] = { +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA1_C) + sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) + sizeof( mbedtls_test_ca_crt_ec_der ), +#endif /* MBEDTLS_ECDSA_C */ + 0 +}; + +/* Concatenation of all available CA certificates in PEM format */ +#if defined(MBEDTLS_PEM_PARSE_C) +const char mbedtls_test_cas_pem[] = +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + TEST_CA_CRT_RSA_SHA256_PEM +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA1_C) + TEST_CA_CRT_RSA_SHA1_PEM +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) + TEST_CA_CRT_EC_PEM +#endif /* MBEDTLS_ECDSA_C */ + ""; +const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); +#endif /* MBEDTLS_PEM_PARSE_C */ From eaa0799626ebb65be9cfe4c24ee84db13fce6f4a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Dec 2020 15:17:20 +0100 Subject: [PATCH 120/553] psa: Rework unauthenticated cipher support in transparent test driver Make use of psa_cipher_xyz_internal() functions to simplify the transparent test driver code and extend the algorithms it supports to all algorithms supported by the MbedTLS library. Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 11 +- src/drivers/cipher.c | 222 ++++++++-------------------------- 2 files changed, 53 insertions(+), 180 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index ef787f7948..06efa983af 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -28,17 +28,10 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include +#include #include "mbedtls/cipher.h" -typedef struct { - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; - mbedtls_cipher_context_t cipher; -} test_transparent_cipher_operation_t; +typedef psa_cipher_operation_t test_transparent_cipher_operation_t; typedef struct{ unsigned int initialised : 1; diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index fa7c6a9e7e..6a205b4876 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -26,6 +26,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "mbedtls/cipher.h" @@ -204,79 +205,28 @@ psa_status_t test_transparent_cipher_decrypt( output, output_size, output_length) ); } -static psa_status_t test_transparent_cipher_setup( - mbedtls_operation_t direction, +psa_status_t test_transparent_cipher_encrypt_setup( test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - const mbedtls_cipher_info_t *cipher_info = NULL; - int ret = 0; - test_driver_cipher_hooks.hits++; - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ + /* Wiping the entire struct here, instead of member-by-member. This is + * useful for the test suite, since it gives a chance of catching memory + * corruption errors should the core not have allocated (enough) memory for + * our context struct. */ memset( operation, 0, sizeof( *operation ) ); - /* Allow overriding return value for testing purposes */ if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || - psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_NOT_SUPPORTED ); - - operation->alg = alg; - operation->iv_size = 16; - - cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, - key_length * 8, - MBEDTLS_MODE_CTR ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - mbedtls_cipher_init( &operation->cipher ); - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); - if( ret != 0 ) { - mbedtls_cipher_free( &operation->cipher ); - return( mbedtls_to_psa_error( ret ) ); - } - - ret = mbedtls_cipher_setkey( &operation->cipher, - key, - key_length * 8, direction ); - if( ret != 0 ) { - mbedtls_cipher_free( &operation->cipher ); - return( mbedtls_to_psa_error( ret ) ); - } - - operation->iv_set = 0; - operation->iv_required = 1; - operation->key_set = 1; - - return( test_driver_cipher_hooks.forced_status ); -} - -psa_status_t test_transparent_cipher_encrypt_setup( - test_transparent_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT, - operation, - attributes, - key, - key_length, - alg ) ); + return ( mbedtls_psa_cipher_encrypt_setup( operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -285,12 +235,16 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT, - operation, - attributes, - key, - key_length, - alg ) ); + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return ( mbedtls_psa_cipher_decrypt_setup( operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -300,18 +254,16 @@ psa_status_t test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - mbedtls_cipher_free( &operation->cipher ); + mbedtls_psa_cipher_abort( operation ); - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ + /* Wiping the entire struct here, instead of member-by-member. This is + * useful for the test suite, since it gives a chance of catching memory + * corruption errors should the core not have allocated (enough) memory for + * our context struct. */ memset( operation, 0, sizeof( *operation ) ); - return( PSA_SUCCESS ); + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_generate_iv( @@ -320,35 +272,15 @@ psa_status_t test_transparent_cipher_generate_iv( size_t iv_size, size_t *iv_length) { - psa_status_t status; - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - test_driver_cipher_hooks.hits++; if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); - - if( iv_size < operation->iv_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = mbedtls_to_psa_error( - mbedtls_test_rnd_pseudo_rand( &rnd_info, - iv, - operation->iv_size ) ); - if( status != PSA_SUCCESS ) - return( status ); - - *iv_length = operation->iv_size; - status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); - - return( status ); + return( mbedtls_psa_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ) ); } psa_status_t test_transparent_cipher_set_iv( @@ -356,29 +288,14 @@ psa_status_t test_transparent_cipher_set_iv( const uint8_t *iv, size_t iv_length) { - psa_status_t status; - test_driver_cipher_hooks.hits++; if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); - - if( iv_length != operation->iv_size ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ); - - if( status == PSA_SUCCESS ) - operation->iv_set = 1; - - return( status ); + return( mbedtls_psa_cipher_set_iv( operation, + iv, + iv_length ) ); } psa_status_t test_transparent_cipher_update( @@ -389,27 +306,8 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - psa_status_t status; - test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - /* CTR is a stream cipher, so data in and out are always the same size */ - if( output_size < input_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->cipher, input, - input_length, output, output_length ) ); - - if( status != PSA_SUCCESS ) - return status; - if( test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < test_driver_cipher_hooks.forced_output_length ) @@ -419,9 +317,17 @@ psa_status_t test_transparent_cipher_update( test_driver_cipher_hooks.forced_output, test_driver_cipher_hooks.forced_output_length ); *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); } - return( test_driver_cipher_hooks.forced_status ); + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return( mbedtls_psa_cipher_update( operation, + input, input_length, + output, output_size, + output_length ) ); } psa_status_t test_transparent_cipher_finish( @@ -430,41 +336,8 @@ psa_status_t test_transparent_cipher_finish( size_t output_size, size_t *output_length) { - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( ! operation->key_set ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &operation->cipher, - temp_output_buffer, - output_length ) ); - - mbedtls_cipher_free( &operation->cipher ); - - if( status != PSA_SUCCESS ) - return( status ); - - if( *output_length == 0 ) - ; /* Nothing to copy. Note that output may be NULL in this case. */ - else if( output_size >= *output_length ) - memcpy( output, temp_output_buffer, *output_length ); - else - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - if( test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < test_driver_cipher_hooks.forced_output_length ) @@ -474,9 +347,16 @@ psa_status_t test_transparent_cipher_finish( test_driver_cipher_hooks.forced_output, test_driver_cipher_hooks.forced_output_length ); *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); } - return( test_driver_cipher_hooks.forced_status ); + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return( mbedtls_psa_cipher_finish( operation, + output, output_size, + output_length ) ); } /* From e3ee1e35d5a9b62dc2f11fb2a23b2c9e6c46e9ab Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 09:58:47 +0100 Subject: [PATCH 121/553] psa: cipher: Pass Mbed TLS implementation its operation ctx As per drivers, pass to the Mbed TLS implementation of the cipher multi-part operation its operation context and not the PSA operation context. Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 06efa983af..a1eb51214d 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -31,7 +31,7 @@ #include #include "mbedtls/cipher.h" -typedef psa_cipher_operation_t test_transparent_cipher_operation_t; +typedef mbedtls_psa_cipher_operation_t test_transparent_cipher_operation_t; typedef struct{ unsigned int initialised : 1; From 06272856c22b14c3090ba1359c4cc17a98788609 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 12:21:48 +0100 Subject: [PATCH 122/553] psa: cipher: Move to driver operation context application allocation Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 70 ++++++++++++----------------------- src/drivers/cipher.c | 28 +++++++------- 2 files changed, 38 insertions(+), 60 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index a1eb51214d..56b11591f2 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -31,12 +31,6 @@ #include #include "mbedtls/cipher.h" -typedef mbedtls_psa_cipher_operation_t test_transparent_cipher_operation_t; - -typedef struct{ - unsigned int initialised : 1; - test_transparent_cipher_operation_t ctx; -} test_opaque_cipher_operation_t; typedef struct { /* If non-null, on success, copy this to the output. */ @@ -73,44 +67,36 @@ psa_status_t test_transparent_cipher_decrypt( uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_transparent_cipher_encrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_transparent_cipher_decrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_transparent_cipher_abort( - test_transparent_cipher_operation_t *operation); + mbedtls_transparent_test_driver_cipher_operation_t *operation ); psa_status_t test_transparent_cipher_generate_iv( - test_transparent_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length); psa_status_t test_transparent_cipher_set_iv( - test_transparent_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length); psa_status_t test_transparent_cipher_update( - test_transparent_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_transparent_cipher_finish( - test_transparent_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length); /* * opaque versions @@ -130,44 +116,36 @@ psa_status_t test_opaque_cipher_decrypt( uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_opaque_cipher_encrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_opaque_cipher_decrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_opaque_cipher_abort( - test_opaque_cipher_operation_t *operation); + mbedtls_opaque_test_driver_cipher_operation_t *operation); psa_status_t test_opaque_cipher_generate_iv( - test_opaque_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length); psa_status_t test_opaque_cipher_set_iv( - test_opaque_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length); psa_status_t test_opaque_cipher_update( - test_opaque_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_opaque_cipher_finish( - test_opaque_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 6a205b4876..607cd949b8 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -206,7 +206,7 @@ psa_status_t test_transparent_cipher_decrypt( } psa_status_t test_transparent_cipher_encrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -230,7 +230,7 @@ psa_status_t test_transparent_cipher_encrypt_setup( } psa_status_t test_transparent_cipher_decrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -248,7 +248,7 @@ psa_status_t test_transparent_cipher_decrypt_setup( } psa_status_t test_transparent_cipher_abort( - test_transparent_cipher_operation_t *operation) + mbedtls_transparent_test_driver_cipher_operation_t *operation) { test_driver_cipher_hooks.hits++; @@ -267,7 +267,7 @@ psa_status_t test_transparent_cipher_abort( } psa_status_t test_transparent_cipher_generate_iv( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length) @@ -284,7 +284,7 @@ psa_status_t test_transparent_cipher_generate_iv( } psa_status_t test_transparent_cipher_set_iv( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) { @@ -299,7 +299,7 @@ psa_status_t test_transparent_cipher_set_iv( } psa_status_t test_transparent_cipher_update( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -331,7 +331,7 @@ psa_status_t test_transparent_cipher_update( } psa_status_t test_transparent_cipher_finish( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) @@ -401,7 +401,7 @@ psa_status_t test_opaque_cipher_decrypt( } psa_status_t test_opaque_cipher_encrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -415,7 +415,7 @@ psa_status_t test_opaque_cipher_encrypt_setup( } psa_status_t test_opaque_cipher_decrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -429,14 +429,14 @@ psa_status_t test_opaque_cipher_decrypt_setup( } psa_status_t test_opaque_cipher_abort( - test_opaque_cipher_operation_t *operation) + mbedtls_opaque_test_driver_cipher_operation_t *operation ) { (void) operation; return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_generate_iv( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length) @@ -449,7 +449,7 @@ psa_status_t test_opaque_cipher_generate_iv( } psa_status_t test_opaque_cipher_set_iv( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) { @@ -460,7 +460,7 @@ psa_status_t test_opaque_cipher_set_iv( } psa_status_t test_opaque_cipher_update( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -477,7 +477,7 @@ psa_status_t test_opaque_cipher_update( } psa_status_t test_opaque_cipher_finish( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) From 67da56a900b328b47922c7902b300fbf21b830a0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 12 Mar 2021 11:08:49 +0100 Subject: [PATCH 123/553] psa: cipher: Add transparent driver test specific entry points Signed-off-by: Ronald Cron --- src/drivers/cipher.c | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 607cd949b8..295d47a692 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -222,11 +222,8 @@ psa_status_t test_transparent_cipher_encrypt_setup( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return ( mbedtls_psa_cipher_encrypt_setup( operation, - attributes, - key, - key_length, - alg ) ); + return ( mbedtls_transparent_test_driver_cipher_encrypt_setup( + operation, attributes, key, key_length, alg ) ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -240,11 +237,8 @@ psa_status_t test_transparent_cipher_decrypt_setup( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return ( mbedtls_psa_cipher_decrypt_setup( operation, - attributes, - key, - key_length, - alg ) ); + return ( mbedtls_transparent_test_driver_cipher_decrypt_setup( + operation, attributes, key, key_length, alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -255,7 +249,7 @@ psa_status_t test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); - mbedtls_psa_cipher_abort( operation ); + mbedtls_transparent_test_driver_cipher_abort( operation ); /* Wiping the entire struct here, instead of member-by-member. This is * useful for the test suite, since it gives a chance of catching memory @@ -277,10 +271,8 @@ psa_status_t test_transparent_cipher_generate_iv( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ) ); + return( mbedtls_transparent_test_driver_cipher_generate_iv( + operation, iv, iv_size, iv_length ) ); } psa_status_t test_transparent_cipher_set_iv( @@ -293,9 +285,8 @@ psa_status_t test_transparent_cipher_set_iv( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_set_iv( operation, - iv, - iv_length ) ); + return( mbedtls_transparent_test_driver_cipher_set_iv( + operation, iv, iv_length ) ); } psa_status_t test_transparent_cipher_update( @@ -324,10 +315,9 @@ psa_status_t test_transparent_cipher_update( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_update( operation, - input, input_length, - output, output_size, - output_length ) ); + return( mbedtls_transparent_test_driver_cipher_update( + operation, input, input_length, + output, output_size, output_length ) ); } psa_status_t test_transparent_cipher_finish( @@ -354,9 +344,8 @@ psa_status_t test_transparent_cipher_finish( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_finish( operation, - output, output_size, - output_length ) ); + return( mbedtls_transparent_test_driver_cipher_finish( + operation, output, output_size, output_length ) ); } /* From aadf0ef3e106bdc5cc1ea86a6ea0c11b3dffc42f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Mar 2021 09:52:26 +0100 Subject: [PATCH 124/553] psa: cipher: Remove cipher_generate_iv driver entry point Remove cipher_generate_iv driver entry point as there is no known use case to delegate this to a driver. Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 8 -------- src/drivers/cipher.c | 28 ---------------------------- 2 files changed, 36 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 56b11591f2..6d6a6af424 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -81,10 +81,6 @@ psa_status_t test_transparent_cipher_decrypt_setup( psa_status_t test_transparent_cipher_abort( mbedtls_transparent_test_driver_cipher_operation_t *operation ); -psa_status_t test_transparent_cipher_generate_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length); - psa_status_t test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length); @@ -130,10 +126,6 @@ psa_status_t test_opaque_cipher_decrypt_setup( psa_status_t test_opaque_cipher_abort( mbedtls_opaque_test_driver_cipher_operation_t *operation); -psa_status_t test_opaque_cipher_generate_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length); - psa_status_t test_opaque_cipher_set_iv( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length); diff --git a/src/drivers/cipher.c b/src/drivers/cipher.c index 295d47a692..4dc46789b2 100644 --- a/src/drivers/cipher.c +++ b/src/drivers/cipher.c @@ -260,21 +260,6 @@ psa_status_t test_transparent_cipher_abort( return( test_driver_cipher_hooks.forced_status ); } -psa_status_t test_transparent_cipher_generate_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length) -{ - test_driver_cipher_hooks.hits++; - - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - return( mbedtls_transparent_test_driver_cipher_generate_iv( - operation, iv, iv_size, iv_length ) ); -} - psa_status_t test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, @@ -424,19 +409,6 @@ psa_status_t test_opaque_cipher_abort( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_generate_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length) -{ - (void) operation; - (void) iv; - (void) iv_size; - (void) iv_length; - return( PSA_ERROR_NOT_SUPPORTED ); -} - psa_status_t test_opaque_cipher_set_iv( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, From 4643f31b03d0b9a905f82c320a07cf32a0270d88 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Mar 2021 16:08:20 +0100 Subject: [PATCH 125/553] psa: aead: Add driver delegation Signed-off-by: Ronald Cron --- include/test/drivers/aead.h | 51 +++++++++++++++++++++++ include/test/drivers/test_driver.h | 1 + src/drivers/aead.c | 67 ++++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 include/test/drivers/aead.h create mode 100644 src/drivers/aead.c diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h new file mode 100644 index 0000000000..9287377041 --- /dev/null +++ b/include/test/drivers/aead.h @@ -0,0 +1,51 @@ +/* + * Test driver for AEAD driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H +#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +psa_status_t test_transparent_aead_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *nonce, size_t nonce_length, + const uint8_t *additional_data, size_t additional_data_length, + const uint8_t *plaintext, size_t plaintext_length, + uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ); + +psa_status_t test_transparent_aead_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *nonce, size_t nonce_length, + const uint8_t *additional_data, size_t additional_data_length, + const uint8_t *ciphertext, size_t ciphertext_length, + uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index f26b795dd4..2fdce5c79f 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -22,6 +22,7 @@ #define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff +#include "test/drivers/aead.h" #include "test/drivers/signature.h" #include "test/drivers/key_management.h" #include "test/drivers/cipher.h" diff --git a/src/drivers/aead.c b/src/drivers/aead.c new file mode 100644 index 0000000000..4a2d0424c8 --- /dev/null +++ b/src/drivers/aead.c @@ -0,0 +1,67 @@ +/* + * Test driver for AEAD entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa_crypto_aead.h" + +#include "test/drivers/aead.h" + +psa_status_t test_transparent_aead_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *nonce, size_t nonce_length, + const uint8_t *additional_data, size_t additional_data_length, + const uint8_t *plaintext, size_t plaintext_length, + uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) +{ + return( mbedtls_psa_aead_encrypt( + attributes, key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ) ); +} + +psa_status_t test_transparent_aead_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *nonce, size_t nonce_length, + const uint8_t *additional_data, size_t additional_data_length, + const uint8_t *ciphertext, size_t ciphertext_length, + uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) +{ + return( mbedtls_psa_aead_decrypt( + attributes, key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ) ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From a1f3875c3e72724e3b40de1363545cc6bb93600b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 23 Mar 2021 09:33:25 +0100 Subject: [PATCH 126/553] tests: Add AEAD transparent test driver hooks Signed-off-by: Ronald Cron --- include/test/drivers/aead.h | 19 +++++++++++++++++++ src/drivers/aead.c | 36 ++++++++++++++++++++++++++++++++---- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 9287377041..1be8910a30 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -29,6 +29,25 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include +typedef struct { + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times AEAD driver functions are called. */ + unsigned long hits; + /* Status returned by the last AEAD driver function call. */ + psa_status_t driver_status; +} test_driver_aead_hooks_t; + +#define TEST_DRIVER_AEAD_INIT { 0, 0, 0 } +static inline test_driver_aead_hooks_t test_driver_aead_hooks_init( void ) +{ + const test_driver_aead_hooks_t v = TEST_DRIVER_AEAD_INIT; + return( v ); +} + +extern test_driver_aead_hooks_t test_driver_aead_hooks; + psa_status_t test_transparent_aead_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/src/drivers/aead.c b/src/drivers/aead.c index 4a2d0424c8..c87752502a 100644 --- a/src/drivers/aead.c +++ b/src/drivers/aead.c @@ -28,6 +28,8 @@ #include "test/drivers/aead.h" +test_driver_aead_hooks_t test_driver_aead_hooks = TEST_DRIVER_AEAD_INIT; + psa_status_t test_transparent_aead_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -37,13 +39,26 @@ psa_status_t test_transparent_aead_encrypt( const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { - return( mbedtls_psa_aead_encrypt( + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length ) ); + ciphertext, ciphertext_size, ciphertext_length ); + } + + return( test_driver_aead_hooks.driver_status ); } psa_status_t test_transparent_aead_decrypt( @@ -55,13 +70,26 @@ psa_status_t test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { - return( mbedtls_psa_aead_decrypt( + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length ) ); + plaintext, plaintext_size, plaintext_length ); + } + + return( test_driver_aead_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 9186c229b6b79e3bce7c0fdccb881e1a97c1128b Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 8 Jan 2021 17:04:59 +0000 Subject: [PATCH 127/553] Add macro for error code addition Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the result will not be corrupted. This additional check is only enabled during testing when `MBEDTLS_TEST_HOOKS` is defined. Also includes a reference usage example in `rsa.c` where two high-level error codes could be incorrectly added together under the right conditions. This now ensures that when this error occurs during testing it will be correctly reported. Signed-off-by: Chris Jones --- include/test/helpers.h | 10 ++++++++++ src/helpers.c | 13 +++++++++++++ 2 files changed, 23 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index c3a844b600..1fe25d89fe 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -278,4 +278,14 @@ void mbedtls_test_mutex_usage_init( void ); void mbedtls_test_mutex_usage_check( void ); #endif /* MBEDTLS_TEST_MUTEX_USAGE */ +#if defined(MBEDTLS_TEST_HOOKS) +/** + * \brief Check that a pure high-level error code is being combined with a + * pure low-level error code as otherwise the resultant error code + * would be corrupted. + */ +void mbedtls_test_err_add_check( int high, int low, + const char *file, int line); +#endif + #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index e323275e5f..2c01a584af 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -282,3 +282,16 @@ void mbedtls_param_failed( const char *failure_condition, } } #endif /* MBEDTLS_CHECK_PARAMS */ + +#if defined(MBEDTLS_TEST_HOOKS) +void mbedtls_test_err_add_check( int high, int low, + const char *file, int line ) +{ + if ( high < -0x0FFF && low > -0x007F ) + { + mbedtls_fprintf( stderr, "\nIncorrect error code addition at %s:%d\n", + file, line ); + mbedtls_exit( 1 ); + } +} +#endif /* MBEDTLS_TEST_HOOKS */ From ad5d44f6b30d710db8d2c1fe35157afea4475d2e Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 11 Jan 2021 12:27:21 +0000 Subject: [PATCH 128/553] Fix error code combination check `mbedtls_test_err_add_check` was previously incorrectly throwing an error if both error codes were correct and valid pure error codes. This change fixes that behaviour to correctly throw errors when invalid combinations are found. Signed-off-by: Chris Jones --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index 2c01a584af..d88ef43f0a 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -287,7 +287,7 @@ void mbedtls_param_failed( const char *failure_condition, void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) { - if ( high < -0x0FFF && low > -0x007F ) + if ( high > -0x1000 || low < -0x007F ) { mbedtls_fprintf( stderr, "\nIncorrect error code addition at %s:%d\n", file, line ); From 216df3066c8a3b98b0059169a01d97d74c5572bc Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 12 Jan 2021 15:21:57 +0000 Subject: [PATCH 129/553] Move `MBEDTLS_ERR_ADD` macro and function to `common.*` `error.c` is a file generated from `error.h` and thus cannot contain the code that was previously added. This commit fixes that issue by moving the `MBEDTLS_ERR_ADD` macro and associated function and function pointer into `common.h` and `common.c`. Also fix a typo in `tests/include/test/helpers.h` where tabs were accidentally used instead of spaces. Signed-off-by: Chris Jones --- include/test/helpers.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 1fe25d89fe..a26f1eeda9 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -280,9 +280,9 @@ void mbedtls_test_mutex_usage_check( void ); #if defined(MBEDTLS_TEST_HOOKS) /** - * \brief Check that a pure high-level error code is being combined with a - * pure low-level error code as otherwise the resultant error code - * would be corrupted. + * \brief Check that a pure high-level error code is being combined with a + * pure low-level error code as otherwise the resultant error code + * would be corrupted. */ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); From 929d2f9dfcc2af78652c4f5b02cefe763dce0426 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 29 Jan 2021 14:56:20 +0000 Subject: [PATCH 130/553] Expand error addition checks Add new checks and specific error messages to `mbedtls_test_err_add_check`. This should now catch all types of error when combining error codes and provide a specific error message to explain what occured. Signed-off-by: Chris Jones --- src/helpers.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index d88ef43f0a..9c981de672 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -287,10 +287,34 @@ void mbedtls_param_failed( const char *failure_condition, void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) { - if ( high > -0x1000 || low < -0x007F ) + if ( high > -0x1000 ) { - mbedtls_fprintf( stderr, "\nIncorrect error code addition at %s:%d\n", - file, line ); + mbedtls_fprintf( stderr, "\n'high' is not a high-level error code - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( high < -0x7F80 ) + { + mbedtls_fprintf( stderr, "\n'high' is greater than 16-bits - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( ( high & 0x7F ) != 0 ) + { + mbedtls_fprintf( stderr, "\n'high' contains a low-level error code - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( low < -0x007F ) + { + mbedtls_fprintf( stderr, "\n'low' is greater than 8-bits - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( low > 0 ) + { + mbedtls_fprintf( stderr, "\n'low' is zero or greater - " + "%s:%d\n", file, line ); mbedtls_exit( 1 ); } } From e57536867e0334a60a7c9a8456834b6f9846847f Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 8 Feb 2021 12:32:41 +0000 Subject: [PATCH 131/553] Make mbedtls_test_err_add_check fail tests Previously an error message was printed and then the test manually exited via `mbedtls_exit( 1 )`. This commit includes a rebase onto: d4ad8f5b0edca26f0f70f600a8217f36cab06a4e so that `mbedtls_test_fail` can be used instead to properly fail tests (and report them as such). Signed-off-by: Chris Jones --- src/helpers.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 9c981de672..8319e9004a 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -289,33 +289,25 @@ void mbedtls_test_err_add_check( int high, int low, { if ( high > -0x1000 ) { - mbedtls_fprintf( stderr, "\n'high' is not a high-level error code - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'high' is not a high-level error code", + line, file ); } else if ( high < -0x7F80 ) { - mbedtls_fprintf( stderr, "\n'high' is greater than 16-bits - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'high' is greater than 16-bits", line, file ); } else if ( ( high & 0x7F ) != 0 ) { - mbedtls_fprintf( stderr, "\n'high' contains a low-level error code - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'high' contains a low-level error code", + line, file ); } else if ( low < -0x007F ) { - mbedtls_fprintf( stderr, "\n'low' is greater than 8-bits - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'low' is greater than 8-bits", line, file ); } else if ( low > 0 ) { - mbedtls_fprintf( stderr, "\n'low' is zero or greater - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'low' is zero or greater", line, file ); } } #endif /* MBEDTLS_TEST_HOOKS */ From 002d1da308dce620d0c7440500349ecaa1ece280 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 31 Mar 2021 09:34:22 +0100 Subject: [PATCH 132/553] Improve mbedtls_test_err_add_check documentation Improve and clarify error messages and comments when checking error codes. Signed-off-by: Chris Jones --- include/test/helpers.h | 10 ++++++++-- src/helpers.c | 28 +++++++++++++++++++++------- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index a26f1eeda9..9bfe08547c 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -280,9 +280,15 @@ void mbedtls_test_mutex_usage_check( void ); #if defined(MBEDTLS_TEST_HOOKS) /** - * \brief Check that a pure high-level error code is being combined with a - * pure low-level error code as otherwise the resultant error code + * \brief Check that only a pure high-level error code is being combined with + * a pure low-level error code as otherwise the resultant error code * would be corrupted. + * + * \note Both high-level and low-level error codes cannot be greater than + * zero however can be zero. If one error code is zero then the + * other error code is returned even if both codes are zero. + * + * \note If the check fails, fail the test currently being run. */ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); diff --git a/src/helpers.c b/src/helpers.c index 8319e9004a..8819674093 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -287,27 +287,41 @@ void mbedtls_param_failed( const char *failure_condition, void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) { - if ( high > -0x1000 ) + /* Error codes are always negative (a value of zero is a success) however + * their positive opposites can be easier to understand. The following + * examples given in comments have been made positive for ease of + * understanding. The structure of an error code is such: + * + * shhhhhhhllllllll + * + * s = sign bit. + * h = high level error code (includes high and module error codes). + * l = low level error code. + */ + if ( high > -0x1000 ) // high < 0001000000000000 { mbedtls_test_fail( "'high' is not a high-level error code", line, file ); } - else if ( high < -0x7F80 ) + else if ( high < -0x7F80 ) // high > 0111111110000000 { - mbedtls_test_fail( "'high' is greater than 16-bits", line, file ); + mbedtls_test_fail( "'high' error code is greater than 15 bits", + line, file ); } - else if ( ( high & 0x7F ) != 0 ) + else if ( ( high & 0x7F ) != 0 ) // high & 0000000011111111 { mbedtls_test_fail( "'high' contains a low-level error code", line, file ); } - else if ( low < -0x007F ) + else if ( low < -0x007F ) // low > 0000000001111111 { - mbedtls_test_fail( "'low' is greater than 8-bits", line, file ); + mbedtls_test_fail( "'low' error code is greater than 7 bits", + line, file ); } else if ( low > 0 ) { - mbedtls_test_fail( "'low' is zero or greater", line, file ); + mbedtls_test_fail( "'low' error code is greater than zero", + line, file ); } } #endif /* MBEDTLS_TEST_HOOKS */ From 5dabc324e442c8fe403c54ac665db7985a7d859e Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 31 Mar 2021 16:09:28 +0100 Subject: [PATCH 133/553] Add exception in check when high error code == 0 Although not commonly done, it should be possible to add error codes together even if the high level error code is equal to zero. Signed-off-by: Chris Jones --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index 8819674093..9c1198ea31 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -298,7 +298,7 @@ void mbedtls_test_err_add_check( int high, int low, * h = high level error code (includes high and module error codes). * l = low level error code. */ - if ( high > -0x1000 ) // high < 0001000000000000 + if ( high > -0x1000 && high != 0 ) // high < 0001000000000000 { mbedtls_test_fail( "'high' is not a high-level error code", line, file ); From 334917de8d96cc25ba4294a460bf1bcb7979fb98 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 12 Apr 2021 15:44:47 +0100 Subject: [PATCH 134/553] Improve and fix documentation for error code combination Improve documentation by: - Fixing off by one errors in binary representations of error codes. - Clarifying combinations of zero. - Linking references to variables/macros via doxygen. Signed-off-by: Chris Jones --- src/helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 9c1198ea31..b54661195e 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -292,7 +292,7 @@ void mbedtls_test_err_add_check( int high, int low, * examples given in comments have been made positive for ease of * understanding. The structure of an error code is such: * - * shhhhhhhllllllll + * shhhhhhhhlllllll * * s = sign bit. * h = high level error code (includes high and module error codes). @@ -308,7 +308,7 @@ void mbedtls_test_err_add_check( int high, int low, mbedtls_test_fail( "'high' error code is greater than 15 bits", line, file ); } - else if ( ( high & 0x7F ) != 0 ) // high & 0000000011111111 + else if ( ( high & 0x7F ) != 0 ) // high & 0000000001111111 { mbedtls_test_fail( "'high' contains a low-level error code", line, file ); From 00cea16f54d11566d40f139c7800b19433cd9385 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Feb 2021 17:21:22 +0100 Subject: [PATCH 135/553] Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS According to the design in psa-driver-interface.md. Compiles without issue in test_psa_crypto_drivers. Signed-off-by: Steven Cooreman --- src/helpers.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/helpers.c b/src/helpers.c index e323275e5f..c282edc842 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -282,3 +282,38 @@ void mbedtls_param_failed( const char *failure_condition, } } #endif /* MBEDTLS_CHECK_PARAMS */ + +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) +#include +typedef struct +{ + psa_key_id_t builtin_key_id; + psa_key_location_t location; + psa_drv_slot_number_t slot_number; +} mbedtls_psa_builtin_key_description_t; +static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { + // TODO: declare some keys + {0, 0, 0}, +}; +psa_status_t mbedtls_psa_platform_get_builtin_key( + psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number ) +{ + mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes ); + psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id ); + + for( size_t i = 0; i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) + { + if( builtin_keys[i].builtin_key_id == app_key_id ) + { + psa_set_key_lifetime( attributes, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, + builtin_keys[i].location ) ); + *slot_number = builtin_keys[i].slot_number; + return( PSA_SUCCESS ); + } + } + + return( PSA_ERROR_DOES_NOT_EXIST ); +} +#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ From 20c0620f730c705d5bbac19e47574ae7f44b4157 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Feb 2021 18:04:59 +0100 Subject: [PATCH 136/553] Add test driver implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS As part of test_psa_crypto_drivers, define a builtin symmetric plus an ECC key on the test driver lifetime. Signed-off-by: Steven Cooreman --- include/test/drivers/key_management.h | 10 +++++ src/drivers/key_management.c | 59 +++++++++++++++++++++++++++ src/helpers.c | 21 +++++++++- 3 files changed, 88 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index b30baa2052..ee96024df3 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -29,6 +29,11 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) +#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0 +#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1 +#endif + typedef struct { /* If non-null, on success, copy this to the output. */ void *forced_output; @@ -82,5 +87,10 @@ psa_status_t test_transparent_import_key( size_t *key_buffer_length, size_t *bits); +psa_status_t test_opaque_get_builtin_key( + psa_drv_slot_number_t slot_number, + psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 10a40c37d3..d8410be4e0 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -232,4 +232,63 @@ psa_status_t test_opaque_export_public_key( return( PSA_ERROR_NOT_SUPPORTED ); } +/* The opaque test driver exposes two built-in keys when builtin key support is + * compiled in. + * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 key which allows CTR mode + * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 private key which allows ECDSA sign & verify + * The key buffer format for these is the raw format of psa_drv_slot_number_t + * (i.e. for an actual driver this would mean 'builtin_key_size' = sizeof(psa_drv_slot_number_t)) + */ +psa_status_t test_opaque_get_builtin_key( + psa_drv_slot_number_t slot_number, + psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) +{ +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) + switch( slot_number ) + { + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: + if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + psa_set_key_type( attributes, PSA_KEY_TYPE_AES ); + psa_set_key_bits( attributes, 128 ); + psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( attributes, PSA_ALG_CTR ); + + *( (psa_drv_slot_number_t*) key_buffer ) = + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; + *key_buffer_length = sizeof( psa_drv_slot_number_t ); + return( PSA_SUCCESS ); + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) ); + psa_set_key_bits( attributes, 256 ); + psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); + + *( (psa_drv_slot_number_t*) key_buffer) = + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; + *key_buffer_length = sizeof( psa_drv_slot_number_t ); + return( PSA_SUCCESS ); + default: + (void) slot_number; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) key_buffer_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +#else + (void) slot_number; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) key_buffer_length; + return( PSA_ERROR_DOES_NOT_EXIST ); +#endif +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/helpers.c b/src/helpers.c index c282edc842..ee7fa209ce 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -285,16 +285,33 @@ void mbedtls_param_failed( const char *failure_condition, #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) #include + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include "test/drivers/test_driver.h" +#endif + typedef struct { psa_key_id_t builtin_key_id; psa_key_location_t location; psa_drv_slot_number_t slot_number; } mbedtls_psa_builtin_key_description_t; + static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { - // TODO: declare some keys - {0, 0, 0}, +#if defined(PSA_CRYPTO_DRIVER_TEST) + /* For testing, assign the AES builtin key slot to the boundary values. + * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ + {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, + {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, +#else + {0, 0, 0} +#endif }; + psa_status_t mbedtls_psa_platform_get_builtin_key( psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number ) { From 3cf63060c5a64b853e643c71fb9cfa49adc7998f Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 22 Feb 2021 12:44:15 +0100 Subject: [PATCH 137/553] Add simple test coverage for builtin keys (PSA opaque driver export) Signed-off-by: Steven Cooreman --- include/test/drivers/key_management.h | 3 + src/drivers/key_management.c | 114 ++++++++++++++++++++++++-- 2 files changed, 112 insertions(+), 5 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index ee96024df3..cf6fbb0b02 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -32,6 +32,9 @@ #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) #define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0 #define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1 + +extern const uint8_t test_driver_aes_key[16]; +extern const uint8_t test_driver_ecdsa_key[32]; #endif typedef struct { diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index d8410be4e0..77a217f061 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -41,6 +41,30 @@ test_driver_key_management_hooks_t test_driver_key_management_hooks = TEST_DRIVER_KEY_MANAGEMENT_INIT; +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) +const uint8_t test_driver_aes_key[16] = + { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, + 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; +const uint8_t test_driver_ecdsa_key[32] = + { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, + 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, + 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, + 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; +const uint8_t test_driver_ecdsa_pubkey[65] = + { 0x04, + 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, + 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, + 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a, + 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19, + 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31, + 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b, + 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, + 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; + +static const psa_drv_slot_number_t aes_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; +static const psa_drv_slot_number_t ecdsa_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; +#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ + psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) @@ -154,6 +178,57 @@ psa_status_t test_opaque_export_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) + if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + { + if( key_length != sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) + { + /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_ecdsa_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_ecdsa_key, sizeof( test_driver_ecdsa_key ) ); + *data_length = sizeof( test_driver_ecdsa_key ); + return( PSA_SUCCESS ); + } + + if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) + { + /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 128 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_aes_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_aes_key, sizeof( test_driver_aes_key ) ); + *data_length = sizeof( test_driver_aes_key ); + return( PSA_SUCCESS ); + } + + /* Potentially add more slots here */ + + return( PSA_ERROR_DOES_NOT_EXIST ); + } +#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ (void) attributes; (void) key; (void) key_length; @@ -223,6 +298,35 @@ psa_status_t test_opaque_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) + if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + { + if( key_length != sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) + { + /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy(data, test_driver_ecdsa_pubkey, sizeof( test_driver_ecdsa_pubkey ) ); + *data_length = sizeof( test_driver_ecdsa_pubkey ); + return( PSA_SUCCESS ); + } + + /* Potentially add more slots here */ + + return( PSA_ERROR_DOES_NOT_EXIST ); + } +#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ (void) attributes; (void) key; (void) key_length; @@ -253,7 +357,7 @@ psa_status_t test_opaque_get_builtin_key( psa_set_key_type( attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( attributes, 128 ); - psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( attributes, PSA_ALG_CTR ); *( (psa_drv_slot_number_t*) key_buffer ) = @@ -264,9 +368,9 @@ psa_status_t test_opaque_get_builtin_key( if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) ); + psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); psa_set_key_bits( attributes, 256 ); - psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); *( (psa_drv_slot_number_t*) key_buffer) = @@ -281,14 +385,14 @@ psa_status_t test_opaque_get_builtin_key( (void) key_buffer_length; return( PSA_ERROR_INVALID_ARGUMENT ); } -#else +#else /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ (void) slot_number; (void) attributes; (void) key_buffer; (void) key_buffer_size; (void) key_buffer_length; return( PSA_ERROR_DOES_NOT_EXIST ); -#endif +#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 1284d2e95948e97992dc05b840bf19b25ce547c0 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Mar 2021 17:17:40 +0100 Subject: [PATCH 138/553] Style fixes (typos, whitespace, 80 column limit) Signed-off-by: Steven Cooreman --- src/drivers/key_management.c | 75 +++++++++++++++++++++++++----------- src/helpers.c | 21 ++++++---- 2 files changed, 66 insertions(+), 30 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 77a217f061..ca00fe0e8a 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -61,8 +61,10 @@ const uint8_t test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; -static const psa_drv_slot_number_t aes_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; -static const psa_drv_slot_number_t ecdsa_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; +static const psa_drv_slot_number_t aes_slot = + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; +static const psa_drv_slot_number_t ecdsa_slot = + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ psa_status_t test_transparent_generate_key( @@ -179,41 +181,49 @@ psa_status_t test_opaque_export_key( uint8_t *data, size_t data_size, size_t *data_length ) { #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + if( psa_key_id_is_builtin( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) { if( key_length != sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) { - /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + /* This is the ECDSA slot. Verify key attributes before returning + * the private key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_bits( attributes ) != 256 ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 ) + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( data_size < sizeof( test_driver_ecdsa_key ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_ecdsa_key, sizeof( test_driver_ecdsa_key ) ); + memcpy( data, test_driver_ecdsa_key, + sizeof( test_driver_ecdsa_key ) ); *data_length = sizeof( test_driver_ecdsa_key ); return( PSA_SUCCESS ); } if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) { - /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ + /* This is the AES slot. Verify key attributes before returning + * the key. */ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_bits( attributes ) != 128 ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 ) + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( data_size < sizeof( test_driver_aes_key ) ) @@ -299,25 +309,30 @@ psa_status_t test_opaque_export_public_key( uint8_t *data, size_t data_size, size_t *data_length ) { #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + if( psa_key_id_is_builtin( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) { if( key_length != sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) { - /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + /* This is the ECDSA slot. Verify key attributes before returning + * the public key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_bits( attributes ) != 256 ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy(data, test_driver_ecdsa_pubkey, sizeof( test_driver_ecdsa_pubkey ) ); + memcpy( data, test_driver_ecdsa_pubkey, + sizeof( test_driver_ecdsa_pubkey ) ); *data_length = sizeof( test_driver_ecdsa_pubkey ); return( PSA_SUCCESS ); } @@ -338,10 +353,13 @@ psa_status_t test_opaque_export_public_key( /* The opaque test driver exposes two built-in keys when builtin key support is * compiled in. - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 key which allows CTR mode - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 private key which allows ECDSA sign & verify + * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 + * key which allows CTR mode. + * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 + * private key which allows ECDSA sign & verify. * The key buffer format for these is the raw format of psa_drv_slot_number_t - * (i.e. for an actual driver this would mean 'builtin_key_size' = sizeof(psa_drv_slot_number_t)) + * (i.e. for an actual driver this would mean 'builtin_key_size' = + * sizeof(psa_drv_slot_number_t)). */ psa_status_t test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, @@ -357,7 +375,11 @@ psa_status_t test_opaque_get_builtin_key( psa_set_key_type( attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( attributes, 128 ); - psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT ); + psa_set_key_usage_flags( + attributes, + PSA_KEY_USAGE_ENCRYPT | + PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( attributes, PSA_ALG_CTR ); *( (psa_drv_slot_number_t*) key_buffer ) = @@ -368,12 +390,19 @@ psa_status_t test_opaque_get_builtin_key( if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); + psa_set_key_type( + attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); psa_set_key_bits( attributes, 256 ); - psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); + psa_set_key_usage_flags( + attributes, + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( + attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); - *( (psa_drv_slot_number_t*) key_buffer) = + *( (psa_drv_slot_number_t*) key_buffer ) = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; *key_buffer_length = sizeof( psa_drv_slot_number_t ); return( PSA_SUCCESS ); diff --git a/src/helpers.c b/src/helpers.c index ee7fa209ce..75f55e3713 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -301,12 +301,18 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { #if defined(PSA_CRYPTO_DRIVER_TEST) /* For testing, assign the AES builtin key slot to the boundary values. * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ - {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, #else {0, 0, 0} #endif @@ -318,7 +324,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes ); psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id ); - for( size_t i = 0; i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) + for( size_t i = 0; + i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) { if( builtin_keys[i].builtin_key_id == app_key_id ) { From 907d3f069ae492213169466115801af9b59e7dca Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Mar 2021 18:43:15 +0100 Subject: [PATCH 139/553] Move test driver implementation of platform_get_builtin_key Move to its own file in the test tree, to simplify platform vendors providing their own implementation. Signed-off-by: Steven Cooreman --- src/drivers/platform_builtin_keys.c | 81 +++++++++++++++++++++++++++++ src/helpers.c | 59 --------------------- 2 files changed, 81 insertions(+), 59 deletions(-) create mode 100644 src/drivers/platform_builtin_keys.c diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c new file mode 100644 index 0000000000..131343a906 --- /dev/null +++ b/src/drivers/platform_builtin_keys.c @@ -0,0 +1,81 @@ +/** \file platform_builtin_keys.c + * + * \brief Test driver implementation of the builtin key support + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include +#endif + +typedef struct +{ + psa_key_id_t builtin_key_id; + psa_key_location_t location; + psa_drv_slot_number_t slot_number; +} mbedtls_psa_builtin_key_description_t; + +static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { +#if defined(PSA_CRYPTO_DRIVER_TEST) + /* For testing, assign the AES builtin key slot to the boundary values. + * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, +#else + {0, 0, 0} +#endif +}; + +psa_status_t mbedtls_psa_platform_get_builtin_key( + psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number ) +{ + mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes ); + psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id ); + const mbedtls_psa_builtin_key_description_t *builtin_key; + + for( size_t i = 0; + i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) + { + builtin_key = &builtin_keys[i]; + if( builtin_key->builtin_key_id == app_key_id ) + { + psa_set_key_lifetime( attributes, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, + builtin_key->location ) ); + *slot_number = builtin_key->slot_number; + return( PSA_SUCCESS ); + } + } + + return( PSA_ERROR_DOES_NOT_EXIST ); +} diff --git a/src/helpers.c b/src/helpers.c index 75f55e3713..e323275e5f 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -282,62 +282,3 @@ void mbedtls_param_failed( const char *failure_condition, } } #endif /* MBEDTLS_CHECK_PARAMS */ - -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) -#include - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "test/drivers/test_driver.h" -#endif - -typedef struct -{ - psa_key_id_t builtin_key_id; - psa_key_location_t location; - psa_drv_slot_number_t slot_number; -} mbedtls_psa_builtin_key_description_t; - -static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { -#if defined(PSA_CRYPTO_DRIVER_TEST) - /* For testing, assign the AES builtin key slot to the boundary values. - * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, -#else - {0, 0, 0} -#endif -}; - -psa_status_t mbedtls_psa_platform_get_builtin_key( - psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number ) -{ - mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes ); - psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id ); - - for( size_t i = 0; - i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) - { - if( builtin_keys[i].builtin_key_id == app_key_id ) - { - psa_set_key_lifetime( attributes, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, - builtin_keys[i].location ) ); - *slot_number = builtin_keys[i].slot_number; - return( PSA_SUCCESS ); - } - } - - return( PSA_ERROR_DOES_NOT_EXIST ); -} -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ From 114abeec7c4ddb6cb06e3aa5c810b65bf6f05bc9 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Mar 2021 19:19:53 +0100 Subject: [PATCH 140/553] Refactor opaque key handling in the test driver Builtin key support for the test driver is always compiled in, and no longer guarded by MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS. Parsing the key slot from the buffer by cast and assign instead of memcmp. For exporting keys, the test driver no longer reaches into the key identifier in order to check whether a key is builtin, but rather assumes so based on the key buffer length. It's the driver's responsibility to be able to detect the key material it returned as part of the get_builtin_key operation. Signed-off-by: Steven Cooreman --- include/test/drivers/key_management.h | 5 - src/drivers/key_management.c | 216 +++++++++++--------------- 2 files changed, 90 insertions(+), 131 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index cf6fbb0b02..100fc18d3b 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -29,14 +29,9 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) #define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0 #define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1 -extern const uint8_t test_driver_aes_key[16]; -extern const uint8_t test_driver_ecdsa_key[32]; -#endif - typedef struct { /* If non-null, on success, copy this to the output. */ void *forced_output; diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index ca00fe0e8a..e908daf465 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -41,7 +41,6 @@ test_driver_key_management_hooks_t test_driver_key_management_hooks = TEST_DRIVER_KEY_MANAGEMENT_INIT; -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) const uint8_t test_driver_aes_key[16] = { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; @@ -61,12 +60,6 @@ const uint8_t test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; -static const psa_drv_slot_number_t aes_slot = - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; -static const psa_drv_slot_number_t ecdsa_slot = - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) @@ -180,72 +173,66 @@ psa_status_t test_opaque_export_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( psa_key_id_is_builtin( - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + if( key_length == sizeof( psa_drv_slot_number_t ) ) { - if( key_length != sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) - { - /* This is the ECDSA slot. Verify key attributes before returning - * the private key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( test_driver_ecdsa_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, test_driver_ecdsa_key, - sizeof( test_driver_ecdsa_key ) ); - *data_length = sizeof( test_driver_ecdsa_key ); - return( PSA_SUCCESS ); - } + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) + switch( slot_number ) { - /* This is the AES slot. Verify key attributes before returning - * the key. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 128 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( test_driver_aes_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, test_driver_aes_key, sizeof( test_driver_aes_key ) ); - *data_length = sizeof( test_driver_aes_key ); - return( PSA_SUCCESS ); + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + /* This is the ECDSA slot. Verify the key's attributes before + * returning the private key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_ecdsa_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_ecdsa_key, + sizeof( test_driver_ecdsa_key ) ); + *data_length = sizeof( test_driver_ecdsa_key ); + return( PSA_SUCCESS ); + + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: + /* This is the AES slot. Verify the key's attributes before + * returning the key. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 128 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_aes_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_aes_key, + sizeof( test_driver_aes_key ) ); + *data_length = sizeof( test_driver_aes_key ); + return( PSA_SUCCESS ); + + default: + return( PSA_ERROR_DOES_NOT_EXIST ); } - - /* Potentially add more slots here */ - - return( PSA_ERROR_DOES_NOT_EXIST ); } -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - (void) attributes; - (void) key; - (void) key_length; - (void) data; - (void) data_size; - (void) data_length; - return( PSA_ERROR_NOT_SUPPORTED ); + else + { + /* Test driver does not support generic opaque key handling yet. */ + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t test_transparent_export_public_key( @@ -308,47 +295,41 @@ psa_status_t test_opaque_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( psa_key_id_is_builtin( - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + if( key_length == sizeof( psa_drv_slot_number_t ) ) { - if( key_length != sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + switch( slot_number ) { - /* This is the ECDSA slot. Verify key attributes before returning - * the public key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, test_driver_ecdsa_pubkey, - sizeof( test_driver_ecdsa_pubkey ) ); - *data_length = sizeof( test_driver_ecdsa_pubkey ); - return( PSA_SUCCESS ); + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + /* This is the ECDSA slot. Verify the key's attributes before + * returning the public key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_ecdsa_pubkey, + sizeof( test_driver_ecdsa_pubkey ) ); + *data_length = sizeof( test_driver_ecdsa_pubkey ); + return( PSA_SUCCESS ); + + default: + return( PSA_ERROR_DOES_NOT_EXIST ); } - - /* Potentially add more slots here */ - - return( PSA_ERROR_DOES_NOT_EXIST ); } -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - (void) attributes; - (void) key; - (void) key_length; - (void) data; - (void) data_size; - (void) data_length; - return( PSA_ERROR_NOT_SUPPORTED ); + else + { + /* Test driver does not support generic opaque key handling yet. */ + return( PSA_ERROR_NOT_SUPPORTED ); + } } /* The opaque test driver exposes two built-in keys when builtin key support is @@ -366,13 +347,12 @@ psa_status_t test_opaque_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) + if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + switch( slot_number ) { case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - psa_set_key_type( attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( attributes, 128 ); psa_set_key_usage_flags( @@ -387,9 +367,6 @@ psa_status_t test_opaque_get_builtin_key( *key_buffer_length = sizeof( psa_drv_slot_number_t ); return( PSA_SUCCESS ); case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); @@ -407,21 +384,8 @@ psa_status_t test_opaque_get_builtin_key( *key_buffer_length = sizeof( psa_drv_slot_number_t ); return( PSA_SUCCESS ); default: - (void) slot_number; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) key_buffer_length; - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_DOES_NOT_EXIST ); } -#else /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - (void) slot_number; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) key_buffer_length; - return( PSA_ERROR_DOES_NOT_EXIST ); -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 55ee204b18cd1eb7537fc2d769e4b7bfba9417b5 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Mar 2021 20:48:06 +0100 Subject: [PATCH 141/553] Change signature of mbedtls_psa_platform_get_builtin_key Instead of the full attributes struct, it now only takes/returns what it actually needs to. Signed-off-by: Steven Cooreman --- src/drivers/platform_builtin_keys.c | 50 +++++++++++++++++------------ 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 131343a906..feccbfd0f6 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -30,7 +30,7 @@ typedef struct { psa_key_id_t builtin_key_id; - psa_key_location_t location; + psa_key_lifetime_t lifetime; psa_drv_slot_number_t slot_number; } mbedtls_psa_builtin_key_description_t; @@ -38,28 +38,41 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { #if defined(PSA_CRYPTO_DRIVER_TEST) /* For testing, assign the AES builtin key slot to the boundary values. * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, #else {0, 0, 0} #endif }; psa_status_t mbedtls_psa_platform_get_builtin_key( - psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number ) + mbedtls_svc_key_id_t key_id, + psa_key_lifetime_t *lifetime, + psa_drv_slot_number_t *slot_number ) { - mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes ); - psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id ); + psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ); const mbedtls_psa_builtin_key_description_t *builtin_key; for( size_t i = 0; @@ -68,10 +81,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( builtin_key = &builtin_keys[i]; if( builtin_key->builtin_key_id == app_key_id ) { - psa_set_key_lifetime( attributes, - PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, - builtin_key->location ) ); + *lifetime = builtin_key->lifetime; *slot_number = builtin_key->slot_number; return( PSA_SUCCESS ); } From 6f8bf66dfa3544145d07f1c3ca8e6bf277c8c98b Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Mar 2021 20:49:29 +0100 Subject: [PATCH 142/553] Rename test driver lifetime to location The macro always meant 'location', but was mistakenly named 'lifetime'. Naming it location instead makes much more sense, and drives home the conceptual differences between location and lifetime values. Signed-off-by: Steven Cooreman --- include/test/drivers/test_driver.h | 2 +- src/drivers/platform_builtin_keys.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 2fdce5c79f..84d0caa5e8 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -20,7 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVER_H #define PSA_CRYPTO_TEST_DRIVER_H -#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff +#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff #include "test/drivers/aead.h" #include "test/drivers/signature.h" diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index feccbfd0f6..759fa78309 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -40,27 +40,27 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LIFETIME ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, #else {0, 0, 0} From 3ce701b39bbc53d140852833e44270cb4697d671 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 6 Apr 2021 15:09:19 +0200 Subject: [PATCH 143/553] Reduce indentation need by checking negative case first Signed-off-by: Steven Cooreman --- src/drivers/key_management.c | 170 +++++++++++++++++------------------ 1 file changed, 83 insertions(+), 87 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index e908daf465..5daec6bd52 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -173,66 +173,64 @@ psa_status_t test_opaque_export_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { - if( key_length == sizeof( psa_drv_slot_number_t ) ) - { - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - - switch( slot_number ) - { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the private key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( test_driver_ecdsa_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, test_driver_ecdsa_key, - sizeof( test_driver_ecdsa_key ) ); - *data_length = sizeof( test_driver_ecdsa_key ); - return( PSA_SUCCESS ); - - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - /* This is the AES slot. Verify the key's attributes before - * returning the key. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 128 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( test_driver_aes_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, test_driver_aes_key, - sizeof( test_driver_aes_key ) ); - *data_length = sizeof( test_driver_aes_key ); - return( PSA_SUCCESS ); - - default: - return( PSA_ERROR_DOES_NOT_EXIST ); - } - } - else + if( key_length != sizeof( psa_drv_slot_number_t ) ) { /* Test driver does not support generic opaque key handling yet. */ return( PSA_ERROR_NOT_SUPPORTED ); } + + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + + switch( slot_number ) + { + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + /* This is the ECDSA slot. Verify the key's attributes before + * returning the private key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_ecdsa_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_ecdsa_key, + sizeof( test_driver_ecdsa_key ) ); + *data_length = sizeof( test_driver_ecdsa_key ); + return( PSA_SUCCESS ); + + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: + /* This is the AES slot. Verify the key's attributes before + * returning the key. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 128 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_aes_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_aes_key, + sizeof( test_driver_aes_key ) ); + *data_length = sizeof( test_driver_aes_key ); + return( PSA_SUCCESS ); + + default: + return( PSA_ERROR_DOES_NOT_EXIST ); + } } psa_status_t test_transparent_export_public_key( @@ -295,41 +293,39 @@ psa_status_t test_opaque_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { - if( key_length == sizeof( psa_drv_slot_number_t ) ) - { - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - switch( slot_number ) - { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the public key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, test_driver_ecdsa_pubkey, - sizeof( test_driver_ecdsa_pubkey ) ); - *data_length = sizeof( test_driver_ecdsa_pubkey ); - return( PSA_SUCCESS ); - - default: - return( PSA_ERROR_DOES_NOT_EXIST ); - } - } - else + if( key_length != sizeof( psa_drv_slot_number_t ) ) { /* Test driver does not support generic opaque key handling yet. */ return( PSA_ERROR_NOT_SUPPORTED ); } + + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + switch( slot_number ) + { + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + /* This is the ECDSA slot. Verify the key's attributes before + * returning the public key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, test_driver_ecdsa_pubkey, + sizeof( test_driver_ecdsa_pubkey ) ); + *data_length = sizeof( test_driver_ecdsa_pubkey ); + return( PSA_SUCCESS ); + + default: + return( PSA_ERROR_DOES_NOT_EXIST ); + } } /* The opaque test driver exposes two built-in keys when builtin key support is From ea4148c365348eefa91e5871fa951bb73bbe1298 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 7 Apr 2021 18:09:53 +0200 Subject: [PATCH 144/553] Get a builtin key's attributes in order to correctly get its size Leverage the fact that the get_builtin_key entrypoint returns a key's attributes, such that a proper size for the builtin key's buffer can be calculated through the driver's get_key_buffer_size hook. Signed-off-by: Steven Cooreman --- src/drivers/key_management.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/drivers/key_management.c b/src/drivers/key_management.c index 5daec6bd52..a0626fbf42 100644 --- a/src/drivers/key_management.c +++ b/src/drivers/key_management.c @@ -343,9 +343,6 @@ psa_status_t test_opaque_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { - if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - switch( slot_number ) { case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: @@ -358,6 +355,9 @@ psa_status_t test_opaque_get_builtin_key( PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( attributes, PSA_ALG_CTR ); + if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + *( (psa_drv_slot_number_t*) key_buffer ) = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; *key_buffer_length = sizeof( psa_drv_slot_number_t ); @@ -375,6 +375,9 @@ psa_status_t test_opaque_get_builtin_key( psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); + if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + *( (psa_drv_slot_number_t*) key_buffer ) = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; *key_buffer_length = sizeof( psa_drv_slot_number_t ); From d38225b7ba97073d0d692694d31495492b4a2747 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 8 Apr 2021 12:34:02 +0200 Subject: [PATCH 145/553] Rename test driver source files to avoid file name conflicts MSVC doesn't like multiple compilation units with the same name. (conflict between cipher.c in the library and in the test driver folder) Signed-off-by: Steven Cooreman --- src/drivers/{aead.c => test_driver_aead.c} | 0 src/drivers/{cipher.c => test_driver_cipher.c} | 0 src/drivers/{key_management.c => test_driver_key_management.c} | 0 src/drivers/{signature.c => test_driver_signature.c} | 0 src/drivers/{size.c => test_driver_size.c} | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename src/drivers/{aead.c => test_driver_aead.c} (100%) rename src/drivers/{cipher.c => test_driver_cipher.c} (100%) rename src/drivers/{key_management.c => test_driver_key_management.c} (100%) rename src/drivers/{signature.c => test_driver_signature.c} (100%) rename src/drivers/{size.c => test_driver_size.c} (100%) diff --git a/src/drivers/aead.c b/src/drivers/test_driver_aead.c similarity index 100% rename from src/drivers/aead.c rename to src/drivers/test_driver_aead.c diff --git a/src/drivers/cipher.c b/src/drivers/test_driver_cipher.c similarity index 100% rename from src/drivers/cipher.c rename to src/drivers/test_driver_cipher.c diff --git a/src/drivers/key_management.c b/src/drivers/test_driver_key_management.c similarity index 100% rename from src/drivers/key_management.c rename to src/drivers/test_driver_key_management.c diff --git a/src/drivers/signature.c b/src/drivers/test_driver_signature.c similarity index 100% rename from src/drivers/signature.c rename to src/drivers/test_driver_signature.c diff --git a/src/drivers/size.c b/src/drivers/test_driver_size.c similarity index 100% rename from src/drivers/size.c rename to src/drivers/test_driver_size.c From 65ba6922055fe4968f022f6ff2a7625e26711113 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Thu, 22 Apr 2021 15:28:56 +0100 Subject: [PATCH 146/553] Improve documentation for error code checking Improve comments explaining error code checking, fix incorrect comments and make a small formatting fix. Signed-off-by: Chris Jones --- src/helpers.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index b54661195e..4923e3c68d 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -298,22 +298,34 @@ void mbedtls_test_err_add_check( int high, int low, * h = high level error code (includes high and module error codes). * l = low level error code. */ - if ( high > -0x1000 && high != 0 ) // high < 0001000000000000 + if ( high > -0x1000 && high != 0 ) + /* high < 0001000000000000 + * No high level error bits are set. + */ { mbedtls_test_fail( "'high' is not a high-level error code", line, file ); } - else if ( high < -0x7F80 ) // high > 0111111110000000 + else if ( high < -0x7F80 ) + /* high > 0111111110000000 + * Error code is larger than the greatest high + module level error. + */ { mbedtls_test_fail( "'high' error code is greater than 15 bits", line, file ); } - else if ( ( high & 0x7F ) != 0 ) // high & 0000000001111111 + else if ( ( high & 0x7F ) != 0 ) + /* high & 0000000001111111 + * Error code contains low level error code bits. + */ { mbedtls_test_fail( "'high' contains a low-level error code", line, file ); } - else if ( low < -0x007F ) // low > 0000000001111111 + else if ( low < -0x007F ) + /* low > 0000000001111111 + * Error code contains high or module level error code bits. + */ { mbedtls_test_fail( "'low' error code is greater than 7 bits", line, file ); From 6ff41694c3d9010c5f6d35dffa03313e4c566ce8 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 23 Apr 2021 12:07:25 +0100 Subject: [PATCH 147/553] Change "high level error" to "high level module ID" Signed-off-by: Chris Jones --- src/helpers.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 4923e3c68d..72b886de73 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -295,12 +295,13 @@ void mbedtls_test_err_add_check( int high, int low, * shhhhhhhhlllllll * * s = sign bit. - * h = high level error code (includes high and module error codes). + * h = high level error code (includes high level module ID (bits 12..14) + * and module-dependent error code (bits 7..11)). * l = low level error code. */ if ( high > -0x1000 && high != 0 ) /* high < 0001000000000000 - * No high level error bits are set. + * No high level module ID bits are set. */ { mbedtls_test_fail( "'high' is not a high-level error code", From facda53bc0a99a0d8b665b7e2dba62fe223e66b6 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 26 Apr 2021 16:31:16 +0100 Subject: [PATCH 148/553] Clarify case when high level error code is incorrect Signed-off-by: Chris Jones --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index 72b886de73..b7c9867b05 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -309,7 +309,7 @@ void mbedtls_test_err_add_check( int high, int low, } else if ( high < -0x7F80 ) /* high > 0111111110000000 - * Error code is larger than the greatest high + module level error. + * Error code is greater than the largest allowed high level module ID. */ { mbedtls_test_fail( "'high' error code is greater than 15 bits", From 4b30fa77db4935fd813018f372ab8b0f06518f1a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 29 Apr 2021 23:12:19 +0200 Subject: [PATCH 149/553] Remove deprecated functions and constants. Signed-off-by: TRodziewicz --- src/drivers/signature.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/signature.c b/src/drivers/signature.c index cea0351900..0185acc91a 100644 --- a/src/drivers/signature.c +++ b/src/drivers/signature.c @@ -117,7 +117,7 @@ psa_status_t test_transparent_signature_sign_hash( goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, - hash, hash_length, md_alg ) ); + hash, hash_length, md_alg, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, signature, curve_bytes ) ); From f083d2b3b896ab966eb9067c4fbe522745fafb80 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 23 Mar 2021 09:33:25 +0100 Subject: [PATCH 150/553] tests: Add hash transparent test driver hooks Signed-off-by: Ronald Cron --- include/test/drivers/hash.h | 79 ++++++++++++++ include/test/drivers/test_driver.h | 5 +- src/drivers/hash.c | 160 +++++++++++++++++++++++++++++ 3 files changed, 242 insertions(+), 2 deletions(-) create mode 100644 include/test/drivers/hash.h create mode 100644 src/drivers/hash.c diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h new file mode 100644 index 0000000000..7be3689822 --- /dev/null +++ b/include/test/drivers/hash.h @@ -0,0 +1,79 @@ +/* + * Test driver for hash driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H +#define PSA_CRYPTO_TEST_DRIVERS_HASH_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times hash driver entry points are called. */ + unsigned long hits; + /* Status returned by the last hash driver entry point call. */ + psa_status_t driver_status; +} test_driver_hash_hooks_t; + +#define TEST_DRIVER_HASH_INIT { 0, 0, 0 } +static inline test_driver_hash_hooks_t test_driver_hash_hooks_init( void ) +{ + const test_driver_hash_hooks_t v = TEST_DRIVER_HASH_INIT; + return( v ); +} + +extern test_driver_hash_hooks_t test_driver_hash_hooks; + +psa_status_t test_transparent_hash_compute( + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *hash, size_t hash_size, size_t *hash_length ); + +psa_status_t test_transparent_hash_setup( + mbedtls_transparent_test_driver_hash_operation_t *operation, + psa_algorithm_t alg ); + +psa_status_t test_transparent_hash_clone( + const mbedtls_transparent_test_driver_hash_operation_t *source_operation, + mbedtls_transparent_test_driver_hash_operation_t *target_operation ); + +psa_status_t test_transparent_hash_update( + mbedtls_transparent_test_driver_hash_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t test_transparent_hash_finish( + mbedtls_transparent_test_driver_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length ); + +psa_status_t test_transparent_hash_abort( + mbedtls_psa_hash_operation_t *operation ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 84d0caa5e8..dc2136a6ab 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -23,9 +23,10 @@ #define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff #include "test/drivers/aead.h" -#include "test/drivers/signature.h" -#include "test/drivers/key_management.h" #include "test/drivers/cipher.h" +#include "test/drivers/hash.h" +#include "test/drivers/key_management.h" +#include "test/drivers/signature.h" #include "test/drivers/size.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/hash.c b/src/drivers/hash.c new file mode 100644 index 0000000000..d69a1276c9 --- /dev/null +++ b/src/drivers/hash.c @@ -0,0 +1,160 @@ +/* + * Test driver for hash entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa_crypto_hash.h" + +#include "test/drivers/hash.h" + +test_driver_hash_hooks_t test_driver_hash_hooks = TEST_DRIVER_HASH_INIT; + +psa_status_t test_transparent_hash_compute( + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *hash, size_t hash_size, size_t *hash_length ) +{ + test_driver_hash_hooks.hits++; + + if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_hash_hooks.driver_status = + test_driver_hash_hooks.forced_status; + } + else + { + test_driver_hash_hooks.driver_status = + mbedtls_transparent_test_driver_hash_compute( + alg, input, input_length, + hash, hash_size, hash_length ); + } + + return( test_driver_hash_hooks.driver_status ); +} + +psa_status_t test_transparent_hash_setup( + mbedtls_transparent_test_driver_hash_operation_t *operation, + psa_algorithm_t alg ) +{ + test_driver_hash_hooks.hits++; + + if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_hash_hooks.driver_status = + test_driver_hash_hooks.forced_status; + } + else + { + test_driver_hash_hooks.driver_status = + mbedtls_transparent_test_driver_hash_setup( operation, alg ); + } + + return( test_driver_hash_hooks.driver_status ); +} + +psa_status_t test_transparent_hash_clone( + const mbedtls_transparent_test_driver_hash_operation_t *source_operation, + mbedtls_transparent_test_driver_hash_operation_t *target_operation ) +{ + test_driver_hash_hooks.hits++; + + if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_hash_hooks.driver_status = + test_driver_hash_hooks.forced_status; + } + else + { + test_driver_hash_hooks.driver_status = + mbedtls_transparent_test_driver_hash_clone( source_operation, + target_operation ); + } + + return( test_driver_hash_hooks.driver_status ); +} + +psa_status_t test_transparent_hash_update( + mbedtls_transparent_test_driver_hash_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_hash_hooks.hits++; + + if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_hash_hooks.driver_status = + test_driver_hash_hooks.forced_status; + } + else + { + test_driver_hash_hooks.driver_status = + mbedtls_transparent_test_driver_hash_update( + operation, input, input_length ); + } + + return( test_driver_hash_hooks.driver_status ); +} + +psa_status_t test_transparent_hash_finish( + mbedtls_transparent_test_driver_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length ) +{ + test_driver_hash_hooks.hits++; + + if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_hash_hooks.driver_status = + test_driver_hash_hooks.forced_status; + } + else + { + test_driver_hash_hooks.driver_status = + mbedtls_transparent_test_driver_hash_finish( + operation, hash, hash_size, hash_length ); + } + + return( test_driver_hash_hooks.driver_status ); +} + +psa_status_t test_transparent_hash_abort( + mbedtls_transparent_test_driver_hash_operation_t *operation ) +{ + test_driver_hash_hooks.hits++; + + if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_hash_hooks.driver_status = + test_driver_hash_hooks.forced_status; + } + else + { + test_driver_hash_hooks.driver_status = + mbedtls_transparent_test_driver_hash_abort( operation ); + } + + return( test_driver_hash_hooks.driver_status ); +} +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From de9d4bc97057185ac138e5cf29f9761422ce1f2d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Apr 2021 09:07:03 +0200 Subject: [PATCH 151/553] tests: psa: cipher: Remove out-dated comment Signed-off-by: Ronald Cron --- src/drivers/test_driver_cipher.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 4dc46789b2..e241ba446e 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -36,11 +36,6 @@ #include -/* Test driver implements AES-CTR only. Its default behaviour (when its return - * status is not overridden through the hooks) is to take care of all AES-CTR - * operations, and return PSA_ERROR_NOT_SUPPORTED for all others. - * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use - * fallback even for AES-CTR. */ test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; static psa_status_t test_transparent_cipher_oneshot( From 1d6c89f91089619e1b4cc61d8f34e569d6bb792c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 13 Apr 2021 12:41:34 +0200 Subject: [PATCH 152/553] tests: psa: Add mbedtls/MBEDTLS prefix to test driver symbols Signed-off-by: Ronald Cron --- include/test/drivers/aead.h | 15 +-- include/test/drivers/cipher.h | 43 +++---- include/test/drivers/hash.h | 23 ++-- include/test/drivers/key_management.h | 27 ++-- .../{test_driver.h => mbedtls_test_driver.h} | 0 include/test/drivers/signature.h | 24 ++-- include/test/drivers/size.h | 35 +++--- src/drivers/hash.c | 87 ++++++------- src/drivers/platform_builtin_keys.c | 2 +- src/drivers/test_driver_aead.c | 31 ++--- src/drivers/test_driver_cipher.c | 117 +++++++++--------- src/drivers/test_driver_key_management.c | 88 ++++++------- src/drivers/test_driver_signature.c | 38 +++--- src/drivers/test_driver_size.c | 6 +- 14 files changed, 278 insertions(+), 258 deletions(-) rename include/test/drivers/{test_driver.h => mbedtls_test_driver.h} (100%) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 1be8910a30..2207cb36fe 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -37,18 +37,19 @@ typedef struct { unsigned long hits; /* Status returned by the last AEAD driver function call. */ psa_status_t driver_status; -} test_driver_aead_hooks_t; +} mbedtls_test_driver_aead_hooks_t; -#define TEST_DRIVER_AEAD_INIT { 0, 0, 0 } -static inline test_driver_aead_hooks_t test_driver_aead_hooks_init( void ) +#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 } +static inline mbedtls_test_driver_aead_hooks_t + mbedtls_test_driver_aead_hooks_init( void ) { - const test_driver_aead_hooks_t v = TEST_DRIVER_AEAD_INIT; + const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT; return( v ); } -extern test_driver_aead_hooks_t test_driver_aead_hooks; +extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks; -psa_status_t test_transparent_aead_encrypt( +psa_status_t mbedtls_test_transparent_aead_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, @@ -57,7 +58,7 @@ psa_status_t test_transparent_aead_encrypt( const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ); -psa_status_t test_transparent_aead_decrypt( +psa_status_t mbedtls_test_transparent_aead_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 6d6a6af424..4fe559618f 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -41,101 +41,102 @@ typedef struct { psa_status_t forced_status; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; -} test_driver_cipher_hooks_t; +} mbedtls_test_driver_cipher_hooks_t; -#define TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline test_driver_cipher_hooks_t test_driver_cipher_hooks_init( void ) +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline mbedtls_test_driver_cipher_hooks_t + mbedtls_test_driver_cipher_hooks_init( void ) { - const test_driver_cipher_hooks_t v = TEST_DRIVER_CIPHER_INIT; + const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT; return( v ); } -extern test_driver_cipher_hooks_t test_driver_cipher_hooks; +extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks; -psa_status_t test_transparent_cipher_encrypt( +psa_status_t mbedtls_test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); -psa_status_t test_transparent_cipher_decrypt( +psa_status_t mbedtls_test_transparent_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); -psa_status_t test_transparent_cipher_encrypt_setup( +psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); -psa_status_t test_transparent_cipher_decrypt_setup( +psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); -psa_status_t test_transparent_cipher_abort( +psa_status_t mbedtls_test_transparent_cipher_abort( mbedtls_transparent_test_driver_cipher_operation_t *operation ); -psa_status_t test_transparent_cipher_set_iv( +psa_status_t mbedtls_test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length); -psa_status_t test_transparent_cipher_update( +psa_status_t mbedtls_test_transparent_cipher_update( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); -psa_status_t test_transparent_cipher_finish( +psa_status_t mbedtls_test_transparent_cipher_finish( mbedtls_transparent_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); /* * opaque versions */ -psa_status_t test_opaque_cipher_encrypt( +psa_status_t mbedtls_test_opaque_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); -psa_status_t test_opaque_cipher_decrypt( +psa_status_t mbedtls_test_opaque_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); -psa_status_t test_opaque_cipher_encrypt_setup( +psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); -psa_status_t test_opaque_cipher_decrypt_setup( +psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); -psa_status_t test_opaque_cipher_abort( +psa_status_t mbedtls_test_opaque_cipher_abort( mbedtls_opaque_test_driver_cipher_operation_t *operation); -psa_status_t test_opaque_cipher_set_iv( +psa_status_t mbedtls_test_opaque_cipher_set_iv( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length); -psa_status_t test_opaque_cipher_update( +psa_status_t mbedtls_test_opaque_cipher_update( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); -psa_status_t test_opaque_cipher_finish( +psa_status_t mbedtls_test_opaque_cipher_finish( mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index 7be3689822..ebe83dee4e 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -37,42 +37,43 @@ typedef struct { unsigned long hits; /* Status returned by the last hash driver entry point call. */ psa_status_t driver_status; -} test_driver_hash_hooks_t; +} mbedtls_test_driver_hash_hooks_t; -#define TEST_DRIVER_HASH_INIT { 0, 0, 0 } -static inline test_driver_hash_hooks_t test_driver_hash_hooks_init( void ) +#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 } +static inline mbedtls_test_driver_hash_hooks_t + mbedtls_test_driver_hash_hooks_init( void ) { - const test_driver_hash_hooks_t v = TEST_DRIVER_HASH_INIT; + const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT; return( v ); } -extern test_driver_hash_hooks_t test_driver_hash_hooks; +extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks; -psa_status_t test_transparent_hash_compute( +psa_status_t mbedtls_test_transparent_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length ); -psa_status_t test_transparent_hash_setup( +psa_status_t mbedtls_test_transparent_hash_setup( mbedtls_transparent_test_driver_hash_operation_t *operation, psa_algorithm_t alg ); -psa_status_t test_transparent_hash_clone( +psa_status_t mbedtls_test_transparent_hash_clone( const mbedtls_transparent_test_driver_hash_operation_t *source_operation, mbedtls_transparent_test_driver_hash_operation_t *target_operation ); -psa_status_t test_transparent_hash_update( +psa_status_t mbedtls_test_transparent_hash_update( mbedtls_transparent_test_driver_hash_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t test_transparent_hash_finish( +psa_status_t mbedtls_test_transparent_hash_finish( mbedtls_transparent_test_driver_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length ); -psa_status_t test_transparent_hash_abort( +psa_status_t mbedtls_test_transparent_hash_abort( mbedtls_psa_hash_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 100fc18d3b..45814fd034 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -42,41 +42,44 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; -} test_driver_key_management_hooks_t; +} mbedtls_test_driver_key_management_hooks_t; -#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void ) +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline mbedtls_test_driver_key_management_hooks_t + mbedtls_test_driver_key_management_hooks_init( void ) { - const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT; + const mbedtls_test_driver_key_management_hooks_t + v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; return( v ); } -extern test_driver_key_management_hooks_t test_driver_key_management_hooks; +extern mbedtls_test_driver_key_management_hooks_t + mbedtls_test_driver_key_management_hooks; -psa_status_t test_transparent_generate_key( +psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -psa_status_t test_opaque_generate_key( +psa_status_t mbedtls_test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -psa_status_t test_opaque_export_key( +psa_status_t mbedtls_test_opaque_export_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t test_transparent_export_public_key( +psa_status_t mbedtls_test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t test_opaque_export_public_key( +psa_status_t mbedtls_test_opaque_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t test_transparent_import_key( +psa_status_t mbedtls_test_transparent_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, @@ -85,7 +88,7 @@ psa_status_t test_transparent_import_key( size_t *key_buffer_length, size_t *bits); -psa_status_t test_opaque_get_builtin_key( +psa_status_t mbedtls_test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/mbedtls_test_driver.h similarity index 100% rename from include/test/drivers/test_driver.h rename to include/test/drivers/mbedtls_test_driver.h diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index e785151254..1586ce9bcb 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -38,40 +38,44 @@ typedef struct { psa_status_t forced_status; /* Count the amount of times one of the signature driver functions is called. */ unsigned long hits; -} test_driver_signature_hooks_t; +} mbedtls_test_driver_signature_hooks_t; -#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) +#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline mbedtls_test_driver_signature_hooks_t + mbedtls_test_driver_signature_hooks_init( void ) { - const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; + const mbedtls_test_driver_signature_hooks_t + v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; return( v ); } -extern test_driver_signature_hooks_t test_driver_signature_sign_hooks; -extern test_driver_signature_hooks_t test_driver_signature_verify_hooks; +extern mbedtls_test_driver_signature_hooks_t + mbedtls_test_driver_signature_sign_hooks; +extern mbedtls_test_driver_signature_hooks_t + mbedtls_test_driver_signature_verify_hooks; -psa_status_t test_transparent_signature_sign_hash( +psa_status_t mbedtls_test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t test_opaque_signature_sign_hash( +psa_status_t mbedtls_test_opaque_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t test_transparent_signature_verify_hash( +psa_status_t mbedtls_test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -psa_status_t test_opaque_signature_verify_hash( +psa_status_t mbedtls_test_opaque_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h index 4bfe986a21..577e17b8d2 100644 --- a/include/test/drivers/size.h +++ b/include/test/drivers/size.h @@ -31,16 +31,17 @@ typedef struct { unsigned int context; -} test_driver_key_context_t; +} mbedtls_test_driver_key_context_t; -/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_BASE_SIZE * * This macro returns the base size for the key context. It is the size of the * driver specific information stored in each key context. */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) +#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ + sizeof( mbedtls_test_driver_key_context_t ) -/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE +/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE * * Number of bytes included in every key context for a key pair. * @@ -49,47 +50,47 @@ typedef struct { * subtracting the public key size below from this one. */ -#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 +#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 -/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE +/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE * * Number of bytes included in every key context for a public key. * * For ECC public keys, it needs 257 bits so 33 bytes. */ -#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 +#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 -/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR +/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * * Every key context for a symmetric key includes this many times the key size. */ -#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 +#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 -/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY +/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY * * If this is true for a key pair, the key context includes space for the public key. * If this is false, no additional space is added for the public key. * * For this instance, store the public key with the private one. */ -#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 +#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 -/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION * - * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver + * If MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver * provides a size_function entry point, otherwise, it does not. * * Some opaque drivers have the need to support a custom size for the storage * of key and context information. The size_function provides the ability to * provide that customization. */ -//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +//#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION -#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION -size_t test_size_function( +#ifdef MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +size_t mbedtls_test_size_function( const psa_key_type_t key_type, const size_t key_bits ); -#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ +#endif /* MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/src/drivers/hash.c b/src/drivers/hash.c index d69a1276c9..f95aa6b617 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -28,133 +28,134 @@ #include "test/drivers/hash.h" -test_driver_hash_hooks_t test_driver_hash_hooks = TEST_DRIVER_HASH_INIT; +mbedtls_test_driver_hash_hooks_t + mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; -psa_status_t test_transparent_hash_compute( +psa_status_t mbedtls_test_transparent_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length ) { - test_driver_hash_hooks.hits++; + mbedtls_test_driver_hash_hooks.hits++; - if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) { - test_driver_hash_hooks.driver_status = - test_driver_hash_hooks.forced_status; + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; } else { - test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); } - return( test_driver_hash_hooks.driver_status ); + return( mbedtls_test_driver_hash_hooks.driver_status ); } -psa_status_t test_transparent_hash_setup( +psa_status_t mbedtls_test_transparent_hash_setup( mbedtls_transparent_test_driver_hash_operation_t *operation, psa_algorithm_t alg ) { - test_driver_hash_hooks.hits++; + mbedtls_test_driver_hash_hooks.hits++; - if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) { - test_driver_hash_hooks.driver_status = - test_driver_hash_hooks.forced_status; + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; } else { - test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_setup( operation, alg ); } - return( test_driver_hash_hooks.driver_status ); + return( mbedtls_test_driver_hash_hooks.driver_status ); } -psa_status_t test_transparent_hash_clone( +psa_status_t mbedtls_test_transparent_hash_clone( const mbedtls_transparent_test_driver_hash_operation_t *source_operation, mbedtls_transparent_test_driver_hash_operation_t *target_operation ) { - test_driver_hash_hooks.hits++; + mbedtls_test_driver_hash_hooks.hits++; - if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) { - test_driver_hash_hooks.driver_status = - test_driver_hash_hooks.forced_status; + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; } else { - test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_clone( source_operation, target_operation ); } - return( test_driver_hash_hooks.driver_status ); + return( mbedtls_test_driver_hash_hooks.driver_status ); } -psa_status_t test_transparent_hash_update( +psa_status_t mbedtls_test_transparent_hash_update( mbedtls_transparent_test_driver_hash_operation_t *operation, const uint8_t *input, size_t input_length ) { - test_driver_hash_hooks.hits++; + mbedtls_test_driver_hash_hooks.hits++; - if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) { - test_driver_hash_hooks.driver_status = - test_driver_hash_hooks.forced_status; + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; } else { - test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_update( operation, input, input_length ); } - return( test_driver_hash_hooks.driver_status ); + return( mbedtls_test_driver_hash_hooks.driver_status ); } -psa_status_t test_transparent_hash_finish( +psa_status_t mbedtls_test_transparent_hash_finish( mbedtls_transparent_test_driver_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length ) { - test_driver_hash_hooks.hits++; + mbedtls_test_driver_hash_hooks.hits++; - if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) { - test_driver_hash_hooks.driver_status = - test_driver_hash_hooks.forced_status; + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; } else { - test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_finish( operation, hash, hash_size, hash_length ); } - return( test_driver_hash_hooks.driver_status ); + return( mbedtls_test_driver_hash_hooks.driver_status ); } -psa_status_t test_transparent_hash_abort( +psa_status_t mbedtls_test_transparent_hash_abort( mbedtls_transparent_test_driver_hash_operation_t *operation ) { - test_driver_hash_hooks.hits++; + mbedtls_test_driver_hash_hooks.hits++; - if( test_driver_hash_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) { - test_driver_hash_hooks.driver_status = - test_driver_hash_hooks.forced_status; + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; } else { - test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_abort( operation ); } - return( test_driver_hash_hooks.driver_status ); + return( mbedtls_test_driver_hash_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 759fa78309..57d040a787 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -24,7 +24,7 @@ #include #if defined(PSA_CRYPTO_DRIVER_TEST) -#include +#include #endif typedef struct diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index c87752502a..25396c92f5 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -28,9 +28,10 @@ #include "test/drivers/aead.h" -test_driver_aead_hooks_t test_driver_aead_hooks = TEST_DRIVER_AEAD_INIT; +mbedtls_test_driver_aead_hooks_t + mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; -psa_status_t test_transparent_aead_encrypt( +psa_status_t mbedtls_test_transparent_aead_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, @@ -39,16 +40,16 @@ psa_status_t test_transparent_aead_encrypt( const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, alg, @@ -58,10 +59,10 @@ psa_status_t test_transparent_aead_encrypt( ciphertext, ciphertext_size, ciphertext_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_decrypt( +psa_status_t mbedtls_test_transparent_aead_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, @@ -70,16 +71,16 @@ psa_status_t test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, alg, @@ -89,7 +90,7 @@ psa_status_t test_transparent_aead_decrypt( plaintext, plaintext_size, plaintext_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index e241ba446e..a415dd812b 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -36,9 +36,10 @@ #include -test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; +mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks = + MBEDTLS_TEST_DRIVER_CIPHER_INIT; -static psa_status_t test_transparent_cipher_oneshot( +static psa_status_t mbedtls_test_transparent_cipher_oneshot( mbedtls_operation_t direction, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -46,7 +47,7 @@ static psa_status_t test_transparent_cipher_oneshot( const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || @@ -54,21 +55,21 @@ static psa_status_t test_transparent_cipher_oneshot( return( PSA_ERROR_NOT_SUPPORTED ); /* If test driver response code is not SUCCESS, we can return early */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); /* If test driver output is overridden, we don't need to do actual crypto */ - if( test_driver_cipher_hooks.forced_output != NULL ) + if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_hooks.forced_output_length ) + if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) return( PSA_ERROR_BUFFER_TOO_SMALL ); memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( test_driver_cipher_hooks.forced_status ); + return( mbedtls_test_driver_cipher_hooks.forced_status ); } /* Run AES-CTR using the cipher module */ @@ -166,7 +167,7 @@ static psa_status_t test_transparent_cipher_oneshot( } } -psa_status_t test_transparent_cipher_encrypt( +psa_status_t mbedtls_test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, @@ -174,7 +175,7 @@ psa_status_t test_transparent_cipher_encrypt( uint8_t *output, size_t output_size, size_t *output_length) { return ( - test_transparent_cipher_oneshot( + mbedtls_test_transparent_cipher_oneshot( MBEDTLS_ENCRYPT, attributes, key, key_length, @@ -183,7 +184,7 @@ psa_status_t test_transparent_cipher_encrypt( output, output_size, output_length) ); } -psa_status_t test_transparent_cipher_decrypt( +psa_status_t mbedtls_test_transparent_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, @@ -191,7 +192,7 @@ psa_status_t test_transparent_cipher_decrypt( uint8_t *output, size_t output_size, size_t *output_length) { return ( - test_transparent_cipher_oneshot( + mbedtls_test_transparent_cipher_oneshot( MBEDTLS_DECRYPT, attributes, key, key_length, @@ -200,13 +201,13 @@ psa_status_t test_transparent_cipher_decrypt( output, output_size, output_length) ); } -psa_status_t test_transparent_cipher_encrypt_setup( +psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; /* Wiping the entire struct here, instead of member-by-member. This is * useful for the test suite, since it gives a chance of catching memory @@ -214,32 +215,32 @@ psa_status_t test_transparent_cipher_encrypt_setup( * our context struct. */ memset( operation, 0, sizeof( *operation ) ); - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); return ( mbedtls_transparent_test_driver_cipher_encrypt_setup( operation, attributes, key, key_length, alg ) ); } -psa_status_t test_transparent_cipher_decrypt_setup( +psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); return ( mbedtls_transparent_test_driver_cipher_decrypt_setup( operation, attributes, key, key_length, alg ) ); } -psa_status_t test_transparent_cipher_abort( +psa_status_t mbedtls_test_transparent_cipher_abort( mbedtls_transparent_test_driver_cipher_operation_t *operation) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; if( operation->alg == 0 ) return( PSA_SUCCESS ); @@ -252,24 +253,24 @@ psa_status_t test_transparent_cipher_abort( * our context struct. */ memset( operation, 0, sizeof( *operation ) ); - return( test_driver_cipher_hooks.forced_status ); + return( mbedtls_test_driver_cipher_hooks.forced_status ); } -psa_status_t test_transparent_cipher_set_iv( +psa_status_t mbedtls_test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); return( mbedtls_transparent_test_driver_cipher_set_iv( operation, iv, iv_length ) ); } -psa_status_t test_transparent_cipher_update( +psa_status_t mbedtls_test_transparent_cipher_update( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -277,52 +278,52 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_output != NULL ) + if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_hooks.forced_output_length ) + if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) return PSA_ERROR_BUFFER_TOO_SMALL; memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( test_driver_cipher_hooks.forced_status ); + return( mbedtls_test_driver_cipher_hooks.forced_status ); } - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); return( mbedtls_transparent_test_driver_cipher_update( operation, input, input_length, output, output_size, output_length ) ); } -psa_status_t test_transparent_cipher_finish( +psa_status_t mbedtls_test_transparent_cipher_finish( mbedtls_transparent_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { - test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_output != NULL ) + if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_hooks.forced_output_length ) + if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) return PSA_ERROR_BUFFER_TOO_SMALL; memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( test_driver_cipher_hooks.forced_status ); + return( mbedtls_test_driver_cipher_hooks.forced_status ); } - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); return( mbedtls_transparent_test_driver_cipher_finish( operation, output, output_size, output_length ) ); @@ -331,7 +332,7 @@ psa_status_t test_transparent_cipher_finish( /* * opaque versions, to do */ -psa_status_t test_opaque_cipher_encrypt( +psa_status_t mbedtls_test_opaque_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, @@ -350,7 +351,7 @@ psa_status_t test_opaque_cipher_encrypt( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_decrypt( +psa_status_t mbedtls_test_opaque_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, @@ -369,7 +370,7 @@ psa_status_t test_opaque_cipher_decrypt( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_encrypt_setup( +psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -383,7 +384,7 @@ psa_status_t test_opaque_cipher_encrypt_setup( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_decrypt_setup( +psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -397,14 +398,14 @@ psa_status_t test_opaque_cipher_decrypt_setup( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_abort( +psa_status_t mbedtls_test_opaque_cipher_abort( mbedtls_opaque_test_driver_cipher_operation_t *operation ) { (void) operation; return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_set_iv( +psa_status_t mbedtls_test_opaque_cipher_set_iv( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) @@ -415,7 +416,7 @@ psa_status_t test_opaque_cipher_set_iv( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_update( +psa_status_t mbedtls_test_opaque_cipher_update( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -432,7 +433,7 @@ psa_status_t test_opaque_cipher_update( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_finish( +psa_status_t mbedtls_test_opaque_cipher_finish( mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index a0626fbf42..19e1033311 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -38,18 +38,18 @@ #include -test_driver_key_management_hooks_t test_driver_key_management_hooks = - TEST_DRIVER_KEY_MANAGEMENT_INIT; +mbedtls_test_driver_key_management_hooks_t + mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; -const uint8_t test_driver_aes_key[16] = +const uint8_t mbedtls_test_driver_aes_key[16] = { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; -const uint8_t test_driver_ecdsa_key[32] = +const uint8_t mbedtls_test_driver_ecdsa_key[32] = { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; -const uint8_t test_driver_ecdsa_pubkey[65] = +const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = { 0x04, 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, @@ -60,22 +60,23 @@ const uint8_t test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; -psa_status_t test_transparent_generate_key( +psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { - ++test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.hits; - if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_key_management_hooks.forced_status ); + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); - if( test_driver_key_management_hooks.forced_output != NULL ) + if( mbedtls_test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_key_management_hooks.forced_output_length > key_size ) + if( mbedtls_test_driver_key_management_hooks.forced_output_length > + key_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, test_driver_key_management_hooks.forced_output, - test_driver_key_management_hooks.forced_output_length ); - *key_length = test_driver_key_management_hooks.forced_output_length; + memcpy( key, mbedtls_test_driver_key_management_hooks.forced_output, + mbedtls_test_driver_key_management_hooks.forced_output_length ); + *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -102,7 +103,7 @@ psa_status_t test_transparent_generate_key( } } -psa_status_t test_opaque_generate_key( +psa_status_t mbedtls_test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { @@ -113,7 +114,7 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_transparent_import_key( +psa_status_t mbedtls_test_transparent_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, @@ -122,10 +123,10 @@ psa_status_t test_transparent_import_key( size_t *key_buffer_length, size_t *bits) { - ++test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.hits; - if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_key_management_hooks.forced_status ); + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); @@ -168,7 +169,7 @@ psa_status_t test_transparent_import_key( return( status ); } -psa_status_t test_opaque_export_key( +psa_status_t mbedtls_test_opaque_export_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) @@ -199,12 +200,12 @@ psa_status_t test_opaque_export_key( PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( data_size < sizeof( test_driver_ecdsa_key ) ) + if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_ecdsa_key, - sizeof( test_driver_ecdsa_key ) ); - *data_length = sizeof( test_driver_ecdsa_key ); + memcpy( data, mbedtls_test_driver_ecdsa_key, + sizeof( mbedtls_test_driver_ecdsa_key ) ); + *data_length = sizeof( mbedtls_test_driver_ecdsa_key ); return( PSA_SUCCESS ); case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: @@ -220,12 +221,12 @@ psa_status_t test_opaque_export_key( PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( data_size < sizeof( test_driver_aes_key ) ) + if( data_size < sizeof( mbedtls_test_driver_aes_key ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_aes_key, - sizeof( test_driver_aes_key ) ); - *data_length = sizeof( test_driver_aes_key ); + memcpy( data, mbedtls_test_driver_aes_key, + sizeof( mbedtls_test_driver_aes_key ) ); + *data_length = sizeof( mbedtls_test_driver_aes_key ); return( PSA_SUCCESS ); default: @@ -233,23 +234,24 @@ psa_status_t test_opaque_export_key( } } -psa_status_t test_transparent_export_public_key( +psa_status_t mbedtls_test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) { - ++test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.hits; - if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_key_management_hooks.forced_status ); + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); - if( test_driver_key_management_hooks.forced_output != NULL ) + if( mbedtls_test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_key_management_hooks.forced_output_length > data_size ) + if( mbedtls_test_driver_key_management_hooks.forced_output_length > + data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_key_management_hooks.forced_output, - test_driver_key_management_hooks.forced_output_length ); - *data_length = test_driver_key_management_hooks.forced_output_length; + memcpy( data, mbedtls_test_driver_key_management_hooks.forced_output, + mbedtls_test_driver_key_management_hooks.forced_output_length ); + *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -288,7 +290,7 @@ psa_status_t test_transparent_export_public_key( return( status ); } -psa_status_t test_opaque_export_public_key( +psa_status_t mbedtls_test_opaque_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) @@ -315,12 +317,12 @@ psa_status_t test_opaque_export_public_key( PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) + if( data_size < sizeof( mbedtls_test_driver_ecdsa_pubkey ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_ecdsa_pubkey, - sizeof( test_driver_ecdsa_pubkey ) ); - *data_length = sizeof( test_driver_ecdsa_pubkey ); + memcpy( data, mbedtls_test_driver_ecdsa_pubkey, + sizeof( mbedtls_test_driver_ecdsa_pubkey ) ); + *data_length = sizeof( mbedtls_test_driver_ecdsa_pubkey ); return( PSA_SUCCESS ); default: @@ -338,7 +340,7 @@ psa_status_t test_opaque_export_public_key( * (i.e. for an actual driver this would mean 'builtin_key_size' = * sizeof(psa_drv_slot_number_t)). */ -psa_status_t test_opaque_get_builtin_key( +psa_status_t mbedtls_test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 47c6debc5b..be8c1792bc 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -41,28 +41,32 @@ #include -test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT; -test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT; +mbedtls_test_driver_signature_hooks_t + mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; +mbedtls_test_driver_signature_hooks_t + mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; -psa_status_t test_transparent_signature_sign_hash( +psa_status_t mbedtls_test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - ++test_driver_signature_sign_hooks.hits; + ++mbedtls_test_driver_signature_sign_hooks.hits; - if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_signature_sign_hooks.forced_status ); + if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_sign_hooks.forced_status ); - if( test_driver_signature_sign_hooks.forced_output != NULL ) + if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) { - if( test_driver_signature_sign_hooks.forced_output_length > signature_size ) + if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > + signature_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, test_driver_signature_sign_hooks.forced_output, - test_driver_signature_sign_hooks.forced_output_length ); - *signature_length = test_driver_signature_sign_hooks.forced_output_length; + memcpy( signature, + mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -120,7 +124,7 @@ psa_status_t test_transparent_signature_sign_hash( } } -psa_status_t test_opaque_signature_sign_hash( +psa_status_t mbedtls_test_opaque_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, @@ -140,17 +144,17 @@ psa_status_t test_opaque_signature_sign_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_transparent_signature_verify_hash( +psa_status_t mbedtls_test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - ++test_driver_signature_verify_hooks.hits; + ++mbedtls_test_driver_signature_verify_hooks.hits; - if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_signature_verify_hooks.forced_status ); + if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_verify_hooks.forced_status ); #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) @@ -200,7 +204,7 @@ psa_status_t test_transparent_signature_verify_hash( } } -psa_status_t test_opaque_signature_verify_hash( +psa_status_t mbedtls_test_opaque_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, diff --git a/src/drivers/test_driver_size.c b/src/drivers/test_driver_size.c index 16a86922a6..fd10209d26 100644 --- a/src/drivers/test_driver_size.c +++ b/src/drivers/test_driver_size.c @@ -28,8 +28,8 @@ #include "test/drivers/size.h" -#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION -size_t test_size_function( +#ifdef MBEDTLS_TEST_KEY_CONTEXT_SIZE_FUNCTION +size_t mbedtls_test_size_function( const psa_key_type_t key_type, const size_t key_bits ) { @@ -37,6 +37,6 @@ size_t test_size_function( (void) key_bits; return 0; } -#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */ +#endif /*MBEDTLS_TEST_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From c879c7947778bb856da564a2d74b0721b4cbcbe5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Apr 2021 10:55:34 +0200 Subject: [PATCH 153/553] tests: psa: Simplify key buffer size calculation Move the key buffer size calculation code under tests to avoid check-names.sh to complain about "likely macros with typos". This removes the calculation of key buffer sizes for the test driver from the wrapper based on static size data. But the code is still there in test code to be used when we go back to work on the generation of the driver wrapper. Signed-off-by: Ronald Cron --- include/test/drivers/size.h | 59 ---------------------------- src/drivers/test_driver_size.c | 71 +++++++++++++++++++++++++++++++--- 2 files changed, 65 insertions(+), 65 deletions(-) diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h index 577e17b8d2..b2665bdda5 100644 --- a/include/test/drivers/size.h +++ b/include/test/drivers/size.h @@ -29,68 +29,9 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -typedef struct { - unsigned int context; -} mbedtls_test_driver_key_context_t; - -/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_BASE_SIZE - * - * This macro returns the base size for the key context. It is the size of the - * driver specific information stored in each key context. - */ -#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ - sizeof( mbedtls_test_driver_key_context_t ) - -/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE - * - * Number of bytes included in every key context for a key pair. - * - * This pair size is for an ECC 256-bit private/public key pair. - * Based on this value, the size of the private key can be derived by - * subtracting the public key size below from this one. - */ - -#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 - -/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE - * - * Number of bytes included in every key context for a public key. - * - * For ECC public keys, it needs 257 bits so 33 bytes. - */ -#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 - -/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR - * - * Every key context for a symmetric key includes this many times the key size. - */ -#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 - -/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY - * - * If this is true for a key pair, the key context includes space for the public key. - * If this is false, no additional space is added for the public key. - * - * For this instance, store the public key with the private one. - */ -#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 - -/** \def MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION - * - * If MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver - * provides a size_function entry point, otherwise, it does not. - * - * Some opaque drivers have the need to support a custom size for the storage - * of key and context information. The size_function provides the ability to - * provide that customization. - */ -//#define MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION - -#ifdef MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION size_t mbedtls_test_size_function( const psa_key_type_t key_type, const size_t key_bits ); -#endif /* MBEDTLS_TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/src/drivers/test_driver_size.c b/src/drivers/test_driver_size.c index fd10209d26..d8bcaee381 100644 --- a/src/drivers/test_driver_size.c +++ b/src/drivers/test_driver_size.c @@ -27,16 +27,75 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "test/drivers/size.h" +#include "psa/crypto.h" + +typedef struct { + unsigned int context; +} test_driver_key_context_t; + +/* + * This macro returns the base size for the key context. It is the size of the + * driver specific information stored in each key context. + */ +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) + +/* + * Number of bytes included in every key context for a key pair. + * + * This pair size is for an ECC 256-bit private/public key pair. + * Based on this value, the size of the private key can be derived by + * subtracting the public key size below from this one. + */ +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 + +/* + * Number of bytes included in every key context for a public key. + * + * For ECC public keys, it needs 257 bits so 33 bytes. + */ +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 + +/* + * Every key context for a symmetric key includes this many times the key size. + */ +#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 + +/* + * If this is true for a key pair, the key context includes space for the public key. + * If this is false, no additional space is added for the public key. + * + * For this instance, store the public key with the private one. + */ +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 -#ifdef MBEDTLS_TEST_KEY_CONTEXT_SIZE_FUNCTION size_t mbedtls_test_size_function( const psa_key_type_t key_type, const size_t key_bits ) { - (void) key_type; - (void) key_bits; - return 0; -} -#endif /*MBEDTLS_TEST_KEY_CONTEXT_SIZE_FUNCTION */ + size_t key_buffer_size = 0; + if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) + { + int public_key_overhead = + ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) + ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 ); + key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + + public_key_overhead; + } + else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) ) + { + key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; + } + else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && + !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) ) + { + key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * + ( ( key_bits + 7 ) / 8 ) ); + } + + return( key_buffer_size ); +} #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From c81aea4fec7fd45e6c25e58b435088ea69c1fccc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 30 Apr 2021 17:00:34 +0200 Subject: [PATCH 154/553] tests: Revert test_driver.h name change Signed-off-by: Ronald Cron --- include/test/drivers/{mbedtls_test_driver.h => test_driver.h} | 0 src/drivers/platform_builtin_keys.c | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename include/test/drivers/{mbedtls_test_driver.h => test_driver.h} (100%) diff --git a/include/test/drivers/mbedtls_test_driver.h b/include/test/drivers/test_driver.h similarity index 100% rename from include/test/drivers/mbedtls_test_driver.h rename to include/test/drivers/test_driver.h diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 57d040a787..759fa78309 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -24,7 +24,7 @@ #include #if defined(PSA_CRYPTO_DRIVER_TEST) -#include +#include #endif typedef struct From 6c120280657e093fabae395b20f5890b0e48ff9d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 21:10:11 +0200 Subject: [PATCH 155/553] Add testing of the MAC driver entry points Signed-off-by: Steven Cooreman --- include/test/drivers/mac.h | 140 +++++++++++ include/test/drivers/test_driver.h | 1 + src/drivers/test_driver_mac.c | 361 +++++++++++++++++++++++++++++ 3 files changed, 502 insertions(+) create mode 100644 include/test/drivers/mac.h create mode 100644 src/drivers/test_driver_mac.c diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h new file mode 100644 index 0000000000..e4c750bd61 --- /dev/null +++ b/include/test/drivers/mac.h @@ -0,0 +1,140 @@ +/* + * Test driver for MAC driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H +#define PSA_CRYPTO_TEST_DRIVERS_MAC_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times MAC driver functions are called. */ + unsigned long hits; + /* Status returned by the last MAC driver function call. */ + psa_status_t driver_status; +} test_driver_mac_hooks_t; + +#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } +static inline test_driver_mac_hooks_t test_driver_mac_hooks_init( void ) +{ + const test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; + return( v ); +} + +extern test_driver_mac_hooks_t test_driver_mac_hooks; + +psa_status_t mbedtls_test_transparent_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_transparent_mac_sign_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_mac_verify_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_mac_update( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_test_transparent_mac_sign_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_transparent_mac_verify_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_test_transparent_mac_abort( + mbedtls_transparent_test_driver_mac_operation_t *operation ); + +psa_status_t mbedtls_test_opaque_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_opaque_mac_sign_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_opaque_mac_verify_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_opaque_mac_update( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_test_opaque_mac_sign_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_opaque_mac_verify_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_test_opaque_mac_abort( + mbedtls_opaque_test_driver_mac_operation_t *operation ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index dc2136a6ab..5b60932d3a 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -25,6 +25,7 @@ #include "test/drivers/aead.h" #include "test/drivers/cipher.h" #include "test/drivers/hash.h" +#include "test/drivers/mac.h" #include "test/drivers/key_management.h" #include "test/drivers/signature.h" #include "test/drivers/size.h" diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c new file mode 100644 index 0000000000..4e26e9f21e --- /dev/null +++ b/src/drivers/test_driver_mac.c @@ -0,0 +1,361 @@ +/* + * Test driver for MAC entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa_crypto_mac.h" + +#include "test/drivers/mac.h" + +test_driver_mac_hooks_t test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; + +psa_status_t mbedtls_test_transparent_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_sign_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_sign_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_verify_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_verify_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_update( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_update( + operation, input, input_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_sign_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_sign_finish( + operation, mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_verify_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_verify_finish( + operation, mac, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_abort( + mbedtls_transparent_test_driver_mac_operation_t *operation ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_abort( operation ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_sign_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_sign_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_verify_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_verify_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_update( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_update( + operation, input, input_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_sign_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_sign_finish( + operation, mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_verify_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_verify_finish( + operation, mac, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_abort( + mbedtls_opaque_test_driver_mac_operation_t *operation ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_abort( operation ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From d7224024902e97b02f3f2c4f808525c130cfe439 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 10 May 2021 11:18:20 +0200 Subject: [PATCH 156/553] Apply mbedtls namespacing to MAC driver test hooks Signed-off-by: Steven Cooreman --- include/test/drivers/mac.h | 9 +- src/drivers/test_driver_mac.c | 171 +++++++++++++++++----------------- 2 files changed, 91 insertions(+), 89 deletions(-) diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index e4c750bd61..7733dd341c 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -37,16 +37,17 @@ typedef struct { unsigned long hits; /* Status returned by the last MAC driver function call. */ psa_status_t driver_status; -} test_driver_mac_hooks_t; +} mbedtls_test_driver_mac_hooks_t; #define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } -static inline test_driver_mac_hooks_t test_driver_mac_hooks_init( void ) +static inline mbedtls_test_driver_mac_hooks_t + mbedtls_test_driver_mac_hooks_init( void ) { - const test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; + const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; return( v ); } -extern test_driver_mac_hooks_t test_driver_mac_hooks; +extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks; psa_status_t mbedtls_test_transparent_mac_compute( const psa_key_attributes_t *attributes, diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 4e26e9f21e..69af107809 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -28,7 +28,8 @@ #include "test/drivers/mac.h" -test_driver_mac_hooks_t test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; +mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = + MBEDTLS_TEST_DRIVER_MAC_INIT; psa_status_t mbedtls_test_transparent_mac_compute( const psa_key_attributes_t *attributes, @@ -41,23 +42,23 @@ psa_status_t mbedtls_test_transparent_mac_compute( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_sign_setup( @@ -67,21 +68,21 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_verify_setup( @@ -91,21 +92,21 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_update( @@ -113,21 +114,21 @@ psa_status_t mbedtls_test_transparent_mac_update( const uint8_t *input, size_t input_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_update( operation, input, input_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_sign_finish( @@ -136,21 +137,21 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_finish( operation, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_verify_finish( @@ -158,40 +159,40 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( const uint8_t *mac, size_t mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_finish( operation, mac, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_abort( mbedtls_transparent_test_driver_mac_operation_t *operation ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_abort( operation ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_compute( @@ -205,23 +206,23 @@ psa_status_t mbedtls_test_opaque_mac_compute( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_sign_setup( @@ -231,21 +232,21 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_verify_setup( @@ -255,21 +256,21 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_update( @@ -277,21 +278,21 @@ psa_status_t mbedtls_test_opaque_mac_update( const uint8_t *input, size_t input_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_update( operation, input, input_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_sign_finish( @@ -300,21 +301,21 @@ psa_status_t mbedtls_test_opaque_mac_sign_finish( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_sign_finish( operation, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_verify_finish( @@ -322,40 +323,40 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( const uint8_t *mac, size_t mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_verify_finish( operation, mac, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_abort( operation ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 5f3900fba180fefa8226a76f223e4ff0065b661b Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 22 Apr 2021 11:32:19 +0200 Subject: [PATCH 157/553] Dispatch sign/verify funtions through the driver interface Signed-off-by: gabor-mezei-arm --- include/test/drivers/signature.h | 42 +++++ src/drivers/test_driver_signature.c | 251 ++++++++++++++++++++++------ 2 files changed, 243 insertions(+), 50 deletions(-) diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 1586ce9bcb..5e64edc3c8 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -54,6 +54,48 @@ extern mbedtls_test_driver_signature_hooks_t extern mbedtls_test_driver_signature_hooks_t mbedtls_test_driver_signature_verify_hooks; +psa_status_t mbedtls_test_transparent_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +psa_status_t mbedtls_test_opaque_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +psa_status_t mbedtls_test_transparent_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ); + +psa_status_t mbedtls_test_opaque_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ); + psa_status_t mbedtls_test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index be8c1792bc..14de8318e9 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -29,6 +29,7 @@ #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" +#include "psa_crypto_hash.h" #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" @@ -46,30 +47,17 @@ mbedtls_test_driver_signature_hooks_t mbedtls_test_driver_signature_hooks_t mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; -psa_status_t mbedtls_test_transparent_signature_sign_hash( +psa_status_t sign_hash( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) { - ++mbedtls_test_driver_signature_sign_hooks.hits; - - if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_sign_hooks.forced_status ); - - if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > - signature_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, - mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length ); - *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - return( PSA_SUCCESS ); - } - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -124,38 +112,16 @@ psa_status_t mbedtls_test_transparent_signature_sign_hash( } } -psa_status_t mbedtls_test_opaque_signature_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_size; - (void) signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_test_transparent_signature_verify_hash( +psa_status_t verify_hash( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) { - ++mbedtls_test_driver_signature_verify_hooks.hits; - - if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_verify_hooks.forced_status ); - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -204,6 +170,191 @@ psa_status_t mbedtls_test_transparent_signature_verify_hash( } } +psa_status_t mbedtls_test_transparent_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + ++mbedtls_test_driver_signature_sign_hooks.hits; + + if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_sign_hooks.forced_status ); + + if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) + { + if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; + + return( PSA_SUCCESS ); + } + + status = mbedtls_transparent_test_driver_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); + + if( status != PSA_SUCCESS ) + return status; + + return sign_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ); +} + +psa_status_t mbedtls_test_opaque_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) signature; + (void) signature_size; + (void) signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_test_transparent_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + ++mbedtls_test_driver_signature_verify_hooks.hits; + + if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_verify_hooks.forced_status ); + + status = mbedtls_transparent_test_driver_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); + + if( status != PSA_SUCCESS ) + return status; + + return verify_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); +} + +psa_status_t mbedtls_test_opaque_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) signature; + (void) signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + ++mbedtls_test_driver_signature_sign_hooks.hits; + + if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_sign_hooks.forced_status ); + + if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) + { + if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + return sign_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ); +} + +psa_status_t mbedtls_test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + ++mbedtls_test_driver_signature_verify_hooks.hits; + + if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_verify_hooks.forced_status ); + + return verify_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); +} + psa_status_t mbedtls_test_opaque_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, From 9495f30ade3f96649497dc2c1d91bf30bea83a91 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 26 Apr 2021 20:12:17 +0200 Subject: [PATCH 158/553] Add test for sign/verify message key policies Update the mbedtls_test_psa_exercise_key to handle and use PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies. Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE policies. Signed-off-by: gabor-mezei-arm --- src/psa_exercise_key.c | 116 +++++++++++++++++++++++++++-------------- 1 file changed, 77 insertions(+), 39 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index e7e68631ad..197e31a349 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -297,46 +297,77 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { - unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; - size_t payload_length = 16; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; - size_t signature_length = sizeof( signature ); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - - /* If the policy allows signing with any hash, just pick one. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) - { -#if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; -#else - TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); -#endif - } - - if( usage & PSA_KEY_USAGE_SIGN_HASH ) + if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) ) { - /* Some algorithms require the payload to have the size of - * the hash encoded in the algorithm. Use this input size - * even for algorithms that allow other input sizes. */ - if( hash_alg != 0 ) - payload_length = PSA_HASH_LENGTH( hash_alg ); - PSA_ASSERT( psa_sign_hash( key, alg, - payload, payload_length, - signature, sizeof( signature ), - &signature_length ) ); + unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; + size_t payload_length = 16; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + size_t signature_length = sizeof( signature ); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + + /* If the policy allows signing with any hash, just pick one. */ + if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + { + #if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; + #else + TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); + #endif + } + + if( usage & PSA_KEY_USAGE_SIGN_HASH ) + { + /* Some algorithms require the payload to have the size of + * the hash encoded in the algorithm. Use this input size + * even for algorithms that allow other input sizes. */ + if( hash_alg != 0 ) + payload_length = PSA_HASH_LENGTH( hash_alg ); + PSA_ASSERT( psa_sign_hash( key, alg, + payload, payload_length, + signature, sizeof( signature ), + &signature_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_verify_hash( key, alg, + payload, payload_length, + signature, signature_length ), + verify_status ); + } } - if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + if( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ) ) { - psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( key, alg, - payload, payload_length, - signature, signature_length ), - verify_status ); + unsigned char message[256] = "Hello, world..."; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + size_t message_length = 16; + size_t signature_length = sizeof( signature ); + + if( usage & PSA_KEY_USAGE_SIGN_MESSAGE ) + { + PSA_ASSERT( psa_sign_message( key, alg, + message, message_length, + signature, sizeof( signature ), + &signature_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_verify_message( key, alg, + message, message_length, + signature, signature_length ), + verify_status ); + } } return( 1 ); @@ -893,9 +924,16 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + if( PSA_ALG_SIGN_GET_HASH( alg ) ) + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); + + else + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH: + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); } else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) From 2d576662cea53b157cf2e0c7e31d46ea39d4eb21 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 11 May 2021 13:29:24 +0200 Subject: [PATCH 159/553] Update key usage determination for exercise key tests Signed-off-by: gabor-mezei-arm --- src/psa_exercise_key.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 197e31a349..f48a64e947 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -924,16 +924,22 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { - if( PSA_ALG_SIGN_GET_HASH( alg ) ) + if( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( PSA_ALG_SIGN_GET_HASH( alg ) ) + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); + } + else if( PSA_ALG_IS_SIGN_MESSAGE( alg) ) return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_VERIFY_MESSAGE : PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); - else - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH: - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); } else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) From b501f47403f6565deea836c5a3e2de9714406dc1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 27 Apr 2021 12:11:56 +0100 Subject: [PATCH 160/553] Add transparent driver tests for M-AEAD Signed-off-by: Paul Elliott --- include/test/drivers/aead.h | 55 +++++++++ src/drivers/test_driver_aead.c | 204 +++++++++++++++++++++++++++++++++ 2 files changed, 259 insertions(+) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 2207cb36fe..23f32c0a88 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -67,5 +67,60 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t test_transparent_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t test_transparent_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t test_transparent_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t test_transparent_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t test_transparent_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t test_transparent_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t test_transparent_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t test_transparent_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t test_transparent_aead_abort( + psa_aead_operation_t *operation ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 25396c92f5..67118efcbe 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -93,4 +93,208 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( return( mbedtls_test_driver_aead_hooks.driver_status ); } +psa_status_t test_transparent_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_update_ad( operation, input, input_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_update( operation, input, input_length, output, + output_size, output_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, + plaintext_length, tag, tag_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_abort( + psa_aead_operation_t *operation ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_abort( operation ); + } + + return( test_driver_aead_hooks.driver_status ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From fab436ee900181cd730b2a8dffe4e5cac108404b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 7 May 2021 15:10:31 +0100 Subject: [PATCH 161/553] Merge upstream test driver changes locally Signed-off-by: Paul Elliott --- include/test/drivers/aead.h | 18 ++--- src/drivers/test_driver_aead.c | 132 +++++++++++++++++---------------- 2 files changed, 76 insertions(+), 74 deletions(-) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 23f32c0a88..e1058af8b1 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -67,34 +67,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); -psa_status_t test_transparent_aead_encrypt_setup( +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t test_transparent_aead_decrypt_setup( +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t test_transparent_aead_set_nonce( +psa_status_t mbedtls_test_transparent_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ); -psa_status_t test_transparent_aead_set_lengths( +psa_status_t mbedtls_test_transparent_aead_set_lengths( psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ); -psa_status_t test_transparent_aead_update_ad( +psa_status_t mbedtls_test_transparent_aead_update_ad( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t test_transparent_aead_update( +psa_status_t mbedtls_test_transparent_aead_update( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, @@ -102,7 +102,7 @@ psa_status_t test_transparent_aead_update( size_t output_size, size_t *output_length ); -psa_status_t test_transparent_aead_finish( +psa_status_t mbedtls_test_transparent_aead_finish( psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, @@ -111,7 +111,7 @@ psa_status_t test_transparent_aead_finish( size_t tag_size, size_t *tag_length ); -psa_status_t test_transparent_aead_verify( +psa_status_t mbedtls_test_transparent_aead_verify( psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, @@ -119,7 +119,7 @@ psa_status_t test_transparent_aead_verify( const uint8_t *tag, size_t tag_length ); -psa_status_t test_transparent_aead_abort( +psa_status_t mbedtls_test_transparent_aead_abort( psa_aead_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 67118efcbe..34bbc51ab2 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -93,116 +93,117 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_encrypt_setup( +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_decrypt_setup( +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_set_nonce( +psa_status_t mbedtls_test_transparent_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_set_lengths( +psa_status_t mbedtls_test_transparent_aead_set_lengths( psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_update_ad( +psa_status_t mbedtls_test_transparent_aead_update_ad( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update_ad( operation, input, input_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_update( +psa_status_t mbedtls_test_transparent_aead_update( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, @@ -210,24 +211,24 @@ psa_status_t test_transparent_aead_update( size_t output_size, size_t *output_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update( operation, input, input_length, output, output_size, output_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_finish( +psa_status_t mbedtls_test_transparent_aead_finish( psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, @@ -236,24 +237,25 @@ psa_status_t test_transparent_aead_finish( size_t tag_size, size_t *tag_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, tag_length ); + ciphertext_length, tag, tag_size, + tag_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_verify( +psa_status_t mbedtls_test_transparent_aead_verify( psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, @@ -261,40 +263,40 @@ psa_status_t test_transparent_aead_verify( const uint8_t *tag, size_t tag_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, plaintext_length, tag, tag_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_abort( +psa_status_t mbedtls_test_transparent_aead_abort( psa_aead_operation_t *operation ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_abort( operation ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 282a7c437a8f17e032e04272117614185560a821 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 10 May 2021 18:19:46 +0100 Subject: [PATCH 162/553] Split multipart AEAD contexts into two parts Split to data required for internal implementation and data required for driver implementation with data left over for the PSA layer. Signed-off-by: Paul Elliott --- src/drivers/test_driver_aead.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 34bbc51ab2..006d3327f5 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -94,7 +94,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) @@ -117,7 +117,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( } psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) @@ -140,7 +140,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( } psa_status_t mbedtls_test_transparent_aead_set_nonce( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ) { @@ -161,7 +161,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( } psa_status_t mbedtls_test_transparent_aead_set_lengths( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ) { @@ -183,7 +183,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } psa_status_t mbedtls_test_transparent_aead_update_ad( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, size_t input_length ) { @@ -204,7 +204,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( } psa_status_t mbedtls_test_transparent_aead_update( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -229,7 +229,7 @@ psa_status_t mbedtls_test_transparent_aead_update( } psa_status_t mbedtls_test_transparent_aead_finish( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -256,7 +256,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( } psa_status_t mbedtls_test_transparent_aead_verify( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -281,7 +281,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( } psa_status_t mbedtls_test_transparent_aead_abort( - psa_aead_operation_t *operation ) + mbedtls_transparent_test_driver_aead_operation_t *operation ) { mbedtls_test_driver_aead_hooks.hits++; From 85955c306d9b5735ddea0a6f4ef2b0e4aac0af20 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 11 May 2021 17:43:42 +0100 Subject: [PATCH 163/553] Fix missed drivers header Signed-off-by: Paul Elliott --- include/test/drivers/aead.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index e1058af8b1..86c18d4d3a 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -68,34 +68,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_test_transparent_aead_set_nonce( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ); psa_status_t mbedtls_test_transparent_aead_set_lengths( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ); psa_status_t mbedtls_test_transparent_aead_update_ad( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_test_transparent_aead_update( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -103,7 +103,7 @@ psa_status_t mbedtls_test_transparent_aead_update( size_t *output_length ); psa_status_t mbedtls_test_transparent_aead_finish( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -112,7 +112,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( size_t *tag_length ); psa_status_t mbedtls_test_transparent_aead_verify( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -120,7 +120,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( size_t tag_length ); psa_status_t mbedtls_test_transparent_aead_abort( - psa_aead_operation_t *operation ); + mbedtls_psa_aead_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ From 86dfd490ac9889a4098399d80f38fd7f255ba1dd Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 14 May 2021 22:20:10 +0200 Subject: [PATCH 164/553] Introduce MBEDTLS_PRIVATE macro. Public structs members are considered private and should not be used by users application. MBEDTLS_PRIVATE(member) macro is intended to clearly indicate which members are private. Signed-off-by: Mateusz Starzyk --- include/test/helpers.h | 2 ++ src/drivers/test_driver_aead.c | 2 ++ src/drivers/test_driver_cipher.c | 2 ++ src/drivers/test_driver_signature.c | 2 ++ 4 files changed, 8 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 9bfe08547c..0f82a90406 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -25,6 +25,8 @@ #ifndef TEST_HELPERS_H #define TEST_HELPERS_H +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 25396c92f5..a147163241 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -23,6 +23,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_aead.h" diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index a415dd812b..4827946b07 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -24,6 +24,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_cipher.h" diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 14de8318e9..fdfba165fa 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -25,6 +25,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" From be974c85c65d7924a6d01714e0deb7ea12c46de8 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 21 May 2021 09:33:46 +0200 Subject: [PATCH 165/553] Add MBEDTLS_ALLOW_PRIVATE_ACCESS to tests drivers Signed-off-by: Mateusz Starzyk --- src/drivers/hash.c | 2 ++ src/drivers/platform_builtin_keys.c | 2 ++ src/drivers/test_driver_aead.c | 2 ++ src/drivers/test_driver_cipher.c | 2 ++ src/drivers/test_driver_key_management.c | 2 ++ src/drivers/test_driver_mac.c | 2 ++ src/drivers/test_driver_signature.c | 2 ++ src/drivers/test_driver_size.c | 2 ++ 8 files changed, 16 insertions(+) diff --git a/src/drivers/hash.c b/src/drivers/hash.c index f95aa6b617..a9c475a825 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 759fa78309..a3c5796da0 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -20,6 +20,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index a147163241..c247bab08d 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 4827946b07..51c1abc1a4 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 19e1033311..b1096cb6fb 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 69af107809..439943cca6 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index fdfba165fa..e486704152 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -19,6 +19,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/src/drivers/test_driver_size.c b/src/drivers/test_driver_size.c index d8bcaee381..af899c6898 100644 --- a/src/drivers/test_driver_size.c +++ b/src/drivers/test_driver_size.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else From 72f5e15a3e88c4ea2c330bdad8ccf733f9056f0c Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:46:48 +0200 Subject: [PATCH 166/553] Document MBEDTLS_ALLOW_PRIVATE_ACCESS inside test/helpers.h. Signed-off-by: Mateusz Starzyk --- include/test/helpers.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 0f82a90406..a1098c5558 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -25,6 +25,9 @@ #ifndef TEST_HELPERS_H #define TEST_HELPERS_H +/* Most fields of publicly available structs are private and are wrapped with + * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields + * directly (without using the MBEDTLS_PRIVATE wrapper). */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS #if !defined(MBEDTLS_CONFIG_FILE) From 97b5a4f7d945e0e787d21b929d08a8068c961082 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:49:25 +0200 Subject: [PATCH 167/553] Add test/helpers include to test drivers. Remove config.h include. "test/helpers.h" defines MBEDTLS_ALLOW_PRIVATE_ACCESS. Drivers can include that header instead of defining the MBEDTLS_ALLOW_PRIVATE_ACCESS themselves. "test/helpers.h" includes config header as well. Remove obsolete config includes from src/drivers. Signed-off-by: Mateusz Starzyk --- src/drivers/hash.c | 8 +------- src/drivers/platform_builtin_keys.c | 2 +- src/drivers/test_driver_aead.c | 8 -------- src/drivers/test_driver_cipher.c | 8 -------- src/drivers/test_driver_key_management.c | 8 +------- src/drivers/test_driver_mac.c | 8 +------- src/drivers/test_driver_signature.c | 8 -------- src/drivers/test_driver_size.c | 8 +------- 8 files changed, 5 insertions(+), 53 deletions(-) diff --git a/src/drivers/hash.c b/src/drivers/hash.c index a9c475a825..b1880f778e 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -17,13 +17,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_hash.h" diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index a3c5796da0..da5865d869 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -20,7 +20,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#include #include #include diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index c247bab08d..ce9ce37795 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -17,14 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - #include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 51c1abc1a4..9c95cc8f8c 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -18,14 +18,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - #include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index b1096cb6fb..afa1fc261e 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -18,13 +18,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 439943cca6..3b766dcb53 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -17,13 +17,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_mac.h" diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index e486704152..2d58756aa5 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -19,14 +19,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - #include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/src/drivers/test_driver_size.c b/src/drivers/test_driver_size.c index af899c6898..033cf32de0 100644 --- a/src/drivers/test_driver_size.c +++ b/src/drivers/test_driver_size.c @@ -18,13 +18,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) From 8e2b5f37fa5bf657b28a8b22a4a40f00d1205ba3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 21 May 2021 08:50:00 +0200 Subject: [PATCH 168/553] Refactor optional parameter check tests Remove tests related to NULL pointers, keep tests related to invalid enum values. Remove test code related to MBEDTLS_CHECK_PARAMS. Signed-off-by: Ronald Cron Signed-off-by: TRodziewicz --- include/test/helpers.h | 89 ------------------------------------------ include/test/macros.h | 82 ++------------------------------------ src/helpers.c | 76 ++---------------------------------- 3 files changed, 7 insertions(+), 240 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 9bfe08547c..087f2de8db 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -175,95 +175,6 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); -#if defined(MBEDTLS_CHECK_PARAMS) - -typedef struct -{ - const char *failure_condition; - const char *file; - int line; -} -mbedtls_test_param_failed_location_record_t; - -/** - * \brief Get the location record of the last call to - * mbedtls_test_param_failed(). - * - * \note The call expectation is set up and active until the next call to - * mbedtls_test_param_failed_check_expected_call() or - * mbedtls_param_failed() that cancels it. - */ -void mbedtls_test_param_failed_get_location_record( - mbedtls_test_param_failed_location_record_t *location_record ); - -/** - * \brief State that a call to mbedtls_param_failed() is expected. - * - * \note The call expectation is set up and active until the next call to - * mbedtls_test_param_failed_check_expected_call() or - * mbedtls_param_failed that cancel it. - */ -void mbedtls_test_param_failed_expect_call( void ); - -/** - * \brief Check whether mbedtls_param_failed() has been called as expected. - * - * \note Check whether mbedtls_param_failed() has been called between the - * last call to mbedtls_test_param_failed_expect_call() and the call - * to this function. - * - * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), - * mbedtls_param_failed() has been called. - * \c -1 Otherwise. - */ -int mbedtls_test_param_failed_check_expected_call( void ); - -/** - * \brief Get the address of the object of type jmp_buf holding the execution - * state information used by mbedtls_param_failed() to do a long jump. - * - * \note If a call to mbedtls_param_failed() is not expected in the sense - * that there is no call to mbedtls_test_param_failed_expect_call() - * preceding it, then mbedtls_param_failed() will try to restore the - * execution to the state stored in the jmp_buf object whose address - * is returned by the present function. - * - * \note This function is intended to provide the parameter of the - * setjmp() function to set-up where mbedtls_param_failed() should - * long-jump if it has to. It is foreseen to be used as: - * - * setjmp( mbedtls_test_param_failed_get_state_buf() ). - * - * \note The type of the returned value is not jmp_buf as jmp_buf is an - * an array type (C specification) and a function cannot return an - * array type. - * - * \note The type of the returned value is not jmp_buf* as then the return - * value couldn't be used by setjmp(), as its parameter's type is - * jmp_buf. - * - * \return Address of the object of type jmp_buf holding the execution state - * information used by mbedtls_param_failed() to do a long jump. - */ -void* mbedtls_test_param_failed_get_state_buf( void ); - -/** - * \brief Reset the execution state used by mbedtls_param_failed() to do a - * long jump. - * - * \note If a call to mbedtls_param_failed() is not expected in the sense - * that there is no call to mbedtls_test_param_failed_expect_call() - * preceding it, then mbedtls_param_failed() will try to restore the - * execution state that this function reset. - * - * \note It is recommended to reset the execution state when the state - * is not relevant anymore. That way an unexpected call to - * mbedtls_param_failed() will not trigger a long jump with - * undefined behavior but rather a long jump that will rather fault. - */ -void mbedtls_test_param_failed_reset_state( void ); -#endif /* MBEDTLS_CHECK_PARAMS */ - #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" #endif diff --git a/include/test/macros.h b/include/test/macros.h index 450bc2cc3b..cad39aacaa 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -58,10 +58,6 @@ * It allows a library function to return a value and return an error * code that can be tested. * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test - * failure. - * * This macro is not suitable for negative parameter validation tests, * as it assumes the test step will not create an error. * @@ -182,70 +178,11 @@ } while( 0 ) #if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) -/** - * \brief This macro tests the statement passed to it as a test step or - * individual test in a test case. The macro assumes the test will fail - * and will generate an error. - * - * It allows a library function to return a value and tests the return - * code on return to confirm the given error code was returned. - * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the - * expected failure, and the test will pass. - * - * This macro is intended for negative parameter validation tests, - * where the failing function may return an error value or call - * MBEDTLS_PARAM_FAILED() to indicate the error. - * - * \param PARAM_ERROR_VALUE The expected error code. - * - * \param TEST The test expression to be tested. - */ -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - mbedtls_test_param_failed_expect_call( ); \ - if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \ - ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - mbedtls_test_param_failed_check_expected_call( ); \ - } while( 0 ) +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { if( ( TEST ) != ( PARAM_ERR_VALUE ) ) goto exit; } while( 0 ) -/** - * \brief This macro tests the statement passed to it as a test step or - * individual test in a test case. The macro assumes the test will fail - * and will generate an error. - * - * It assumes the library function under test cannot return a value and - * assumes errors can only be indicated byt calls to - * MBEDTLS_PARAM_FAILED(). - * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the - * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test - * can be made. - * - * This macro is intended for negative parameter validation tests, - * where the failing function can only return an error by calling - * MBEDTLS_PARAM_FAILED() to indicate the error. - * - * \param TEST The test expression to be tested. - */ -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \ - sizeof( jmp_tmp ) ); \ - if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \ - { \ - TEST; \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - mbedtls_test_param_failed_reset_state( ); \ - } while( 0 ) +#define TEST_INVALID_PARAM( TEST ) \ + do { TEST; } while( 0 ) #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ /** @@ -256,11 +193,6 @@ * assumes errors can only be indicated by calls to * MBEDTLS_PARAM_FAILED(). * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the - * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test - * can be made. - * * This macro is intended to test that functions returning void * accept all of the parameter values they're supposed to accept - eg * that they don't call MBEDTLS_PARAM_FAILED() when a parameter @@ -271,12 +203,6 @@ * accept is best done by using TEST_ASSERT() and checking the return * value as well. * - * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is - * disabled, as it makes sense to check that the functions accept all - * legal values even if this option is disabled - only in that case, - * the test is more about whether the function segfaults than about - * whether it invokes MBEDTLS_PARAM_FAILED(). - * * \param TEST The test expression to be tested. */ #define TEST_VALID_PARAM( TEST ) \ diff --git a/src/helpers.c b/src/helpers.c index b7c9867b05..ece0465139 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -19,27 +19,9 @@ #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include -#endif - /*----------------------------------------------------------------------------*/ /* Static global variables */ -#if defined(MBEDTLS_CHECK_PARAMS) -typedef struct -{ - uint8_t expected_call; - uint8_t expected_call_happened; - - jmp_buf state; - - mbedtls_test_param_failed_location_record_t location_record; -} -param_failed_ctx_t; -static param_failed_ctx_t param_failed_ctx; -#endif - #if defined(MBEDTLS_PLATFORM_C) static mbedtls_platform_context platform_ctx; #endif @@ -222,66 +204,14 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, return ret; } -#if defined(MBEDTLS_CHECK_PARAMS) -void mbedtls_test_param_failed_get_location_record( - mbedtls_test_param_failed_location_record_t *location_record ) -{ - *location_record = param_failed_ctx.location_record; -} - -void mbedtls_test_param_failed_expect_call( void ) -{ - param_failed_ctx.expected_call_happened = 0; - param_failed_ctx.expected_call = 1; -} - -int mbedtls_test_param_failed_check_expected_call( void ) -{ - param_failed_ctx.expected_call = 0; - - if( param_failed_ctx.expected_call_happened != 0 ) - return( 0 ); - - return( -1 ); -} - -void* mbedtls_test_param_failed_get_state_buf( void ) -{ - return ¶m_failed_ctx.state; -} - -void mbedtls_test_param_failed_reset_state( void ) -{ - memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); -} - void mbedtls_param_failed( const char *failure_condition, const char *file, int line ) { - /* Record the location of the failure */ - param_failed_ctx.location_record.failure_condition = failure_condition; - param_failed_ctx.location_record.file = file; - param_failed_ctx.location_record.line = line; - - /* If we are testing the callback function... */ - if( param_failed_ctx.expected_call != 0 ) - { - param_failed_ctx.expected_call = 0; - param_failed_ctx.expected_call_happened = 1; - } - else - { - /* ...else try a long jump. If the execution state has not been set-up - * or reset then the long jump buffer is all zero's and the call will - * with high probability fault, emphasizing there is something to look - * at. - */ - - longjmp( param_failed_ctx.state, 1 ); - } + (void) failure_condition; + (void) file; + (void) line; } -#endif /* MBEDTLS_CHECK_PARAMS */ #if defined(MBEDTLS_TEST_HOOKS) void mbedtls_test_err_add_check( int high, int low, From 8eb7bf17c9fb59a35fd81fea4cc718a875abbeae Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 25 May 2021 15:15:57 +0200 Subject: [PATCH 169/553] Changes after code review Signed-off-by: TRodziewicz --- include/test/macros.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index cad39aacaa..1c0e2bdd69 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -177,14 +177,6 @@ } \ } while( 0 ) -#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { if( ( TEST ) != ( PARAM_ERR_VALUE ) ) goto exit; } while( 0 ) - -#define TEST_INVALID_PARAM( TEST ) \ - do { TEST; } while( 0 ) -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ - /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will not fail. From ae3ec7ee758aa7eeb21e3fe7485e342e7137ddf7 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 27 May 2021 13:52:59 +0200 Subject: [PATCH 170/553] Removal of the TEST_VALID_PARAM macro and its usages Signed-off-by: TRodziewicz --- include/test/macros.h | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 1c0e2bdd69..a8a01ce473 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -177,29 +177,6 @@ } \ } while( 0 ) -/** - * \brief This macro tests the statement passed to it as a test step or - * individual test in a test case. The macro assumes the test will not fail. - * - * It assumes the library function under test cannot return a value and - * assumes errors can only be indicated by calls to - * MBEDTLS_PARAM_FAILED(). - * - * This macro is intended to test that functions returning void - * accept all of the parameter values they're supposed to accept - eg - * that they don't call MBEDTLS_PARAM_FAILED() when a parameter - * that's allowed to be NULL happens to be NULL. - * - * Note: for functions that return something other that void, - * checking that they accept all the parameters they're supposed to - * accept is best done by using TEST_ASSERT() and checking the return - * value as well. - * - * \param TEST The test expression to be tested. - */ -#define TEST_VALID_PARAM( TEST ) \ - TEST_ASSERT( ( TEST, 1 ) ); - /** Allocate memory dynamically and fail the test case if this fails. * * You must set \p pointer to \c NULL before calling this macro and From 209754374f513f835b10bdbbe5081dab4670570e Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 27 May 2021 15:24:33 +0200 Subject: [PATCH 171/553] Simplification of the tests Signed-off-by: TRodziewicz --- include/test/macros.h | 3 --- src/helpers.c | 9 --------- 2 files changed, 12 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index a8a01ce473..df961aa049 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -58,9 +58,6 @@ * It allows a library function to return a value and return an error * code that can be tested. * - * This macro is not suitable for negative parameter validation tests, - * as it assumes the test step will not create an error. - * * Failing the test means: * - Mark this test case as failed. * - Print a message identifying the failure. diff --git a/src/helpers.c b/src/helpers.c index ece0465139..cac6d4cc0a 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -204,15 +204,6 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, return ret; } -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - (void) failure_condition; - (void) file; - (void) line; -} - #if defined(MBEDTLS_TEST_HOOKS) void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) From 6c214181c34bb992517051301ed89e39c915a932 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 20:31:47 +0200 Subject: [PATCH 172/553] Remove duplicated definition of ASSERT_ALLOC Signed-off-by: Gilles Peskine --- include/test/macros.h | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 450bc2cc3b..b7b6e8f318 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -282,38 +282,6 @@ #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -/** Allocate memory dynamically and fail the test case if this fails. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free( pointer )` in the test's cleanup code. - * - * If \p length is zero, the resulting \p pointer will be \c NULL. - * This is usually what we want in tests since API functions are - * supposed to accept null pointers when a buffer size is zero. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param length Number of elements to allocate. - * This expression may be evaluated multiple times. - * - */ -#define ASSERT_ALLOC( pointer, length ) \ - do \ - { \ - TEST_ASSERT( ( pointer ) == NULL ); \ - if( ( length ) != 0 ) \ - { \ - ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ - ( length ) ); \ - TEST_ASSERT( ( pointer ) != NULL ); \ - } \ - } \ - while( 0 ) - #define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ From 09e143aac153612d4f50e0e93230c619110ac673 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Mar 2021 00:14:53 +0100 Subject: [PATCH 173/553] Update references in some test function documentation Signed-off-by: Gilles Peskine --- include/test/random.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/test/random.h b/include/test/random.h index 5e7e4e6ef0..22b9b5c9f6 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -67,24 +67,24 @@ int mbedtls_test_rnd_std_rand( void *rng_state, size_t len ); /** - * This function only returns zeros + * This function only returns zeros. * - * rng_state shall be NULL. + * \p rng_state shall be \c NULL. */ int mbedtls_test_rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); /** - * This function returns random based on a buffer it receives. + * This function returns random data based on a buffer it receives. * - * rng_state shall be a pointer to a rnd_buf_info structure. + * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure. * * The number of bytes released from the buffer on each call to * the random function is specified by per_call. (Can be between * 1 and 4) * - * After the buffer is empty it will return rand(); + * After the buffer is empty it will return mbedtls_test_rnd_std_rand(). */ int mbedtls_test_rnd_buffer_rand( void *rng_state, unsigned char *output, @@ -96,7 +96,7 @@ int mbedtls_test_rnd_buffer_rand( void *rng_state, * Pseudo random is based on the XTEA encryption algorithm to * generate pseudorandom. * - * rng_state shall be a pointer to a rnd_pseudo_info structure. + * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure. */ int mbedtls_test_rnd_pseudo_rand( void *rng_state, unsigned char *output, From a5e02d5a8ea7efa86422dd5e610675477c4a6012 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Mar 2021 00:48:57 +0100 Subject: [PATCH 174/553] Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional If a fallback is not explicitly configured in the mbedtls_test_rnd_buf_info structure, fail after the buffer is exhausted. There is no intended behavior change in this commit: all existing uses of mbedtls_test_rnd_buffer_rand() have been updated to set mbedtls_test_rnd_std_rand as the fallback. Signed-off-by: Gilles Peskine --- include/test/random.h | 9 +++++++-- src/random.c | 14 ++++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/include/test/random.h b/include/test/random.h index 22b9b5c9f6..b64a072b3e 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -36,8 +36,11 @@ typedef struct { - unsigned char *buf; + unsigned char *buf; /* Pointer to a buffer of length bytes. */ size_t length; + /* If fallback_f_rng is NULL, fail after delivering length bytes. */ + int ( *fallback_f_rng )( void*, unsigned char *, size_t ); + void *fallback_p_rng; } mbedtls_test_rnd_buf_info; /** @@ -84,7 +87,9 @@ int mbedtls_test_rnd_zero_rand( void *rng_state, * the random function is specified by per_call. (Can be between * 1 and 4) * - * After the buffer is empty it will return mbedtls_test_rnd_std_rand(). + * After the buffer is empty, this function will call the fallback RNG in the + * #mbedtls_test_rnd_buf_info structure if there is one, and + * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise. */ int mbedtls_test_rnd_buffer_rand( void *rng_state, unsigned char *output, diff --git a/src/random.c b/src/random.c index e01bd4d2dd..7f3f40166c 100644 --- a/src/random.c +++ b/src/random.c @@ -35,6 +35,8 @@ #include #include +#include + int mbedtls_test_rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) @@ -91,8 +93,16 @@ int mbedtls_test_rnd_buffer_rand( void *rng_state, } if( len - use_len > 0 ) - return( mbedtls_test_rnd_std_rand( NULL, output + use_len, - len - use_len ) ); + { + if( info->fallback_f_rng != NULL ) + { + return( info->fallback_f_rng( info->fallback_p_rng, + output + use_len, + len - use_len ) ); + } + else + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + } return( 0 ); } From 8d895a4bd2f6e926105e705a006386bb6f6fbd7b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Jun 2021 21:17:36 +0200 Subject: [PATCH 175/553] Fix long-standing obsolete comment Signed-off-by: Gilles Peskine --- include/test/random.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/test/random.h b/include/test/random.h index b64a072b3e..6428280780 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -84,8 +84,7 @@ int mbedtls_test_rnd_zero_rand( void *rng_state, * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure. * * The number of bytes released from the buffer on each call to - * the random function is specified by per_call. (Can be between - * 1 and 4) + * the random function is specified by \p len. * * After the buffer is empty, this function will call the fallback RNG in the * #mbedtls_test_rnd_buf_info structure if there is one, and From 152f56b85ac8d2f79afb1fa06b948d4d09bf9f5a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 7 Jun 2021 15:33:15 +0200 Subject: [PATCH 176/553] Remove duplicated ASSERT_ALLOC define Signed-off-by: TRodziewicz --- include/test/macros.h | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index df961aa049..87e86d38e5 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -174,38 +174,6 @@ } \ } while( 0 ) -/** Allocate memory dynamically and fail the test case if this fails. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free( pointer )` in the test's cleanup code. - * - * If \p length is zero, the resulting \p pointer will be \c NULL. - * This is usually what we want in tests since API functions are - * supposed to accept null pointers when a buffer size is zero. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param length Number of elements to allocate. - * This expression may be evaluated multiple times. - * - */ -#define ASSERT_ALLOC( pointer, length ) \ - do \ - { \ - TEST_ASSERT( ( pointer ) == NULL ); \ - if( ( length ) != 0 ) \ - { \ - ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ - ( length ) ); \ - TEST_ASSERT( ( pointer ) != NULL ); \ - } \ - } \ - while( 0 ) - #define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ From a5f9de64c2b5da64175b52c40b9e1288ff98d161 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 22:51:48 +0200 Subject: [PATCH 177/553] Create xxx_alt.h headers for testing These headers define the context types that alternative implementations must provide. The context types are dummy types, suitable for building but not meant to be usable by an implementation. This is the output of the following script: ``` perl -0777 -ne ' m@^#if !defined\((MBEDTLS_\w+_ALT)\).*\n((?:.*\n)*?)#else.*\n#include "(.*_alt\.h)"\n#endif@m or next; $symbol = $1; $content = $2; $header = $3; $header_symbol = $header; $header_symbol =~ y/a-z./A-Z_/; m@/\*[ *\n]*Copyright .*?\*/@s or die; $copyright = $&; open OUT, ">tests/include/alt-dummy/$header" or die; $content =~ s@//.*@@mg; $content =~ s@/\*.*?\*/@@sg; $content =~ s@\{.*?\}@{\n int dummy;\n}@sg; $content =~ s@ +$@@mg; $content =~ s@\n{3,}@\n\n@g; $content =~ s@\A\n+@@; $content =~ s@\n*\Z@\n@; print OUT "/* $header with dummy types for $symbol */\n$copyright\n\n#ifndef $header_symbol\n#define $header_symbol\n\n$content\n\n#endif /* $header */\n" or die; close OUT or die; ' include/mbedtls/*.h ``` Signed-off-by: Gilles Peskine --- include/alt-dummy/aes_alt.h | 37 ++++++++++++++++++++++++++++ include/alt-dummy/arc4_alt.h | 30 +++++++++++++++++++++++ include/alt-dummy/aria_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/blowfish_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/camellia_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/ccm_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/chacha20_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/chachapoly_alt.h | 31 ++++++++++++++++++++++++ include/alt-dummy/cmac_alt.h | 28 +++++++++++++++++++++ include/alt-dummy/des_alt.h | 36 +++++++++++++++++++++++++++ include/alt-dummy/dhm_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/ecjpake_alt.h | 28 +++++++++++++++++++++ include/alt-dummy/ecp_alt.h | 39 ++++++++++++++++++++++++++++++ include/alt-dummy/gcm_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/md2_alt.h | 30 +++++++++++++++++++++++ include/alt-dummy/md4_alt.h | 30 +++++++++++++++++++++++ include/alt-dummy/md5_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/nist_kw_alt.h | 27 +++++++++++++++++++++ include/alt-dummy/platform_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/poly1305_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/ripemd160_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/rsa_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/sha1_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/sha256_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/sha512_alt.h | 29 ++++++++++++++++++++++ include/alt-dummy/timing_alt.h | 33 +++++++++++++++++++++++++ include/alt-dummy/xtea_alt.h | 29 ++++++++++++++++++++++ 27 files changed, 813 insertions(+) create mode 100644 include/alt-dummy/aes_alt.h create mode 100644 include/alt-dummy/arc4_alt.h create mode 100644 include/alt-dummy/aria_alt.h create mode 100644 include/alt-dummy/blowfish_alt.h create mode 100644 include/alt-dummy/camellia_alt.h create mode 100644 include/alt-dummy/ccm_alt.h create mode 100644 include/alt-dummy/chacha20_alt.h create mode 100644 include/alt-dummy/chachapoly_alt.h create mode 100644 include/alt-dummy/cmac_alt.h create mode 100644 include/alt-dummy/des_alt.h create mode 100644 include/alt-dummy/dhm_alt.h create mode 100644 include/alt-dummy/ecjpake_alt.h create mode 100644 include/alt-dummy/ecp_alt.h create mode 100644 include/alt-dummy/gcm_alt.h create mode 100644 include/alt-dummy/md2_alt.h create mode 100644 include/alt-dummy/md4_alt.h create mode 100644 include/alt-dummy/md5_alt.h create mode 100644 include/alt-dummy/nist_kw_alt.h create mode 100644 include/alt-dummy/platform_alt.h create mode 100644 include/alt-dummy/poly1305_alt.h create mode 100644 include/alt-dummy/ripemd160_alt.h create mode 100644 include/alt-dummy/rsa_alt.h create mode 100644 include/alt-dummy/sha1_alt.h create mode 100644 include/alt-dummy/sha256_alt.h create mode 100644 include/alt-dummy/sha512_alt.h create mode 100644 include/alt-dummy/timing_alt.h create mode 100644 include/alt-dummy/xtea_alt.h diff --git a/include/alt-dummy/aes_alt.h b/include/alt-dummy/aes_alt.h new file mode 100644 index 0000000000..f226188fd3 --- /dev/null +++ b/include/alt-dummy/aes_alt.h @@ -0,0 +1,37 @@ +/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AES_ALT_H +#define AES_ALT_H + +typedef struct mbedtls_aes_context +{ + int dummy; +} +mbedtls_aes_context; + +#if defined(MBEDTLS_CIPHER_MODE_XTS) + +typedef struct mbedtls_aes_xts_context +{ + int dummy; +} mbedtls_aes_xts_context; +#endif + + +#endif /* aes_alt.h */ diff --git a/include/alt-dummy/arc4_alt.h b/include/alt-dummy/arc4_alt.h new file mode 100644 index 0000000000..b8c2e86a00 --- /dev/null +++ b/include/alt-dummy/arc4_alt.h @@ -0,0 +1,30 @@ +/* arc4_alt.h with dummy types for MBEDTLS_ARC4_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef ARC4_ALT_H +#define ARC4_ALT_H + +typedef struct mbedtls_arc4_context +{ + int dummy; +} +mbedtls_arc4_context; + + +#endif /* arc4_alt.h */ diff --git a/include/alt-dummy/aria_alt.h b/include/alt-dummy/aria_alt.h new file mode 100644 index 0000000000..5f2335b8f4 --- /dev/null +++ b/include/alt-dummy/aria_alt.h @@ -0,0 +1,29 @@ +/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ARIA_ALT_H +#define ARIA_ALT_H + +typedef struct mbedtls_aria_context +{ + int dummy; +} +mbedtls_aria_context; + + +#endif /* aria_alt.h */ diff --git a/include/alt-dummy/blowfish_alt.h b/include/alt-dummy/blowfish_alt.h new file mode 100644 index 0000000000..5a4f739d52 --- /dev/null +++ b/include/alt-dummy/blowfish_alt.h @@ -0,0 +1,29 @@ +/* blowfish_alt.h with dummy types for MBEDTLS_BLOWFISH_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BLOWFISH_ALT_H +#define BLOWFISH_ALT_H + +typedef struct mbedtls_blowfish_context +{ + int dummy; +} +mbedtls_blowfish_context; + + +#endif /* blowfish_alt.h */ diff --git a/include/alt-dummy/camellia_alt.h b/include/alt-dummy/camellia_alt.h new file mode 100644 index 0000000000..c23d1b4c0c --- /dev/null +++ b/include/alt-dummy/camellia_alt.h @@ -0,0 +1,29 @@ +/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CAMELLIA_ALT_H +#define CAMELLIA_ALT_H + +typedef struct mbedtls_camellia_context +{ + int dummy; +} +mbedtls_camellia_context; + + +#endif /* camellia_alt.h */ diff --git a/include/alt-dummy/ccm_alt.h b/include/alt-dummy/ccm_alt.h new file mode 100644 index 0000000000..dcb834ed6a --- /dev/null +++ b/include/alt-dummy/ccm_alt.h @@ -0,0 +1,29 @@ +/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CCM_ALT_H +#define CCM_ALT_H + +typedef struct mbedtls_ccm_context +{ + int dummy; +} +mbedtls_ccm_context; + + +#endif /* ccm_alt.h */ diff --git a/include/alt-dummy/chacha20_alt.h b/include/alt-dummy/chacha20_alt.h new file mode 100644 index 0000000000..7a5a25cab7 --- /dev/null +++ b/include/alt-dummy/chacha20_alt.h @@ -0,0 +1,29 @@ +/* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHACHA20_ALT_H +#define CHACHA20_ALT_H + +typedef struct mbedtls_chacha20_context +{ + int dummy; +} +mbedtls_chacha20_context; + + +#endif /* chacha20_alt.h */ diff --git a/include/alt-dummy/chachapoly_alt.h b/include/alt-dummy/chachapoly_alt.h new file mode 100644 index 0000000000..448517d7d8 --- /dev/null +++ b/include/alt-dummy/chachapoly_alt.h @@ -0,0 +1,31 @@ +/* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHACHAPOLY_ALT_H +#define CHACHAPOLY_ALT_H + +#include "mbedtls/chacha20.h" + +typedef struct mbedtls_chachapoly_context +{ + int dummy; +} +mbedtls_chachapoly_context; + + +#endif /* chachapoly_alt.h */ diff --git a/include/alt-dummy/cmac_alt.h b/include/alt-dummy/cmac_alt.h new file mode 100644 index 0000000000..4c9feee337 --- /dev/null +++ b/include/alt-dummy/cmac_alt.h @@ -0,0 +1,28 @@ +/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CMAC_ALT_H +#define CMAC_ALT_H + +struct mbedtls_cmac_context_t +{ + int dummy; +}; + + +#endif /* cmac_alt.h */ diff --git a/include/alt-dummy/des_alt.h b/include/alt-dummy/des_alt.h new file mode 100644 index 0000000000..e5a0bd3aae --- /dev/null +++ b/include/alt-dummy/des_alt.h @@ -0,0 +1,36 @@ +/* des_alt.h with dummy types for MBEDTLS_DES_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef DES_ALT_H +#define DES_ALT_H + +typedef struct mbedtls_des_context +{ + int dummy; +} +mbedtls_des_context; + +typedef struct mbedtls_des3_context +{ + int dummy; +} +mbedtls_des3_context; + + +#endif /* des_alt.h */ diff --git a/include/alt-dummy/dhm_alt.h b/include/alt-dummy/dhm_alt.h new file mode 100644 index 0000000000..6289a41db2 --- /dev/null +++ b/include/alt-dummy/dhm_alt.h @@ -0,0 +1,29 @@ +/* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DHM_ALT_H +#define DHM_ALT_H + +typedef struct mbedtls_dhm_context +{ + int dummy; +} +mbedtls_dhm_context; + + +#endif /* dhm_alt.h */ diff --git a/include/alt-dummy/ecjpake_alt.h b/include/alt-dummy/ecjpake_alt.h new file mode 100644 index 0000000000..8de0fcf8e2 --- /dev/null +++ b/include/alt-dummy/ecjpake_alt.h @@ -0,0 +1,28 @@ +/* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ECJPAKE_ALT_H +#define ECJPAKE_ALT_H + +typedef struct mbedtls_ecjpake_context +{ + int dummy; +} mbedtls_ecjpake_context; + + +#endif /* ecjpake_alt.h */ diff --git a/include/alt-dummy/ecp_alt.h b/include/alt-dummy/ecp_alt.h new file mode 100644 index 0000000000..3628bb3da1 --- /dev/null +++ b/include/alt-dummy/ecp_alt.h @@ -0,0 +1,39 @@ +/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ECP_ALT_H +#define ECP_ALT_H + +typedef struct mbedtls_ecp_group +{ + int dummy; +} +mbedtls_ecp_group; + +#if !defined(MBEDTLS_ECP_WINDOW_SIZE) + +#define MBEDTLS_ECP_WINDOW_SIZE 6 +#endif + +#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) + +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 +#endif + + +#endif /* ecp_alt.h */ diff --git a/include/alt-dummy/gcm_alt.h b/include/alt-dummy/gcm_alt.h new file mode 100644 index 0000000000..94986ff485 --- /dev/null +++ b/include/alt-dummy/gcm_alt.h @@ -0,0 +1,29 @@ +/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GCM_ALT_H +#define GCM_ALT_H + +typedef struct mbedtls_gcm_context +{ + int dummy; +} +mbedtls_gcm_context; + + +#endif /* gcm_alt.h */ diff --git a/include/alt-dummy/md2_alt.h b/include/alt-dummy/md2_alt.h new file mode 100644 index 0000000000..70c7f15190 --- /dev/null +++ b/include/alt-dummy/md2_alt.h @@ -0,0 +1,30 @@ +/* md2_alt.h with dummy types for MBEDTLS_MD2_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MD2_ALT_H +#define MD2_ALT_H + +typedef struct mbedtls_md2_context +{ + int dummy; +} +mbedtls_md2_context; + + +#endif /* md2_alt.h */ diff --git a/include/alt-dummy/md4_alt.h b/include/alt-dummy/md4_alt.h new file mode 100644 index 0000000000..db13f3d8db --- /dev/null +++ b/include/alt-dummy/md4_alt.h @@ -0,0 +1,30 @@ +/* md4_alt.h with dummy types for MBEDTLS_MD4_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MD4_ALT_H +#define MD4_ALT_H + +typedef struct mbedtls_md4_context +{ + int dummy; +} +mbedtls_md4_context; + + +#endif /* md4_alt.h */ diff --git a/include/alt-dummy/md5_alt.h b/include/alt-dummy/md5_alt.h new file mode 100644 index 0000000000..c1191479dc --- /dev/null +++ b/include/alt-dummy/md5_alt.h @@ -0,0 +1,29 @@ +/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MD5_ALT_H +#define MD5_ALT_H + +typedef struct mbedtls_md5_context +{ + int dummy; +} +mbedtls_md5_context; + + +#endif /* md5_alt.h */ diff --git a/include/alt-dummy/nist_kw_alt.h b/include/alt-dummy/nist_kw_alt.h new file mode 100644 index 0000000000..8fec116be6 --- /dev/null +++ b/include/alt-dummy/nist_kw_alt.h @@ -0,0 +1,27 @@ +/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NIST_KW_ALT_H +#define NIST_KW_ALT_H + +typedef struct { + int dummy; +} mbedtls_nist_kw_context; + + +#endif /* nist_kw_alt.h */ diff --git a/include/alt-dummy/platform_alt.h b/include/alt-dummy/platform_alt.h new file mode 100644 index 0000000000..2bf712de76 --- /dev/null +++ b/include/alt-dummy/platform_alt.h @@ -0,0 +1,29 @@ +/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PLATFORM_ALT_H +#define PLATFORM_ALT_H + +typedef struct mbedtls_platform_context +{ + int dummy; +} +mbedtls_platform_context; + + +#endif /* platform_alt.h */ diff --git a/include/alt-dummy/poly1305_alt.h b/include/alt-dummy/poly1305_alt.h new file mode 100644 index 0000000000..b8c12104a4 --- /dev/null +++ b/include/alt-dummy/poly1305_alt.h @@ -0,0 +1,29 @@ +/* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef POLY1305_ALT_H +#define POLY1305_ALT_H + +typedef struct mbedtls_poly1305_context +{ + int dummy; +} +mbedtls_poly1305_context; + + +#endif /* poly1305_alt.h */ diff --git a/include/alt-dummy/ripemd160_alt.h b/include/alt-dummy/ripemd160_alt.h new file mode 100644 index 0000000000..722aeeb5dc --- /dev/null +++ b/include/alt-dummy/ripemd160_alt.h @@ -0,0 +1,29 @@ +/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RIPEMD160_ALT_H +#define RIPEMD160_ALT_H + +typedef struct mbedtls_ripemd160_context +{ + int dummy; +} +mbedtls_ripemd160_context; + + +#endif /* ripemd160_alt.h */ diff --git a/include/alt-dummy/rsa_alt.h b/include/alt-dummy/rsa_alt.h new file mode 100644 index 0000000000..ae80dbaa44 --- /dev/null +++ b/include/alt-dummy/rsa_alt.h @@ -0,0 +1,29 @@ +/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RSA_ALT_H +#define RSA_ALT_H + +typedef struct mbedtls_rsa_context +{ + int dummy; +} +mbedtls_rsa_context; + + +#endif /* rsa_alt.h */ diff --git a/include/alt-dummy/sha1_alt.h b/include/alt-dummy/sha1_alt.h new file mode 100644 index 0000000000..df2990b5bc --- /dev/null +++ b/include/alt-dummy/sha1_alt.h @@ -0,0 +1,29 @@ +/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA1_ALT_H +#define SHA1_ALT_H + +typedef struct mbedtls_sha1_context +{ + int dummy; +} +mbedtls_sha1_context; + + +#endif /* sha1_alt.h */ diff --git a/include/alt-dummy/sha256_alt.h b/include/alt-dummy/sha256_alt.h new file mode 100644 index 0000000000..7e501ed91a --- /dev/null +++ b/include/alt-dummy/sha256_alt.h @@ -0,0 +1,29 @@ +/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA256_ALT_H +#define SHA256_ALT_H + +typedef struct mbedtls_sha256_context +{ + int dummy; +} +mbedtls_sha256_context; + + +#endif /* sha256_alt.h */ diff --git a/include/alt-dummy/sha512_alt.h b/include/alt-dummy/sha512_alt.h new file mode 100644 index 0000000000..45c9599235 --- /dev/null +++ b/include/alt-dummy/sha512_alt.h @@ -0,0 +1,29 @@ +/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA512_ALT_H +#define SHA512_ALT_H + +typedef struct mbedtls_sha512_context +{ + int dummy; +} +mbedtls_sha512_context; + + +#endif /* sha512_alt.h */ diff --git a/include/alt-dummy/timing_alt.h b/include/alt-dummy/timing_alt.h new file mode 100644 index 0000000000..f2da154f12 --- /dev/null +++ b/include/alt-dummy/timing_alt.h @@ -0,0 +1,33 @@ +/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TIMING_ALT_H +#define TIMING_ALT_H + +struct mbedtls_timing_hr_time +{ + int dummy; +}; + +typedef struct mbedtls_timing_delay_context +{ + int dummy; +} mbedtls_timing_delay_context; + + +#endif /* timing_alt.h */ diff --git a/include/alt-dummy/xtea_alt.h b/include/alt-dummy/xtea_alt.h new file mode 100644 index 0000000000..cb21a3a548 --- /dev/null +++ b/include/alt-dummy/xtea_alt.h @@ -0,0 +1,29 @@ +/* xtea_alt.h with dummy types for MBEDTLS_XTEA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef XTEA_ALT_H +#define XTEA_ALT_H + +typedef struct mbedtls_xtea_context +{ + int dummy; +} +mbedtls_xtea_context; + + +#endif /* xtea_alt.h */ From 9e145d9d6874797db718fa9d9bda762f707c84a2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 23:17:57 +0200 Subject: [PATCH 178/553] Create threading_alt.h header for testing Follow-up to "Create xxx_alt.h headers for testing". The inclusion of threading_alt.h in include/mbedtls/threading.h does not follow the same pattern as the others so it was missed by the script. Signed-off-by: Gilles Peskine --- include/alt-dummy/threading_alt.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 include/alt-dummy/threading_alt.h diff --git a/include/alt-dummy/threading_alt.h b/include/alt-dummy/threading_alt.h new file mode 100644 index 0000000000..ff2fed5e2a --- /dev/null +++ b/include/alt-dummy/threading_alt.h @@ -0,0 +1,27 @@ +/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef THREADING_ALT_H +#define THREADING_ALT_H + +typedef struct mbedtls_threading_mutex_t +{ + int dummy; +} mbedtls_threading_mutex_t; + +#endif /* threading_alt.h */ From dead93c36be9b711387b6244cca699e6dbae0450 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:20:30 +0200 Subject: [PATCH 179/553] Define public fields of mbedtls_ecp_group in alt test header And don't define configuration macros that only apply to the built-in implementation. Signed-off-by: Gilles Peskine --- include/alt-dummy/ecp_alt.h | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/include/alt-dummy/ecp_alt.h b/include/alt-dummy/ecp_alt.h index 3628bb3da1..d263871c48 100644 --- a/include/alt-dummy/ecp_alt.h +++ b/include/alt-dummy/ecp_alt.h @@ -21,19 +21,15 @@ typedef struct mbedtls_ecp_group { - int dummy; + const mbedtls_ecp_group_id id; + const mbedtls_mpi P; + const mbedtls_mpi A; + const mbedtls_mpi B; + const mbedtls_ecp_point G; + const mbedtls_mpi N; + const size_t pbits; + const size_t nbits; } mbedtls_ecp_group; -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) - -#define MBEDTLS_ECP_WINDOW_SIZE 6 -#endif - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) - -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -#endif - - #endif /* ecp_alt.h */ From bc064f713a6474b5ceef7d9e9a7508d751064626 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 18:18:07 +0200 Subject: [PATCH 180/553] Import crypto_spe.h from TF-M https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/plain/secure_fw/partitions/crypto/crypto_spe.h?h=refs/heads/master Signed-off-by: Gilles Peskine --- include/spe/crypto_spe.h | 132 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 include/spe/crypto_spe.h diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h new file mode 100644 index 0000000000..f80fd86bdc --- /dev/null +++ b/include/spe/crypto_spe.h @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +/** + * \file crypto_spe.h + * + * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option + * enabled, this header is included by all .c files in Mbed Crypto that + * use PSA Crypto function names. This avoids duplication of symbols + * between TF-M and Mbed Crypto. + * + * \note This file should be included before including any PSA Crypto headers + * from Mbed Crypto. + */ + +#ifndef CRYPTO_SPE_H +#define CRYPTO_SPE_H + +#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x + +#define psa_crypto_init \ + PSA_FUNCTION_NAME(psa_crypto_init) +#define psa_key_derivation_get_capacity \ + PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) +#define psa_key_derivation_set_capacity \ + PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) +#define psa_key_derivation_input_bytes \ + PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) +#define psa_key_derivation_output_bytes \ + PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) +#define psa_key_derivation_input_key \ + PSA_FUNCTION_NAME(psa_key_derivation_input_key) +#define psa_key_derivation_output_key \ + PSA_FUNCTION_NAME(psa_key_derivation_output_key) +#define psa_key_derivation_setup \ + PSA_FUNCTION_NAME(psa_key_derivation_setup) +#define psa_key_derivation_abort \ + PSA_FUNCTION_NAME(psa_key_derivation_abort) +#define psa_key_derivation_key_agreement \ + PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) +#define psa_raw_key_agreement \ + PSA_FUNCTION_NAME(psa_raw_key_agreement) +#define psa_generate_random \ + PSA_FUNCTION_NAME(psa_generate_random) +#define psa_aead_encrypt \ + PSA_FUNCTION_NAME(psa_aead_encrypt) +#define psa_aead_decrypt \ + PSA_FUNCTION_NAME(psa_aead_decrypt) +#define psa_open_key \ + PSA_FUNCTION_NAME(psa_open_key) +#define psa_close_key \ + PSA_FUNCTION_NAME(psa_close_key) +#define psa_import_key \ + PSA_FUNCTION_NAME(psa_import_key) +#define psa_destroy_key \ + PSA_FUNCTION_NAME(psa_destroy_key) +#define psa_get_key_attributes \ + PSA_FUNCTION_NAME(psa_get_key_attributes) +#define psa_reset_key_attributes \ + PSA_FUNCTION_NAME(psa_reset_key_attributes) +#define psa_export_key \ + PSA_FUNCTION_NAME(psa_export_key) +#define psa_export_public_key \ + PSA_FUNCTION_NAME(psa_export_public_key) +#define psa_purge_key \ + PSA_FUNCTION_NAME(psa_purge_key) +#define psa_copy_key \ + PSA_FUNCTION_NAME(psa_copy_key) +#define psa_cipher_operation_init \ + PSA_FUNCTION_NAME(psa_cipher_operation_init) +#define psa_cipher_generate_iv \ + PSA_FUNCTION_NAME(psa_cipher_generate_iv) +#define psa_cipher_set_iv \ + PSA_FUNCTION_NAME(psa_cipher_set_iv) +#define psa_cipher_encrypt_setup \ + PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) +#define psa_cipher_decrypt_setup \ + PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) +#define psa_cipher_update \ + PSA_FUNCTION_NAME(psa_cipher_update) +#define psa_cipher_finish \ + PSA_FUNCTION_NAME(psa_cipher_finish) +#define psa_cipher_abort \ + PSA_FUNCTION_NAME(psa_cipher_abort) +#define psa_hash_operation_init \ + PSA_FUNCTION_NAME(psa_hash_operation_init) +#define psa_hash_setup \ + PSA_FUNCTION_NAME(psa_hash_setup) +#define psa_hash_update \ + PSA_FUNCTION_NAME(psa_hash_update) +#define psa_hash_finish \ + PSA_FUNCTION_NAME(psa_hash_finish) +#define psa_hash_verify \ + PSA_FUNCTION_NAME(psa_hash_verify) +#define psa_hash_abort \ + PSA_FUNCTION_NAME(psa_hash_abort) +#define psa_hash_clone \ + PSA_FUNCTION_NAME(psa_hash_clone) +#define psa_hash_compute \ + PSA_FUNCTION_NAME(psa_hash_compute) +#define psa_hash_compare \ + PSA_FUNCTION_NAME(psa_hash_compare) +#define psa_mac_operation_init \ + PSA_FUNCTION_NAME(psa_mac_operation_init) +#define psa_mac_sign_setup \ + PSA_FUNCTION_NAME(psa_mac_sign_setup) +#define psa_mac_verify_setup \ + PSA_FUNCTION_NAME(psa_mac_verify_setup) +#define psa_mac_update \ + PSA_FUNCTION_NAME(psa_mac_update) +#define psa_mac_sign_finish \ + PSA_FUNCTION_NAME(psa_mac_sign_finish) +#define psa_mac_verify_finish \ + PSA_FUNCTION_NAME(psa_mac_verify_finish) +#define psa_mac_abort \ + PSA_FUNCTION_NAME(psa_mac_abort) +#define psa_sign_hash \ + PSA_FUNCTION_NAME(psa_sign_hash) +#define psa_verify_hash \ + PSA_FUNCTION_NAME(psa_verify_hash) +#define psa_asymmetric_encrypt \ + PSA_FUNCTION_NAME(psa_asymmetric_encrypt) +#define psa_asymmetric_decrypt \ + PSA_FUNCTION_NAME(psa_asymmetric_decrypt) +#define psa_generate_key \ + PSA_FUNCTION_NAME(psa_generate_key) + +#endif /* CRYPTO_SPE_H */ From 5b009b67d1c5fc2ec52203f5fda8b125489bd293 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 31 May 2021 17:58:57 +0200 Subject: [PATCH 181/553] Remove MD2, MD4, RC4, Blowfish and XTEA Signed-off-by: TRodziewicz --- include/test/psa_exercise_key.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 57eae58911..aa0aeb5afd 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -32,11 +32,7 @@ * * This is used in some smoke tests. */ -#if defined(PSA_WANT_ALG_MD2) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2 -#elif defined(PSA_WANT_ALG_MD4) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4 -#elif defined(PSA_WANT_ALG_MD5) +#if defined(PSA_WANT_ALG_MD5) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 /* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 @@ -111,9 +107,6 @@ #if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) #define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG #define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#elif defined(MBEDTLS_RC4_C) -#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4 -#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4 #else #undef KNOWN_SUPPORTED_CIPHER_ALG #undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE From 8c9188ab046394e2b743693cc7d4817934debc81 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 18 Jun 2021 12:56:27 +0200 Subject: [PATCH 182/553] Code review fixes Reverting some deleted tests and changing the deprecated algo Deleting deprecated headers from /alt-dummy dir Corrections to the comments Removal of deleted functions from compat-2.x.h Corrections to tests/data_files/Makefile Signed-off-by: TRodziewicz --- include/alt-dummy/arc4_alt.h | 30 ------------------------------ include/alt-dummy/blowfish_alt.h | 29 ----------------------------- include/alt-dummy/md2_alt.h | 30 ------------------------------ include/alt-dummy/md4_alt.h | 30 ------------------------------ include/alt-dummy/xtea_alt.h | 29 ----------------------------- 5 files changed, 148 deletions(-) delete mode 100644 include/alt-dummy/arc4_alt.h delete mode 100644 include/alt-dummy/blowfish_alt.h delete mode 100644 include/alt-dummy/md2_alt.h delete mode 100644 include/alt-dummy/md4_alt.h delete mode 100644 include/alt-dummy/xtea_alt.h diff --git a/include/alt-dummy/arc4_alt.h b/include/alt-dummy/arc4_alt.h deleted file mode 100644 index b8c2e86a00..0000000000 --- a/include/alt-dummy/arc4_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* arc4_alt.h with dummy types for MBEDTLS_ARC4_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef ARC4_ALT_H -#define ARC4_ALT_H - -typedef struct mbedtls_arc4_context -{ - int dummy; -} -mbedtls_arc4_context; - - -#endif /* arc4_alt.h */ diff --git a/include/alt-dummy/blowfish_alt.h b/include/alt-dummy/blowfish_alt.h deleted file mode 100644 index 5a4f739d52..0000000000 --- a/include/alt-dummy/blowfish_alt.h +++ /dev/null @@ -1,29 +0,0 @@ -/* blowfish_alt.h with dummy types for MBEDTLS_BLOWFISH_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef BLOWFISH_ALT_H -#define BLOWFISH_ALT_H - -typedef struct mbedtls_blowfish_context -{ - int dummy; -} -mbedtls_blowfish_context; - - -#endif /* blowfish_alt.h */ diff --git a/include/alt-dummy/md2_alt.h b/include/alt-dummy/md2_alt.h deleted file mode 100644 index 70c7f15190..0000000000 --- a/include/alt-dummy/md2_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* md2_alt.h with dummy types for MBEDTLS_MD2_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef MD2_ALT_H -#define MD2_ALT_H - -typedef struct mbedtls_md2_context -{ - int dummy; -} -mbedtls_md2_context; - - -#endif /* md2_alt.h */ diff --git a/include/alt-dummy/md4_alt.h b/include/alt-dummy/md4_alt.h deleted file mode 100644 index db13f3d8db..0000000000 --- a/include/alt-dummy/md4_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* md4_alt.h with dummy types for MBEDTLS_MD4_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef MD4_ALT_H -#define MD4_ALT_H - -typedef struct mbedtls_md4_context -{ - int dummy; -} -mbedtls_md4_context; - - -#endif /* md4_alt.h */ diff --git a/include/alt-dummy/xtea_alt.h b/include/alt-dummy/xtea_alt.h deleted file mode 100644 index cb21a3a548..0000000000 --- a/include/alt-dummy/xtea_alt.h +++ /dev/null @@ -1,29 +0,0 @@ -/* xtea_alt.h with dummy types for MBEDTLS_XTEA_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef XTEA_ALT_H -#define XTEA_ALT_H - -typedef struct mbedtls_xtea_context -{ - int dummy; -} -mbedtls_xtea_context; - - -#endif /* xtea_alt.h */ From f0098d666bd61a84a70d7d71b3e6c6cf76ce1ad3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 14 Jun 2021 12:34:30 +0100 Subject: [PATCH 183/553] Fix exercise key test Hash and sign algorithms require the alignment of the input length with the hash length at verification as well not just when signing. Signed-off-by: Janos Follath --- src/psa_exercise_key.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index f48a64e947..e4e55c9c2c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -316,13 +316,14 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, #endif } + /* Some algorithms require the payload to have the size of + * the hash encoded in the algorithm. Use this input size + * even for algorithms that allow other input sizes. */ + if( hash_alg != 0 ) + payload_length = PSA_HASH_LENGTH( hash_alg ); + if( usage & PSA_KEY_USAGE_SIGN_HASH ) { - /* Some algorithms require the payload to have the size of - * the hash encoded in the algorithm. Use this input size - * even for algorithms that allow other input sizes. */ - if( hash_alg != 0 ) - payload_length = PSA_HASH_LENGTH( hash_alg ); PSA_ASSERT( psa_sign_hash( key, alg, payload, payload_length, signature, sizeof( signature ), From 08bf7add0c46408960ffe03e536aaf91697eee67 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 14:13:53 +0200 Subject: [PATCH 184/553] New test helper mbedtls_test_read_mpi This test helper reads an MPI from a string and guarantees control over the number of limbs of the MPI, allowing test cases to construct values with or without leading zeros, including 0 with 0 limbs. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 25 +++++++++++++++++++++++++ src/helpers.c | 15 +++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index ab9a0c3cd0..c0d2c00724 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -59,6 +59,10 @@ #include #include +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + typedef enum { MBEDTLS_TEST_RESULT_SUCCESS = 0, @@ -210,4 +214,25 @@ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); #endif +#if defined(MBEDTLS_BIGNUM_C) +/** Read an MPI from a string. + * + * Like mbedtls_mpi_read_string(), but size the resulting bignum based + * on the number of digits in the string. In particular, construct a + * bignum with 0 limbs for an empty string, and a bignum with leading 0 + * limbs if the string has sufficiently many leading 0 digits. + * + * This is important so that the "0 (null)" and "0 (1 limb)" and + * "leading zeros" test cases do what they claim. + * + * \param[out] X The MPI object to populate. It must be initialized. + * \param radix The radix (2 to 16). + * \param[in] s The null-terminated string to read from. + * + * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. + */ +/* Since the library has exactly the desired behavior, this is trivial. */ +int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ); +#endif /* MBEDTLS_BIGNUM_C */ + #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index cac6d4cc0a..4d3d53da50 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -259,3 +259,18 @@ void mbedtls_test_err_add_check( int high, int low, } } #endif /* MBEDTLS_TEST_HOOKS */ + +#if defined(MBEDTLS_BIGNUM_C) +int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) +{ + /* mbedtls_mpi_read_string() currently retains leading zeros. + * It always allocates at least one limb for the value 0. */ + if( s[0] == 0 ) + { + mbedtls_mpi_free( X ); + return( 0 ); + } + else + return( mbedtls_mpi_read_string( X, radix, s ) ); +} +#endif From e45a6244c5ed352a37872dc23e56b9392be0f3ff Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 09:40:12 +0100 Subject: [PATCH 185/553] Add per function hits to driver wrappers Signed-off-by: Paul Elliott --- include/test/drivers/aead.h | 15 +++++++++++++-- src/drivers/test_driver_aead.c | 22 +++++++++++----------- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 86c18d4d3a..5eabf17de4 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -34,12 +34,23 @@ typedef struct { * function call. */ psa_status_t forced_status; /* Count the amount of times AEAD driver functions are called. */ - unsigned long hits; + unsigned long hits_encrypt; + unsigned long hits_decrypt; + unsigned long hits_encrypt_setup; + unsigned long hits_decrypt_setup; + unsigned long hits_set_nonce; + unsigned long hits_set_lengths; + unsigned long hits_update_ad; + unsigned long hits_update; + unsigned long hits_finish; + unsigned long hits_verify; + unsigned long hits_abort; + /* Status returned by the last AEAD driver function call. */ psa_status_t driver_status; } mbedtls_test_driver_aead_hooks_t; -#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } static inline mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks_init( void ) { diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 006d3327f5..698353c5d6 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -40,7 +40,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_encrypt++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -71,7 +71,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_decrypt++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -99,7 +99,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_encrypt_setup++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -122,7 +122,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_decrypt_setup++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -144,7 +144,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( const uint8_t *nonce, size_t nonce_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_set_nonce++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -165,7 +165,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( size_t ad_length, size_t plaintext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_set_lengths++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -187,7 +187,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( const uint8_t *input, size_t input_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_update_ad++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -211,7 +211,7 @@ psa_status_t mbedtls_test_transparent_aead_update( size_t output_size, size_t *output_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_update++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -237,7 +237,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( size_t tag_size, size_t *tag_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_finish++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -263,7 +263,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( const uint8_t *tag, size_t tag_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_verify++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -283,7 +283,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( psa_status_t mbedtls_test_transparent_aead_abort( mbedtls_transparent_test_driver_aead_operation_t *operation ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_abort++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { From 6cd2b21d896e20cd0a79d84d255c6ee5f563b29a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 27 May 2021 11:25:03 +0200 Subject: [PATCH 186/553] Replace all inclusions of config.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since build_info.h alreadyy handles it. This commit was generated using the following script: # ======================== #!/bin/sh git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i ' /^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h" //,/^#endif/d ' # ======================== Signed-off-by: Bence Szépkúti --- include/test/certs.h | 6 +----- include/test/constant_flow.h | 6 +----- include/test/drivers/aead.h | 6 +----- include/test/drivers/cipher.h | 6 +----- include/test/drivers/hash.h | 6 +----- include/test/drivers/key_management.h | 6 +----- include/test/drivers/mac.h | 6 +----- include/test/drivers/signature.h | 6 +----- include/test/drivers/size.h | 6 +----- include/test/fake_external_rng_for_test.h | 6 +----- include/test/helpers.h | 6 +----- include/test/macros.h | 6 +----- include/test/random.h | 6 +----- 13 files changed, 13 insertions(+), 65 deletions(-) diff --git a/include/test/certs.h b/include/test/certs.h index c93c741c7f..03f0d03b85 100644 --- a/include/test/certs.h +++ b/include/test/certs.h @@ -22,11 +22,7 @@ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #include diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index af64011669..9626af9e46 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -24,11 +24,7 @@ #ifndef TEST_CONSTANT_FLOW_H #define TEST_CONSTANT_FLOW_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" /* * This file defines the two macros diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 2207cb36fe..0830229e4e 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H #define PSA_CRYPTO_TEST_DRIVERS_AEAD_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 4fe559618f..142f3b7655 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H #define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index ebe83dee4e..d202c8bf06 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H #define PSA_CRYPTO_TEST_DRIVERS_HASH_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 45814fd034..16e1f755ca 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H #define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index 7733dd341c..5f6cd38a4d 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H #define PSA_CRYPTO_TEST_DRIVERS_MAC_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 5e64edc3c8..67f2b29a35 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H #define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h index b2665bdda5..4e3301c4ae 100644 --- a/include/test/drivers/size.h +++ b/include/test/drivers/size.h @@ -20,11 +20,7 @@ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H #define PSA_CRYPTO_TEST_DRIVERS_SIZE_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(PSA_CRYPTO_DRIVER_TEST) #include diff --git a/include/test/fake_external_rng_for_test.h b/include/test/fake_external_rng_for_test.h index faeef22e86..9d56dabf0d 100644 --- a/include/test/fake_external_rng_for_test.h +++ b/include/test/fake_external_rng_for_test.h @@ -22,11 +22,7 @@ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H #define FAKE_EXTERNAL_RNG_FOR_TEST_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /** Enable the insecure implementation of mbedtls_psa_external_get_random(). diff --git a/include/test/helpers.h b/include/test/helpers.h index c0d2c00724..27e5599ed1 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -30,11 +30,7 @@ * directly (without using the MBEDTLS_PRIVATE wrapper). */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) diff --git a/include/test/macros.h b/include/test/macros.h index 87e86d38e5..9b3fc9c809 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -24,11 +24,7 @@ #ifndef TEST_MACROS_H #define TEST_MACROS_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #include diff --git a/include/test/random.h b/include/test/random.h index 6428280780..58548a2c8b 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -25,11 +25,7 @@ #ifndef TEST_RANDOM_H #define TEST_RANDOM_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "mbedtls/build_info.h" #include #include From f205d87d13eea5d373e00fbea564b58b6a81e7e7 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 13 May 2021 12:05:01 +0200 Subject: [PATCH 187/553] Update tests for extended key usage policies Signed-off-by: gabor-mezei-arm --- include/test/psa_crypto_helpers.h | 8 ++++++++ src/psa_crypto_helpers.c | 13 +++++++++++++ 2 files changed, 21 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 9881eaebef..522fbae71f 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -186,6 +186,14 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ +/** Return extended key usage policies. + * + * Do a key policy permission extension on key usage policies always involves + * permissions of other usage policies + * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE). + */ +psa_key_usage_t update_key_usage_flags( psa_key_usage_t usage_flags ); + /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or * alternative implementation. diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index f2222cb285..934b76bb84 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -114,4 +114,17 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, } #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ +psa_key_usage_t update_key_usage_flags( psa_key_usage_t usage_flags ) +{ + psa_key_usage_t updated_usage = usage_flags; + + if( usage_flags & PSA_KEY_USAGE_SIGN_HASH ) + updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + + if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH ) + updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + + return( updated_usage ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 666e8d558a6b41586f851950b5a8ab76022f2850 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 28 Jun 2021 14:05:00 +0200 Subject: [PATCH 188/553] Rename function to conform to the library Signed-off-by: gabor-mezei-arm --- include/test/psa_crypto_helpers.h | 2 +- src/psa_crypto_helpers.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 522fbae71f..8a8c37e008 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -192,7 +192,7 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, * permissions of other usage policies * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE). */ -psa_key_usage_t update_key_usage_flags( psa_key_usage_t usage_flags ); +psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags ); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 934b76bb84..d9d841abd5 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -114,7 +114,7 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, } #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ -psa_key_usage_t update_key_usage_flags( psa_key_usage_t usage_flags ) +psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags ) { psa_key_usage_t updated_usage = usage_flags; From 8c47238c011b8d4614eee7e348bb19312d6f6a54 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 25 Mar 2021 11:17:10 +0100 Subject: [PATCH 189/553] Dispatch cipher functions through the driver interface Signed-off-by: gabor-mezei-arm --- src/drivers/test_driver_cipher.c | 180 ++++++++----------------------- 1 file changed, 45 insertions(+), 135 deletions(-) diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 9c95cc8f8c..89a7b59944 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -35,26 +35,19 @@ mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks = MBEDTLS_TEST_DRIVER_CIPHER_INIT; -static psa_status_t mbedtls_test_transparent_cipher_oneshot( - mbedtls_operation_t direction, +psa_status_t mbedtls_test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { mbedtls_test_driver_cipher_hooks.hits++; - /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || - psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_NOT_SUPPORTED ); - - /* If test driver response code is not SUCCESS, we can return early */ - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); - - /* If test driver output is overridden, we don't need to do actual crypto */ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) @@ -68,133 +61,50 @@ static psa_status_t mbedtls_test_transparent_cipher_oneshot( return( mbedtls_test_driver_cipher_hooks.forced_status ); } - /* Run AES-CTR using the cipher module */ - { - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - - const mbedtls_cipher_info_t *cipher_info = - mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, - key_length * 8, - MBEDTLS_MODE_CTR ); - mbedtls_cipher_context_t cipher; - int ret = 0; - uint8_t temp_output_buffer[16] = {0}; - size_t temp_output_length = 0; - - if( direction == MBEDTLS_ENCRYPT ) - { - /* Oneshot encrypt needs to prepend the IV to the output */ - if( output_size < ( input_length + 16 ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - } - else - { - /* Oneshot decrypt has the IV prepended to the input */ - if( output_size < ( input_length - 16 ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - } - - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - mbedtls_cipher_init( &cipher ); - ret = mbedtls_cipher_setup( &cipher, cipher_info ); - if( ret != 0 ) - goto exit; - - ret = mbedtls_cipher_setkey( &cipher, - key, - key_length * 8, direction ); - if( ret != 0 ) - goto exit; - - if( direction == MBEDTLS_ENCRYPT ) - { - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - - ret = mbedtls_test_rnd_pseudo_rand( &rnd_info, - temp_output_buffer, - 16 ); - if( ret != 0 ) - goto exit; - - ret = mbedtls_cipher_set_iv( &cipher, temp_output_buffer, 16 ); - } - else - ret = mbedtls_cipher_set_iv( &cipher, input, 16 ); - - if( ret != 0 ) - goto exit; - - if( direction == MBEDTLS_ENCRYPT ) - { - ret = mbedtls_cipher_update( &cipher, - input, input_length, - &output[16], output_length ); - if( ret == 0 ) - { - memcpy( output, temp_output_buffer, 16 ); - *output_length += 16; - } - } - else - ret = mbedtls_cipher_update( &cipher, - &input[16], input_length - 16, - output, output_length ); - - if( ret != 0 ) - goto exit; - - ret = mbedtls_cipher_finish( &cipher, - temp_output_buffer, - &temp_output_length ); - -exit: - if( ret != 0 ) - { - *output_length = 0; - memset(output, 0, output_size); - } - - mbedtls_cipher_free( &cipher ); - return( mbedtls_to_psa_error( ret ) ); - } -} + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); -psa_status_t mbedtls_test_transparent_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) -{ - return ( - mbedtls_test_transparent_cipher_oneshot( - MBEDTLS_ENCRYPT, - attributes, - key, key_length, - alg, - input, input_length, - output, output_size, output_length) ); + psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); + + return( mbedtls_transparent_test_driver_cipher_encrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length ) ); } psa_status_t mbedtls_test_transparent_cipher_decrypt( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length) + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { - return ( - mbedtls_test_transparent_cipher_oneshot( - MBEDTLS_DECRYPT, - attributes, - key, key_length, - alg, - input, input_length, - output, output_size, output_length) ); + mbedtls_test_driver_cipher_hooks.hits++; + + if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) + { + if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( output, + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; + + return( mbedtls_test_driver_cipher_hooks.forced_status ); + } + + if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_cipher_hooks.forced_status ); + + return( mbedtls_transparent_test_driver_cipher_decrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length ) ); } psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( From 06093b0be4c1d6deb49e55080a18708a0a9ab4d5 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 2 Jul 2021 18:08:10 +0200 Subject: [PATCH 190/553] Re-introduction of key slot chekcs Signed-off-by: TRodziewicz --- include/test/helpers.h | 9 +++++++++ src/helpers.c | 10 ++++++++++ 2 files changed, 19 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 27e5599ed1..40fcb03dd9 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -231,4 +231,13 @@ void mbedtls_test_err_add_check( int high, int low, int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ); #endif /* MBEDTLS_BIGNUM_C */ +/** + * \brief Check value in first parameter. + * + * \note If the check fails, fail the test currently being run. + */ +#if defined(MBEDTLS_TEST_HOOKS) +void mbedtls_test_hook_value_check( int test, const char * file, int line ); +#endif + #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index 4d3d53da50..bf25f21ad5 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -274,3 +274,13 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) return( mbedtls_mpi_read_string( X, radix, s ) ); } #endif + +#if defined(MBEDTLS_TEST_HOOKS) +void mbedtls_test_hook_value_check( int test, const char * file, int line ) +{ + if ( !test ) + { + mbedtls_test_fail( "Wrong value in test", line, file ); + } +} +#endif From a3003b5e99e6a1ea4ac3ba52c2f1c1490dcf7047 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 5 Jul 2021 15:16:00 +0200 Subject: [PATCH 191/553] Corrections to the new functions names and error message wording Signed-off-by: TRodziewicz --- include/test/helpers.h | 2 +- src/helpers.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 40fcb03dd9..8ee6996684 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -237,7 +237,7 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ); * \note If the check fails, fail the test currently being run. */ #if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_hook_value_check( int test, const char * file, int line ); +void mbedtls_test_assert_test( int test, const char * file, int line ); #endif #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index bf25f21ad5..e35ed62d60 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -276,11 +276,11 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) #endif #if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_hook_value_check( int test, const char * file, int line ) +void mbedtls_test_assert_test( int test, const char * file, int line ) { if ( !test ) { - mbedtls_test_fail( "Wrong value in test", line, file ); + mbedtls_test_fail( "Test hook - test assertion failed.", line, file ); } } #endif From d5440ae4a7c9a21debddede795cdad154aeebb10 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 7 Jul 2021 17:29:43 +0200 Subject: [PATCH 192/553] Adding new macro for tests failing Signed-off-by: TRodziewicz --- include/test/helpers.h | 9 --------- src/helpers.c | 10 ---------- 2 files changed, 19 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 8ee6996684..27e5599ed1 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -231,13 +231,4 @@ void mbedtls_test_err_add_check( int high, int low, int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ); #endif /* MBEDTLS_BIGNUM_C */ -/** - * \brief Check value in first parameter. - * - * \note If the check fails, fail the test currently being run. - */ -#if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_assert_test( int test, const char * file, int line ); -#endif - #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index e35ed62d60..4d3d53da50 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -274,13 +274,3 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) return( mbedtls_mpi_read_string( X, radix, s ) ); } #endif - -#if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_assert_test( int test, const char * file, int line ) -{ - if ( !test ) - { - mbedtls_test_fail( "Test hook - test assertion failed.", line, file ); - } -} -#endif From f110bb9e329ae18d93a58a8274cd2c9072b704ab Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 21:47:27 +0100 Subject: [PATCH 193/553] Remove aead_verify call from test driver Function was removed, but missed this reference. Signed-off-by: Paul Elliott --- src/drivers/test_driver_aead.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 698353c5d6..5928e0e010 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -272,9 +272,26 @@ psa_status_t mbedtls_test_transparent_aead_verify( } else { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, - plaintext_length, tag, tag_length ); + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length; + + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish( operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + tag_length, + &check_tag_length ); + + if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) + { + if( tag_length != check_tag_length || + mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + != 0 ) + mbedtls_test_driver_aead_hooks.driver_status = + PSA_ERROR_INVALID_SIGNATURE; + } } return( mbedtls_test_driver_aead_hooks.driver_status ); From ae6556757bc28094a171a5e83117884c59b5e42e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 15:29:21 +0100 Subject: [PATCH 194/553] Add missing include to PSA test driver Signed-off-by: Paul Elliott --- src/drivers/test_driver_aead.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 5928e0e010..ac116ffb06 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_aead.h" +#include "psa_crypto_core.h" #include "test/drivers/aead.h" From 0bb0ff0dc0b61d566b2d01a93041a675d40ad553 Mon Sep 17 00:00:00 2001 From: Archana Date: Wed, 7 Jul 2021 02:50:22 +0530 Subject: [PATCH 195/553] Add test driver support for opaque key import -Add test driver support to import/export while wrapping keys meant to be stored in the PSA core as opaque( emulating an SE without storage ). -Export validate_unstructured_key_bit_size as psa_validate_unstructured_key_bit_size, thereby changing its scope. -Improve the import/export test cases in test_suite_psa_crypto to also cover opaque keys, thereby avoiding duplication. Signed-off-by: Archana --- include/test/drivers/key_management.h | 24 ++ include/test/drivers/size.h | 33 --- include/test/drivers/test_driver.h | 1 - src/drivers/test_driver_key_management.c | 350 +++++++++++++++++++---- src/drivers/test_driver_size.c | 97 ------- 5 files changed, 314 insertions(+), 191 deletions(-) delete mode 100644 include/test/drivers/size.h delete mode 100644 src/drivers/test_driver_size.c diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 16e1f755ca..3cde1aaff9 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -49,6 +49,21 @@ static inline mbedtls_test_driver_key_management_hooks_t return( v ); } +/* + * In order to convert the plain text keys to Opaque, the size of the key is + * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to xor mangling + * the key. The pad prefix needs to be accounted for while sizing for the key. + */ +#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U +#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) + +size_t mbedtls_test_opaque_get_base_size(); + +size_t mbedtls_test_opaque_size_function( + const psa_key_type_t key_type, + const size_t key_bits ); + + extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; @@ -84,6 +99,15 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *key_buffer_length, size_t *bits); +psa_status_t mbedtls_test_opaque_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); + psa_status_t mbedtls_test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, diff --git a/include/test/drivers/size.h b/include/test/drivers/size.h deleted file mode 100644 index 4e3301c4ae..0000000000 --- a/include/test/drivers/size.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Test driver for context size functions - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H -#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H - -#include "mbedtls/build_info.h" - -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include - -size_t mbedtls_test_size_function( - const psa_key_type_t key_type, - const size_t key_bits ); - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 5b60932d3a..47e92b7071 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -28,6 +28,5 @@ #include "test/drivers/mac.h" #include "test/drivers/key_management.h" #include "test/drivers/signature.h" -#include "test/drivers/size.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index afa1fc261e..7ad7f73bdb 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -56,6 +56,88 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; + +/* + * This macro returns the base size for the key context when SE does not support storage. + * It is the size of the metadata that gets added to the wrapped key. + * In its test functionality the metadata is just some padded prefixing to the key. + */ +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE + + +size_t mbedtls_test_opaque_size_function( + const psa_key_type_t key_type, + const size_t key_bits ) +{ + size_t key_buffer_size = 0; + + key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ); + if( key_buffer_size == 0 ) + return( key_buffer_size ); + /* Include spacing for base size overhead over the key size + * */ + key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; + return( key_buffer_size ); +} + +size_t mbedtls_test_opaque_get_base_size() +{ + return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; +} + +/* + * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the clear key. + * It expects the clear and wrap buffers to be passed in. + * key_buffer_size is the size of the clear key to be wrapped. + * wrap_buffer_size is the size of the output buffer wrap_key. + * The argument key_buffer_length is filled with the wrapped key_size on success. + * */ +static psa_status_t mbedtls_test_opaque_wrap_key( + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *wrap_key, + size_t wrap_buffer_size, + size_t *key_buffer_length ) +{ + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; + if( key_buffer_size + opaque_key_base_size > wrap_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + /* Write in the opaque pad prefix */ + memcpy( wrap_key, &prefix, opaque_key_base_size); + wrap_key += opaque_key_base_size; + *key_buffer_length = key_buffer_size + opaque_key_base_size; + while( key_buffer_size-- ) + wrap_key[key_buffer_size] = key_buffer[key_buffer_size] ^ 0xFF; + return( PSA_SUCCESS ); +} + +/* + * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix and unwraps + * the wrapped key. It expects the clear and wrap buffers to be passed in. + * wrapped_key_buffer_size is the size of the wrapped key, + * key_buffer_size is the size of the output buffer clear_key. + * The argument key_buffer_length is filled with the unwrapped(clear) key_size on success. + * */ +static psa_status_t mbedtls_test_opaque_unwrap_key( + const uint8_t *wrapped_key, + size_t wrapped_key_buffer_size, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length) +{ + /* Remove the pad prefis from the wrapped key */ + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + size_t clear_key_size = wrapped_key_buffer_size - opaque_key_base_size; + wrapped_key += opaque_key_base_size; + if( clear_key_size > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + *key_buffer_length = clear_key_size; + while( clear_key_size-- ) + key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; + return( PSA_SUCCESS ); +} + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) @@ -131,7 +213,7 @@ psa_status_t mbedtls_test_transparent_import_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( type ) ) { - status = mbedtls_transparent_test_driver_ecp_import_key( + status = mbedtls_test_driver_ecp_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -143,7 +225,7 @@ psa_status_t mbedtls_test_transparent_import_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( type ) ) { - status = mbedtls_transparent_test_driver_rsa_import_key( + status = mbedtls_test_driver_rsa_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -165,69 +247,178 @@ psa_status_t mbedtls_test_transparent_import_key( return( status ); } -psa_status_t mbedtls_test_opaque_export_key( + +psa_status_t mbedtls_test_opaque_import_key( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length ) + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits) { - if( key_length != sizeof( psa_drv_slot_number_t ) ) - { - /* Test driver does not support generic opaque key handling yet. */ - return( PSA_ERROR_NOT_SUPPORTED ); - } - - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - switch( slot_number ) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_type_t type = psa_get_key_type( attributes ); + /* This buffer will be used as an intermediate placeholder for the clear + * key till we wrap it */ + uint8_t *key_buffer_temp; + key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); + + if( !key_buffer_temp ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) { - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: - /* This is the ECDSA slot. Verify the key's attributes before - * returning the private key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + *bits = PSA_BYTES_TO_BITS( data_length ); - memcpy( data, mbedtls_test_driver_ecdsa_key, - sizeof( mbedtls_test_driver_ecdsa_key ) ); - *data_length = sizeof( mbedtls_test_driver_ecdsa_key ); - return( PSA_SUCCESS ); + /* Ensure that the bytes-to-bits conversion hasn't overflown. */ + if( data_length > SIZE_MAX / 8 ) + goto exit; - case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - /* This is the AES slot. Verify the key's attributes before - * returning the key. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 128 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); + /* Enforce a size limit, and in particular ensure that the bit + * size fits in its representation type. */ + if( ( *bits ) > PSA_MAX_KEY_BITS ) + goto exit; - if( data_size < sizeof( mbedtls_test_driver_aes_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); + if( status != PSA_SUCCESS ) + goto exit; - memcpy( data, mbedtls_test_driver_aes_key, - sizeof( mbedtls_test_driver_aes_key ) ); - *data_length = sizeof( mbedtls_test_driver_aes_key ); - return( PSA_SUCCESS ); + /* Copy the key material accounting for opaque key padding. */ + memcpy( key_buffer_temp, data, data_length ); + *key_buffer_length = data_length; + } +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + else if( PSA_KEY_TYPE_IS_ECC( type ) ) + { + status = mbedtls_test_driver_ecp_import_key( + attributes, + data, data_length, + key_buffer_temp, + key_buffer_size, + key_buffer_length, bits ); + if( status != PSA_SUCCESS ) + goto exit; + } + else +#endif +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + { + status = mbedtls_test_driver_rsa_import_key( + attributes, + data, data_length, + key_buffer_temp, + key_buffer_size, + key_buffer_length, bits ); + if( status != PSA_SUCCESS ) + goto exit; + } + else +#endif + { + status = PSA_ERROR_INVALID_ARGUMENT; + (void)data; + (void)data_length; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; + (void)bits; + (void)type; + goto exit; + } + status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, + key_buffer, key_buffer_size, key_buffer_length ); +exit: + free( key_buffer_temp ); + return( status ); +} - default: - return( PSA_ERROR_DOES_NOT_EXIST ); +psa_status_t mbedtls_test_opaque_export_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + if( key_length == sizeof( psa_drv_slot_number_t ) ) + { + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + + switch( slot_number ) + { + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: + /* This is the ECDSA slot. Verify the key's attributes before + * returning the private key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 256 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, mbedtls_test_driver_ecdsa_key, + sizeof( mbedtls_test_driver_ecdsa_key ) ); + *data_length = sizeof( mbedtls_test_driver_ecdsa_key ); + return( PSA_SUCCESS ); + + case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: + /* This is the AES slot. Verify the key's attributes before + * returning the key. */ + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_bits( attributes ) != 128 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + if( data_size < sizeof( mbedtls_test_driver_aes_key ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( data, mbedtls_test_driver_aes_key, + sizeof( mbedtls_test_driver_aes_key ) ); + *data_length = sizeof( mbedtls_test_driver_aes_key ); + return( PSA_SUCCESS ); + + default: + return( PSA_ERROR_DOES_NOT_EXIST ); + } } + else + { + /* This buffer will be used as an intermediate placeholder for the opaque key + * till we unwrap the key into key_buffer */ + uint8_t *key_buffer_temp; + size_t status = PSA_ERROR_BUFFER_TOO_SMALL; + psa_key_type_t type = psa_get_key_type( attributes ); + + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) || + PSA_KEY_TYPE_IS_RSA( type ) || + PSA_KEY_TYPE_IS_ECC( type ) ) + { + key_buffer_temp = mbedtls_calloc( 1, key_length ); + if( !key_buffer_temp ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + memcpy( key_buffer_temp, key, key_length ); + status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length, + data, data_size, data_length ); + mbedtls_free( key_buffer_temp ); + return( status ); + } + } + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_export_public_key( @@ -258,7 +449,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { - status = mbedtls_transparent_test_driver_ecp_export_public_key( + status = mbedtls_test_driver_ecp_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ); @@ -269,7 +460,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { - status = mbedtls_transparent_test_driver_rsa_export_public_key( + status = mbedtls_test_driver_rsa_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ); @@ -293,8 +484,48 @@ psa_status_t mbedtls_test_opaque_export_public_key( { if( key_length != sizeof( psa_drv_slot_number_t ) ) { - /* Test driver does not support generic opaque key handling yet. */ - return( PSA_ERROR_NOT_SUPPORTED ); + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_key_type_t key_type = psa_get_key_type( attributes ); + uint8_t *key_buffer_temp; + key_buffer_temp = mbedtls_calloc( 1, key_length ); + if( !key_buffer_temp ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( key_type ) ) + { + status = mbedtls_test_opaque_unwrap_key( key, key_length, + key_buffer_temp, key_length, data_length ); + if( status == PSA_SUCCESS ) + status = mbedtls_test_driver_ecp_export_public_key( + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); + } + else + #endif + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( key_type ) ) + { + status = mbedtls_test_opaque_unwrap_key( key, key_length, + key_buffer_temp, key_length, data_length ); + if( status == PSA_SUCCESS ) + status = mbedtls_test_driver_rsa_export_public_key( + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); + } + else + #endif + { + status = PSA_ERROR_NOT_SUPPORTED; + (void)key; + (void)key_length; + (void)key_type; + } + mbedtls_free( key_buffer_temp ); + return( status ); } /* Assume this is a builtin key based on the key material length. */ @@ -384,5 +615,4 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( return( PSA_ERROR_DOES_NOT_EXIST ); } } - #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_size.c b/src/drivers/test_driver_size.c deleted file mode 100644 index 033cf32de0..0000000000 --- a/src/drivers/test_driver_size.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Test driver for retrieving key context size. - * Only used by opaque drivers. - */ -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) - -#include "test/drivers/size.h" -#include "psa/crypto.h" - -typedef struct { - unsigned int context; -} test_driver_key_context_t; - -/* - * This macro returns the base size for the key context. It is the size of the - * driver specific information stored in each key context. - */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) - -/* - * Number of bytes included in every key context for a key pair. - * - * This pair size is for an ECC 256-bit private/public key pair. - * Based on this value, the size of the private key can be derived by - * subtracting the public key size below from this one. - */ -#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 - -/* - * Number of bytes included in every key context for a public key. - * - * For ECC public keys, it needs 257 bits so 33 bytes. - */ -#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 - -/* - * Every key context for a symmetric key includes this many times the key size. - */ -#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 - -/* - * If this is true for a key pair, the key context includes space for the public key. - * If this is false, no additional space is added for the public key. - * - * For this instance, store the public key with the private one. - */ -#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 - -size_t mbedtls_test_size_function( - const psa_key_type_t key_type, - const size_t key_bits ) -{ - size_t key_buffer_size = 0; - - if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) - { - int public_key_overhead = - ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) - ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 ); - key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + - TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + - public_key_overhead; - } - else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) ) - { - key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + - TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; - } - else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && - !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) ) - { - key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + - ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * - ( ( key_bits + 7 ) / 8 ) ); - } - - return( key_buffer_size ); -} -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From fb85b596c5ad2714a0bb30322a1427c7d6cbdfc9 Mon Sep 17 00:00:00 2001 From: Archana Date: Wed, 4 Aug 2021 10:47:15 +0530 Subject: [PATCH 196/553] pre-existing validation extended The validation against key width and max key bits is extended to all key types from the existing validation for only symmetric keys. Signed-off-by: Archana --- src/drivers/test_driver_key_management.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 7ad7f73bdb..0f6a2bd583 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -271,15 +271,6 @@ psa_status_t mbedtls_test_opaque_import_key( { *bits = PSA_BYTES_TO_BITS( data_length ); - /* Ensure that the bytes-to-bits conversion hasn't overflown. */ - if( data_length > SIZE_MAX / 8 ) - goto exit; - - /* Enforce a size limit, and in particular ensure that the bit - * size fits in its representation type. */ - if( ( *bits ) > PSA_MAX_KEY_BITS ) - goto exit; - status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); if( status != PSA_SUCCESS ) goto exit; From 03f99a0ec5eec2942569cba5ff1f3daa735f597c Mon Sep 17 00:00:00 2001 From: Archana Date: Mon, 5 Jul 2021 02:18:48 +0530 Subject: [PATCH 197/553] Add opaque test driver support for copy key A minimal test driver extension is added to support copy of opaque keys within the same location. Test vector support is extended to cover opaque keys. Signed-off-by: Archana --- include/test/drivers/key_management.h | 9 +++++++++ src/drivers/test_driver_key_management.c | 20 ++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 3cde1aaff9..ed0b5ebbca 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -113,5 +113,14 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +psa_status_t mbedtls_test_opaque_copy_key( + psa_key_attributes_t *attributes, + const uint8_t *source_key, + size_t source_key_size, + uint8_t *target_key_buffer, + size_t target_buffer_size, + size_t *key_length ); + + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 0f6a2bd583..fec0a3e484 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -606,4 +606,24 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( return( PSA_ERROR_DOES_NOT_EXIST ); } } + +psa_status_t mbedtls_test_opaque_copy_key( + psa_key_attributes_t *attributes, + const uint8_t *source_key_buffer, size_t source_key_buffer_size, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) +{ + /* This is a case where the opaque test driver emulates an SE without storage. + * With that all key context is stored in the wrapped buffer. + * So no additional house keeping is necessary to reference count the + * copied keys. This could change when the opaque test driver is extended + * to support SE with storage, or to emulate an SE without storage but + * still holding some slot references */ + if( source_key_buffer_size > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( key_buffer, source_key_buffer, source_key_buffer_size ); + *key_buffer_length = source_key_buffer_size; + (void)attributes; + return( PSA_SUCCESS ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 7072e1f6be176c62a3e5062476d672ccd21f926f Mon Sep 17 00:00:00 2001 From: Archana Date: Wed, 8 Sep 2021 15:36:05 +0530 Subject: [PATCH 198/553] Code style improvements Signed-off-by: Archana --- include/test/drivers/key_management.h | 15 ++- src/drivers/test_driver_key_management.c | 127 ++++++++++++----------- 2 files changed, 73 insertions(+), 69 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index ed0b5ebbca..16ee0b2160 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -51,19 +51,18 @@ static inline mbedtls_test_driver_key_management_hooks_t /* * In order to convert the plain text keys to Opaque, the size of the key is - * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to xor mangling - * the key. The pad prefix needs to be accounted for while sizing for the key. + * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to + * xor mangling the key. The pad prefix needs to be accounted for while + * sizing for the key. */ #define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U -#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) - -size_t mbedtls_test_opaque_get_base_size(); +#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \ + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) size_t mbedtls_test_opaque_size_function( const psa_key_type_t key_type, const size_t key_bits ); - extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; @@ -118,8 +117,8 @@ psa_status_t mbedtls_test_opaque_copy_key( const uint8_t *source_key, size_t source_key_size, uint8_t *target_key_buffer, - size_t target_buffer_size, - size_t *key_length ); + size_t target_key_buffer_size, + size_t *target_key_buffer_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index fec0a3e484..2683edcd8c 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -58,11 +58,13 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = /* - * This macro returns the base size for the key context when SE does not support storage. - * It is the size of the metadata that gets added to the wrapped key. - * In its test functionality the metadata is just some padded prefixing to the key. + * This macro returns the base size for the key context when SE does not + * support storage. It is the size of the metadata that gets added to the + * wrapped key. In its test functionality the metadata is just some padded + * prefixing to the key. */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE size_t mbedtls_test_opaque_size_function( @@ -80,62 +82,70 @@ size_t mbedtls_test_opaque_size_function( return( key_buffer_size ); } -size_t mbedtls_test_opaque_get_base_size() +static size_t mbedtls_test_opaque_get_base_size() { return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; } /* - * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the clear key. - * It expects the clear and wrap buffers to be passed in. - * key_buffer_size is the size of the clear key to be wrapped. - * wrap_buffer_size is the size of the output buffer wrap_key. - * The argument key_buffer_length is filled with the wrapped key_size on success. + * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the + * clear key. It expects the clear and wrap buffers to be passed in. + * key_length is the size of the clear key to be wrapped. + * wrapped_key_buffer_size is the size of the output buffer wrap_key. + * The argument wrapped_key_buffer_length is filled with the wrapped + * key_size on success. * */ static psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *wrap_key, - size_t wrap_buffer_size, - size_t *key_buffer_length ) + const uint8_t *key, + size_t key_length, + uint8_t *wrapped_key_buffer, + size_t wrapped_key_buffer_size, + size_t *wrapped_key_buffer_length ) { - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; - if( key_buffer_size + opaque_key_base_size > wrap_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - /* Write in the opaque pad prefix */ - memcpy( wrap_key, &prefix, opaque_key_base_size); - wrap_key += opaque_key_base_size; - *key_buffer_length = key_buffer_size + opaque_key_base_size; - while( key_buffer_size-- ) - wrap_key[key_buffer_size] = key_buffer[key_buffer_size] ^ 0xFF; - return( PSA_SUCCESS ); + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; + + if( key_length + opaque_key_base_size > wrapped_key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + /* Write in the opaque pad prefix */ + memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size); + wrapped_key_buffer += opaque_key_base_size; + *wrapped_key_buffer_length = key_length + opaque_key_base_size; + + while( key_length-- ) + wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; + return( PSA_SUCCESS ); } /* - * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix and unwraps - * the wrapped key. It expects the clear and wrap buffers to be passed in. - * wrapped_key_buffer_size is the size of the wrapped key, + * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix + * and unwraps the wrapped key. It expects the clear and wrap buffers to be + * passed in. + * wrapped_key_length is the size of the wrapped key, * key_buffer_size is the size of the output buffer clear_key. - * The argument key_buffer_length is filled with the unwrapped(clear) key_size on success. + * The argument key_buffer_length is filled with the unwrapped(clear) + * key_size on success. * */ static psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, - size_t wrapped_key_buffer_size, + size_t wrapped_key_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { - /* Remove the pad prefis from the wrapped key */ - size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - size_t clear_key_size = wrapped_key_buffer_size - opaque_key_base_size; - wrapped_key += opaque_key_base_size; - if( clear_key_size > key_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - *key_buffer_length = clear_key_size; - while( clear_key_size-- ) - key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; - return( PSA_SUCCESS ); + /* Remove the pad prefix from the wrapped key */ + size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); + size_t clear_key_size = wrapped_key_length - opaque_key_base_size; + + wrapped_key += opaque_key_base_size; + if( clear_key_size > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + *key_buffer_length = clear_key_size; + while( clear_key_size-- ) + key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; + return( PSA_SUCCESS ); } psa_status_t mbedtls_test_transparent_generate_key( @@ -257,21 +267,22 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *key_buffer_length, size_t *bits) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); - /* This buffer will be used as an intermediate placeholder for the clear - * key till we wrap it */ + /* This buffer will be used as an intermediate placeholder for + * the clear key till we wrap it */ uint8_t *key_buffer_temp; - key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); - if( !key_buffer_temp ) + key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); + if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) { *bits = PSA_BYTES_TO_BITS( data_length ); - status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits ); + status = psa_validate_unstructured_key_bit_size( attributes->core.type, + *bits ); if( status != PSA_SUCCESS ) goto exit; @@ -311,13 +322,6 @@ psa_status_t mbedtls_test_opaque_import_key( #endif { status = PSA_ERROR_INVALID_ARGUMENT; - (void)data; - (void)data_length; - (void)key_buffer; - (void)key_buffer_size; - (void)key_buffer_length; - (void)bits; - (void)type; goto exit; } status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, @@ -389,10 +393,10 @@ psa_status_t mbedtls_test_opaque_export_key( } else { - /* This buffer will be used as an intermediate placeholder for the opaque key - * till we unwrap the key into key_buffer */ + /* This buffer will be used as an intermediate placeholder for + * the opaque key till we unwrap the key into key_buffer */ uint8_t *key_buffer_temp; - size_t status = PSA_ERROR_BUFFER_TOO_SMALL; + size_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) || @@ -400,7 +404,7 @@ psa_status_t mbedtls_test_opaque_export_key( PSA_KEY_TYPE_IS_ECC( type ) ) { key_buffer_temp = mbedtls_calloc( 1, key_length ); - if( !key_buffer_temp ) + if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); memcpy( key_buffer_temp, key, key_length ); status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length, @@ -475,12 +479,14 @@ psa_status_t mbedtls_test_opaque_export_public_key( { if( key_length != sizeof( psa_drv_slot_number_t ) ) { - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t key_type = psa_get_key_type( attributes ); uint8_t *key_buffer_temp; + key_buffer_temp = mbedtls_calloc( 1, key_length ); - if( !key_buffer_temp ) + if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); + #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) @@ -512,7 +518,6 @@ psa_status_t mbedtls_test_opaque_export_public_key( { status = PSA_ERROR_NOT_SUPPORTED; (void)key; - (void)key_length; (void)key_type; } mbedtls_free( key_buffer_temp ); From f1c2cf9b6f4a74eccb9b4455de9cbd69b2b95a9a Mon Sep 17 00:00:00 2001 From: Archana Date: Fri, 10 Sep 2021 06:22:44 +0530 Subject: [PATCH 199/553] Styling and refactoring Signed-off-by: Archana --- include/test/drivers/key_management.h | 2 +- src/drivers/test_driver_key_management.c | 37 +++++++++++++----------- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 16ee0b2160..d147568cdc 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -115,7 +115,7 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( psa_status_t mbedtls_test_opaque_copy_key( psa_key_attributes_t *attributes, const uint8_t *source_key, - size_t source_key_size, + size_t source_key_length, uint8_t *target_key_buffer, size_t target_key_buffer_size, size_t *target_key_buffer_length); diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 2683edcd8c..61ebc8aa1a 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -75,7 +75,7 @@ size_t mbedtls_test_opaque_size_function( key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ); if( key_buffer_size == 0 ) - return( key_buffer_size ); + return( 0 ); /* Include spacing for base size overhead over the key size * */ key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; @@ -109,7 +109,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key( return( PSA_ERROR_BUFFER_TOO_SMALL ); /* Write in the opaque pad prefix */ - memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size); + memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size ); wrapped_key_buffer += opaque_key_base_size; *wrapped_key_buffer_length = key_length + opaque_key_base_size; @@ -136,7 +136,12 @@ static psa_status_t mbedtls_test_opaque_unwrap_key( { /* Remove the pad prefix from the wrapped key */ size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); - size_t clear_key_size = wrapped_key_length - opaque_key_base_size; + size_t clear_key_size; + + /* Check for underflow */ + if( wrapped_key_length < opaque_key_base_size ) + return( PSA_ERROR_DATA_CORRUPT ); + clear_key_size = wrapped_key_length - opaque_key_base_size; wrapped_key += opaque_key_base_size; if( clear_key_size > key_buffer_size ) @@ -281,11 +286,14 @@ psa_status_t mbedtls_test_opaque_import_key( { *bits = PSA_BYTES_TO_BITS( data_length ); - status = psa_validate_unstructured_key_bit_size( attributes->core.type, + status = psa_validate_unstructured_key_bit_size( type, *bits ); if( status != PSA_SUCCESS ) goto exit; + if( data_length > key_buffer_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + /* Copy the key material accounting for opaque key padding. */ memcpy( key_buffer_temp, data, data_length ); *key_buffer_length = data_length; @@ -327,7 +335,7 @@ psa_status_t mbedtls_test_opaque_import_key( status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, key_buffer, key_buffer_size, key_buffer_length ); exit: - free( key_buffer_temp ); + mbedtls_free( key_buffer_temp ); return( status ); } @@ -395,21 +403,15 @@ psa_status_t mbedtls_test_opaque_export_key( { /* This buffer will be used as an intermediate placeholder for * the opaque key till we unwrap the key into key_buffer */ - uint8_t *key_buffer_temp; - size_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) || PSA_KEY_TYPE_IS_RSA( type ) || PSA_KEY_TYPE_IS_ECC( type ) ) { - key_buffer_temp = mbedtls_calloc( 1, key_length ); - if( key_buffer_temp == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( key_buffer_temp, key, key_length ); - status = mbedtls_test_opaque_unwrap_key( key_buffer_temp, key_length, + status = mbedtls_test_opaque_unwrap_key( key, key_length, data, data_size, data_length ); - mbedtls_free( key_buffer_temp ); return( status ); } } @@ -614,7 +616,7 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( psa_status_t mbedtls_test_opaque_copy_key( psa_key_attributes_t *attributes, - const uint8_t *source_key_buffer, size_t source_key_buffer_size, + const uint8_t *source_key, size_t source_key_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { /* This is a case where the opaque test driver emulates an SE without storage. @@ -623,10 +625,11 @@ psa_status_t mbedtls_test_opaque_copy_key( * copied keys. This could change when the opaque test driver is extended * to support SE with storage, or to emulate an SE without storage but * still holding some slot references */ - if( source_key_buffer_size > key_buffer_size ) + if( source_key_length > key_buffer_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key_buffer, source_key_buffer, source_key_buffer_size ); - *key_buffer_length = source_key_buffer_size; + + memcpy( key_buffer, source_key, source_key_length ); + *key_buffer_length = source_key_length; (void)attributes; return( PSA_SUCCESS ); } From 6cd79e289b696be867e53819a9c7a33cb98c8c97 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 20 Sep 2021 18:46:03 +0100 Subject: [PATCH 200/553] Apply fixes to test driver from lib implementation Signed-off-by: Paul Elliott --- src/drivers/test_driver_aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index ac116ffb06..84e69e0f69 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -282,7 +282,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( plaintext_size, plaintext_length, check_tag, - tag_length, + sizeof( check_tag ), &check_tag_length ); if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) @@ -293,6 +293,8 @@ psa_status_t mbedtls_test_transparent_aead_verify( mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_INVALID_SIGNATURE; } + + mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); } return( mbedtls_test_driver_aead_hooks.driver_status ); From 3ac80d45162f53fcdf98a0a40eaa8fbd02e96172 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Sep 2021 17:56:28 +0100 Subject: [PATCH 201/553] Move set lengths checking to PSA Core Signed-off-by: Paul Elliott --- src/drivers/test_driver_aead.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 6befe7cc0f..d27ada294d 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -171,9 +171,8 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths( operation, ad_length, - plaintext_length ); + /* No mbedtls_psa_aead_set_lengths, everything is done in PSA Core. */ + mbedtls_test_driver_aead_hooks.driver_status = PSA_SUCCESS; } return( mbedtls_test_driver_aead_hooks.driver_status ); From de060cbe9af8c651ff2dfd2e252b6251421cd876 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 28 Sep 2021 11:00:20 +0100 Subject: [PATCH 202/553] Restore internal driver for aead_set_lengths Signed-off-by: Paul Elliott --- src/drivers/test_driver_aead.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index d27ada294d..6befe7cc0f 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -171,8 +171,9 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { - /* No mbedtls_psa_aead_set_lengths, everything is done in PSA Core. */ - mbedtls_test_driver_aead_hooks.driver_status = PSA_SUCCESS; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); } return( mbedtls_test_driver_aead_hooks.driver_status ); From 9944fbc799e41419d91a687ad0e11c61536aef3a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Apr 2021 20:28:54 +0200 Subject: [PATCH 203/553] Show values when TEST_EQUAL fails When TEST_EQUAL fails, show the two numerical values in the test log (only with host_test). The values are printed in hexa and signed decimal. The arguments of TEST_EQUAL must now be integers, not pointers or floats. The current implementation requires them to fit in unsigned long long Signed values no larger than long long will work too. The implementation uses unsigned long long rather than uintmax_t to reduce portability concerns. The snprintf function must support "%llx" and "%lld". For this purpose, add room for two lines of text to the mbedtls_test_info structure. This adds 154 bytes of global data. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 23 +++++++++++++++++++++++ include/test/macros.h | 20 +++++++++++++------- src/helpers.c | 25 +++++++++++++++++++++++++ src/psa_exercise_key.c | 8 ++++---- 4 files changed, 65 insertions(+), 11 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 27e5599ed1..ef32cdf83b 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -73,6 +73,8 @@ typedef struct const char *filename; int line_no; unsigned long step; + char line1[76]; + char line2[76]; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif @@ -131,6 +133,27 @@ void mbedtls_test_set_step( unsigned long step ); */ void mbedtls_test_info_reset( void ); +/** + * \brief Record the current test case as a failure if two integers + * have a different value. + * + * This function is usually called via the macro + * #TEST_EQUAL. + * + * \param test Description of the failure or assertion that failed. This + * MUST be a string literal. This normally has the form + * "EXPR1 == EXPR2" where EXPR1 has the value \p value1 + * and EXPR2 has the value \p value2. + * \param line_no Line number where the failure originated. + * \param filename Filename where the failure originated. + * \param value1 The first value to compare. + * \param value2 The second value to compare. + * + * \return \c 1 if the values are equal, otherwise \c 0. + */ +int mbedtls_test_equal( const char *test, int line_no, const char* filename, + unsigned long long value1, unsigned long long value2 ); + /** * \brief This function decodes the hexadecimal representation of * data. diff --git a/include/test/macros.h b/include/test/macros.h index 9b3fc9c809..a88b2e8115 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -73,15 +73,21 @@ } \ } while( 0 ) -/** Evaluate two expressions and fail the test case if they have different - * values. +/** Evaluate two integer expressions and fail the test case if they have + * different values. * - * \param expr1 An expression to evaluate. - * \param expr2 The expected value of \p expr1. This can be any - * expression, but it is typically a constant. + * The two expressions should have the same signedness, otherwise the + * comparison is not meaningful if the signed value is negative. + * + * \param expr1 An integral-typed expression to evaluate. + * \param expr2 Another integral-typed expression to evaluate. */ -#define TEST_EQUAL( expr1, expr2 ) \ - TEST_ASSERT( ( expr1 ) == ( expr2 ) ) +#define TEST_EQUAL( expr1, expr2 ) \ + do { \ + if( ! mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ + expr1, expr2 ) ) \ + goto exit; \ + } while( 0 ) /** Allocate memory dynamically and fail the test case if this fails. * The allocated memory will be filled with zeros. diff --git a/src/helpers.c b/src/helpers.c index 4d3d53da50..ec4d84eac1 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -95,6 +95,31 @@ void mbedtls_test_info_reset( void ) mbedtls_test_info.test = 0; mbedtls_test_info.line_no = 0; mbedtls_test_info.filename = 0; + memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) ); + memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) ); +} + +int mbedtls_test_equal( const char *test, int line_no, const char* filename, + unsigned long long value1, unsigned long long value2 ) +{ + if( value1 == value2 ) + return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) + { + /* We've already recorded the test as having failed. Don't + * overwrite any previous information about the failure. */ + return( 0 ); + } + mbedtls_test_fail( test, line_no, filename ); + (void) mbedtls_snprintf( mbedtls_test_info.line1, + sizeof( mbedtls_test_info.line1 ), + "lhs = 0x%016llx = %lld", + value1, (long long) value1 ); + (void) mbedtls_snprintf( mbedtls_test_info.line2, + sizeof( mbedtls_test_info.line2 ), + "rhs = 0x%016llx = %lld", + value2, (long long) value2 ); + return( 0 ); } int mbedtls_test_unhexify( unsigned char *obuf, diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index e4e55c9c2c..923d2c136a 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -663,7 +663,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ), 0 ); - TEST_EQUAL( p + len, end ); + TEST_EQUAL( len, end - p ); if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) goto exit; if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) @@ -684,7 +684,7 @@ int mbedtls_test_psa_exported_key_sanity_check( goto exit; if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) goto exit; - TEST_EQUAL( p, end ); + TEST_EQUAL( p - end, 0 ); TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } @@ -716,12 +716,12 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ), 0 ); - TEST_EQUAL( p + len, end ); + TEST_EQUAL( len, end - p ); if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) goto exit; if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) goto exit; - TEST_EQUAL( p, end ); + TEST_EQUAL( p - end, 0 ); TEST_ASSERT( exported_length <= From 90b04aec6396dd11588d3c58ca92dbba4f6b5801 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Tue, 26 Oct 2021 14:32:10 +0200 Subject: [PATCH 204/553] ssl_client2, ssl_server2: add check for psa memory leaks Signed-off-by: Przemyslaw Stekiel --- include/test/psa_crypto_helpers.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 8a8c37e008..8e7d425a93 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -28,7 +28,9 @@ #include "test/psa_helpers.h" #include +#if !defined(SKIP_LIBRARY_HEADERS) #include +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" From 9df08c1d1395df7fd4ef10cb11ac2fec2e61ff31 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 3 Nov 2021 09:35:35 +0100 Subject: [PATCH 205/553] Move psa_crypto_slot_management.h out from psa_crypto_helpers.h Signed-off-by: Przemyslaw Stekiel --- include/test/psa_crypto_helpers.h | 3 --- src/psa_crypto_helpers.c | 1 + src/psa_exercise_key.c | 1 + 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 8e7d425a93..f5622e2d2d 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -28,9 +28,6 @@ #include "test/psa_helpers.h" #include -#if !defined(SKIP_LIBRARY_HEADERS) -#include -#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index d9d841abd5..299b6d125d 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -22,6 +22,7 @@ #include #include +#include #include #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 923d2c136a..29e673ae76 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -29,6 +29,7 @@ #include #include +#include #include #if defined(MBEDTLS_PSA_CRYPTO_SE_C) From 06b7a1df61509edb69db604b1e4c789dbe04b299 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Sep 2021 16:15:05 +0200 Subject: [PATCH 206/553] Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH The current definition of PSA_ALG_IS_HASH_AND_SIGN includes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly follow the hash-and-sign paradigm: the algorithm does not encode a hash algorithm that is applied prior to the signature step. The definition in fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature step isn't to apply the hash encoded in the algorithm). In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero output to be PSA_ALG_IS_HASH_AND_SIGN. Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a global replacement. ``` git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g' ``` Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 923d2c136a..91bac678ef 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -306,7 +306,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); /* If the policy allows signing with any hash, just pick one. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH ) { #if defined(KNOWN_SUPPORTED_HASH_ALG) hash_alg = KNOWN_SUPPORTED_HASH_ALG; @@ -925,7 +925,7 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if( PSA_ALG_IS_SIGN_HASH( alg ) ) { if( PSA_ALG_SIGN_GET_HASH( alg ) ) return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? From 501f0a7f048d7ebbf703f74f75d30bbbaeb186aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Jul 2021 17:56:40 +0200 Subject: [PATCH 207/553] test: psa driver: Remove unnecessary IV generation Signed-off-by: Ronald Cron --- src/drivers/test_driver_cipher.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 89a7b59944..755f6a0a78 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -64,8 +64,6 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); - psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); - return( mbedtls_transparent_test_driver_cipher_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, From e8f196059384692855231dd8f00f099c23152406 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Jul 2021 09:19:35 +0200 Subject: [PATCH 208/553] psa: cipher: Add IV parameters to cipher_encrypt entry point Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 2 ++ src/drivers/test_driver_cipher.c | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 142f3b7655..33a5e66579 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -53,6 +53,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *iv, size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); @@ -98,6 +99,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *iv, size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 755f6a0a78..33bfddd0a0 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -40,6 +40,8 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -66,7 +68,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( return( mbedtls_transparent_test_driver_cipher_encrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, + alg, iv, iv_length, input, input_length, output, output_size, output_length ) ); } @@ -240,6 +242,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *iv, size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { @@ -247,6 +250,8 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( (void) key; (void) key_length; (void) alg; + (void) iv; + (void) iv_length; (void) input; (void) input_length; (void) output; From 48d669faebad8b1739ca05ef708e7e4adac4b4f8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 2 Dec 2021 17:50:50 +0100 Subject: [PATCH 209/553] tests: psa: aead: Fix operation type in entry point prototypes Signed-off-by: Ronald Cron --- include/test/drivers/aead.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 24215601a6..33e1f50cdc 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -75,34 +75,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_test_transparent_aead_set_nonce( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ); psa_status_t mbedtls_test_transparent_aead_set_lengths( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ); psa_status_t mbedtls_test_transparent_aead_update_ad( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -110,7 +110,7 @@ psa_status_t mbedtls_test_transparent_aead_update( size_t *output_length ); psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -119,7 +119,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( size_t *tag_length ); psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -127,7 +127,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( size_t tag_length ); psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_psa_aead_operation_t *operation ); + mbedtls_transparent_test_driver_aead_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ From 1b4e7486f8c4db46c96acbb49adcd95dddc44560 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 3 Dec 2021 15:12:01 +0100 Subject: [PATCH 210/553] tests: psa: driver: cipher: Remove unnecessary check Signed-off-by: Ronald Cron --- src/drivers/test_driver_cipher.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 89a7b59944..be06b970a0 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -148,9 +148,6 @@ psa_status_t mbedtls_test_transparent_cipher_abort( { mbedtls_test_driver_cipher_hooks.hits++; - if( operation->alg == 0 ) - return( PSA_SUCCESS ); - mbedtls_transparent_test_driver_cipher_abort( operation ); /* Wiping the entire struct here, instead of member-by-member. This is From 46fbe1dec923710ed61914137d70023f946da608 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Jul 2021 11:24:02 +0200 Subject: [PATCH 211/553] tests: psa: driver: mac: Remove opaque entry points in library Opaque test entry points will be implemented only in test code. Signed-off-by: Ronald Cron --- src/drivers/test_driver_mac.c | 59 ++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 3b766dcb53..4e25370410 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -211,11 +211,16 @@ psa_status_t mbedtls_test_opaque_mac_compute( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_compute( - attributes, key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length ); + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -237,9 +242,12 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -261,9 +269,12 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -283,9 +294,10 @@ psa_status_t mbedtls_test_opaque_mac_update( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_update( - operation, input, input_length ); + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -306,9 +318,11 @@ psa_status_t mbedtls_test_opaque_mac_sign_finish( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_sign_finish( - operation, mac, mac_size, mac_length ); + (void) operation; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -328,9 +342,10 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_verify_finish( - operation, mac, mac_length ); + (void) operation; + (void) mac; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -348,8 +363,8 @@ psa_status_t mbedtls_test_opaque_mac_abort( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_abort( operation ); + (void) operation; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); From 0100a705204c9c360800c890cfb840a0e46924b7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Apr 2021 15:32:03 +0200 Subject: [PATCH 212/553] tests: psa driver: Align RSA/ECP sign/verify hash dispatch Align RSA/ECP sign/verify hash dispatch with the corresponding code of the library. The library code was modified recently but not the test code one and these modifications ease the following work. Signed-off-by: Ronald Cron --- src/drivers/test_driver_signature.c | 128 ++++++++++++++-------------- 1 file changed, 65 insertions(+), 63 deletions(-) diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 2d58756aa5..86f03195b0 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -54,58 +54,56 @@ psa_status_t sign_hash( size_t signature_size, size_t *signature_length ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - return( mbedtls_transparent_test_driver_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); - } - else + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || + PSA_ALG_IS_RSA_PSS( alg) ) + { +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + return( mbedtls_transparent_test_driver_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { - if( -#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - PSA_ALG_IS_ECDSA( alg ) -#else - PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) -#endif - ) + if( PSA_ALG_IS_ECDSA( alg ) ) { +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) return( mbedtls_transparent_test_driver_ecdsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ } else { return( PSA_ERROR_INVALID_ARGUMENT ); } } - else -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ - { - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); - } + + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t verify_hash( @@ -118,52 +116,56 @@ psa_status_t verify_hash( const uint8_t *signature, size_t signature_length ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { - return( mbedtls_transparent_test_driver_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); - } - else + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || + PSA_ALG_IS_RSA_PSS( alg) ) + { +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + return( mbedtls_transparent_test_driver_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { if( PSA_ALG_IS_ECDSA( alg ) ) { +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) return( mbedtls_transparent_test_driver_ecdsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ } else { return( PSA_ERROR_INVALID_ARGUMENT ); } } - else -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ - { - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); - } + + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_signature_sign_message( From f5a3b6ee776e1f87fd8b19014f8299fe6f126b16 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 6 Jul 2021 09:23:06 +0200 Subject: [PATCH 213/553] tests: psa: Fix guards Signed-off-by: Ronald Cron --- src/psa_exercise_key.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index fc58fbd489..de2c48d6da 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -643,7 +643,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); else -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { uint8_t *p = (uint8_t*) exported; @@ -690,7 +690,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } else -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) @@ -703,7 +703,7 @@ int mbedtls_test_psa_exported_key_sanity_check( else #endif /* MBEDTLS_ECP_C */ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_ASN1_PARSE_C) if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { uint8_t *p = (uint8_t*) exported; @@ -731,7 +731,7 @@ int mbedtls_test_psa_exported_key_sanity_check( PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); } else -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) From b525f968b2629b106d8564ded1d7dbc9860ddc00 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Apr 2021 11:09:54 +0200 Subject: [PATCH 214/553] psa: driver: Reduce the scope of test driver entry points Define test driver entry points that provide an alternative to Mbed TLS driver entry points only when the PSA configuration is used. Their purpose is only to test the PSA configuration thus there is no good reason to use them out of this scope. Signed-off-by: Ronald Cron --- src/drivers/hash.c | 62 ++++++ src/drivers/test_driver_aead.c | 107 ++++++++++ src/drivers/test_driver_cipher.c | 65 +++++- src/drivers/test_driver_key_management.c | 252 ++++++++++++++--------- src/drivers/test_driver_mac.c | 87 ++++++++ src/drivers/test_driver_signature.c | 95 ++++++--- 6 files changed, 545 insertions(+), 123 deletions(-) diff --git a/src/drivers/hash.c b/src/drivers/hash.c index b1880f778e..25574177dd 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -41,10 +41,25 @@ psa_status_t mbedtls_test_transparent_hash_compute( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_compute( + alg, input, input_length, + hash, hash_size, hash_length ); +#else + (void) alg; + (void) input; + (void) input_length; + (void) hash; + (void) hash_size; + (void) hash_length; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -63,8 +78,17 @@ psa_status_t mbedtls_test_transparent_hash_setup( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_setup( operation, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_setup( operation, alg ); +#else + (void) operation; + (void) alg; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -83,9 +107,18 @@ psa_status_t mbedtls_test_transparent_hash_clone( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_clone( source_operation, target_operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_clone( source_operation, target_operation ); +#else + (void) source_operation; + (void) target_operation; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -105,9 +138,19 @@ psa_status_t mbedtls_test_transparent_hash_update( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_update( operation, input, input_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_update( operation, input, input_length ); +#else + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -128,9 +171,20 @@ psa_status_t mbedtls_test_transparent_hash_finish( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_finish( operation, hash, hash_size, hash_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); +#else + (void) operation; + (void) hash; + (void) hash_size; + (void) hash_length; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -148,8 +202,16 @@ psa_status_t mbedtls_test_transparent_hash_abort( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_abort( operation ); +#else + (void) operation; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 6befe7cc0f..b5619603fd 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -46,6 +46,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, @@ -54,6 +55,22 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( additional_data, additional_data_length, plaintext, plaintext_length, ciphertext, ciphertext_size, ciphertext_length ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) plaintext; + (void) plaintext_length; + (void) ciphertext; + (void) ciphertext_size; + (void) ciphertext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -77,6 +94,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, @@ -85,6 +103,22 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( additional_data, additional_data_length, ciphertext, ciphertext_length, plaintext, plaintext_size, plaintext_length ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) ciphertext; + (void) ciphertext_length; + (void) plaintext; + (void) plaintext_size; + (void) plaintext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -105,9 +139,18 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); +#else + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -128,9 +171,18 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); +#else + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -150,8 +202,15 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); +#else + (void) operation; + (void) nonce; + (void) nonce_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -171,9 +230,16 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); +#else + (void) operation; + (void) ad_length; + (void) plaintext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -193,8 +259,15 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update_ad( operation, input, input_length ); +#else + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -217,9 +290,19 @@ psa_status_t mbedtls_test_transparent_aead_update( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update( operation, input, input_length, output, output_size, output_length ); +#else + (void) operation; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -243,10 +326,21 @@ psa_status_t mbedtls_test_transparent_aead_finish( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length ); +#else + (void) operation; + (void) ciphertext; + (void) ciphertext_size; + (void) ciphertext_length; + (void) tag; + (void) tag_size; + (void) tag_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); @@ -272,6 +366,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; size_t check_tag_length; +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, plaintext, @@ -280,6 +375,13 @@ psa_status_t mbedtls_test_transparent_aead_verify( check_tag, sizeof( check_tag ), &check_tag_length ); +#else + (void) operation; + (void) plaintext; + (void) plaintext_size; + (void) plaintext_length; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) { @@ -308,8 +410,13 @@ psa_status_t mbedtls_test_transparent_aead_abort( } else { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_abort( operation ); +#else + (void) operation; + mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_aead_hooks.driver_status ); diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index be06b970a0..ed65c9168f 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -66,10 +66,19 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_encrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_decrypt( @@ -101,10 +110,19 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_decrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_decrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( @@ -124,8 +142,15 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); - return ( mbedtls_transparent_test_driver_cipher_encrypt_setup( - operation, attributes, key, key_length, alg ) ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_cipher_encrypt_setup( + operation, attributes, key, key_length, alg ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_encrypt_setup( + operation, attributes, key, key_length, alg ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( @@ -139,8 +164,15 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); - return ( mbedtls_transparent_test_driver_cipher_decrypt_setup( - operation, attributes, key, key_length, alg ) ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_cipher_decrypt_setup( + operation, attributes, key, key_length, alg ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_decrypt_setup( + operation, attributes, key, key_length, alg ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_abort( @@ -148,7 +180,11 @@ psa_status_t mbedtls_test_transparent_cipher_abort( { mbedtls_test_driver_cipher_hooks.hits++; +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_transparent_test_driver_cipher_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + mbedtls_psa_cipher_abort( operation ); +#endif /* Wiping the entire struct here, instead of member-by-member. This is * useful for the test suite, since it gives a chance of catching memory @@ -169,8 +205,14 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_set_iv( operation, iv, iv_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_update( @@ -199,9 +241,17 @@ psa_status_t mbedtls_test_transparent_cipher_update( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_update( operation, input, input_length, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_update( + operation, input, input_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_finish( @@ -228,8 +278,15 @@ psa_status_t mbedtls_test_transparent_cipher_finish( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_finish( operation, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_finish( + operation, output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } /* diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 61ebc8aa1a..a2e637aea2 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -173,27 +173,32 @@ psa_status_t mbedtls_test_transparent_generate_key( return( PSA_SUCCESS ); } - /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) - if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) - && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) + && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_ecp_generate_key( attributes, key, key_size, key_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) + return( mbedtls_psa_ecp_generate_key( + attributes, key, key_size, key_length ) ); +#endif } - else -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */ - -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) - if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) + else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_rsa_generate_key( attributes, key, key_size, key_length ) ); - else -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ - { - (void)attributes; - return( PSA_ERROR_NOT_SUPPORTED ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) + return( mbedtls_psa_rsa_generate_key( + attributes, key, key_size, key_length ) ); +#endif } + + (void)attributes; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_opaque_generate_key( @@ -221,45 +226,56 @@ psa_status_t mbedtls_test_transparent_import_key( if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( type ) ) { - status = mbedtls_test_driver_ecp_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ); - } - else +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_test_driver_ecp_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return( mbedtls_psa_ecp_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); #endif -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( type ) ) - { - status = mbedtls_test_driver_rsa_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ); } - else -#endif + else if( PSA_KEY_TYPE_IS_RSA( type ) ) { - status = PSA_ERROR_NOT_SUPPORTED; - (void)data; - (void)data_length; - (void)key_buffer; - (void)key_buffer_size; - (void)key_buffer_length; - (void)bits; - (void)type; +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_test_driver_rsa_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return( mbedtls_psa_rsa_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#endif } - return( status ); + (void)data; + (void)data_length; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; + (void)bits; + (void)type; + + return( PSA_ERROR_NOT_SUPPORTED ); } @@ -298,40 +314,58 @@ psa_status_t mbedtls_test_opaque_import_key( memcpy( key_buffer_temp, data, data_length ); *key_buffer_length = data_length; } -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) else if( PSA_KEY_TYPE_IS_ECC( type ) ) { +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_test_driver_ecp_import_key( attributes, data, data_length, - key_buffer_temp, - key_buffer_size, + key_buffer_temp, key_buffer_size, + key_buffer_length, bits ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + status = mbedtls_psa_ecp_import_key( + attributes, + data, data_length, + key_buffer_temp, key_buffer_size, key_buffer_length, bits ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif if( status != PSA_SUCCESS ) goto exit; } - else -#endif -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( type ) ) + else if( PSA_KEY_TYPE_IS_RSA( type ) ) { +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_test_driver_rsa_import_key( attributes, data, data_length, - key_buffer_temp, - key_buffer_size, + key_buffer_temp, key_buffer_size, key_buffer_length, bits ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + status = mbedtls_psa_rsa_import_key( + attributes, + data, data_length, + key_buffer_temp, key_buffer_size, + key_buffer_length, bits ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif if( status != PSA_SUCCESS ) goto exit; } else -#endif { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } + status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, key_buffer, key_buffer_size, key_buffer_length ); exit: @@ -439,39 +473,48 @@ psa_status_t mbedtls_test_transparent_export_public_key( return( PSA_SUCCESS ); } - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t key_type = psa_get_key_type( attributes ); -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { - status = mbedtls_test_driver_ecp_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ); - } - else +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_test_driver_ecp_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return( mbedtls_psa_ecp_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); #endif -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( key_type ) ) - { - status = mbedtls_test_driver_rsa_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ); } - else -#endif + else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { - status = PSA_ERROR_NOT_SUPPORTED; - (void)key_buffer; - (void)key_buffer_size; - (void)key_type; +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_test_driver_rsa_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return( mbedtls_psa_rsa_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); +#endif } - return( status ); + (void)key_buffer; + (void)key_buffer_size; + (void)key_type; + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_opaque_export_public_key( @@ -489,34 +532,55 @@ psa_status_t mbedtls_test_opaque_export_public_key( if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { status = mbedtls_test_opaque_unwrap_key( key, key_length, key_buffer_temp, key_length, data_length ); if( status == PSA_SUCCESS ) + { +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_test_driver_ecp_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length ); + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + status = mbedtls_psa_ecp_export_public_key( + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif + } } - else - #endif - #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( key_type ) ) + else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { status = mbedtls_test_opaque_unwrap_key( key, key_length, key_buffer_temp, key_length, data_length ); if( status == PSA_SUCCESS ) + { +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_test_driver_rsa_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length ); + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + status = mbedtls_psa_rsa_export_public_key( + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif + } } else - #endif { status = PSA_ERROR_NOT_SUPPORTED; (void)key; diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 4e25370410..e586c8d080 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -47,11 +47,30 @@ psa_status_t mbedtls_test_transparent_mac_compute( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -73,9 +92,22 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_sign_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); +#else + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -97,9 +129,22 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_verify_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); +#else + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -119,9 +164,20 @@ psa_status_t mbedtls_test_transparent_mac_update( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_update( operation, input, input_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_update( + operation, input, input_length ); +#else + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -142,9 +198,21 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_finish( operation, mac, mac_size, mac_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_sign_finish( + operation, mac, mac_size, mac_length ); +#else + (void) operation; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -164,9 +232,20 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_finish( operation, mac, mac_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_verify_finish( + operation, mac, mac_length ); +#else + (void) operation; + (void) mac; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -184,8 +263,16 @@ psa_status_t mbedtls_test_transparent_mac_abort( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_abort( operation ); +#else + (void) operation; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 86f03195b0..8494385421 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -59,15 +59,22 @@ psa_status_t sign_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + return( mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#endif } else { @@ -78,15 +85,22 @@ psa_status_t sign_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_ecdsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + return( mbedtls_psa_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#endif } else { @@ -121,15 +135,22 @@ psa_status_t verify_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + return( mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#endif } else { @@ -140,15 +161,22 @@ psa_status_t verify_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_ecdsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + return( mbedtls_psa_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#endif } else { @@ -164,7 +192,6 @@ psa_status_t verify_hash( (void)hash_length; (void)signature; (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); } @@ -200,16 +227,25 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( return( PSA_SUCCESS ); } +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_transparent_test_driver_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); - +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + status = mbedtls_psa_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); +#else + (void) input; + (void) input_length; + status = PSA_ERROR_NOT_SUPPORTED; +#endif if( status != PSA_SUCCESS ) return status; - return sign_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ); + return( sign_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } psa_status_t mbedtls_test_opaque_signature_sign_message( @@ -255,16 +291,25 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_signature_verify_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_transparent_test_driver_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); - +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + status = mbedtls_psa_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); +#else + (void) input; + (void) input_length; + status = PSA_ERROR_NOT_SUPPORTED; +#endif if( status != PSA_SUCCESS ) return status; - return verify_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ); + return( verify_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } psa_status_t mbedtls_test_opaque_signature_verify_message( From 44857ab8310d933f8801dd6fc777d29471181734 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 10 Apr 2021 16:57:30 +0200 Subject: [PATCH 215/553] psa: Add driver initialization and termination Signed-off-by: Ronald Cron --- include/test/drivers/key_management.h | 5 +++++ src/drivers/test_driver_key_management.c | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index d147568cdc..5bba611746 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -66,6 +66,11 @@ size_t mbedtls_test_opaque_size_function( extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; +psa_status_t mbedtls_test_transparent_init( void ); +void mbedtls_test_transparent_free( void ); +psa_status_t mbedtls_test_opaque_init( void ); +void mbedtls_test_opaque_free( void ); + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index a2e637aea2..59a1ce4efa 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -56,6 +56,25 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; +psa_status_t mbedtls_test_transparent_init( void ) +{ + return( PSA_SUCCESS ); +} + +void mbedtls_test_transparent_free( void ) +{ + return; +} + +psa_status_t mbedtls_test_opaque_init( void ) +{ + return( PSA_SUCCESS ); +} + +void mbedtls_test_opaque_free( void ) +{ + return; +} /* * This macro returns the base size for the key context when SE does not From 75054fb5125c36448d3cc62af7b2fab10671bc98 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 10 Apr 2021 15:12:00 +0200 Subject: [PATCH 216/553] psa: test driver: Move driver test entry points prototypes In preparation of the driver test entry points to be provided by a test driver library, move their prototypes to tests directory. Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 52 +++++++++++++++++++++++++++ include/test/drivers/hash.h | 34 ++++++++++++++++++ include/test/drivers/key_management.h | 33 +++++++++++++++++ include/test/drivers/mac.h | 48 +++++++++++++++++++++++++ include/test/drivers/signature.h | 29 +++++++++++++++ src/drivers/test_driver_signature.c | 1 + 6 files changed, 197 insertions(+) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 142f3b7655..676eba4dae 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -136,5 +136,57 @@ psa_status_t mbedtls_test_opaque_cipher_finish( mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_update( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_finish( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_abort( + mbedtls_psa_cipher_operation_t *operation ); + +psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index d202c8bf06..cabe17ff84 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -72,5 +72,39 @@ psa_status_t mbedtls_test_transparent_hash_finish( psa_status_t mbedtls_test_transparent_hash_abort( mbedtls_psa_hash_operation_t *operation ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_hash_compute( + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *hash, + size_t hash_size, + size_t *hash_length); + +psa_status_t mbedtls_transparent_test_driver_hash_setup( + mbedtls_psa_hash_operation_t *operation, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_hash_clone( + const mbedtls_psa_hash_operation_t *source_operation, + mbedtls_psa_hash_operation_t *target_operation ); + +psa_status_t mbedtls_transparent_test_driver_hash_update( + mbedtls_psa_hash_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_transparent_test_driver_hash_finish( + mbedtls_psa_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length ); + +psa_status_t mbedtls_transparent_test_driver_hash_abort( + mbedtls_psa_hash_operation_t *operation ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 5bba611746..a2853c2ad0 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -125,6 +125,39 @@ psa_status_t mbedtls_test_opaque_copy_key( size_t target_key_buffer_size, size_t *target_key_buffer_length); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_ecp_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits ); + +psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits ); + +psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index 5f6cd38a4d..0adec75adb 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -133,5 +133,53 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( psa_status_t mbedtls_test_opaque_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_mac_update( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( + mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_abort( + mbedtls_psa_mac_operation_t *operation ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 67f2b29a35..b34849702e 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -120,5 +120,34 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); + +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 8494385421..d81fc23359 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -29,6 +29,7 @@ #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" +#include "test/drivers/hash.h" #include "test/drivers/signature.h" #include "mbedtls/md.h" From 8960d8f434b92336b2d1bc0d09d3d34ad7f8ff3c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 13 Mar 2021 18:19:08 +0100 Subject: [PATCH 217/553] tests: Rename test driver entry points Rename test driver entry points to libtestdriver1_. This aligns with the renaming of all Mbed TLS APIs for the test driver library (that will be put in place in the following commits) to avoid name conflicts when linking it with the Mbed TLS library. Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 16 +++++----- include/test/drivers/hash.h | 12 ++++---- include/test/drivers/key_management.h | 12 ++++---- include/test/drivers/mac.h | 14 ++++----- include/test/drivers/signature.h | 8 ++--- src/drivers/hash.c | 14 ++++----- src/drivers/test_driver_cipher.c | 16 +++++----- src/drivers/test_driver_key_management.c | 20 ++++++------- src/drivers/test_driver_mac.c | 14 ++++----- src/drivers/test_driver_signature.c | 37 ++++++++++++------------ 10 files changed, 82 insertions(+), 81 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 676eba4dae..5b9226f630 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -137,35 +137,35 @@ psa_status_t mbedtls_test_opaque_cipher_finish( uint8_t *output, size_t output_size, size_t *output_length); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( +psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( +psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( +psa_status_t libtestdriver1_mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_update( +psa_status_t libtestdriver1_mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_finish( +psa_status_t libtestdriver1_mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_abort( +psa_status_t libtestdriver1_mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ); -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( +psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -176,7 +176,7 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( size_t output_size, size_t *output_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( +psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index cabe17ff84..d89ec40554 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -74,7 +74,7 @@ psa_status_t mbedtls_test_transparent_hash_abort( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_hash_compute( +psa_status_t libtestdriver1_mbedtls_psa_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -82,26 +82,26 @@ psa_status_t mbedtls_transparent_test_driver_hash_compute( size_t hash_size, size_t *hash_length); -psa_status_t mbedtls_transparent_test_driver_hash_setup( +psa_status_t libtestdriver1_mbedtls_psa_hash_setup( mbedtls_psa_hash_operation_t *operation, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_hash_clone( +psa_status_t libtestdriver1_mbedtls_psa_hash_clone( const mbedtls_psa_hash_operation_t *source_operation, mbedtls_psa_hash_operation_t *target_operation ); -psa_status_t mbedtls_transparent_test_driver_hash_update( +psa_status_t libtestdriver1_mbedtls_psa_hash_update( mbedtls_psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t mbedtls_transparent_test_driver_hash_finish( +psa_status_t libtestdriver1_mbedtls_psa_hash_finish( mbedtls_psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length ); -psa_status_t mbedtls_transparent_test_driver_hash_abort( +psa_status_t libtestdriver1_mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation ); #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index a2853c2ad0..91cda831cd 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -127,33 +127,33 @@ psa_status_t mbedtls_test_opaque_copy_key( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_ecp_import_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); -psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_import_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); -psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index 0adec75adb..3819f1e523 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -135,7 +135,7 @@ psa_status_t mbedtls_test_opaque_mac_abort( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_mac_compute( +psa_status_t libtestdriver1_mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -146,37 +146,37 @@ psa_status_t mbedtls_transparent_test_driver_mac_compute( size_t mac_size, size_t *mac_length ); -psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( +psa_status_t libtestdriver1_mbedtls_psa_mac_sign_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( +psa_status_t libtestdriver1_mbedtls_psa_mac_verify_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_mac_update( +psa_status_t libtestdriver1_mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( +psa_status_t libtestdriver1_mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ); -psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( +psa_status_t libtestdriver1_mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ); -psa_status_t mbedtls_transparent_test_driver_mac_abort( +psa_status_t libtestdriver1_mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation ); #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index b34849702e..e0469550ff 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -123,25 +123,25 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( +psa_status_t libtestdriver1_mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( +psa_status_t libtestdriver1_mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( +psa_status_t libtestdriver1_mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( +psa_status_t libtestdriver1_mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 25574177dd..270e5af23a 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -43,7 +43,7 @@ psa_status_t mbedtls_test_transparent_hash_compute( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_compute( + libtestdriver1_mbedtls_psa_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -80,7 +80,7 @@ psa_status_t mbedtls_test_transparent_hash_setup( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_setup( operation, alg ); + libtestdriver1_mbedtls_psa_hash_setup( operation, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_setup( operation, alg ); @@ -109,8 +109,8 @@ psa_status_t mbedtls_test_transparent_hash_clone( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_clone( source_operation, - target_operation ); + libtestdriver1_mbedtls_psa_hash_clone( source_operation, + target_operation ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_clone( source_operation, target_operation ); @@ -140,7 +140,7 @@ psa_status_t mbedtls_test_transparent_hash_update( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_update( + libtestdriver1_mbedtls_psa_hash_update( operation, input, input_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = @@ -173,7 +173,7 @@ psa_status_t mbedtls_test_transparent_hash_finish( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_finish( + libtestdriver1_mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = @@ -204,7 +204,7 @@ psa_status_t mbedtls_test_transparent_hash_abort( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_abort( operation ); + libtestdriver1_mbedtls_psa_hash_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_abort( operation ); diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index ed65c9168f..412771af52 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -67,7 +67,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_encrypt( + return( libtestdriver1_mbedtls_psa_cipher_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); @@ -111,7 +111,7 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_decrypt( + return( libtestdriver1_mbedtls_psa_cipher_decrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); @@ -143,7 +143,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_encrypt_setup( + return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup( operation, attributes, key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_encrypt_setup( @@ -165,7 +165,7 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_decrypt_setup( + return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup( operation, attributes, key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_decrypt_setup( @@ -181,7 +181,7 @@ psa_status_t mbedtls_test_transparent_cipher_abort( mbedtls_test_driver_cipher_hooks.hits++; #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - mbedtls_transparent_test_driver_cipher_abort( operation ); + libtestdriver1_mbedtls_psa_cipher_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) mbedtls_psa_cipher_abort( operation ); #endif @@ -206,7 +206,7 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_set_iv( + return( libtestdriver1_mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); @@ -242,7 +242,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_update( + return( libtestdriver1_mbedtls_psa_cipher_update( operation, input, input_length, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -279,7 +279,7 @@ psa_status_t mbedtls_test_transparent_cipher_finish( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_finish( + return( libtestdriver1_mbedtls_psa_cipher_finish( operation, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_finish( diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 59a1ce4efa..af34739cb8 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -197,7 +197,7 @@ psa_status_t mbedtls_test_transparent_generate_key( { #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecp_generate_key( + return( libtestdriver1_mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) return( mbedtls_psa_ecp_generate_key( @@ -208,7 +208,7 @@ psa_status_t mbedtls_test_transparent_generate_key( { #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_generate_key( + return( libtestdriver1_mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return( mbedtls_psa_rsa_generate_key( @@ -252,7 +252,7 @@ psa_status_t mbedtls_test_transparent_import_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_test_driver_ecp_import_key( + return( libtestdriver1_mbedtls_psa_ecp_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -271,7 +271,7 @@ psa_status_t mbedtls_test_transparent_import_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_test_driver_rsa_import_key( + return( libtestdriver1_mbedtls_psa_rsa_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -338,7 +338,7 @@ psa_status_t mbedtls_test_opaque_import_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_test_driver_ecp_import_key( + status = libtestdriver1_mbedtls_psa_ecp_import_key( attributes, data, data_length, key_buffer_temp, key_buffer_size, @@ -361,7 +361,7 @@ psa_status_t mbedtls_test_opaque_import_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_test_driver_rsa_import_key( + status = libtestdriver1_mbedtls_psa_rsa_import_key( attributes, data, data_length, key_buffer_temp, key_buffer_size, @@ -499,7 +499,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_test_driver_ecp_export_public_key( + return( libtestdriver1_mbedtls_psa_ecp_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); @@ -516,7 +516,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_test_driver_rsa_export_public_key( + return( libtestdriver1_mbedtls_psa_rsa_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); @@ -560,7 +560,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_test_driver_ecp_export_public_key( + status = libtestdriver1_mbedtls_psa_ecp_export_public_key( attributes, key_buffer_temp, *data_length, data, data_size, data_length ); @@ -584,7 +584,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_test_driver_rsa_export_public_key( + status = libtestdriver1_mbedtls_psa_rsa_export_public_key( attributes, key_buffer_temp, *data_length, data, data_size, data_length ); diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index e586c8d080..43fc7e6c82 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -49,7 +49,7 @@ psa_status_t mbedtls_test_transparent_mac_compute( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_compute( + libtestdriver1_mbedtls_psa_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); @@ -94,7 +94,7 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_sign_setup( + libtestdriver1_mbedtls_psa_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -131,7 +131,7 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_verify_setup( + libtestdriver1_mbedtls_psa_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -166,7 +166,7 @@ psa_status_t mbedtls_test_transparent_mac_update( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_update( + libtestdriver1_mbedtls_psa_mac_update( operation, input, input_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -200,7 +200,7 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_sign_finish( + libtestdriver1_mbedtls_psa_mac_sign_finish( operation, mac, mac_size, mac_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -234,7 +234,7 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_verify_finish( + libtestdriver1_mbedtls_psa_mac_verify_finish( operation, mac, mac_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -265,7 +265,7 @@ psa_status_t mbedtls_test_transparent_mac_abort( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_abort( operation ); + libtestdriver1_mbedtls_psa_mac_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_abort( operation ); diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index d81fc23359..cc005764b7 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -31,6 +31,7 @@ #include "test/drivers/hash.h" #include "test/drivers/signature.h" +#include "test/drivers/hash.h" #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" @@ -63,18 +64,18 @@ psa_status_t sign_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_sign_hash( + return( libtestdriver1_mbedtls_psa_rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return( mbedtls_psa_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return( mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); #endif } else @@ -89,7 +90,7 @@ psa_status_t sign_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, @@ -139,18 +140,18 @@ psa_status_t verify_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_verify_hash( + return( libtestdriver1_mbedtls_psa_rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return( mbedtls_psa_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return( mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); #endif } else @@ -165,7 +166,7 @@ psa_status_t verify_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, @@ -229,7 +230,7 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( } #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_transparent_test_driver_hash_compute( + status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -293,7 +294,7 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( return( mbedtls_test_driver_signature_verify_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_transparent_test_driver_hash_compute( + status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -357,9 +358,9 @@ psa_status_t mbedtls_test_transparent_signature_sign_hash( return( PSA_SUCCESS ); } - return sign_hash( attributes, key_buffer, key_buffer_size, + return( sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_size, signature_length ); + signature, signature_size, signature_length ) ); } psa_status_t mbedtls_test_opaque_signature_sign_hash( From f909a30269f00908313aee95ce29797137d3f819 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 Apr 2021 18:29:24 +0200 Subject: [PATCH 218/553] tests: Add build of a PSA test driver library PR #3959 has proven that by adding a prefix (LIBTESTDRIVER1/libtestdriver1_ in this commit) to all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy of the Mbed TLS library, we can build a library that can be linked with the Mbed TLS library. This commit leverages this to build a PSA test driver library based on the Mbed TLS library code. The cryptographic features supported by the test library are defined by: . a minimal configuration (in the sense of config.h), see config_test_driver.h . PSA_WANT_* and PSA_ACCEL_* defined macros. The PSA_WANT_* macros have to be the same as the ones used to build the Mbed TLS library the test driver library is supposed to be linked to as the PSA_WANT_* macros are used in the definition of structures and macros that are shared by the PSA crypto core, Mbed TLS drivers and the driver test library. The PSA_ACCEL_* macros are intended to define the cryptographic features that have to be removed from the Mbed TLS library and thus supported by the test library in test scenarios. The PSA_ACCEL_* macros to build the test library are thus mirrored from the ones to build the Mbed TLS library by extended the crypto_config.h: see crypto_config_test_driver_entension.h. Signed-off-by: Ronald Cron --- include/test/drivers/config_test_driver.h | 59 +++++ .../crypto_config_test_driver_extension.h | 237 ++++++++++++++++++ 2 files changed, 296 insertions(+) create mode 100644 include/test/drivers/config_test_driver.h create mode 100644 include/test/drivers/crypto_config_test_driver_extension.h diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h new file mode 100644 index 0000000000..6dcefd7a94 --- /dev/null +++ b/include/test/drivers/config_test_driver.h @@ -0,0 +1,59 @@ +/** + * \file config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#define MBEDTLS_PSA_CRYPTO_C +#define MBEDTLS_PSA_CRYPTO_CONFIG + +/* PSA core mandatory configuration options */ +#define MBEDTLS_CIPHER_C +#define MBEDTLS_AES_C +#define MBEDTLS_SHA224_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C + +/* + * Configuration options that may need to be additionally enabled for the + * purpose of a specific set of tests. + */ +//#define MBEDTLS_SHA1_C +//#define MBEDTLS_SHA384_C +//#define MBEDTLS_SHA512_C +//#define MBEDTLS_PEM_PARSE_C +//#define MBEDTLS_BASE64_C + +#include "mbedtls/config_psa.h" +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h new file mode 100644 index 0000000000..51ad4ab67e --- /dev/null +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -0,0 +1,237 @@ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + */ + +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CBC_PKCS7) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CFB) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB) +#undef MBEDTLS_PSA_ACCEL_ALG_CFB +#else +#define MBEDTLS_PSA_ACCEL_ALG_CFB 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CTR) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) +#undef MBEDTLS_PSA_ACCEL_ALG_CTR +#else +#define MBEDTLS_PSA_ACCEL_ALG_CTR 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#else +#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA +#else +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD2) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2) +#undef MBEDTLS_PSA_ACCEL_ALG_MD2 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD2 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD4) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4) +#undef MBEDTLS_PSA_ACCEL_ALG_MD4 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD4 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD5) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#undef MBEDTLS_PSA_ACCEL_ALG_MD5 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD5 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_OFB) +#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB) +#undef MBEDTLS_PSA_ACCEL_ALG_OFB +#else +#define MBEDTLS_PSA_ACCEL_ALG_OFB 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 +#else +#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PSS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_1) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_224) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_256) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_384) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_512) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_XTS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) +#undef MBEDTLS_PSA_ACCEL_ALG_XTS +#else +#define MBEDTLS_PSA_ACCEL_ALG_XTS 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_AES) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_ARIA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR 1 +#endif +#endif + +#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 +#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 +#define MBEDTLS_PSA_ACCEL_ALG_GCM 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 + +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 +#endif + +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 From f9e2f7d3599bde2bff13e4e6373ec4516ded0080 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 13 Sep 2021 14:50:42 +0200 Subject: [PATCH 219/553] Move to separately compiled PSA test driver library This commit removes the test_psa_crypto_config_basic all.sh component that can no longer work without adapting it to the separately compiled test driver library. This component is replaced by several components in the following commits to test various type of acceleration independently. Signed-off-by: Ronald Cron --- include/test/drivers/cipher.h | 52 --------------- include/test/drivers/hash.h | 34 ---------- include/test/drivers/key_management.h | 34 ---------- include/test/drivers/mac.h | 48 -------------- include/test/drivers/signature.h | 29 -------- src/drivers/hash.c | 22 +++++-- src/drivers/test_driver_cipher.c | 42 ++++++++---- src/drivers/test_driver_key_management.c | 84 +++++++++++++----------- src/drivers/test_driver_mac.c | 36 +++++++--- src/drivers/test_driver_signature.c | 44 ++++++++----- 10 files changed, 143 insertions(+), 282 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 5b9226f630..142f3b7655 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -136,57 +136,5 @@ psa_status_t mbedtls_test_opaque_cipher_finish( mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_set_iv( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_update( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_finish( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_abort( - mbedtls_psa_cipher_operation_t *operation ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index d89ec40554..d202c8bf06 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -72,39 +72,5 @@ psa_status_t mbedtls_test_transparent_hash_finish( psa_status_t mbedtls_test_transparent_hash_abort( mbedtls_psa_hash_operation_t *operation ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -psa_status_t libtestdriver1_mbedtls_psa_hash_setup( - mbedtls_psa_hash_operation_t *operation, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_clone( - const mbedtls_psa_hash_operation_t *source_operation, - mbedtls_psa_hash_operation_t *target_operation ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_update( - mbedtls_psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_finish( - mbedtls_psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_abort( - mbedtls_psa_hash_operation_t *operation ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 91cda831cd..ba1e04ab71 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -125,39 +125,5 @@ psa_status_t mbedtls_test_opaque_copy_key( size_t target_key_buffer_size, size_t *target_key_buffer_length); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_ecp_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); - -psa_status_t libtestdriver1_mbedtls_psa_ecp_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); - -psa_status_t libtestdriver1_mbedtls_psa_ecp_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index 3819f1e523..5f6cd38a4d 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -133,53 +133,5 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( psa_status_t mbedtls_test_opaque_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_sign_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_verify_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_update( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_sign_finish( - mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_verify_finish( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_abort( - mbedtls_psa_mac_operation_t *operation ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index e0469550ff..67f2b29a35 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -120,34 +120,5 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); - -psa_status_t libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 270e5af23a..44e0e80591 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -24,6 +24,10 @@ #include "test/drivers/hash.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_hash.h" +#endif + mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; @@ -41,7 +45,8 @@ psa_status_t mbedtls_test_transparent_hash_compute( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_compute( alg, input, input_length, @@ -78,7 +83,8 @@ psa_status_t mbedtls_test_transparent_hash_setup( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_setup( operation, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -107,7 +113,8 @@ psa_status_t mbedtls_test_transparent_hash_clone( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_clone( source_operation, target_operation ); @@ -138,7 +145,8 @@ psa_status_t mbedtls_test_transparent_hash_update( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_update( operation, input, input_length ); @@ -171,7 +179,8 @@ psa_status_t mbedtls_test_transparent_hash_finish( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); @@ -202,7 +211,8 @@ psa_status_t mbedtls_test_transparent_hash_abort( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 412771af52..3d1efb85e7 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -30,6 +30,10 @@ #include "test/random.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_cipher.h" +#endif + #include mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks = @@ -66,9 +70,11 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_encrypt( - attributes, key_buffer, key_buffer_size, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -110,9 +116,11 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_decrypt( - attributes, key_buffer, key_buffer_size, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -142,9 +150,12 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - operation, attributes, key, key_length, alg ) ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_encrypt_setup( operation, attributes, key, key_length, alg ) ); @@ -164,9 +175,12 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - operation, attributes, key, key_length, alg ) ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_decrypt_setup( operation, attributes, key, key_length, alg ) ); @@ -180,7 +194,8 @@ psa_status_t mbedtls_test_transparent_cipher_abort( { mbedtls_test_driver_cipher_hooks.hits++; -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) libtestdriver1_mbedtls_psa_cipher_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) mbedtls_psa_cipher_abort( operation ); @@ -205,7 +220,8 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -241,7 +257,8 @@ psa_status_t mbedtls_test_transparent_cipher_update( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_update( operation, input, input_length, output, output_size, output_length ) ); @@ -278,7 +295,8 @@ psa_status_t mbedtls_test_transparent_cipher_finish( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_finish( operation, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index af34739cb8..0ff283fed4 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -29,9 +29,13 @@ #include "mbedtls/error.h" #include "test/drivers/key_management.h" - #include "test/random.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#endif + #include mbedtls_test_driver_key_management_hooks_t @@ -195,10 +199,11 @@ psa_status_t mbedtls_test_transparent_generate_key( if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) return( libtestdriver1_mbedtls_psa_ecp_generate_key( - attributes, key, key_size, key_length ) ); + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) return( mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length ) ); @@ -206,10 +211,11 @@ psa_status_t mbedtls_test_transparent_generate_key( } else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) { -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return( libtestdriver1_mbedtls_psa_rsa_generate_key( - attributes, key, key_size, key_length ) ); + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return( mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length ) ); @@ -249,11 +255,11 @@ psa_status_t mbedtls_test_transparent_import_key( if( PSA_KEY_TYPE_IS_ECC( type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_ecp_import_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits ) ); @@ -268,11 +274,11 @@ psa_status_t mbedtls_test_transparent_import_key( } else if( PSA_KEY_TYPE_IS_RSA( type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_rsa_import_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits ) ); @@ -335,11 +341,11 @@ psa_status_t mbedtls_test_opaque_import_key( } else if( PSA_KEY_TYPE_IS_ECC( type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) status = libtestdriver1_mbedtls_psa_ecp_import_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits ); @@ -358,11 +364,11 @@ psa_status_t mbedtls_test_opaque_import_key( } else if( PSA_KEY_TYPE_IS_RSA( type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) status = libtestdriver1_mbedtls_psa_rsa_import_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits ); @@ -496,11 +502,11 @@ psa_status_t mbedtls_test_transparent_export_public_key( if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_ecp_export_public_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ @@ -513,11 +519,11 @@ psa_status_t mbedtls_test_transparent_export_public_key( } else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_rsa_export_public_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ @@ -557,11 +563,11 @@ psa_status_t mbedtls_test_opaque_export_public_key( key_buffer_temp, key_length, data_length ); if( status == PSA_SUCCESS ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) status = libtestdriver1_mbedtls_psa_ecp_export_public_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, key_buffer_temp, *data_length, data, data_size, data_length ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ @@ -581,11 +587,11 @@ psa_status_t mbedtls_test_opaque_export_public_key( key_buffer_temp, key_length, data_length ); if( status == PSA_SUCCESS ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) status = libtestdriver1_mbedtls_psa_rsa_export_public_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, key_buffer_temp, *data_length, data, data_size, data_length ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 43fc7e6c82..f909785dfd 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -24,6 +24,10 @@ #include "test/drivers/mac.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_mac.h" +#endif + mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; @@ -47,10 +51,12 @@ psa_status_t mbedtls_test_transparent_mac_compute( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_compute( - attributes, key_buffer, key_buffer_size, alg, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) @@ -92,10 +98,13 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_sign_setup( @@ -129,10 +138,13 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_verify_setup( @@ -164,7 +176,8 @@ psa_status_t mbedtls_test_transparent_mac_update( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_update( operation, input, input_length ); @@ -198,7 +211,8 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_sign_finish( operation, mac, mac_size, mac_length ); @@ -232,7 +246,8 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_verify_finish( operation, mac, mac_length ); @@ -263,7 +278,8 @@ psa_status_t mbedtls_test_transparent_mac_abort( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index cc005764b7..ef6d135eb8 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -38,6 +38,12 @@ #include "test/random.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_hash.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#endif + #include mbedtls_test_driver_signature_hooks_t @@ -61,11 +67,11 @@ psa_status_t sign_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ) return( libtestdriver1_mbedtls_psa_rsa_sign_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); @@ -87,11 +93,11 @@ psa_status_t sign_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); @@ -137,11 +143,11 @@ psa_status_t verify_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ) return( libtestdriver1_mbedtls_psa_rsa_verify_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); @@ -163,11 +169,11 @@ psa_status_t verify_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); @@ -229,7 +235,8 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); @@ -293,7 +300,8 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_signature_verify_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); From 351ef5d187c30d96844488f6e1067849164784cd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 13 Mar 2021 18:50:11 +0100 Subject: [PATCH 220/553] psa: Remove test code in the library The current testing of the PSA configuration is based on test code located in the library itself. Remove this code as we are moving to using a test library instead. Signed-off-by: Ronald Cron --- include/test/drivers/hash.h | 2 +- src/drivers/test_driver_key_management.c | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index d202c8bf06..b05fcd79f1 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -70,7 +70,7 @@ psa_status_t mbedtls_test_transparent_hash_finish( size_t *hash_length ); psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_psa_hash_operation_t *operation ); + mbedtls_transparent_test_driver_hash_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 0ff283fed4..5028073a62 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -62,11 +62,24 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = psa_status_t mbedtls_test_transparent_init( void ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) + status = libtestdriver1_psa_crypto_init( ); + if( status != PSA_SUCCESS ) + return( status ); +#endif + + (void)status; return( PSA_SUCCESS ); } void mbedtls_test_transparent_free( void ) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) + libtestdriver1_mbedtls_psa_crypto_free( ); +#endif + return; } From 3150af65e293e1078c49d38de5182157d11e2073 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 31 Aug 2021 19:08:55 +0200 Subject: [PATCH 221/553] tests: psa: Refine choice of default hash algorithm for signature As PSA signatures rely on built-in hash implementations (cannot take an advantage of an accelerator for the time being), chose an available built-in hash for tests exercising a signature key. Signed-off-by: Ronald Cron --- include/test/psa_exercise_key.h | 28 ++++++++++++++++++++++++++++ src/psa_exercise_key.c | 4 ++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index aa0aeb5afd..6cffeb22bf 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -52,6 +52,34 @@ #undef KNOWN_SUPPORTED_HASH_ALG #endif +/** \def KNOWN_MBEDTLS_SUPPORTED_HASH_ALG + * + * A hash algorithm that is known to be supported by Mbed TLS APIs. + * + * This is used in some smoke tests where the hash algorithm is used as + * part of another algorithm like a signature algorithm and the hashing is + * completed through an Mbed TLS hash API, not the PSA one. + */ +#if defined(MBEDTLS_MD2_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD2 +#elif defined(MBEDTLS_MD4_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD4 +#elif defined(MBEDTLS_MD5_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ +#elif defined(MBEDTLS_SHA1_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(MBEDTLS_SHA256_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 +#elif defined(MBEDTLS_SHA512_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 +#else +#undef KNOWN_MBEDLTS_SUPPORTED_HASH_ALG +#endif + /** \def KNOWN_SUPPORTED_BLOCK_CIPHER * * A block cipher that is known to be supported. diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index de2c48d6da..c1e76c85ef 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -309,8 +309,8 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, /* If the policy allows signing with any hash, just pick one. */ if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH ) { - #if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; + #if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); From d29a871ffe77cc4032da554731dd9f50fea1caaf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Nov 2021 18:01:40 +0100 Subject: [PATCH 222/553] psa: Fix and improve comments Signed-off-by: Ronald Cron --- include/test/drivers/config_test_driver.h | 14 ++++++-------- .../drivers/crypto_config_test_driver_extension.h | 8 +++++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 6dcefd7a94..b9ba5fb5f0 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -1,11 +1,9 @@ -/** - * \file config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. +/* + * Mbed TLS configuration for PSA test driver libraries. It includes: + * . the minimum set of modules needed by the PSA core. + * . the Mbed TLS configuration options that may need to be additionally + * enabled for the purpose of a specific test. + * . the PSA configuration file for the Mbed TLS library and its test drivers. */ /* * Copyright The Mbed TLS Contributors diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 51ad4ab67e..af4686b97e 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -1,7 +1,9 @@ /** - * \file psa/crypto_config.h - * \brief PSA crypto configuration options (set of defines) - * + * This file is intended to be used to build PSA test driver libraries. It is + * intended to be appended by the test build system to the crypto_config.h file + * of the Mbed TLS library the test library will be linked to. It mirrors the + * PSA_ACCEL_* macros defining the cryptographic operations the test library + * supports. */ #if defined(PSA_WANT_ALG_CBC_NO_PADDING) From bee595f74d4da79b80458d638b36d18b4293efa5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 7 Dec 2021 09:54:36 +0100 Subject: [PATCH 223/553] tests: psa: Remove MD2, MD4 and ARC4 related code MD2, MD4 and ARC4 are not supported anymore in 3.x. Signed-off-by: Ronald Cron --- .../crypto_config_test_driver_extension.h | 17 ----------------- include/test/psa_exercise_key.h | 6 +----- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index af4686b97e..927009ad96 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -54,22 +54,6 @@ #endif #endif -#if defined(PSA_WANT_ALG_MD2) -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2) -#undef MBEDTLS_PSA_ACCEL_ALG_MD2 -#else -#define MBEDTLS_PSA_ACCEL_ALG_MD2 1 -#endif -#endif - -#if defined(PSA_WANT_ALG_MD4) -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4) -#undef MBEDTLS_PSA_ACCEL_ALG_MD4 -#else -#define MBEDTLS_PSA_ACCEL_ALG_MD4 1 -#endif -#endif - #if defined(PSA_WANT_ALG_MD5) #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) #undef MBEDTLS_PSA_ACCEL_ALG_MD5 @@ -231,7 +215,6 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 6cffeb22bf..18333a9372 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -60,11 +60,7 @@ * part of another algorithm like a signature algorithm and the hashing is * completed through an Mbed TLS hash API, not the PSA one. */ -#if defined(MBEDTLS_MD2_C) -#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD2 -#elif defined(MBEDTLS_MD4_C) -#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD4 -#elif defined(MBEDTLS_MD5_C) +#if defined(MBEDTLS_MD5_C) #define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD5 /* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 From cf2dbb162f86b6f6adbcbf69c847d4add237ee8b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 7 Dec 2021 19:06:51 +0100 Subject: [PATCH 224/553] Add tests for an opaque import in the driver wrappers Signed-off-by: Andrzej Kurek --- include/test/drivers/key_management.h | 6 +++++- src/drivers/test_driver_key_management.c | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index ba1e04ab71..48c33d77f8 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -38,9 +38,13 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Record the source of the function call. */ + psa_key_location_t source; } mbedtls_test_driver_key_management_hooks_t; -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } +/* 0x800000 is a vendor-specific location, unused by the PSA, overwritten + * in tests that expect a different value. */ +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init( void ) { diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 5028073a62..3cfd59599e 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -29,6 +29,8 @@ #include "mbedtls/error.h" #include "test/drivers/key_management.h" +#include "test/drivers/test_driver.h" + #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) @@ -260,6 +262,7 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.source = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); @@ -326,6 +329,12 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *key_buffer_length, size_t *bits) { + ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.source = PSA_CRYPTO_TEST_DRIVER_LOCATION; + + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); /* This buffer will be used as an intermediate placeholder for From 84bda95d6d13c29cca8056e3641c866a94356231 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Thu, 9 Dec 2021 11:11:54 +0100 Subject: [PATCH 225/553] psa_asymmetric_encrypt: add test driver impl Signed-off-by: Przemyslaw Stekiel --- src/drivers/test_driver_rsa.c | 114 ++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 src/drivers/test_driver_rsa.c diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_rsa.c new file mode 100644 index 0000000000..5cdaa33ae7 --- /dev/null +++ b/src/drivers/test_driver_rsa.c @@ -0,0 +1,114 @@ +/* + * Test driver for rsa functions. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "mbedtls/rsa.h" +#include "psa_crypto_rsa.h" +#include "string.h" + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_rsa_crypto.h" +#endif + +mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks = + MBEDTLS_TEST_DRIVER_RSA_INIT; + +psa_status_t mbedtls_test_transparent_asymmetric_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + mbedtls_test_driver_rsa_hooks.hits++; + + if( mbedtls_test_driver_rsa_hooks.forced_output != NULL ) + { + if( output_size < mbedtls_test_driver_rsa_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( output, + mbedtls_test_driver_rsa_hooks.forced_output, + mbedtls_test_driver_rsa_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_rsa_hooks.forced_output_length; + + return( mbedtls_test_driver_rsa_hooks.forced_status ); + } + + if( mbedtls_test_driver_rsa_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_rsa_hooks.forced_status ); + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) + return( libtestdriver1_mbedtls_psa_asymmetric_encrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length ) ); +#else + return( mbedtls_psa_asymmetric_encrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +/* + * opaque versions, to do + */ +psa_status_t mbedtls_test_opaque_asymmetric_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) salt; + (void) salt_length; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From f097d5615aa97614e7b0935537e5dec02de27176 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 13 Dec 2021 09:00:52 +0100 Subject: [PATCH 226/553] psa_asymmetric_decrypt: add test driver impl Signed-off-by: Przemyslaw Stekiel --- src/drivers/test_driver_rsa.c | 74 +++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_rsa.c index 5cdaa33ae7..6d84640b6b 100644 --- a/src/drivers/test_driver_rsa.c +++ b/src/drivers/test_driver_rsa.c @@ -80,6 +80,54 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t mbedtls_test_transparent_asymmetric_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + mbedtls_test_driver_rsa_hooks.hits++; + + if( mbedtls_test_driver_rsa_hooks.forced_output != NULL ) + { + if( output_size < mbedtls_test_driver_rsa_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( output, + mbedtls_test_driver_rsa_hooks.forced_output, + mbedtls_test_driver_rsa_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_rsa_hooks.forced_output_length; + + return( mbedtls_test_driver_rsa_hooks.forced_status ); + } + + if( mbedtls_test_driver_rsa_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_rsa_hooks.forced_status ); + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) + return( libtestdriver1_mbedtls_psa_asymmetric_decrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length ) ); +#else + return( mbedtls_psa_asymmetric_decrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); +} + /* * opaque versions, to do */ @@ -110,5 +158,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t mbedtls_test_opaque_asymmetric_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) salt; + (void) salt_length; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 131b7b878593583c178e0fb9c2c952fcaae71cf9 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 22 Dec 2021 12:02:03 +0100 Subject: [PATCH 227/553] Move driver asymetric encrypt/decript declarations to asym.h Signed-off-by: Przemyslaw Stekiel --- include/test/drivers/asym.h | 104 +++++++++++++++++++++++++++++ include/test/drivers/test_driver.h | 1 + src/drivers/test_driver_rsa.c | 1 + 3 files changed, 106 insertions(+) create mode 100644 include/test/drivers/asym.h diff --git a/include/test/drivers/asym.h b/include/test/drivers/asym.h new file mode 100644 index 0000000000..a7c5873f26 --- /dev/null +++ b/include/test/drivers/asym.h @@ -0,0 +1,104 @@ +/* + * Test driver for hash driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYM_H +#define PSA_CRYPTO_TEST_DRIVERS_ASYM_H + +#include "mbedtls/build_info.h" + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include +#include + +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the rsa driver functions is called. */ + unsigned long hits; +} mbedtls_test_driver_rsa_hooks_t; + +#define MBEDTLS_TEST_DRIVER_RSA_INIT { NULL, 0, PSA_SUCCESS, 0 } + +static inline mbedtls_test_driver_rsa_hooks_t + mbedtls_test_driver_rsa_hooks_init( void ) +{ + const mbedtls_test_driver_rsa_hooks_t v = MBEDTLS_TEST_DRIVER_RSA_INIT; + return( v ); +} + +extern mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks; + +psa_status_t mbedtls_test_transparent_asymmetric_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t mbedtls_test_opaque_asymmetric_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t mbedtls_test_transparent_asymmetric_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t mbedtls_test_opaque_asymmetric_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYM_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 47e92b7071..af19e421af 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -28,5 +28,6 @@ #include "test/drivers/mac.h" #include "test/drivers/key_management.h" #include "test/drivers/signature.h" +#include "test/drivers/asym.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_rsa.c index 6d84640b6b..3f9bcded28 100644 --- a/src/drivers/test_driver_rsa.c +++ b/src/drivers/test_driver_rsa.c @@ -24,6 +24,7 @@ #include "mbedtls/rsa.h" #include "psa_crypto_rsa.h" #include "string.h" +#include "test/drivers/asym.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_rsa_crypto.h" From f86cb7288fc48134bbd7e79534983c11c3b626c0 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 3 Jan 2022 09:19:19 +0100 Subject: [PATCH 228/553] test_driver_rsa.c: fix include file name Signed-off-by: Przemyslaw Stekiel --- src/drivers/test_driver_rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_rsa.c index 3f9bcded28..d6b461165e 100644 --- a/src/drivers/test_driver_rsa.c +++ b/src/drivers/test_driver_rsa.c @@ -27,7 +27,7 @@ #include "test/drivers/asym.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/library/psa_crypto_rsa_crypto.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" #endif mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks = From 579b062df73b45b8d06c37b3549226f585ad59b8 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 17 Jan 2022 15:26:24 +0100 Subject: [PATCH 229/553] Mark unused variable in tests for cases with reduced configs Signed-off-by: Andrzej Kurek --- src/psa_exercise_key.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index c1e76c85ef..71a1b78740 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -764,6 +764,7 @@ int mbedtls_test_psa_exported_key_sanity_check( #endif /* MBEDTLS_ECP_C */ { + (void) exported; TEST_ASSERT( ! "Sanity check not implemented for this key type" ); } From fd17fb84a56d9d32e3f94e1a4f743c0e85ab09c7 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 2 Feb 2022 11:10:46 +0100 Subject: [PATCH 230/553] Compact the argument lists Signed-off-by: Przemyslaw Stekiel --- include/test/drivers/asym.h | 60 ++++++++++------------------------- src/drivers/test_driver_rsa.c | 60 ++++++++++------------------------- 2 files changed, 32 insertions(+), 88 deletions(-) diff --git a/include/test/drivers/asym.h b/include/test/drivers/asym.h index a7c5873f26..82a9d8c94e 100644 --- a/include/test/drivers/asym.h +++ b/include/test/drivers/asym.h @@ -49,56 +49,28 @@ static inline mbedtls_test_driver_rsa_hooks_t extern mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks; psa_status_t mbedtls_test_transparent_asymmetric_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ); psa_status_t mbedtls_test_opaque_asymmetric_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ); psa_status_t mbedtls_test_transparent_asymmetric_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ); psa_status_t mbedtls_test_opaque_asymmetric_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_ASYM_H */ diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_rsa.c index d6b461165e..b0d9f4491c 100644 --- a/src/drivers/test_driver_rsa.c +++ b/src/drivers/test_driver_rsa.c @@ -34,17 +34,10 @@ mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks = MBEDTLS_TEST_DRIVER_RSA_INIT; psa_status_t mbedtls_test_transparent_asymmetric_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ) { mbedtls_test_driver_rsa_hooks.hits++; @@ -82,17 +75,10 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( } psa_status_t mbedtls_test_transparent_asymmetric_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ) { mbedtls_test_driver_rsa_hooks.hits++; @@ -133,17 +119,10 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( * opaque versions, to do */ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length) + const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ) { (void) attributes; (void) key; @@ -160,17 +139,10 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( } psa_status_t mbedtls_test_opaque_asymmetric_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length) + const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, size_t *output_length ) { (void) attributes; (void) key; From 7664f4f298d5cfbf30adf14330efa92796a7e0a2 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 2 Feb 2022 11:42:18 +0100 Subject: [PATCH 231/553] test_driver_rsa.c: Fix comment Signed-off-by: Przemyslaw Stekiel --- src/drivers/test_driver_rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_rsa.c index b0d9f4491c..234613e46d 100644 --- a/src/drivers/test_driver_rsa.c +++ b/src/drivers/test_driver_rsa.c @@ -116,7 +116,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( } /* - * opaque versions, to do + * opaque versions - TODO */ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, From ab3462e8c59c5236abe03c6143ad28c0669765dd Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 09:42:47 -0500 Subject: [PATCH 232/553] Formatting and documentation fixes Signed-off-by: Andrzej Kurek --- include/test/drivers/key_management.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 48c33d77f8..50a7407352 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -42,8 +42,10 @@ typedef struct { psa_key_location_t source; } mbedtls_test_driver_key_management_hooks_t; -/* 0x800000 is a vendor-specific location, unused by the PSA, overwritten - * in tests that expect a different value. */ +/* The location is initialized to the invalid value 0x800000. Invalid in the + * sense that no PSA specification will assign a meaning to this location + * (stated first in version 1.0.1 of the specification) and that it is not + * used as a location of an opaque test drivers. */ #define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init( void ) From b350b321bbc6282266309683180af80c98c8cc94 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 10:27:01 -0500 Subject: [PATCH 233/553] Test drivers: rename import call source to driver location Signed-off-by: Andrzej Kurek --- include/test/drivers/key_management.h | 4 ++-- src/drivers/test_driver_key_management.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 50a7407352..1f33da1a52 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -38,8 +38,8 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; - /* Record the source of the function call. */ - psa_key_location_t source; + /* Location of the last key management driver called to import a key. */ + psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; /* The location is initialized to the invalid value 0x800000. Invalid in the diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 3cfd59599e..e5f1193e98 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -262,7 +262,7 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.source = PSA_KEY_LOCATION_LOCAL_STORAGE; + mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); @@ -330,7 +330,7 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.source = PSA_CRYPTO_TEST_DRIVER_LOCATION; + mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); From 5f31cc8a5b9e1220219e4ea117ee3cd82ec65bbd Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 10:30:30 -0500 Subject: [PATCH 234/553] Test driver: keep variable declarations first Signed-off-by: Andrzej Kurek --- src/drivers/test_driver_key_management.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index e5f1193e98..974d498755 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -261,14 +261,14 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *key_buffer_length, size_t *bits) { + psa_key_type_t type = psa_get_key_type( attributes ); + ++mbedtls_test_driver_key_management_hooks.hits; mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_key_type_t type = psa_get_key_type( attributes ); - if( PSA_KEY_TYPE_IS_ECC( type ) ) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -329,18 +329,18 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *key_buffer_length, size_t *bits) { - ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; - - if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); /* This buffer will be used as an intermediate placeholder for * the clear key till we wrap it */ uint8_t *key_buffer_temp; + ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; + + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); + key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); From f273874c772d1f2580a8a79675998f006c5d04e3 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Wed, 2 Sep 2020 21:30:13 +1000 Subject: [PATCH 235/553] tests: prevent inclusion of time.h in baremetal compiles baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is undefined. To test this, provide an overriding include directory that has a time.h which throws a meaningful error if included. Signed-off-by: Daniel Axtens --- include/baremetal-override/time.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 include/baremetal-override/time.h diff --git a/include/baremetal-override/time.h b/include/baremetal-override/time.h new file mode 100644 index 0000000000..40eed2d33e --- /dev/null +++ b/include/baremetal-override/time.h @@ -0,0 +1,18 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#error "time.h included in a configuration without MBEDTLS_HAVE_TIME" From f746f4cc01756a0a85a0a1ce2ae6b75d4e2f173e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 7 Mar 2022 10:14:07 +0100 Subject: [PATCH 236/553] Change names rsa->asymmetric_encryption Signed-off-by: Przemek Stekiel --- .../{asym.h => asymmetric_encryption.h} | 25 ++++++----- include/test/drivers/test_driver.h | 2 +- ....c => test_driver_asymmetric_encryption.c} | 44 +++++++++---------- 3 files changed, 37 insertions(+), 34 deletions(-) rename include/test/drivers/{asym.h => asymmetric_encryption.h} (74%) rename src/drivers/{test_driver_rsa.c => test_driver_asymmetric_encryption.c} (71%) diff --git a/include/test/drivers/asym.h b/include/test/drivers/asymmetric_encryption.h similarity index 74% rename from include/test/drivers/asym.h rename to include/test/drivers/asymmetric_encryption.h index 82a9d8c94e..2babfead91 100644 --- a/include/test/drivers/asym.h +++ b/include/test/drivers/asymmetric_encryption.h @@ -1,5 +1,5 @@ /* - * Test driver for hash driver entry points. + * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -17,8 +17,8 @@ * limitations under the License. */ -#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYM_H -#define PSA_CRYPTO_TEST_DRIVERS_ASYM_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H +#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H #include "mbedtls/build_info.h" @@ -33,20 +33,23 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the rsa driver functions is called. */ + /* Count the amount of times one of the asymmetric_encryption driver + functions is called. */ unsigned long hits; -} mbedtls_test_driver_rsa_hooks_t; +} mbedtls_test_driver_asymmetric_encryption_hooks_t; -#define MBEDTLS_TEST_DRIVER_RSA_INIT { NULL, 0, PSA_SUCCESS, 0 } +#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 } -static inline mbedtls_test_driver_rsa_hooks_t - mbedtls_test_driver_rsa_hooks_init( void ) +static inline mbedtls_test_driver_asymmetric_encryption_hooks_t + mbedtls_test_driver_asymmetric_encryption_hooks_init( void ) { - const mbedtls_test_driver_rsa_hooks_t v = MBEDTLS_TEST_DRIVER_RSA_INIT; + const mbedtls_test_driver_asymmetric_encryption_hooks_t v = + MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; return( v ); } -extern mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks; +extern mbedtls_test_driver_asymmetric_encryption_hooks_t + mbedtls_test_driver_asymmetric_encryption_hooks; psa_status_t mbedtls_test_transparent_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -73,4 +76,4 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt( uint8_t *output, size_t output_size, size_t *output_length ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYM_H */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */ diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index af19e421af..098b21abff 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -28,6 +28,6 @@ #include "test/drivers/mac.h" #include "test/drivers/key_management.h" #include "test/drivers/signature.h" -#include "test/drivers/asym.h" +#include "test/drivers/asymmetric_encryption.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/test_driver_rsa.c b/src/drivers/test_driver_asymmetric_encryption.c similarity index 71% rename from src/drivers/test_driver_rsa.c rename to src/drivers/test_driver_asymmetric_encryption.c index 234613e46d..506c29bd0e 100644 --- a/src/drivers/test_driver_rsa.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -1,5 +1,5 @@ /* - * Test driver for rsa functions. + * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -24,14 +24,14 @@ #include "mbedtls/rsa.h" #include "psa_crypto_rsa.h" #include "string.h" -#include "test/drivers/asym.h" +#include "test/drivers/asymmetric_encryption.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_rsa.h" #endif -mbedtls_test_driver_rsa_hooks_t mbedtls_test_driver_rsa_hooks = - MBEDTLS_TEST_DRIVER_RSA_INIT; +mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks = + MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; psa_status_t mbedtls_test_transparent_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -39,23 +39,23 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length ) { - mbedtls_test_driver_rsa_hooks.hits++; + mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - if( mbedtls_test_driver_rsa_hooks.forced_output != NULL ) + if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL ) { - if( output_size < mbedtls_test_driver_rsa_hooks.forced_output_length ) + if( output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ) return( PSA_ERROR_BUFFER_TOO_SMALL ); memcpy( output, - mbedtls_test_driver_rsa_hooks.forced_output, - mbedtls_test_driver_rsa_hooks.forced_output_length ); - *output_length = mbedtls_test_driver_rsa_hooks.forced_output_length; + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - return( mbedtls_test_driver_rsa_hooks.forced_status ); + return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); } - if( mbedtls_test_driver_rsa_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_rsa_hooks.forced_status ); + if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -80,23 +80,23 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length ) { - mbedtls_test_driver_rsa_hooks.hits++; + mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - if( mbedtls_test_driver_rsa_hooks.forced_output != NULL ) + if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL ) { - if( output_size < mbedtls_test_driver_rsa_hooks.forced_output_length ) + if( output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ) return( PSA_ERROR_BUFFER_TOO_SMALL ); memcpy( output, - mbedtls_test_driver_rsa_hooks.forced_output, - mbedtls_test_driver_rsa_hooks.forced_output_length ); - *output_length = mbedtls_test_driver_rsa_hooks.forced_output_length; + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ); + *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - return( mbedtls_test_driver_rsa_hooks.forced_status ); + return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); } - if( mbedtls_test_driver_rsa_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_rsa_hooks.forced_status ); + if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) From 2e0495517cdee356d8af3fdf4ad42673b31d2726 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 8 Mar 2022 10:48:35 +0100 Subject: [PATCH 237/553] asymmetric_encryption.h: trim trailing spaces Signed-off-by: Przemek Stekiel --- include/test/drivers/asymmetric_encryption.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/asymmetric_encryption.h b/include/test/drivers/asymmetric_encryption.h index 2babfead91..595e18d28b 100644 --- a/include/test/drivers/asymmetric_encryption.h +++ b/include/test/drivers/asymmetric_encryption.h @@ -33,7 +33,7 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the asymmetric_encryption driver + /* Count the amount of times one of the asymmetric_encryption driver functions is called. */ unsigned long hits; } mbedtls_test_driver_asymmetric_encryption_hooks_t; @@ -48,7 +48,7 @@ static inline mbedtls_test_driver_asymmetric_encryption_hooks_t return( v ); } -extern mbedtls_test_driver_asymmetric_encryption_hooks_t +extern mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks; psa_status_t mbedtls_test_transparent_asymmetric_encrypt( From 3f18ebccbb4a0d2741809ab18b46e2b4fcbe183a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 27 Mar 2022 14:34:09 +0200 Subject: [PATCH 238/553] tests: Init PSA crypto if TLS 1.3 is enabled Initialize PSA crypto in tests if TLS 1.3 is enabled as done when MBEDTLS_USE_PSA_CRYPTO is enabled. Signed-off-by: Ronald Cron --- include/test/psa_crypto_helpers.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index f5622e2d2d..6f42882646 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -282,8 +282,11 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags /** \def USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO - * is enabled and do nothing otherwise. If the initialization fails, mark - * the test case as failed and jump to the \p exit label. + * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the + * TLS 1.3 one uses PSA independently of the definition of + * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. If the + * initialization fails, mark the test case as failed and jump to the \p exit + * label. */ /** \def USE_PSA_DONE * @@ -291,15 +294,15 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags * This is like #PSA_DONE, except that it does nothing if * #MBEDTLS_USE_PSA_CRYPTO is disabled. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USE_PSA_INIT( ) PSA_INIT( ) #define USE_PSA_DONE( ) PSA_DONE( ) -#else /* MBEDTLS_USE_PSA_CRYPTO */ +#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* Define empty macros so that we can use them in the preamble and teardown * of every test function that uses PSA conditionally based on * MBEDTLS_USE_PSA_CRYPTO. */ #define USE_PSA_INIT( ) ( (void) 0 ) #define USE_PSA_DONE( ) ( (void) 0 ) -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* PSA_CRYPTO_HELPERS_H */ From d2dfbb4067993a4f4e70551bb6907e03a8242f29 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 18 Mar 2022 18:40:47 +0100 Subject: [PATCH 239/553] exercise_key: support modes where IV length is not 16 Support ECB, which has no IV. The code also now supports arbitrary IV lengths based on the algorithm and key type. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 71a1b78740..b6126477a9 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -166,18 +166,27 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; unsigned char iv[16] = {0}; size_t iv_length = sizeof( iv ); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t key_type; const unsigned char plaintext[16] = "Hello, world..."; unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof( ciphertext ); unsigned char decrypted[sizeof( ciphertext )]; size_t part_length; + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_type = psa_get_key_type( &attributes ); + iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg ); + if( usage & PSA_KEY_USAGE_ENCRYPT ) { PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation, - iv, sizeof( iv ), - &iv_length ) ); + if( PSA_CIPHER_IV_LENGTH( key_type, alg ) != 0 ) + { + PSA_ASSERT( psa_cipher_generate_iv( &operation, + iv, sizeof( iv ), + &iv_length ) ); + } PSA_ASSERT( psa_cipher_update( &operation, plaintext, sizeof( plaintext ), ciphertext, sizeof( ciphertext ), @@ -195,18 +204,14 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, int maybe_invalid_padding = 0; if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't - * have this macro yet. */ - iv_length = PSA_BLOCK_CIPHER_BLOCK_LENGTH( - psa_get_key_type( &attributes ) ); maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); - psa_reset_key_attributes( &attributes ); } PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, iv_length ) ); + if( iv_length != 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, + iv, iv_length ) ); + } PSA_ASSERT( psa_cipher_update( &operation, ciphertext, ciphertext_length, decrypted, sizeof( decrypted ), @@ -229,6 +234,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, exit: psa_cipher_abort( &operation ); + psa_reset_key_attributes( &attributes ); return( 0 ); } From 2678a7696693ce967301a9a5b7e479fb936732fd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 19 Mar 2022 11:03:32 +0100 Subject: [PATCH 240/553] Use PSA_AEAD_NONCE_LENGTH when exercising AEAD keys Don't re-code the logic to determine a valid nonce length. This fixes exercise_key() for PSA_ALG_CHACHA20_POLY1305, which was trying to use a 16-byte nonce. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index b6126477a9..8a2207c017 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -243,7 +243,9 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { unsigned char nonce[16] = {0}; - size_t nonce_length = sizeof( nonce ); + size_t nonce_length; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t key_type; unsigned char plaintext[16] = "Hello, world..."; unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof( ciphertext ); @@ -255,19 +257,9 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ); } - /* Default IV length for AES-GCM is 12 bytes */ - if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == - PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) - { - nonce_length = 12; - } - - /* IV length for CCM needs to be between 7 and 13 bytes */ - if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == - PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ) ) - { - nonce_length = 12; - } + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_type = psa_get_key_type( &attributes ); + nonce_length = PSA_AEAD_NONCE_LENGTH( key_type, alg ); if( usage & PSA_KEY_USAGE_ENCRYPT ) { @@ -297,6 +289,7 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, return( 1 ); exit: + psa_reset_key_attributes( &attributes ); return( 0 ); } From db04760b343c4e32a73ecf5c70e676af113bf7f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 19 Mar 2022 11:15:41 +0100 Subject: [PATCH 241/553] exercise_key: signature: detect function/algorithm incompatibility Don't try to use {sign,verify}_message on algorithms that only support {sign_verify}_hash. Normally exercise_key() tries all usage that is supported by policy, however PSA_KEY_USAGE_{SIGN,VERIFY}_MESSAGE is implied by PSA_KEY_USAGE_{SIGN,VERIFY}_HASH so it's impossible for the test data to omit the _MESSAGE policies with hash-only algorithms. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 8a2207c017..db3651d917 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -293,6 +293,17 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, return( 0 ); } +static int can_sign_or_verify_message( psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + /* Sign-the-unspecified-hash algorithms can only be used with + * {sign,verify}_hash, not with {sign,verify}_message. */ + if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) + return( 0 ); + return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_VERIFY_MESSAGE ) ); +} + static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) @@ -343,7 +354,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, } } - if( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ) ) + if( can_sign_or_verify_message( usage, alg ) ) { unsigned char message[256] = "Hello, world..."; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; From 004e789e5046040eaa212f60b039b8c05eba1907 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 19 Mar 2022 16:04:30 +0100 Subject: [PATCH 242/553] exercise_key: support combined key agreement+derivation algorithms Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index db3651d917..3d2dfc69a7 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -623,15 +623,39 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + unsigned char input[1]; unsigned char output[1]; int ok = 0; + psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); if( usage & PSA_KEY_USAGE_DERIVE ) { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_SEED, + input, sizeof( input ) ) ); + } + PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); + + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_LABEL, + input, sizeof( input ) ) ); + } + else if( PSA_ALG_IS_HKDF( kdf_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_INFO, + input, sizeof( input ) ) ); + } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); From ce95b5c6a7d5f3a93491833edbcf1c959dfd4826 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Apr 2022 16:32:07 +0200 Subject: [PATCH 243/553] No need to recalculate iv_length Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 3d2dfc69a7..415f8852c0 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -181,7 +181,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, if( usage & PSA_KEY_USAGE_ENCRYPT ) { PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); - if( PSA_CIPHER_IV_LENGTH( key_type, alg ) != 0 ) + if( iv_length != 0 ) { PSA_ASSERT( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), From fbbd1d79b25545883295e4ee56a5c8dd8eec2222 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Apr 2022 11:14:30 +0200 Subject: [PATCH 244/553] Remove redundant initialization of iv_length Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 415f8852c0..53af7b801c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -165,7 +165,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, { psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; unsigned char iv[16] = {0}; - size_t iv_length = sizeof( iv ); + size_t iv_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; const unsigned char plaintext[16] = "Hello, world..."; From c9e90d180845afdf509274507a2155ccd8e843f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Apr 2022 11:14:52 +0200 Subject: [PATCH 245/553] Use MAX_SIZE macros instead of hard-coding IV/nonce max size Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 53af7b801c..9576afd0c2 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -164,7 +164,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - unsigned char iv[16] = {0}; + unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = {0}; size_t iv_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; @@ -242,7 +242,7 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { - unsigned char nonce[16] = {0}; + unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = {0}; size_t nonce_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; From 48492f684af48cd207f01107aa9e1c3c326e0e55 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 9 May 2022 01:04:15 +0200 Subject: [PATCH 246/553] Add SHA-3 module. Signed-off-by: Pol Henarejos --- include/alt-dummy/sha3_alt.h | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 include/alt-dummy/sha3_alt.h diff --git a/include/alt-dummy/sha3_alt.h b/include/alt-dummy/sha3_alt.h new file mode 100644 index 0000000000..7f9345e48a --- /dev/null +++ b/include/alt-dummy/sha3_alt.h @@ -0,0 +1,30 @@ +/* sha3_alt.h with dummy types for MBEDTLS_SHA3_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA3_ALT_H +#define SHA3_ALT_H + +typedef struct mbedtls_sha3_context +{ + int dummy; +} +mbedtls_sha3_context; + + +#endif /* sha3_alt.h */ + From 4a83fb874ce9e3b815e5fb5bd897868fb301570f Mon Sep 17 00:00:00 2001 From: Shaun Case Date: Mon, 20 Dec 2021 21:14:10 -0800 Subject: [PATCH 247/553] Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case Signed-off-by: Dave Rodgman --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 9576afd0c2..d1650f1825 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -221,7 +221,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, sizeof( decrypted ) - part_length, &part_length ); /* For a stream cipher, all inputs are valid. For a block cipher, - * if the input is some aribtrary data rather than an actual + * if the input is some arbitrary data rather than an actual ciphertext, a padding error is likely. */ if( maybe_invalid_padding ) TEST_ASSERT( status == PSA_SUCCESS || @@ -929,7 +929,7 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, return( 0 ); if( alg == 0 ) - ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ + ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */ else if( PSA_ALG_IS_MAC( alg ) ) ok = exercise_mac_key( key, usage, alg ); else if( PSA_ALG_IS_CIPHER( alg ) ) From 53c3b9a168a6a7ccb2ee0a8b22e32187e56e102f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Apr 2022 23:59:52 +0200 Subject: [PATCH 248/553] New test helper macros TEST_LE_U, TEST_LE_S Test assertions for integer comparisons that display the compared values on failure. Similar to TEST_EQUAL. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 42 ++++++++++++++++++++++++++++++++++++++ include/test/macros.h | 26 ++++++++++++++++++++++++ src/helpers.c | 46 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index ef32cdf83b..080b46e101 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -154,6 +154,48 @@ void mbedtls_test_info_reset( void ); int mbedtls_test_equal( const char *test, int line_no, const char* filename, unsigned long long value1, unsigned long long value2 ); +/** + * \brief Record the current test case as a failure based + * on comparing two unsigned integers. + * + * This function is usually called via the macro + * #TEST_LE_U. + * + * \param test Description of the failure or assertion that failed. This + * MUST be a string literal. This normally has the form + * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1 + * and EXPR2 has the value \p value2. + * \param line_no Line number where the failure originated. + * \param filename Filename where the failure originated. + * \param value1 The first value to compare. + * \param value2 The second value to compare. + * + * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. + */ +int mbedtls_test_le_u( const char *test, int line_no, const char* filename, + unsigned long long value1, unsigned long long value2 ); + +/** + * \brief Record the current test case as a failure based + * on comparing two signed integers. + * + * This function is usually called via the macro + * #TEST_LE_S. + * + * \param test Description of the failure or assertion that failed. This + * MUST be a string literal. This normally has the form + * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1 + * and EXPR2 has the value \p value2. + * \param line_no Line number where the failure originated. + * \param filename Filename where the failure originated. + * \param value1 The first value to compare. + * \param value2 The second value to compare. + * + * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. + */ +int mbedtls_test_le_s( const char *test, int line_no, const char* filename, + long long value1, long long value2 ); + /** * \brief This function decodes the hexadecimal representation of * data. diff --git a/include/test/macros.h b/include/test/macros.h index a88b2e8115..8535b93077 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -89,6 +89,32 @@ goto exit; \ } while( 0 ) +/** Evaluate two unsigned integer expressions and fail the test case + * if they are not in increasing order (left <= right). + * + * \param expr1 An integral-typed expression to evaluate. + * \param expr2 Another integral-typed expression to evaluate. + */ +#define TEST_LE_U( expr1, expr2 ) \ + do { \ + if( ! mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \ + expr1, expr2 ) ) \ + goto exit; \ + } while( 0 ) + +/** Evaluate two signed integer expressions and fail the test case + * if they are not in increasing order (left <= right). + * + * \param expr1 An integral-typed expression to evaluate. + * \param expr2 Another integral-typed expression to evaluate. + */ +#define TEST_LE_S( expr1, expr2 ) \ + do { \ + if( ! mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \ + expr1, expr2 ) ) \ + goto exit; \ + } while( 0 ) + /** Allocate memory dynamically and fail the test case if this fails. * The allocated memory will be filled with zeros. * diff --git a/src/helpers.c b/src/helpers.c index ec4d84eac1..8f4d7f2bda 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -122,6 +122,52 @@ int mbedtls_test_equal( const char *test, int line_no, const char* filename, return( 0 ); } +int mbedtls_test_le_u( const char *test, int line_no, const char* filename, + unsigned long long value1, unsigned long long value2 ) +{ + if( value1 <= value2 ) + return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) + { + /* We've already recorded the test as having failed. Don't + * overwrite any previous information about the failure. */ + return( 0 ); + } + mbedtls_test_fail( test, line_no, filename ); + (void) mbedtls_snprintf( mbedtls_test_info.line1, + sizeof( mbedtls_test_info.line1 ), + "lhs = 0x%016llx = %llu", + value1, value1 ); + (void) mbedtls_snprintf( mbedtls_test_info.line2, + sizeof( mbedtls_test_info.line2 ), + "rhs = 0x%016llx = %llu", + value2, value2 ); + return( 0 ); +} + +int mbedtls_test_le_s( const char *test, int line_no, const char* filename, + long long value1, long long value2 ) +{ + if( value1 <= value2 ) + return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) + { + /* We've already recorded the test as having failed. Don't + * overwrite any previous information about the failure. */ + return( 0 ); + } + mbedtls_test_fail( test, line_no, filename ); + (void) mbedtls_snprintf( mbedtls_test_info.line1, + sizeof( mbedtls_test_info.line1 ), + "lhs = 0x%016llx = %lld", + (unsigned long long) value1, value1 ); + (void) mbedtls_snprintf( mbedtls_test_info.line2, + sizeof( mbedtls_test_info.line2 ), + "rhs = 0x%016llx = %lld", + (unsigned long long) value2, value2 ); + return( 0 ); +} + int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, const char *ibuf, From 66a654b79b84696efa355e395b85f71cde21a3cf Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 12:17:44 +0200 Subject: [PATCH 249/553] Remove sha3_alt.h Next releases will not rely on alt files. Signed-off-by: Pol Henarejos --- include/alt-dummy/sha3_alt.h | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 include/alt-dummy/sha3_alt.h diff --git a/include/alt-dummy/sha3_alt.h b/include/alt-dummy/sha3_alt.h deleted file mode 100644 index 7f9345e48a..0000000000 --- a/include/alt-dummy/sha3_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* sha3_alt.h with dummy types for MBEDTLS_SHA3_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SHA3_ALT_H -#define SHA3_ALT_H - -typedef struct mbedtls_sha3_context -{ - int dummy; -} -mbedtls_sha3_context; - - -#endif /* sha3_alt.h */ - From 279a20784354eb1fad054d7d9bca18053d31b637 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 7 Jun 2022 14:19:39 +0200 Subject: [PATCH 250/553] crypto_config_test_driver_extension.h add HKDF_EXTRACT/EXPAND algs Signed-off-by: Przemek Stekiel --- include/test/drivers/crypto_config_test_driver_extension.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 927009ad96..8052a85fbc 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -190,6 +190,8 @@ #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 #define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 From aabdb590620dff7d0ce0b12e2df713b1e2554a39 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Jun 2022 11:41:52 +0200 Subject: [PATCH 251/553] exercise_key_agreement_key: provide SALT for HKDF_EXTRACT Signed-off-by: Przemek Stekiel --- src/psa_exercise_key.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 9576afd0c2..20d3102e61 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -641,6 +641,13 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, input, sizeof( input ) ) ); } + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_SALT, + input, sizeof( input ) ) ); + } + PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || From 0bab664618fab1b09432d6e05d3057528165e7fd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Jun 2022 14:41:42 +0200 Subject: [PATCH 252/553] exercise_key_agreement_key: add special handling for HKDF_EXPAND Signed-off-by: Przemek Stekiel --- src/psa_exercise_key.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 20d3102e61..84e52315ac 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -627,6 +627,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, unsigned char output[1]; int ok = 0; psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_status_t expected_key_agreement_status = PSA_SUCCESS; if( usage & PSA_KEY_USAGE_DERIVE ) { @@ -648,7 +649,25 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, input, sizeof( input ) ) ); } - PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); + /* For HKDF_EXPAND input secret may fail as secret size may not match + to expected PRK size. In practice it means that key bits must match + hash length. Otherwise test should fail with INVALID_ARGUMENT. */ + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + size_t key_bits = psa_get_key_bits( &attributes ); + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); + + if( PSA_BITS_TO_BYTES( key_bits ) != PSA_HASH_LENGTH( hash_alg ) ) + expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT; + } + + TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( &operation, key ), + expected_key_agreement_status ); + + if( expected_key_agreement_status != PSA_SUCCESS ) + return( 1 ); if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) @@ -657,7 +676,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, &operation, PSA_KEY_DERIVATION_INPUT_LABEL, input, sizeof( input ) ) ); } - else if( PSA_ALG_IS_HKDF( kdf_alg ) ) + else if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, From f3a92af894e75c5e24e4559001fc57277c75c63f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 1 Jul 2022 15:06:34 +0200 Subject: [PATCH 253/553] Initilize variable Coverity scan detected a problem of an uinitilized variable. Signed-off-by: Gabor Mezei --- src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 4f08835b96..3705bc52c4 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -623,7 +623,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char input[1]; + unsigned char input[1] = { 0 }; unsigned char output[1]; int ok = 0; psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); From a299048c011d3f065ed08cb274e1043ff3dcad94 Mon Sep 17 00:00:00 2001 From: Werner Lewis Date: Thu, 7 Jul 2022 11:02:27 +0100 Subject: [PATCH 254/553] Remove radix arg from mbedtls_test_read_mpi All uses have radix argument removed, using script. Signed-off-by: Werner Lewis --- include/test/helpers.h | 7 +++---- src/helpers.c | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 080b46e101..93a3e11323 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -276,7 +276,7 @@ void mbedtls_test_err_add_check( int high, int low, #endif #if defined(MBEDTLS_BIGNUM_C) -/** Read an MPI from a string. +/** Read an MPI from a hexadecimal string. * * Like mbedtls_mpi_read_string(), but size the resulting bignum based * on the number of digits in the string. In particular, construct a @@ -287,13 +287,12 @@ void mbedtls_test_err_add_check( int high, int low, * "leading zeros" test cases do what they claim. * * \param[out] X The MPI object to populate. It must be initialized. - * \param radix The radix (2 to 16). - * \param[in] s The null-terminated string to read from. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ /* Since the library has exactly the desired behavior, this is trivial. */ -int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ); +int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index 8f4d7f2bda..4f976a27b0 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -332,7 +332,7 @@ void mbedtls_test_err_add_check( int high, int low, #endif /* MBEDTLS_TEST_HOOKS */ #if defined(MBEDTLS_BIGNUM_C) -int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) +int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) { /* mbedtls_mpi_read_string() currently retains leading zeros. * It always allocates at least one limb for the value 0. */ @@ -342,6 +342,6 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) return( 0 ); } else - return( mbedtls_mpi_read_string( X, radix, s ) ); + return( mbedtls_mpi_read_string( X, 16, s ) ); } #endif From 61ec82ed113eabef6fa2d1a11c719d5360a8250b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 27 Jul 2022 12:30:34 +0200 Subject: [PATCH 255/553] Fix failure of RSA accel test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was requested, but that's no longer the case since the previous commit. We can fix this in one of two ways: either enable MD_C, or enable all the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because it's a single line and avoids having to enumerate a list that might grow in the future. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/drivers/config_test_driver.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index b9ba5fb5f0..6a7fb1f3e4 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -48,6 +48,7 @@ //#define MBEDTLS_SHA1_C //#define MBEDTLS_SHA384_C //#define MBEDTLS_SHA512_C +//#define MBEDTLS_MD_C //#define MBEDTLS_PEM_PARSE_C //#define MBEDTLS_BASE64_C From 3a26cea186ac23dac9182bf0035cdb3bfabc9530 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 17 Aug 2022 16:09:31 -0400 Subject: [PATCH 256/553] Update SHA and MD5 dependencies in the SSL module The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek --- src/certs.c | 44 ++++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/src/certs.c b/src/certs.c index 831395c43a..b501e1fd6b 100644 --- a/src/certs.c +++ b/src/certs.c @@ -21,6 +21,14 @@ #include +#include "mbedtls/build_info.h" + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif + +#include "legacy_or_psa.h" + /* * Test CA Certificates * @@ -1563,13 +1571,13 @@ const size_t mbedtls_test_cli_crt_ec_len = * Dispatch between SHA-1 and SHA-256 */ -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 #define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 #else #define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 #define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; @@ -1668,10 +1676,10 @@ const size_t mbedtls_test_cli_crt_len = /* List of CAs in PEM or DER, depending on config */ const char * mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha1, #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha256, #endif #if defined(MBEDTLS_ECDSA_C) @@ -1680,10 +1688,10 @@ const char * mbedtls_test_cas[] = { NULL }; const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) sizeof( mbedtls_test_ca_crt_rsa_sha1 ), #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) sizeof( mbedtls_test_ca_crt_rsa_sha256 ), #endif #if defined(MBEDTLS_ECDSA_C) @@ -1695,12 +1703,12 @@ const size_t mbedtls_test_cas_len[] = { /* List of all available CA certificates in DER format */ const unsigned char * mbedtls_test_cas_der[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) +#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECDSA_C) mbedtls_test_ca_crt_ec_der, @@ -1710,12 +1718,12 @@ const unsigned char * mbedtls_test_cas_der[] = { const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) +#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), -#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECDSA_C) sizeof( mbedtls_test_ca_crt_ec_der ), @@ -1727,12 +1735,12 @@ const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_PEM_PARSE_C) const char mbedtls_test_cas_pem[] = #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) TEST_CA_CRT_RSA_SHA256_PEM -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) +#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) TEST_CA_CRT_RSA_SHA1_PEM -#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECDSA_C) TEST_CA_CRT_EC_PEM From db5c29c3604ed9eaa31409ab979f3fe2932b23de Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 22 Aug 2022 17:26:13 -0400 Subject: [PATCH 257/553] Remove unnecessary `psa/crypto.h` include This is now included in `legacy_or_psa.h`. Signed-off-by: Andrzej Kurek --- src/certs.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/certs.c b/src/certs.c index b501e1fd6b..551602626d 100644 --- a/src/certs.c +++ b/src/certs.c @@ -23,10 +23,6 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif - #include "legacy_or_psa.h" /* From 9b5f67d420eaab4106310b46abc717a5a9809225 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 31 Aug 2022 15:09:19 -0400 Subject: [PATCH 258/553] Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C Signed-off-by: Andrzej Kurek --- include/test/psa_crypto_helpers.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 6f42882646..43023452f9 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -276,6 +276,12 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags } \ } \ while( 0 ) +#else +/* Define empty macros so that we can use them in the preamble and teardown + * of every test function that uses PSA conditionally based on + * MBEDTLS_PSA_CRYPTO_C. */ +#define PSA_INIT( ) ( (void) 0 ) +#define PSA_DONE( ) ( (void) 0 ) #endif /* MBEDTLS_PSA_CRYPTO_C */ From 560508aefc8f2aea8b2be309af2d1a6927fa3506 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 1 Sep 2022 09:23:09 -0400 Subject: [PATCH 259/553] Setup / deinitialize PSA in pk tests only if no MD is used Signed-off-by: Andrzej Kurek --- include/test/psa_crypto_helpers.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 43023452f9..bc2b016db2 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -276,15 +276,17 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags } \ } \ while( 0 ) -#else -/* Define empty macros so that we can use them in the preamble and teardown - * of every test function that uses PSA conditionally based on - * MBEDTLS_PSA_CRYPTO_C. */ -#define PSA_INIT( ) ( (void) 0 ) -#define PSA_DONE( ) ( (void) 0 ) +#if !defined(MBEDTLS_MD_C) +#define PSA_INIT_IF_NO_MD( ) PSA_INIT( ) +#define PSA_DONE_IF_NO_MD( ) PSA_DONE( ) +#endif #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_MD_C) +#define PSA_INIT_IF_NO_MD( ) ( (void) 0 ) +#define PSA_DONE_IF_NO_MD( ) ( (void) 0 ) +#endif /** \def USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO From ef4ce122f4b5e33e3e5f6b6081d79c7e4e606f88 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 12 Sep 2022 17:57:32 +0100 Subject: [PATCH 260/553] Correct copyright and license in crypto_spe.h Signed-off-by: Dave Rodgman --- include/spe/crypto_spe.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h index f80fd86bdc..1aee8a5f0d 100644 --- a/include/spe/crypto_spe.h +++ b/include/spe/crypto_spe.h @@ -1,7 +1,18 @@ /* - * Copyright (c) 2019-2021, Arm Limited. All rights reserved. + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: BSD-3-Clause + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ From 4bde55005485402f81fb81a5a83f0fdfec9abb04 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Sep 2022 19:29:40 +0200 Subject: [PATCH 261/553] Include platform.h unconditionally: automatic part We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and to define ad hoc replacements for mbedtls_xxx functions on a case-by-case basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this complication was to allow building individual source modules without copying platform.h. This is not something we support or recommend anymore, so get rid of the complication: include platform.h unconditionally. There should be no change in behavior since just including the header should not change the behavior of a program. This commit replaces most occurrences of conditional inclusion of platform.h, using the following code: ``` perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"') ``` Signed-off-by: Gilles Peskine --- include/test/helpers.h | 13 ------------- include/test/macros.h | 13 ------------- 2 files changed, 26 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 93a3e11323..13c87fd597 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -37,20 +37,7 @@ #define MBEDTLS_TEST_MUTEX_USAGE #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_fprintf fprintf -#define mbedtls_snprintf snprintf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define mbedtls_time time -#define mbedtls_time_t time_t -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #include #include diff --git a/include/test/macros.h b/include/test/macros.h index 8535b93077..695a2433ad 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -28,20 +28,7 @@ #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#define mbedtls_fprintf fprintf -#define mbedtls_snprintf snprintf -#define mbedtls_calloc calloc -#define mbedtls_free free -#define mbedtls_exit exit -#define mbedtls_time time -#define mbedtls_time_t time_t -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" From d01a7ee007803beb694e57d59a290d8aba06846b Mon Sep 17 00:00:00 2001 From: Archana Date: Fri, 24 Dec 2021 12:50:36 +0530 Subject: [PATCH 262/553] Driver Wrapper CodeGen Rev 1.1 (1) Add in driver jsons. (2) Improve Python scripts to take JSON file directory and template directory paths as arguments. (3) Add in file augment template files to template common functionality (4) render tempplates for Header files, ID generation and key management. (5) Changed driver ID nomenclature to be in synch with function names. Signed-off-by: Archana Signed-off-by: Asfandyar Orakzai --- include/test/drivers/test_driver.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 098b21abff..b3c29e4337 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -20,6 +20,14 @@ #ifndef PSA_CRYPTO_TEST_DRIVER_H #define PSA_CRYPTO_TEST_DRIVER_H +#if defined(PSA_CRYPTO_DRIVER_TEST) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif + #define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff #include "test/drivers/aead.h" @@ -30,4 +38,5 @@ #include "test/drivers/signature.h" #include "test/drivers/asymmetric_encryption.h" +#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVER_H */ From 2073e18052be82bf001076858c215e1bfb3be119 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 15 Sep 2022 11:29:35 +0200 Subject: [PATCH 263/553] Make legacy_or_psa.h public. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As a public header, it should no longer include common.h, just use build_info.h which is what we actually need anyway. Signed-off-by: Manuel Pégourié-Gonnard --- src/certs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/certs.c b/src/certs.c index 551602626d..ca03b29d45 100644 --- a/src/certs.c +++ b/src/certs.c @@ -23,7 +23,7 @@ #include "mbedtls/build_info.h" -#include "legacy_or_psa.h" +#include "mbedtls/legacy_or_psa.h" /* * Test CA Certificates From ebe25533ceb9f585139cb2f01a98e017737c512e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Sep 2022 20:38:42 +0200 Subject: [PATCH 264/553] Remove incorrect comment This comment (which used to be attached to the implementation, and should not have been moved to the header file) is incorrect: the library function mbedtls_mpi_read_string preserves leading zeros as desired, but does not create a zero-limb object for an empty string. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 93a3e11323..c0677a99d4 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -291,7 +291,6 @@ void mbedtls_test_err_add_check( int high, int low, * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ -/* Since the library has exactly the desired behavior, this is trivial. */ int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); #endif /* MBEDTLS_BIGNUM_C */ From 58476a03a62a93734aa559bbc174a5c9a3de6926 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Sep 2022 18:31:30 +0200 Subject: [PATCH 265/553] Allow test assertions on constant-flow scalar data When testing a function that is supposed to be constant-flow, we declare the inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a function is itself a constant-flow secret, so it can't be tested with comparison operators. In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as public. This way, test code doesn't need to explicitly declare results as public if they're only used by one of these macros. Signed-off-by: Gilles Peskine --- src/helpers.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/helpers.c b/src/helpers.c index 4f976a27b0..673a8412b9 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -15,6 +15,7 @@ * limitations under the License. */ +#include #include #include #include @@ -102,8 +103,12 @@ void mbedtls_test_info_reset( void ) int mbedtls_test_equal( const char *test, int line_no, const char* filename, unsigned long long value1, unsigned long long value2 ) { + TEST_CF_PUBLIC( &value1, sizeof( value1 ) ); + TEST_CF_PUBLIC( &value2, sizeof( value2 ) ); + if( value1 == value2 ) return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) { /* We've already recorded the test as having failed. Don't @@ -125,8 +130,12 @@ int mbedtls_test_equal( const char *test, int line_no, const char* filename, int mbedtls_test_le_u( const char *test, int line_no, const char* filename, unsigned long long value1, unsigned long long value2 ) { + TEST_CF_PUBLIC( &value1, sizeof( value1 ) ); + TEST_CF_PUBLIC( &value2, sizeof( value2 ) ); + if( value1 <= value2 ) return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) { /* We've already recorded the test as having failed. Don't @@ -148,8 +157,12 @@ int mbedtls_test_le_u( const char *test, int line_no, const char* filename, int mbedtls_test_le_s( const char *test, int line_no, const char* filename, long long value1, long long value2 ) { + TEST_CF_PUBLIC( &value1, sizeof( value1 ) ); + TEST_CF_PUBLIC( &value2, sizeof( value2 ) ); + if( value1 <= value2 ) return( 1 ); + if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) { /* We've already recorded the test as having failed. Don't From f8ff5abd6814bbf06df32a66df4ad148d37b87d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Sep 2022 21:37:56 +0200 Subject: [PATCH 266/553] Move the definition of data_t to a header file This way it can be used in helper functions. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index c0677a99d4..823635c00e 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -59,6 +59,13 @@ #include "mbedtls/bignum.h" #endif +/** The type of test case arguments that contain binary data. */ +typedef struct data_tag +{ + uint8_t * x; + uint32_t len; +} data_t; + typedef enum { MBEDTLS_TEST_RESULT_SUCCESS = 0, From b322dd43918ac0188c46f85d3011db61f08e0a3e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Sep 2022 21:38:33 +0200 Subject: [PATCH 267/553] New function mbedtls_test_read_mpi_core Allocate and read an MPI from a binary test argument. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 22 ++++++++++++++++++++++ src/helpers.c | 18 ++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 823635c00e..fe3b787fda 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -283,6 +283,28 @@ void mbedtls_test_err_add_check( int high, int low, #endif #if defined(MBEDTLS_BIGNUM_C) +/** Allocate and populate a core MPI from a test case argument. + * + * This function allocates exactly as many limbs as necessary to fit + * the length of the input. In other words, it preserves leading zeros. + * + * The limb array is allocated with mbedtls_calloc() and must later be + * freed with mbedtls_free(). + * + * \param[in,out] pX The address where a pointer to the allocated limb + * array will be stored. + * \c *pX must be null on entry. + * On exit, \c *pX is null on error or if the number + * of limbs is 0. + * \param[out] plimbs The address where the number of limbs will be stored. + * \param[in] input The test argument to read. + * It is interpreted as a big-endian integer in base 256. + * + * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. + */ +int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, + const data_t *input ); + /** Read an MPI from a hexadecimal string. * * Like mbedtls_mpi_read_string(), but size the resulting bignum based diff --git a/src/helpers.c b/src/helpers.c index 673a8412b9..da2c047b4d 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -345,6 +345,24 @@ void mbedtls_test_err_add_check( int high, int low, #endif /* MBEDTLS_TEST_HOOKS */ #if defined(MBEDTLS_BIGNUM_C) +#include "bignum_core.h" + +int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, + const data_t *input ) +{ + /* Sanity check */ + if( *pX != NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + *plimbs = ( input->len + sizeof( **pX ) - 1 ) / sizeof( **pX ); + if( *plimbs == 0 ) + return( 0 ); + *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); + if( *pX == NULL ) + return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + return( mbedtls_mpi_core_read_be( *pX, *plimbs, input->x, input->len ) ); +} + int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) { /* mbedtls_mpi_read_string() currently retains leading zeros. From d951bd305137ca552a0363870ec5778139656111 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 2 Oct 2022 21:01:23 +0200 Subject: [PATCH 268/553] test_driver_aead.c: add support for LIBTESTDRIVER1 tests Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_aead.c | 102 +++++++++++++++++++++++++++++---- 1 file changed, 90 insertions(+), 12 deletions(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index b5619603fd..93a75f68a3 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -25,6 +25,10 @@ #include "test/drivers/aead.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_aead.h" +#endif + mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; @@ -46,7 +50,18 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_encrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, @@ -94,7 +109,18 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_decrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, @@ -139,7 +165,14 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_encrypt_setup( operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, + key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -171,7 +204,13 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_decrypt_setup( operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -202,7 +241,11 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); #else @@ -230,7 +273,12 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); @@ -259,7 +307,11 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_update_ad( operation, input, input_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update_ad( operation, input, input_length ); #else @@ -290,7 +342,13 @@ psa_status_t mbedtls_test_transparent_aead_update( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_update( operation, input, + input_length, output, + output_size, output_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update( operation, input, input_length, output, output_size, output_length ); @@ -326,7 +384,13 @@ psa_status_t mbedtls_test_transparent_aead_finish( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_finish( operation, ciphertext, + ciphertext_size, ciphertext_length, + tag, tag_size, tag_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, @@ -364,9 +428,19 @@ psa_status_t mbedtls_test_transparent_aead_verify( else { uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - size_t check_tag_length; + size_t check_tag_length = 0; -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_finish( operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof( check_tag ), + &check_tag_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, plaintext, @@ -410,7 +484,11 @@ psa_status_t mbedtls_test_transparent_aead_abort( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_abort( operation ); #else From 054af1cfcf3281e249563332d2e27932612dac6e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Oct 2022 11:20:56 +0200 Subject: [PATCH 269/553] Readability improvement Signed-off-by: Gilles Peskine --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index da2c047b4d..557c13c336 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -354,7 +354,7 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, if( *pX != NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - *plimbs = ( input->len + sizeof( **pX ) - 1 ) / sizeof( **pX ); + *plimbs = CHARS_TO_LIMBS( input->len ); if( *plimbs == 0 ) return( 0 ); *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); From 927aaeb53e2ace3c324f390d4ce3d99852319870 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 5 Oct 2022 08:18:55 +0200 Subject: [PATCH 270/553] crypto_config_test_driver_extension.h: add support for ChaCha20 - Poly1305 This is done to have LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 defined in libtestdriver1. Signed-off-by: Przemek Stekiel --- .../crypto_config_test_driver_extension.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 8052a85fbc..0bbca4aefe 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -142,6 +142,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) +#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES @@ -182,9 +190,16 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#endif +#endif + #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 @@ -217,7 +232,6 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 From 18b203a9c2916997ccc7a5316ac62256b8d46ee7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 9 Oct 2022 21:14:09 +0200 Subject: [PATCH 271/553] mbedtls_test_read_mpi_core: allow odd number of hex digits Test functions must now take a char* argument rather than data_t*. This does not affect existing test data. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 5 +++-- src/helpers.c | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index fe3b787fda..6ec967e184 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -298,12 +298,13 @@ void mbedtls_test_err_add_check( int high, int low, * of limbs is 0. * \param[out] plimbs The address where the number of limbs will be stored. * \param[in] input The test argument to read. - * It is interpreted as a big-endian integer in base 256. + * It is interpreted as a hexadecimal representation + * of a non-negative integer. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, - const data_t *input ); + const char *input ); /** Read an MPI from a hexadecimal string. * diff --git a/src/helpers.c b/src/helpers.c index 557c13c336..b7c83646c1 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -348,19 +348,46 @@ void mbedtls_test_err_add_check( int high, int low, #include "bignum_core.h" int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, - const data_t *input ) + const char *input ) { /* Sanity check */ if( *pX != NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - *plimbs = CHARS_TO_LIMBS( input->len ); + size_t hex_len = strlen( input ); + size_t byte_len = ( hex_len + 1 ) / 2; + *plimbs = CHARS_TO_LIMBS( byte_len ); if( *plimbs == 0 ) return( 0 ); + *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); if( *pX == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - return( mbedtls_mpi_core_read_be( *pX, *plimbs, input->x, input->len ) ); + + unsigned char *byte_start = ( unsigned char * ) *pX; + if( byte_len % sizeof( mbedtls_mpi_uint ) != 0 ) + { + byte_start += sizeof( mbedtls_mpi_uint ) - byte_len % sizeof( mbedtls_mpi_uint ); + } + if( ( hex_len & 1 ) != 0 ) + { + /* mbedtls_test_unhexify wants an even number of hex digits */ + TEST_ASSERT( ascii2uc( *input, byte_start ) == 0 ); + ++byte_start; + ++input; + --byte_len; + } + TEST_ASSERT( mbedtls_test_unhexify( byte_start, + byte_len, + input, + &byte_len ) == 0 ); + + mbedtls_mpi_core_bigendian_to_host( *pX, *plimbs ); + return( 0 ); + +exit: + mbedtls_free( *pX ); + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); } int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) From b282810e36c7cc2fcda840dfad370e2fa1e292b1 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Thu, 13 Oct 2022 17:21:01 +0100 Subject: [PATCH 272/553] Add driver wrapper function for raw key agreement, along with test call for transparent drivers. Signed-off-by: Aditya Deshpande --- include/test/drivers/key_agreement.h | 71 ++++++++++++++++++++++++ include/test/drivers/test_driver.h | 1 + src/drivers/test_driver_key_agreement.c | 73 +++++++++++++++++++++++++ 3 files changed, 145 insertions(+) create mode 100644 include/test/drivers/key_agreement.h create mode 100644 src/drivers/test_driver_key_agreement.c diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h new file mode 100644 index 0000000000..57de81ab1f --- /dev/null +++ b/include/test/drivers/key_agreement.h @@ -0,0 +1,71 @@ +/* + * Test driver for key agreement functions. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H +#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H + +#include "mbedtls/build_info.h" + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the signature driver functions is called. */ + unsigned long hits; +} mbedtls_test_driver_key_agreement_hooks_t; + +#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline mbedtls_test_driver_key_agreement_hooks_t + mbedtls_test_driver_key_agreement_hooks_init( void ) +{ + const mbedtls_test_driver_key_agreement_hooks_t + v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; + return( v ); +} + +psa_status_t mbedtls_test_transparent_key_agreement( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length ); + +psa_status_t mbedtls_test_opaque_key_agreement( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length ); + +#endif /*PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ \ No newline at end of file diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 098b21abff..0bfeb66b03 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -29,5 +29,6 @@ #include "test/drivers/key_management.h" #include "test/drivers/signature.h" #include "test/drivers/asymmetric_encryption.h" +#include "test/drivers/key_agreement.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c new file mode 100644 index 0000000000..40681c315b --- /dev/null +++ b/src/drivers/test_driver_key_agreement.c @@ -0,0 +1,73 @@ +/* + * Test driver for key agreement functions. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "psa/crypto.h" +#include "psa_crypto_core.h" + +#include "test/drivers/key_agreement.h" +#include "test/drivers/test_driver.h" + +#include + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) + +mbedtls_test_driver_key_agreement_hooks_t + mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; + +psa_status_t mbedtls_test_transparent_key_agreement( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length ) +{ + if( mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_agreement_hooks.forced_status ); + + if( mbedtls_test_driver_key_agreement_hooks.forced_output != NULL ) + { + if( mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output, + mbedtls_test_driver_key_agreement_hooks.forced_output_length ); + *shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length; + + return( PSA_SUCCESS ); + } + + return( psa_key_agreement_raw_builtin( + attributes, + key_buffer, + key_buffer_size, + alg, + peer_key, + peer_key_length, + shared_secret, + shared_secret_size, + shared_secret_length ) ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ \ No newline at end of file From 0811667eb1cfc9c407d14cf240268b10841c4832 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Fri, 14 Oct 2022 16:41:40 +0100 Subject: [PATCH 273/553] Newlines at end of file + trim trailing whitespace Signed-off-by: Aditya Deshpande --- include/test/drivers/key_agreement.h | 2 +- src/drivers/test_driver_key_agreement.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index 57de81ab1f..b04bc59856 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -68,4 +68,4 @@ psa_status_t mbedtls_test_opaque_key_agreement( size_t *shared_secret_length ); #endif /*PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ \ No newline at end of file +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 40681c315b..884899ff2e 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -58,7 +58,7 @@ psa_status_t mbedtls_test_transparent_key_agreement( return( PSA_SUCCESS ); } - return( psa_key_agreement_raw_builtin( + return( psa_key_agreement_raw_builtin( attributes, key_buffer, key_buffer_size, @@ -70,4 +70,4 @@ psa_status_t mbedtls_test_transparent_key_agreement( shared_secret_length ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ \ No newline at end of file +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From c3c121ce5873b3e80e13b67d471438bb24440030 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Mon, 17 Oct 2022 13:53:35 +0100 Subject: [PATCH 274/553] Fix spacing and formatting Signed-off-by: Aditya Deshpande --- include/test/drivers/key_agreement.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index b04bc59856..634cbac199 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -56,16 +56,16 @@ psa_status_t mbedtls_test_transparent_key_agreement( size_t shared_secret_size, size_t *shared_secret_length ); -psa_status_t mbedtls_test_opaque_key_agreement( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length ); +// psa_status_t mbedtls_test_opaque_key_agreement( +// const psa_key_attributes_t *attributes, +// const uint8_t *key_buffer, +// size_t key_buffer_size, +// psa_algorithm_t alg, +// const uint8_t *peer_key, +// size_t peer_key_length, +// uint8_t *shared_secret, +// size_t shared_secret_size, +// size_t *shared_secret_length ); #endif /*PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ From 5e7fb3b1ac6d6d712617c93185e4c55003b31f1a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Oct 2022 12:17:19 +0200 Subject: [PATCH 275/553] test_suite_psa_crypto: adapt dependenies and guards so the test can run in the driver-only build Signed-off-by: Przemek Stekiel --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 3705bc52c4..08c3b46856 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -319,8 +319,8 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, /* If the policy allows signing with any hash, just pick one. */ if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH ) { - #if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG; + #if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); From 9a8ddc2c56b61c44c208ad08cb30e1b7036194e7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 20 Oct 2022 12:38:44 +0200 Subject: [PATCH 276/553] Remove KNOWN_MBEDTLS_SUPPORTED_HASH_ALG as it is now not used anywhere Signed-off-by: Przemek Stekiel --- include/test/psa_exercise_key.h | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 18333a9372..aa0aeb5afd 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -52,30 +52,6 @@ #undef KNOWN_SUPPORTED_HASH_ALG #endif -/** \def KNOWN_MBEDTLS_SUPPORTED_HASH_ALG - * - * A hash algorithm that is known to be supported by Mbed TLS APIs. - * - * This is used in some smoke tests where the hash algorithm is used as - * part of another algorithm like a signature algorithm and the hashing is - * completed through an Mbed TLS hash API, not the PSA one. - */ -#if defined(MBEDTLS_MD5_C) -#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#elif defined(MBEDTLS_SHA1_C) -#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(MBEDTLS_SHA256_C) -#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 -#elif defined(MBEDTLS_SHA512_C) -#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 -#else -#undef KNOWN_MBEDLTS_SUPPORTED_HASH_ALG -#endif - /** \def KNOWN_SUPPORTED_BLOCK_CIPHER * * A block cipher that is known to be supported. From a71a1ee3379884a8716fbcce637dd0cde063d283 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Fri, 4 Nov 2022 16:55:57 +0000 Subject: [PATCH 277/553] Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA. Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1. Signed-off-by: Aditya Deshpande --- .../crypto_config_test_driver_extension.h | 11 +++++- src/drivers/test_driver_key_agreement.c | 39 ++++++++++++++----- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 0bbca4aefe..fbfe8da7ad 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -54,6 +54,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_ECDH) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) +#undef MBEDTLS_PSA_ACCEL_ALG_ECDH +#else +#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 +#endif +#endif + #if defined(PSA_WANT_ALG_MD5) #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) #undef MBEDTLS_PSA_ACCEL_ALG_MD5 @@ -202,7 +210,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 -#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 @@ -215,6 +222,7 @@ #define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 @@ -229,6 +237,7 @@ #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 #endif +#endif #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 884899ff2e..ccea61dd7d 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -19,15 +19,22 @@ #include +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) + #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_ecp.h" #include "test/drivers/key_agreement.h" #include "test/drivers/test_driver.h" #include +#include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/include/psa/crypto.h" +#include "libtestdriver1/library/psa_crypto_ecp.h" +#endif mbedtls_test_driver_key_agreement_hooks_t mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; @@ -58,16 +65,30 @@ psa_status_t mbedtls_test_transparent_key_agreement( return( PSA_SUCCESS ); } - return( psa_key_agreement_raw_builtin( + if( PSA_ALG_IS_ECDH(alg) ) + { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH) + return( libtestdriver1_mbedtls_psa_key_agreement_ecdh( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, peer_key, peer_key_length, + shared_secret, shared_secret_size, + shared_secret_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) + return( mbedtls_psa_key_agreement_ecdh( attributes, - key_buffer, - key_buffer_size, - alg, - peer_key, - peer_key_length, - shared_secret, - shared_secret_size, + key_buffer, key_buffer_size, + alg, peer_key, peer_key_length, + shared_secret, shared_secret_size, shared_secret_length ) ); +#endif + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From bec5ecc7ce69727448ed15e994806dbb25285491 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Mon, 7 Nov 2022 10:43:29 +0000 Subject: [PATCH 278/553] Fix formatting and code comments Signed-off-by: Aditya Deshpande --- src/drivers/test_driver_key_agreement.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index ccea61dd7d..393a81a237 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -82,7 +82,7 @@ psa_status_t mbedtls_test_transparent_key_agreement( alg, peer_key, peer_key_length, shared_secret, shared_secret_size, shared_secret_length ) ); -#endif +#endif } else { From 63fc88a540cf7b9c337245539c128c4e8ecbb1a6 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Tue, 8 Nov 2022 10:33:44 +0000 Subject: [PATCH 279/553] Add default return case to mbedtls_test_transparent_key_agreement() Signed-off-by: Aditya Deshpande --- src/drivers/test_driver_key_agreement.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 393a81a237..20d1d6b87f 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -82,6 +82,16 @@ psa_status_t mbedtls_test_transparent_key_agreement( alg, peer_key, peer_key_length, shared_secret, shared_secret_size, shared_secret_length ) ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) peer_key; + (void) peer_key_length; + (void) shared_secret; + (void) shared_secret_size; + (void) shared_secret_length; + return( PSA_ERROR_NOT_SUPPORTED ); #endif } else From b79801461ae355ec1ac48e3078ee205c5a7f17d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Nov 2022 10:45:15 +0100 Subject: [PATCH 280/553] Forbid empty mpi_core in test data This way static analyzers have a chance of knowing we don't expect the bignum functions to support empty inputs. As things are, Coverity keeps complaining about it. Signed-off-by: Gilles Peskine --- src/helpers.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index b7c83646c1..cc23fd7c4d 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -357,8 +357,12 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, size_t hex_len = strlen( input ); size_t byte_len = ( hex_len + 1 ) / 2; *plimbs = CHARS_TO_LIMBS( byte_len ); + + /* A core bignum is not allowed to be empty. Forbid it as test data, + * this way static analyzers have a chance of knowing we don't expect + * the bignum functions to support empty inputs. */ if( *plimbs == 0 ) - return( 0 ); + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); if( *pX == NULL ) From 4c2e434970e4bbe86c2166000bbb554d00092d3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Nov 2022 21:08:44 +0100 Subject: [PATCH 281/553] Support negative zero as MPI test input The bignum module does not officially support "negative zero" (an mbedtls_mpi object with s=-1 and all limbs zero). However, we have a history of bugs where a function that should produce an official zero (with s=1), produces a negative zero in some circumstances. So it's good to check that the bignum functions are robust when passed a negative zero as input. And for that, we need a way to construct a negative zero from test case arguments. There are checks that functions don't produce negative zeros as output in the test suite. Skip those checks if there's a negative zero input: we don't want functions to _create_ negative zeros, but we don't mind if they _propagate_ negative zeros. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 28 +++++++++++++++++++++------- src/helpers.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index e0e6fd27fe..568d5e5273 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -295,13 +295,19 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, /** Read an MPI from a hexadecimal string. * - * Like mbedtls_mpi_read_string(), but size the resulting bignum based - * on the number of digits in the string. In particular, construct a - * bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. - * - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. + * Like mbedtls_mpi_read_string(), but with tighter guarantees around + * edge cases. + * + * - This function guarantees that if \p s begins with '-' then the sign + * bit of the result will be negative, even if the value is 0. + * When this function encounters such a "negative 0", it + * increments #mbedtls_test_read_mpi. + * - The size of the result is exactly the minimum number of limbs needed + * to fit the digits in the input. In particular, this function constructs + * a bignum with 0 limbs for an empty string, and a bignum with leading 0 + * limbs if the string has sufficiently many leading 0 digits. + * This is important so that the "0 (null)" and "0 (1 limb)" and + * "leading zeros" test cases do what they claim. * * \param[out] X The MPI object to populate. It must be initialized. * \param[in] s The null-terminated hexadecimal string to read from. @@ -309,6 +315,14 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); + +/** Nonzero if the current test case had an input parsed with + * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., + * constructing a result with the sign bit set to -1 and the value being + * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). + */ +extern unsigned mbedtls_test_case_uses_negative_0; #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_HELPERS_H */ diff --git a/src/helpers.c b/src/helpers.c index cc23fd7c4d..7c83714f19 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -89,6 +89,10 @@ void mbedtls_test_set_step( unsigned long step ) mbedtls_test_info.step = step; } +#if defined(MBEDTLS_BIGNUM_C) +unsigned mbedtls_test_case_uses_negative_0 = 0; +#endif + void mbedtls_test_info_reset( void ) { mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; @@ -98,6 +102,9 @@ void mbedtls_test_info_reset( void ) mbedtls_test_info.filename = 0; memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) ); memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) ); +#if defined(MBEDTLS_BIGNUM_C) + mbedtls_test_case_uses_negative_0 = 0; +#endif } int mbedtls_test_equal( const char *test, int line_no, const char* filename, @@ -396,6 +403,15 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) { + int negative = 0; + /* Always set the sign bit to -1 if the input has a minus sign, even for 0. + * This creates an invalid representation, which mbedtls_mpi_read_string() + * avoids but we want to be able to create that in test data. */ + if( s[0] == '-' ) + { + ++s; + negative = 1; + } /* mbedtls_mpi_read_string() currently retains leading zeros. * It always allocates at least one limb for the value 0. */ if( s[0] == 0 ) @@ -403,7 +419,15 @@ int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) mbedtls_mpi_free( X ); return( 0 ); } - else - return( mbedtls_mpi_read_string( X, 16, s ) ); + int ret = mbedtls_mpi_read_string( X, 16, s ); + if( ret != 0 ) + return( ret ); + if( negative ) + { + if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) + ++mbedtls_test_case_uses_negative_0; + X->s = -1; + } + return( 0 ); } #endif From 9ea7ef134cac1e1e3e6e1b2f190fcb76157fb500 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Nov 2022 15:59:51 +0100 Subject: [PATCH 282/553] Fix autocucumber in documentation Signed-off-by: Gilles Peskine --- include/test/helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 568d5e5273..5f9bde697b 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -301,7 +301,7 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, * - This function guarantees that if \p s begins with '-' then the sign * bit of the result will be negative, even if the value is 0. * When this function encounters such a "negative 0", it - * increments #mbedtls_test_read_mpi. + * increments #mbedtls_test_case_uses_negative_0. * - The size of the result is exactly the minimum number of limbs needed * to fit the digits in the input. In particular, this function constructs * a bignum with 0 limbs for an empty string, and a bignum with leading 0 From 3bf05412f40838026af487367d076579df95c984 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Wed, 16 Nov 2022 17:08:53 +0000 Subject: [PATCH 283/553] Add tests for the key agreement driver wrapper to test_suite_psa_crypto_driver_wrappers Signed-off-by: Aditya Deshpande --- include/test/drivers/key_agreement.h | 3 +++ src/drivers/test_driver_key_agreement.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index 634cbac199..ec6515982e 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -45,6 +45,9 @@ static inline mbedtls_test_driver_key_agreement_hooks_t return( v ); } +extern mbedtls_test_driver_key_agreement_hooks_t + mbedtls_test_driver_key_agreement_hooks; + psa_status_t mbedtls_test_transparent_key_agreement( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 20d1d6b87f..51301f8f04 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -50,6 +50,8 @@ psa_status_t mbedtls_test_transparent_key_agreement( size_t shared_secret_size, size_t *shared_secret_length ) { + ++mbedtls_test_driver_key_agreement_hooks.hits; + if( mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_agreement_hooks.forced_status ); From 3d9f3a71c018a57c32280d2c7babef115bf7f736 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Mon, 28 Nov 2022 14:46:30 +0000 Subject: [PATCH 284/553] Add test function for opaque driver (simply returns PSA_ERROR_NOT_SUPPORTED), and address other review comments. Signed-off-by: Aditya Deshpande --- include/test/drivers/key_agreement.h | 20 +++++++++--------- src/drivers/test_driver_key_agreement.c | 27 +++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index ec6515982e..8f28cefda8 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -59,16 +59,16 @@ psa_status_t mbedtls_test_transparent_key_agreement( size_t shared_secret_size, size_t *shared_secret_length ); -// psa_status_t mbedtls_test_opaque_key_agreement( -// const psa_key_attributes_t *attributes, -// const uint8_t *key_buffer, -// size_t key_buffer_size, -// psa_algorithm_t alg, -// const uint8_t *peer_key, -// size_t peer_key_length, -// uint8_t *shared_secret, -// size_t shared_secret_size, -// size_t *shared_secret_length ); +psa_status_t mbedtls_test_opaque_key_agreement( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length ); #endif /*PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 51301f8f04..3552f48f75 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -69,8 +69,8 @@ psa_status_t mbedtls_test_transparent_key_agreement( if( PSA_ALG_IS_ECDH(alg) ) { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH) +#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH)) return( libtestdriver1_mbedtls_psa_key_agreement_ecdh( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, @@ -103,4 +103,27 @@ psa_status_t mbedtls_test_transparent_key_agreement( } +psa_status_t mbedtls_test_opaque_key_agreement( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length ) +{ + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) peer_key; + (void) peer_key_length; + (void) shared_secret; + (void) shared_secret_size; + (void) shared_secret_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From e0e17c46f9f29b401542b3b7df421c02e8727c9b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Nov 2022 16:01:41 +0100 Subject: [PATCH 285/553] Valgrind for constant flow: skip non-CF test suites When testing under Valgrind for constant flow, skip test suites that don't have any constant-flow annotations, since the testing wouldn't do anything more that testing with ordinary Valgrind (component_test_valgrind and component_test_valgrind_psa). This is a significant time saving since testing with Valgrind is very slow. Signed-off-by: Gilles Peskine --- include/test/constant_flow.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index 9626af9e46..f3d676e285 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -46,6 +46,12 @@ * This file contains two implementations: one based on MemorySanitizer, the * other on valgrind's memcheck. If none of them is enabled, dummy macros that * do nothing are defined for convenience. + * + * \note #TEST_CF_SECRET must be called directly from within a .function file, + * not indirectly via a macro defined under tests/include or a function + * under tests/src. This is because we only run Valgrind for constant + * flow on test suites that have greppable annotations inside them (see + * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). */ #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) From f40b834435dcb20433eb5ad3d109657a5b59874d Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Tue, 29 Nov 2022 16:53:29 +0000 Subject: [PATCH 286/553] Minor formatting fixes to address code review comments Signed-off-by: Aditya Deshpande --- src/drivers/test_driver_key_agreement.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 3552f48f75..7c37b03272 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -29,7 +29,6 @@ #include "test/drivers/test_driver.h" #include -#include #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/include/psa/crypto.h" @@ -50,7 +49,7 @@ psa_status_t mbedtls_test_transparent_key_agreement( size_t shared_secret_size, size_t *shared_secret_length ) { - ++mbedtls_test_driver_key_agreement_hooks.hits; + mbedtls_test_driver_key_agreement_hooks.hits++; if( mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_agreement_hooks.forced_status ); From 2525a2549627c97a6dfc3ecd618ee6727c8d2f05 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Sun, 4 Dec 2022 17:19:59 +0000 Subject: [PATCH 287/553] Fix typos prior to release Signed-off-by: Tom Cosgrove --- include/test/psa_crypto_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index bc2b016db2..3542950915 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -189,7 +189,7 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, * * Do a key policy permission extension on key usage policies always involves * permissions of other usage policies - * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE). + * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE). */ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags ); From 9b5af603c4fbdb21e2cdc79e45bdea277c0171cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Dec 2022 15:24:52 +0100 Subject: [PATCH 288/553] Move bignum helpers to their own module Move bignum-related helper functions to their own files under tests/include and tests/src. The primary motivation is that a subsequent commit will make bignum_helpers.h include library/bignum*.h, but we want to be able to include without having the library directory on the include path (we do this in some programs under programs/ intended for testing). Signed-off-by: Gilles Peskine --- include/test/bignum_helpers.h | 90 +++++++++++++++++++++++++ include/test/helpers.h | 67 ++++--------------- src/bignum_helpers.c | 119 ++++++++++++++++++++++++++++++++++ src/helpers.c | 87 +------------------------ 4 files changed, 223 insertions(+), 140 deletions(-) create mode 100644 include/test/bignum_helpers.h create mode 100644 src/bignum_helpers.c diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h new file mode 100644 index 0000000000..22ce7f76fc --- /dev/null +++ b/include/test/bignum_helpers.h @@ -0,0 +1,90 @@ +/** + * \file bignum_helpers.h + * + * \brief This file contains the prototypes of helper functions for + * bignum-related testing. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_BIGNUM_HELPERS_H +#define TEST_BIGNUM_HELPERS_H + +#include + +#if defined(MBEDTLS_BIGNUM_C) + +#include + +/** Allocate and populate a core MPI from a test case argument. + * + * This function allocates exactly as many limbs as necessary to fit + * the length of the input. In other words, it preserves leading zeros. + * + * The limb array is allocated with mbedtls_calloc() and must later be + * freed with mbedtls_free(). + * + * \param[in,out] pX The address where a pointer to the allocated limb + * array will be stored. + * \c *pX must be null on entry. + * On exit, \c *pX is null on error or if the number + * of limbs is 0. + * \param[out] plimbs The address where the number of limbs will be stored. + * \param[in] input The test argument to read. + * It is interpreted as a hexadecimal representation + * of a non-negative integer. + * + * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. + */ +int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, + const char *input ); + +/** Read an MPI from a hexadecimal string. + * + * Like mbedtls_mpi_read_string(), but with tighter guarantees around + * edge cases. + * + * - This function guarantees that if \p s begins with '-' then the sign + * bit of the result will be negative, even if the value is 0. + * When this function encounters such a "negative 0", it + * increments #mbedtls_test_case_uses_negative_0. + * - The size of the result is exactly the minimum number of limbs needed + * to fit the digits in the input. In particular, this function constructs + * a bignum with 0 limbs for an empty string, and a bignum with leading 0 + * limbs if the string has sufficiently many leading 0 digits. + * This is important so that the "0 (null)" and "0 (1 limb)" and + * "leading zeros" test cases do what they claim. + * + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. + * + * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. + */ +int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); + +/** Nonzero if the current test case had an input parsed with + * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., + * constructing a result with the sign bit set to -1 and the value being + * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). + */ +extern unsigned mbedtls_test_case_uses_negative_0; + +#endif /* MBEDTLS_BIGNUM_C */ + +#endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/include/test/helpers.h b/include/test/helpers.h index 5f9bde697b..b64bfcbcef 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -215,6 +215,17 @@ void mbedtls_test_hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); +/** + * \brief Convert hexadecimal digit to an integer. + * + * \param c The digit to convert (`'0'` to `'9'`, `'A'` to `'F'` or + * `'a'` to `'f'`). + * \param[out] uc On success, the value of the digit (0 to 15). + * + * \return 0 on success, -1 if \p c is not a hexadecimal digit. + */ +int mbedtls_test_ascii2uc(const char c, unsigned char *uc); + /** * Allocate and zeroize a buffer. * @@ -269,60 +280,4 @@ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); #endif -#if defined(MBEDTLS_BIGNUM_C) -/** Allocate and populate a core MPI from a test case argument. - * - * This function allocates exactly as many limbs as necessary to fit - * the length of the input. In other words, it preserves leading zeros. - * - * The limb array is allocated with mbedtls_calloc() and must later be - * freed with mbedtls_free(). - * - * \param[in,out] pX The address where a pointer to the allocated limb - * array will be stored. - * \c *pX must be null on entry. - * On exit, \c *pX is null on error or if the number - * of limbs is 0. - * \param[out] plimbs The address where the number of limbs will be stored. - * \param[in] input The test argument to read. - * It is interpreted as a hexadecimal representation - * of a non-negative integer. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input ); - -/** Read an MPI from a hexadecimal string. - * - * Like mbedtls_mpi_read_string(), but with tighter guarantees around - * edge cases. - * - * - This function guarantees that if \p s begins with '-' then the sign - * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it - * increments #mbedtls_test_case_uses_negative_0. - * - The size of the result is exactly the minimum number of limbs needed - * to fit the digits in the input. In particular, this function constructs - * a bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. - * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. - * - * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. - */ -int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); - -/** Nonzero if the current test case had an input parsed with - * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., - * constructing a result with the sign bit set to -1 and the value being - * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). - */ -extern unsigned mbedtls_test_case_uses_negative_0; -#endif /* MBEDTLS_BIGNUM_C */ - #endif /* TEST_HELPERS_H */ diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c new file mode 100644 index 0000000000..575bd03de3 --- /dev/null +++ b/src/bignum_helpers.c @@ -0,0 +1,119 @@ +/** + * \file bignum_helpers.c + * + * \brief This file contains the prototypes of helper functions for + * bignum-related testing. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#include + +#if defined(MBEDTLS_BIGNUM_C) + +#include +#include + +#include +#include +#include +#include + +#include +#include + +int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, + const char *input ) +{ + /* Sanity check */ + if( *pX != NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + size_t hex_len = strlen( input ); + size_t byte_len = ( hex_len + 1 ) / 2; + *plimbs = CHARS_TO_LIMBS( byte_len ); + + /* A core bignum is not allowed to be empty. Forbid it as test data, + * this way static analyzers have a chance of knowing we don't expect + * the bignum functions to support empty inputs. */ + if( *plimbs == 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); + if( *pX == NULL ) + return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + + unsigned char *byte_start = ( unsigned char * ) *pX; + if( byte_len % sizeof( mbedtls_mpi_uint ) != 0 ) + { + byte_start += sizeof( mbedtls_mpi_uint ) - byte_len % sizeof( mbedtls_mpi_uint ); + } + if( ( hex_len & 1 ) != 0 ) + { + /* mbedtls_test_unhexify wants an even number of hex digits */ + TEST_ASSERT( mbedtls_test_ascii2uc( *input, byte_start ) == 0 ); + ++byte_start; + ++input; + --byte_len; + } + TEST_ASSERT( mbedtls_test_unhexify( byte_start, + byte_len, + input, + &byte_len ) == 0 ); + + mbedtls_mpi_core_bigendian_to_host( *pX, *plimbs ); + return( 0 ); + +exit: + mbedtls_free( *pX ); + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); +} + +int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) +{ + int negative = 0; + /* Always set the sign bit to -1 if the input has a minus sign, even for 0. + * This creates an invalid representation, which mbedtls_mpi_read_string() + * avoids but we want to be able to create that in test data. */ + if( s[0] == '-' ) + { + ++s; + negative = 1; + } + /* mbedtls_mpi_read_string() currently retains leading zeros. + * It always allocates at least one limb for the value 0. */ + if( s[0] == 0 ) + { + mbedtls_mpi_free( X ); + return( 0 ); + } + int ret = mbedtls_mpi_read_string( X, 16, s ); + if( ret != 0 ) + return( ret ); + if( negative ) + { + if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) + ++mbedtls_test_case_uses_negative_0; + X->s = -1; + } + return( 0 ); +} + +#endif /* MBEDTLS_BIGNUM_C */ + diff --git a/src/helpers.c b/src/helpers.c index 7c83714f19..be5c465fd9 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -48,7 +48,7 @@ void mbedtls_test_platform_teardown( void ) #endif /* MBEDTLS_PLATFORM_C */ } -static int ascii2uc(const char c, unsigned char *uc) +int mbedtls_test_ascii2uc(const char c, unsigned char *uc) { if( ( c >= '0' ) && ( c <= '9' ) ) *uc = c - '0'; @@ -207,10 +207,10 @@ int mbedtls_test_unhexify( unsigned char *obuf, while( *ibuf != 0 ) { - if ( ascii2uc( *(ibuf++), &uc ) != 0 ) + if ( mbedtls_test_ascii2uc( *(ibuf++), &uc ) != 0 ) return( -1 ); - if ( ascii2uc( *(ibuf++), &uc2 ) != 0 ) + if ( mbedtls_test_ascii2uc( *(ibuf++), &uc2 ) != 0 ) return( -1 ); *(obuf++) = ( uc << 4 ) | uc2; @@ -350,84 +350,3 @@ void mbedtls_test_err_add_check( int high, int low, } } #endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_BIGNUM_C) -#include "bignum_core.h" - -int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input ) -{ - /* Sanity check */ - if( *pX != NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - size_t hex_len = strlen( input ); - size_t byte_len = ( hex_len + 1 ) / 2; - *plimbs = CHARS_TO_LIMBS( byte_len ); - - /* A core bignum is not allowed to be empty. Forbid it as test data, - * this way static analyzers have a chance of knowing we don't expect - * the bignum functions to support empty inputs. */ - if( *plimbs == 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); - if( *pX == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - unsigned char *byte_start = ( unsigned char * ) *pX; - if( byte_len % sizeof( mbedtls_mpi_uint ) != 0 ) - { - byte_start += sizeof( mbedtls_mpi_uint ) - byte_len % sizeof( mbedtls_mpi_uint ); - } - if( ( hex_len & 1 ) != 0 ) - { - /* mbedtls_test_unhexify wants an even number of hex digits */ - TEST_ASSERT( ascii2uc( *input, byte_start ) == 0 ); - ++byte_start; - ++input; - --byte_len; - } - TEST_ASSERT( mbedtls_test_unhexify( byte_start, - byte_len, - input, - &byte_len ) == 0 ); - - mbedtls_mpi_core_bigendian_to_host( *pX, *plimbs ); - return( 0 ); - -exit: - mbedtls_free( *pX ); - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); -} - -int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) -{ - int negative = 0; - /* Always set the sign bit to -1 if the input has a minus sign, even for 0. - * This creates an invalid representation, which mbedtls_mpi_read_string() - * avoids but we want to be able to create that in test data. */ - if( s[0] == '-' ) - { - ++s; - negative = 1; - } - /* mbedtls_mpi_read_string() currently retains leading zeros. - * It always allocates at least one limb for the value 0. */ - if( s[0] == 0 ) - { - mbedtls_mpi_free( X ); - return( 0 ); - } - int ret = mbedtls_mpi_read_string( X, 16, s ); - if( ret != 0 ) - return( ret ); - if( negative ) - { - if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) - ++mbedtls_test_case_uses_negative_0; - X->s = -1; - } - return( 0 ); -} -#endif From 093ca9bdd81ae6fc03005efb2ed0860ee122f057 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Dec 2022 22:59:54 +0100 Subject: [PATCH 289/553] New helper function to allocate and read a modulus When including , the library/ directory now needs to be on the include path. Signed-off-by: Gilles Peskine --- include/test/bignum_helpers.h | 20 ++++++++++++++++++++ src/bignum_helpers.c | 17 +++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index 22ce7f76fc..ab3c86a12f 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -30,6 +30,7 @@ #if defined(MBEDTLS_BIGNUM_C) #include +#include /** Allocate and populate a core MPI from a test case argument. * @@ -54,6 +55,25 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, const char *input ); +/** Read a modulus from a hexadecimal string. + * + * This function allocates exactly as many limbs as necessary to fit + * the length of the input. In other words, it preserves leading zeros. + * + * The limb array is allocated with mbedtls_calloc() and must later be + * freed with mbedtls_free(). + * + * \param[in,out] N A modulus structure. It must be initialized, but + * not set up. + * \param[in] s The null-terminated hexadecimal string to read from. + * \param int_rep The desired representation of residues. + * + * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. + */ +int mbedtls_test_read_mpi_modulus( mbedtls_mpi_mod_modulus *N, + const char *s, + mbedtls_mpi_mod_rep_selector int_rep ); + /** Read an MPI from a hexadecimal string. * * Like mbedtls_mpi_read_string(), but with tighter guarantees around diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index 575bd03de3..eb819f5ce1 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -85,6 +85,23 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); } +int mbedtls_test_read_mpi_modulus( mbedtls_mpi_mod_modulus *N, + const char *s, + mbedtls_mpi_mod_rep_selector int_rep ) +{ + mbedtls_mpi_uint *p = NULL; + size_t limbs = 0; + if( N->limbs != 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + int ret = mbedtls_test_read_mpi_core( &p, &limbs, s ); + if( ret != 0 ) + return( ret ); + ret = mbedtls_mpi_mod_modulus_setup( N, p, limbs, int_rep ); + if( ret != 0 ) + mbedtls_free( p ); + return( ret ); +} + int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) { int negative = 0; From 2d0374ab08d62769da004e765f1ce26573ad9ca6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Dec 2022 19:50:29 +0100 Subject: [PATCH 290/553] Fix leak of modulus structures in tests Signed-off-by: Gilles Peskine --- include/test/bignum_helpers.h | 10 +++++++++- src/bignum_helpers.c | 6 ++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index ab3c86a12f..164017e69f 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -61,7 +61,8 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, * the length of the input. In other words, it preserves leading zeros. * * The limb array is allocated with mbedtls_calloc() and must later be - * freed with mbedtls_free(). + * freed with mbedtls_free(). You can do that by calling + * mbedtls_test_mpi_mod_modulus_free_with_limbs(). * * \param[in,out] N A modulus structure. It must be initialized, but * not set up. @@ -74,6 +75,13 @@ int mbedtls_test_read_mpi_modulus( mbedtls_mpi_mod_modulus *N, const char *s, mbedtls_mpi_mod_rep_selector int_rep ); +/** Free a modulus and its limbs. + * + * \param[in] N A modulus structure such that there is no other + * reference to `N->p`. + */ +void mbedtls_test_mpi_mod_modulus_free_with_limbs( mbedtls_mpi_mod_modulus *N ); + /** Read an MPI from a hexadecimal string. * * Like mbedtls_mpi_read_string(), but with tighter guarantees around diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index eb819f5ce1..d6ec9bd3cc 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -102,6 +102,12 @@ int mbedtls_test_read_mpi_modulus( mbedtls_mpi_mod_modulus *N, return( ret ); } +void mbedtls_test_mpi_mod_modulus_free_with_limbs( mbedtls_mpi_mod_modulus *N ) +{ + mbedtls_free( (mbedtls_mpi_uint*) N->p ); + mbedtls_mpi_mod_modulus_free( N ); +} + int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) { int negative = 0; From 48b77b5709bc21c82079a07d2b036271ad43ee45 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Dec 2022 12:58:14 +0100 Subject: [PATCH 291/553] test: remove SHA224 from default test driver config Signed-off-by: Valerio Setti --- include/test/drivers/config_test_driver.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 6a7fb1f3e4..22518bfc4f 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -35,7 +35,6 @@ /* PSA core mandatory configuration options */ #define MBEDTLS_CIPHER_C #define MBEDTLS_AES_C -#define MBEDTLS_SHA224_C #define MBEDTLS_SHA256_C #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 #define MBEDTLS_CTR_DRBG_C @@ -46,6 +45,7 @@ * purpose of a specific set of tests. */ //#define MBEDTLS_SHA1_C +//#define MBEDTLS_SHA224_C //#define MBEDTLS_SHA384_C //#define MBEDTLS_SHA512_C //#define MBEDTLS_MD_C From 8dea11cbc14608b31e7c96decd8aa43cd5bd7538 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Jan 2023 14:50:10 +0100 Subject: [PATCH 292/553] Switch to the new code style Signed-off-by: Gilles Peskine --- include/alt-dummy/aes_alt.h | 6 +- include/alt-dummy/aria_alt.h | 3 +- include/alt-dummy/camellia_alt.h | 3 +- include/alt-dummy/ccm_alt.h | 3 +- include/alt-dummy/chacha20_alt.h | 3 +- include/alt-dummy/chachapoly_alt.h | 3 +- include/alt-dummy/cmac_alt.h | 3 +- include/alt-dummy/des_alt.h | 6 +- include/alt-dummy/dhm_alt.h | 3 +- include/alt-dummy/ecjpake_alt.h | 3 +- include/alt-dummy/ecp_alt.h | 3 +- include/alt-dummy/gcm_alt.h | 3 +- include/alt-dummy/md5_alt.h | 3 +- include/alt-dummy/platform_alt.h | 3 +- include/alt-dummy/poly1305_alt.h | 3 +- include/alt-dummy/ripemd160_alt.h | 3 +- include/alt-dummy/rsa_alt.h | 3 +- include/alt-dummy/sha1_alt.h | 3 +- include/alt-dummy/sha256_alt.h | 3 +- include/alt-dummy/sha512_alt.h | 3 +- include/alt-dummy/threading_alt.h | 3 +- include/alt-dummy/timing_alt.h | 6 +- include/spe/crypto_spe.h | 106 +- include/test/asn1_helpers.h | 6 +- include/test/bignum_helpers.h | 14 +- include/test/certs.h | 22 +- include/test/drivers/aead.h | 58 +- include/test/drivers/asymmetric_encryption.h | 12 +- include/test/drivers/cipher.h | 6 +- include/test/drivers/hash.h | 16 +- include/test/drivers/key_agreement.h | 8 +- include/test/drivers/key_management.h | 28 +- include/test/drivers/mac.h | 32 +- include/test/drivers/signature.h | 20 +- include/test/fake_external_rng_for_test.h | 4 +- include/test/helpers.h | 61 +- include/test/macros.h | 160 +- include/test/psa_crypto_helpers.h | 106 +- include/test/psa_exercise_key.h | 26 +- include/test/psa_helpers.h | 2 +- include/test/random.h | 32 +- src/asn1_helpers.c | 48 +- src/bignum_helpers.c | 116 +- src/certs.c | 1818 ++++++++--------- src/drivers/hash.c | 128 +- src/drivers/platform_builtin_keys.c | 41 +- src/drivers/test_driver_aead.c | 357 ++-- .../test_driver_asymmetric_encryption.c | 94 +- src/drivers/test_driver_cipher.c | 229 ++- src/drivers/test_driver_key_agreement.c | 62 +- src/drivers/test_driver_key_management.c | 733 +++---- src/drivers/test_driver_mac.c | 258 +-- src/drivers/test_driver_signature.c | 318 ++- src/fake_external_rng_for_test.c | 15 +- src/helpers.c | 321 ++- src/psa_crypto_helpers.c | 96 +- src/psa_exercise_key.c | 1095 +++++----- src/random.c | 104 +- src/threading_helpers.c | 101 +- 59 files changed, 3285 insertions(+), 3443 deletions(-) diff --git a/include/alt-dummy/aes_alt.h b/include/alt-dummy/aes_alt.h index f226188fd3..21d85f1ff3 100644 --- a/include/alt-dummy/aes_alt.h +++ b/include/alt-dummy/aes_alt.h @@ -19,16 +19,14 @@ #ifndef AES_ALT_H #define AES_ALT_H -typedef struct mbedtls_aes_context -{ +typedef struct mbedtls_aes_context { int dummy; } mbedtls_aes_context; #if defined(MBEDTLS_CIPHER_MODE_XTS) -typedef struct mbedtls_aes_xts_context -{ +typedef struct mbedtls_aes_xts_context { int dummy; } mbedtls_aes_xts_context; #endif diff --git a/include/alt-dummy/aria_alt.h b/include/alt-dummy/aria_alt.h index 5f2335b8f4..aabec9c9f0 100644 --- a/include/alt-dummy/aria_alt.h +++ b/include/alt-dummy/aria_alt.h @@ -19,8 +19,7 @@ #ifndef ARIA_ALT_H #define ARIA_ALT_H -typedef struct mbedtls_aria_context -{ +typedef struct mbedtls_aria_context { int dummy; } mbedtls_aria_context; diff --git a/include/alt-dummy/camellia_alt.h b/include/alt-dummy/camellia_alt.h index c23d1b4c0c..b42613bc2f 100644 --- a/include/alt-dummy/camellia_alt.h +++ b/include/alt-dummy/camellia_alt.h @@ -19,8 +19,7 @@ #ifndef CAMELLIA_ALT_H #define CAMELLIA_ALT_H -typedef struct mbedtls_camellia_context -{ +typedef struct mbedtls_camellia_context { int dummy; } mbedtls_camellia_context; diff --git a/include/alt-dummy/ccm_alt.h b/include/alt-dummy/ccm_alt.h index dcb834ed6a..5ec7d4e48e 100644 --- a/include/alt-dummy/ccm_alt.h +++ b/include/alt-dummy/ccm_alt.h @@ -19,8 +19,7 @@ #ifndef CCM_ALT_H #define CCM_ALT_H -typedef struct mbedtls_ccm_context -{ +typedef struct mbedtls_ccm_context { int dummy; } mbedtls_ccm_context; diff --git a/include/alt-dummy/chacha20_alt.h b/include/alt-dummy/chacha20_alt.h index 7a5a25cab7..a53a330023 100644 --- a/include/alt-dummy/chacha20_alt.h +++ b/include/alt-dummy/chacha20_alt.h @@ -19,8 +19,7 @@ #ifndef CHACHA20_ALT_H #define CHACHA20_ALT_H -typedef struct mbedtls_chacha20_context -{ +typedef struct mbedtls_chacha20_context { int dummy; } mbedtls_chacha20_context; diff --git a/include/alt-dummy/chachapoly_alt.h b/include/alt-dummy/chachapoly_alt.h index 448517d7d8..584a421749 100644 --- a/include/alt-dummy/chachapoly_alt.h +++ b/include/alt-dummy/chachapoly_alt.h @@ -21,8 +21,7 @@ #include "mbedtls/chacha20.h" -typedef struct mbedtls_chachapoly_context -{ +typedef struct mbedtls_chachapoly_context { int dummy; } mbedtls_chachapoly_context; diff --git a/include/alt-dummy/cmac_alt.h b/include/alt-dummy/cmac_alt.h index 4c9feee337..13c998d682 100644 --- a/include/alt-dummy/cmac_alt.h +++ b/include/alt-dummy/cmac_alt.h @@ -19,8 +19,7 @@ #ifndef CMAC_ALT_H #define CMAC_ALT_H -struct mbedtls_cmac_context_t -{ +struct mbedtls_cmac_context_t { int dummy; }; diff --git a/include/alt-dummy/des_alt.h b/include/alt-dummy/des_alt.h index e5a0bd3aae..3b8abe493b 100644 --- a/include/alt-dummy/des_alt.h +++ b/include/alt-dummy/des_alt.h @@ -20,14 +20,12 @@ #ifndef DES_ALT_H #define DES_ALT_H -typedef struct mbedtls_des_context -{ +typedef struct mbedtls_des_context { int dummy; } mbedtls_des_context; -typedef struct mbedtls_des3_context -{ +typedef struct mbedtls_des3_context { int dummy; } mbedtls_des3_context; diff --git a/include/alt-dummy/dhm_alt.h b/include/alt-dummy/dhm_alt.h index 6289a41db2..ccb3bd3c32 100644 --- a/include/alt-dummy/dhm_alt.h +++ b/include/alt-dummy/dhm_alt.h @@ -19,8 +19,7 @@ #ifndef DHM_ALT_H #define DHM_ALT_H -typedef struct mbedtls_dhm_context -{ +typedef struct mbedtls_dhm_context { int dummy; } mbedtls_dhm_context; diff --git a/include/alt-dummy/ecjpake_alt.h b/include/alt-dummy/ecjpake_alt.h index 8de0fcf8e2..90c21da8bd 100644 --- a/include/alt-dummy/ecjpake_alt.h +++ b/include/alt-dummy/ecjpake_alt.h @@ -19,8 +19,7 @@ #ifndef ECJPAKE_ALT_H #define ECJPAKE_ALT_H -typedef struct mbedtls_ecjpake_context -{ +typedef struct mbedtls_ecjpake_context { int dummy; } mbedtls_ecjpake_context; diff --git a/include/alt-dummy/ecp_alt.h b/include/alt-dummy/ecp_alt.h index d263871c48..56c9810950 100644 --- a/include/alt-dummy/ecp_alt.h +++ b/include/alt-dummy/ecp_alt.h @@ -19,8 +19,7 @@ #ifndef ECP_ALT_H #define ECP_ALT_H -typedef struct mbedtls_ecp_group -{ +typedef struct mbedtls_ecp_group { const mbedtls_ecp_group_id id; const mbedtls_mpi P; const mbedtls_mpi A; diff --git a/include/alt-dummy/gcm_alt.h b/include/alt-dummy/gcm_alt.h index 94986ff485..7be5b62f6c 100644 --- a/include/alt-dummy/gcm_alt.h +++ b/include/alt-dummy/gcm_alt.h @@ -19,8 +19,7 @@ #ifndef GCM_ALT_H #define GCM_ALT_H -typedef struct mbedtls_gcm_context -{ +typedef struct mbedtls_gcm_context { int dummy; } mbedtls_gcm_context; diff --git a/include/alt-dummy/md5_alt.h b/include/alt-dummy/md5_alt.h index c1191479dc..1f3e5ed9bb 100644 --- a/include/alt-dummy/md5_alt.h +++ b/include/alt-dummy/md5_alt.h @@ -19,8 +19,7 @@ #ifndef MD5_ALT_H #define MD5_ALT_H -typedef struct mbedtls_md5_context -{ +typedef struct mbedtls_md5_context { int dummy; } mbedtls_md5_context; diff --git a/include/alt-dummy/platform_alt.h b/include/alt-dummy/platform_alt.h index 2bf712de76..836f299c83 100644 --- a/include/alt-dummy/platform_alt.h +++ b/include/alt-dummy/platform_alt.h @@ -19,8 +19,7 @@ #ifndef PLATFORM_ALT_H #define PLATFORM_ALT_H -typedef struct mbedtls_platform_context -{ +typedef struct mbedtls_platform_context { int dummy; } mbedtls_platform_context; diff --git a/include/alt-dummy/poly1305_alt.h b/include/alt-dummy/poly1305_alt.h index b8c12104a4..5a8295f16f 100644 --- a/include/alt-dummy/poly1305_alt.h +++ b/include/alt-dummy/poly1305_alt.h @@ -19,8 +19,7 @@ #ifndef POLY1305_ALT_H #define POLY1305_ALT_H -typedef struct mbedtls_poly1305_context -{ +typedef struct mbedtls_poly1305_context { int dummy; } mbedtls_poly1305_context; diff --git a/include/alt-dummy/ripemd160_alt.h b/include/alt-dummy/ripemd160_alt.h index 722aeeb5dc..ca3b338270 100644 --- a/include/alt-dummy/ripemd160_alt.h +++ b/include/alt-dummy/ripemd160_alt.h @@ -19,8 +19,7 @@ #ifndef RIPEMD160_ALT_H #define RIPEMD160_ALT_H -typedef struct mbedtls_ripemd160_context -{ +typedef struct mbedtls_ripemd160_context { int dummy; } mbedtls_ripemd160_context; diff --git a/include/alt-dummy/rsa_alt.h b/include/alt-dummy/rsa_alt.h index ae80dbaa44..24f672bb3c 100644 --- a/include/alt-dummy/rsa_alt.h +++ b/include/alt-dummy/rsa_alt.h @@ -19,8 +19,7 @@ #ifndef RSA_ALT_H #define RSA_ALT_H -typedef struct mbedtls_rsa_context -{ +typedef struct mbedtls_rsa_context { int dummy; } mbedtls_rsa_context; diff --git a/include/alt-dummy/sha1_alt.h b/include/alt-dummy/sha1_alt.h index df2990b5bc..36bf71d847 100644 --- a/include/alt-dummy/sha1_alt.h +++ b/include/alt-dummy/sha1_alt.h @@ -19,8 +19,7 @@ #ifndef SHA1_ALT_H #define SHA1_ALT_H -typedef struct mbedtls_sha1_context -{ +typedef struct mbedtls_sha1_context { int dummy; } mbedtls_sha1_context; diff --git a/include/alt-dummy/sha256_alt.h b/include/alt-dummy/sha256_alt.h index 7e501ed91a..304734bfc9 100644 --- a/include/alt-dummy/sha256_alt.h +++ b/include/alt-dummy/sha256_alt.h @@ -19,8 +19,7 @@ #ifndef SHA256_ALT_H #define SHA256_ALT_H -typedef struct mbedtls_sha256_context -{ +typedef struct mbedtls_sha256_context { int dummy; } mbedtls_sha256_context; diff --git a/include/alt-dummy/sha512_alt.h b/include/alt-dummy/sha512_alt.h index 45c9599235..13e58109e1 100644 --- a/include/alt-dummy/sha512_alt.h +++ b/include/alt-dummy/sha512_alt.h @@ -19,8 +19,7 @@ #ifndef SHA512_ALT_H #define SHA512_ALT_H -typedef struct mbedtls_sha512_context -{ +typedef struct mbedtls_sha512_context { int dummy; } mbedtls_sha512_context; diff --git a/include/alt-dummy/threading_alt.h b/include/alt-dummy/threading_alt.h index ff2fed5e2a..4003506865 100644 --- a/include/alt-dummy/threading_alt.h +++ b/include/alt-dummy/threading_alt.h @@ -19,8 +19,7 @@ #ifndef THREADING_ALT_H #define THREADING_ALT_H -typedef struct mbedtls_threading_mutex_t -{ +typedef struct mbedtls_threading_mutex_t { int dummy; } mbedtls_threading_mutex_t; diff --git a/include/alt-dummy/timing_alt.h b/include/alt-dummy/timing_alt.h index f2da154f12..9d4e100ea7 100644 --- a/include/alt-dummy/timing_alt.h +++ b/include/alt-dummy/timing_alt.h @@ -19,13 +19,11 @@ #ifndef TIMING_ALT_H #define TIMING_ALT_H -struct mbedtls_timing_hr_time -{ +struct mbedtls_timing_hr_time { int dummy; }; -typedef struct mbedtls_timing_delay_context -{ +typedef struct mbedtls_timing_delay_context { int dummy; } mbedtls_timing_delay_context; diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h index 1aee8a5f0d..a79ce17385 100644 --- a/include/spe/crypto_spe.h +++ b/include/spe/crypto_spe.h @@ -34,110 +34,110 @@ #define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x #define psa_crypto_init \ - PSA_FUNCTION_NAME(psa_crypto_init) + PSA_FUNCTION_NAME(psa_crypto_init) #define psa_key_derivation_get_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) + PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) #define psa_key_derivation_set_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) + PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) #define psa_key_derivation_input_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) + PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) #define psa_key_derivation_output_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) + PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) #define psa_key_derivation_input_key \ - PSA_FUNCTION_NAME(psa_key_derivation_input_key) + PSA_FUNCTION_NAME(psa_key_derivation_input_key) #define psa_key_derivation_output_key \ - PSA_FUNCTION_NAME(psa_key_derivation_output_key) + PSA_FUNCTION_NAME(psa_key_derivation_output_key) #define psa_key_derivation_setup \ - PSA_FUNCTION_NAME(psa_key_derivation_setup) + PSA_FUNCTION_NAME(psa_key_derivation_setup) #define psa_key_derivation_abort \ - PSA_FUNCTION_NAME(psa_key_derivation_abort) + PSA_FUNCTION_NAME(psa_key_derivation_abort) #define psa_key_derivation_key_agreement \ - PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) + PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) #define psa_raw_key_agreement \ - PSA_FUNCTION_NAME(psa_raw_key_agreement) + PSA_FUNCTION_NAME(psa_raw_key_agreement) #define psa_generate_random \ - PSA_FUNCTION_NAME(psa_generate_random) + PSA_FUNCTION_NAME(psa_generate_random) #define psa_aead_encrypt \ - PSA_FUNCTION_NAME(psa_aead_encrypt) + PSA_FUNCTION_NAME(psa_aead_encrypt) #define psa_aead_decrypt \ - PSA_FUNCTION_NAME(psa_aead_decrypt) + PSA_FUNCTION_NAME(psa_aead_decrypt) #define psa_open_key \ - PSA_FUNCTION_NAME(psa_open_key) + PSA_FUNCTION_NAME(psa_open_key) #define psa_close_key \ - PSA_FUNCTION_NAME(psa_close_key) + PSA_FUNCTION_NAME(psa_close_key) #define psa_import_key \ - PSA_FUNCTION_NAME(psa_import_key) + PSA_FUNCTION_NAME(psa_import_key) #define psa_destroy_key \ - PSA_FUNCTION_NAME(psa_destroy_key) + PSA_FUNCTION_NAME(psa_destroy_key) #define psa_get_key_attributes \ - PSA_FUNCTION_NAME(psa_get_key_attributes) + PSA_FUNCTION_NAME(psa_get_key_attributes) #define psa_reset_key_attributes \ - PSA_FUNCTION_NAME(psa_reset_key_attributes) + PSA_FUNCTION_NAME(psa_reset_key_attributes) #define psa_export_key \ - PSA_FUNCTION_NAME(psa_export_key) + PSA_FUNCTION_NAME(psa_export_key) #define psa_export_public_key \ - PSA_FUNCTION_NAME(psa_export_public_key) + PSA_FUNCTION_NAME(psa_export_public_key) #define psa_purge_key \ - PSA_FUNCTION_NAME(psa_purge_key) + PSA_FUNCTION_NAME(psa_purge_key) #define psa_copy_key \ - PSA_FUNCTION_NAME(psa_copy_key) + PSA_FUNCTION_NAME(psa_copy_key) #define psa_cipher_operation_init \ - PSA_FUNCTION_NAME(psa_cipher_operation_init) + PSA_FUNCTION_NAME(psa_cipher_operation_init) #define psa_cipher_generate_iv \ - PSA_FUNCTION_NAME(psa_cipher_generate_iv) + PSA_FUNCTION_NAME(psa_cipher_generate_iv) #define psa_cipher_set_iv \ - PSA_FUNCTION_NAME(psa_cipher_set_iv) + PSA_FUNCTION_NAME(psa_cipher_set_iv) #define psa_cipher_encrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) + PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) #define psa_cipher_decrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) + PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) #define psa_cipher_update \ - PSA_FUNCTION_NAME(psa_cipher_update) + PSA_FUNCTION_NAME(psa_cipher_update) #define psa_cipher_finish \ - PSA_FUNCTION_NAME(psa_cipher_finish) + PSA_FUNCTION_NAME(psa_cipher_finish) #define psa_cipher_abort \ - PSA_FUNCTION_NAME(psa_cipher_abort) + PSA_FUNCTION_NAME(psa_cipher_abort) #define psa_hash_operation_init \ - PSA_FUNCTION_NAME(psa_hash_operation_init) + PSA_FUNCTION_NAME(psa_hash_operation_init) #define psa_hash_setup \ - PSA_FUNCTION_NAME(psa_hash_setup) + PSA_FUNCTION_NAME(psa_hash_setup) #define psa_hash_update \ - PSA_FUNCTION_NAME(psa_hash_update) + PSA_FUNCTION_NAME(psa_hash_update) #define psa_hash_finish \ - PSA_FUNCTION_NAME(psa_hash_finish) + PSA_FUNCTION_NAME(psa_hash_finish) #define psa_hash_verify \ - PSA_FUNCTION_NAME(psa_hash_verify) + PSA_FUNCTION_NAME(psa_hash_verify) #define psa_hash_abort \ - PSA_FUNCTION_NAME(psa_hash_abort) + PSA_FUNCTION_NAME(psa_hash_abort) #define psa_hash_clone \ - PSA_FUNCTION_NAME(psa_hash_clone) + PSA_FUNCTION_NAME(psa_hash_clone) #define psa_hash_compute \ - PSA_FUNCTION_NAME(psa_hash_compute) + PSA_FUNCTION_NAME(psa_hash_compute) #define psa_hash_compare \ - PSA_FUNCTION_NAME(psa_hash_compare) + PSA_FUNCTION_NAME(psa_hash_compare) #define psa_mac_operation_init \ - PSA_FUNCTION_NAME(psa_mac_operation_init) + PSA_FUNCTION_NAME(psa_mac_operation_init) #define psa_mac_sign_setup \ - PSA_FUNCTION_NAME(psa_mac_sign_setup) + PSA_FUNCTION_NAME(psa_mac_sign_setup) #define psa_mac_verify_setup \ - PSA_FUNCTION_NAME(psa_mac_verify_setup) + PSA_FUNCTION_NAME(psa_mac_verify_setup) #define psa_mac_update \ - PSA_FUNCTION_NAME(psa_mac_update) + PSA_FUNCTION_NAME(psa_mac_update) #define psa_mac_sign_finish \ - PSA_FUNCTION_NAME(psa_mac_sign_finish) + PSA_FUNCTION_NAME(psa_mac_sign_finish) #define psa_mac_verify_finish \ - PSA_FUNCTION_NAME(psa_mac_verify_finish) + PSA_FUNCTION_NAME(psa_mac_verify_finish) #define psa_mac_abort \ - PSA_FUNCTION_NAME(psa_mac_abort) + PSA_FUNCTION_NAME(psa_mac_abort) #define psa_sign_hash \ - PSA_FUNCTION_NAME(psa_sign_hash) + PSA_FUNCTION_NAME(psa_sign_hash) #define psa_verify_hash \ - PSA_FUNCTION_NAME(psa_verify_hash) + PSA_FUNCTION_NAME(psa_verify_hash) #define psa_asymmetric_encrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_encrypt) + PSA_FUNCTION_NAME(psa_asymmetric_encrypt) #define psa_asymmetric_decrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_decrypt) + PSA_FUNCTION_NAME(psa_asymmetric_decrypt) #define psa_generate_key \ - PSA_FUNCTION_NAME(psa_generate_key) + PSA_FUNCTION_NAME(psa_generate_key) #endif /* CRYPTO_SPE_H */ diff --git a/include/test/asn1_helpers.h b/include/test/asn1_helpers.h index 91ae260266..dee3cbda95 100644 --- a/include/test/asn1_helpers.h +++ b/include/test/asn1_helpers.h @@ -43,8 +43,8 @@ * * \return \c 0 if the test failed, otherwise 1. */ -int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd ); +int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, + size_t min_bits, size_t max_bits, + int must_be_odd); #endif /* ASN1_HELPERS_H */ diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index 164017e69f..fc97d23ba3 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -52,8 +52,8 @@ * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ -int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input ); +int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, + const char *input); /** Read a modulus from a hexadecimal string. * @@ -71,16 +71,16 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ -int mbedtls_test_read_mpi_modulus( mbedtls_mpi_mod_modulus *N, - const char *s, - mbedtls_mpi_mod_rep_selector int_rep ); +int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, + const char *s, + mbedtls_mpi_mod_rep_selector int_rep); /** Free a modulus and its limbs. * * \param[in] N A modulus structure such that there is no other * reference to `N->p`. */ -void mbedtls_test_mpi_mod_modulus_free_with_limbs( mbedtls_mpi_mod_modulus *N ); +void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); /** Read an MPI from a hexadecimal string. * @@ -103,7 +103,7 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs( mbedtls_mpi_mod_modulus *N ); * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ -int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ); +int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); /** Nonzero if the current test case had an input parsed with * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., diff --git a/include/test/certs.h b/include/test/certs.h index 03f0d03b85..65c55829d5 100644 --- a/include/test/certs.h +++ b/include/test/certs.h @@ -33,11 +33,11 @@ extern "C" { /* List of all PEM-encoded CA certificates, terminated by NULL; * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded * otherwise. */ -extern const char * mbedtls_test_cas[]; +extern const char *mbedtls_test_cas[]; extern const size_t mbedtls_test_cas_len[]; /* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char * mbedtls_test_cas_der[]; +extern const unsigned char *mbedtls_test_cas_der[]; extern const size_t mbedtls_test_cas_der_len[]; #if defined(MBEDTLS_PEM_PARSE_C) @@ -108,9 +108,9 @@ extern const size_t mbedtls_test_ca_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_ca_crt; -extern const char * mbedtls_test_ca_key; -extern const char * mbedtls_test_ca_pwd; +extern const char *mbedtls_test_ca_crt; +extern const char *mbedtls_test_ca_key; +extern const char *mbedtls_test_ca_pwd; extern const size_t mbedtls_test_ca_crt_len; extern const size_t mbedtls_test_ca_key_len; extern const size_t mbedtls_test_ca_pwd_len; @@ -177,9 +177,9 @@ extern const size_t mbedtls_test_srv_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_srv_crt; -extern const char * mbedtls_test_srv_key; -extern const char * mbedtls_test_srv_pwd; +extern const char *mbedtls_test_srv_crt; +extern const char *mbedtls_test_srv_key; +extern const char *mbedtls_test_srv_pwd; extern const size_t mbedtls_test_srv_crt_len; extern const size_t mbedtls_test_srv_key_len; extern const size_t mbedtls_test_srv_pwd_len; @@ -232,9 +232,9 @@ extern const size_t mbedtls_test_cli_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_cli_crt; -extern const char * mbedtls_test_cli_key; -extern const char * mbedtls_test_cli_pwd; +extern const char *mbedtls_test_cli_crt; +extern const char *mbedtls_test_cli_key; +extern const char *mbedtls_test_cli_pwd; extern const size_t mbedtls_test_cli_crt_len; extern const size_t mbedtls_test_cli_key_len; extern const size_t mbedtls_test_cli_pwd_len; diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 33e1f50cdc..037a255ca3 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -48,10 +48,10 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } static inline mbedtls_test_driver_aead_hooks_t - mbedtls_test_driver_aead_hooks_init( void ) +mbedtls_test_driver_aead_hooks_init(void) { const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT; - return( v ); + return v; } extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks; @@ -63,7 +63,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ); + uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length); psa_status_t mbedtls_test_transparent_aead_decrypt( const psa_key_attributes_t *attributes, @@ -72,62 +72,62 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); + uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length); psa_status_t mbedtls_test_transparent_aead_encrypt_setup( mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_transparent_aead_decrypt_setup( mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_transparent_aead_set_nonce( mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *nonce, - size_t nonce_length ); + size_t nonce_length); psa_status_t mbedtls_test_transparent_aead_set_lengths( mbedtls_transparent_test_driver_aead_operation_t *operation, size_t ad_length, - size_t plaintext_length ); + size_t plaintext_length); psa_status_t mbedtls_test_transparent_aead_update_ad( mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, - size_t input_length ); + size_t input_length); psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); + mbedtls_transparent_test_driver_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length ); + mbedtls_transparent_test_driver_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length); psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length ); + mbedtls_transparent_test_driver_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length); psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_transparent_test_driver_aead_operation_t *operation ); + mbedtls_transparent_test_driver_aead_operation_t *operation); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/include/test/drivers/asymmetric_encryption.h b/include/test/drivers/asymmetric_encryption.h index 595e18d28b..c602d2f223 100644 --- a/include/test/drivers/asymmetric_encryption.h +++ b/include/test/drivers/asymmetric_encryption.h @@ -41,11 +41,11 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline mbedtls_test_driver_asymmetric_encryption_hooks_t - mbedtls_test_driver_asymmetric_encryption_hooks_init( void ) +mbedtls_test_driver_asymmetric_encryption_hooks_init(void) { const mbedtls_test_driver_asymmetric_encryption_hooks_t v = MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; - return( v ); + return v; } extern mbedtls_test_driver_asymmetric_encryption_hooks_t @@ -55,25 +55,25 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_asymmetric_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_asymmetric_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ); + uint8_t *output, size_t output_size, size_t *output_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */ diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 33a5e66579..54c37f748d 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -41,10 +41,10 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline mbedtls_test_driver_cipher_hooks_t - mbedtls_test_driver_cipher_hooks_init( void ) +mbedtls_test_driver_cipher_hooks_init(void) { const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT; - return( v ); + return v; } extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks; @@ -77,7 +77,7 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( psa_algorithm_t alg); psa_status_t mbedtls_test_transparent_cipher_abort( - mbedtls_transparent_test_driver_cipher_operation_t *operation ); + mbedtls_transparent_test_driver_cipher_operation_t *operation); psa_status_t mbedtls_test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index b05fcd79f1..f1da8d3e48 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -37,10 +37,10 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 } static inline mbedtls_test_driver_hash_hooks_t - mbedtls_test_driver_hash_hooks_init( void ) +mbedtls_test_driver_hash_hooks_init(void) { const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT; - return( v ); + return v; } extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks; @@ -48,29 +48,29 @@ extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks; psa_status_t mbedtls_test_transparent_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, size_t *hash_length ); + uint8_t *hash, size_t hash_size, size_t *hash_length); psa_status_t mbedtls_test_transparent_hash_setup( mbedtls_transparent_test_driver_hash_operation_t *operation, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_transparent_hash_clone( const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation ); + mbedtls_transparent_test_driver_hash_operation_t *target_operation); psa_status_t mbedtls_test_transparent_hash_update( mbedtls_transparent_test_driver_hash_operation_t *operation, const uint8_t *input, - size_t input_length ); + size_t input_length); psa_status_t mbedtls_test_transparent_hash_finish( mbedtls_transparent_test_driver_hash_operation_t *operation, uint8_t *hash, size_t hash_size, - size_t *hash_length ); + size_t *hash_length); psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation ); + mbedtls_transparent_test_driver_hash_operation_t *operation); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index 8f28cefda8..aaf74a8c5f 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -38,11 +38,11 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline mbedtls_test_driver_key_agreement_hooks_t - mbedtls_test_driver_key_agreement_hooks_init( void ) +mbedtls_test_driver_key_agreement_hooks_init(void) { const mbedtls_test_driver_key_agreement_hooks_t v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; - return( v ); + return v; } extern mbedtls_test_driver_key_agreement_hooks_t @@ -57,7 +57,7 @@ psa_status_t mbedtls_test_transparent_key_agreement( size_t peer_key_length, uint8_t *shared_secret, size_t shared_secret_size, - size_t *shared_secret_length ); + size_t *shared_secret_length); psa_status_t mbedtls_test_opaque_key_agreement( const psa_key_attributes_t *attributes, @@ -68,7 +68,7 @@ psa_status_t mbedtls_test_opaque_key_agreement( size_t peer_key_length, uint8_t *shared_secret, size_t shared_secret_size, - size_t *shared_secret_length ); + size_t *shared_secret_length); #endif /*PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */ diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 1f33da1a52..43df0d6104 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -48,11 +48,11 @@ typedef struct { * used as a location of an opaque test drivers. */ #define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t - mbedtls_test_driver_key_management_hooks_init( void ) +mbedtls_test_driver_key_management_hooks_init(void) { const mbedtls_test_driver_key_management_hooks_t v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; - return( v ); + return v; } /* @@ -63,42 +63,42 @@ static inline mbedtls_test_driver_key_management_hooks_t */ #define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U #define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \ - PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX ) + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX) size_t mbedtls_test_opaque_size_function( const psa_key_type_t key_type, - const size_t key_bits ); + const size_t key_bits); extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; -psa_status_t mbedtls_test_transparent_init( void ); -void mbedtls_test_transparent_free( void ); -psa_status_t mbedtls_test_opaque_init( void ); -void mbedtls_test_opaque_free( void ); +psa_status_t mbedtls_test_transparent_init(void); +void mbedtls_test_transparent_free(void); +psa_status_t mbedtls_test_opaque_init(void); +void mbedtls_test_opaque_free(void); psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ); + uint8_t *key, size_t key_size, size_t *key_length); psa_status_t mbedtls_test_opaque_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ); + uint8_t *key, size_t key_size, size_t *key_length); psa_status_t mbedtls_test_opaque_export_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t mbedtls_test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t mbedtls_test_opaque_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t mbedtls_test_transparent_import_key( const psa_key_attributes_t *attributes, @@ -121,7 +121,7 @@ psa_status_t mbedtls_test_opaque_import_key( psa_status_t mbedtls_test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); psa_status_t mbedtls_test_opaque_copy_key( psa_key_attributes_t *attributes, diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index 5f6cd38a4d..bdc2b705cf 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -37,10 +37,10 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } static inline mbedtls_test_driver_mac_hooks_t - mbedtls_test_driver_mac_hooks_init( void ) +mbedtls_test_driver_mac_hooks_init(void) { const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; - return( v ); + return v; } extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks; @@ -54,40 +54,40 @@ psa_status_t mbedtls_test_transparent_mac_compute( size_t input_length, uint8_t *mac, size_t mac_size, - size_t *mac_length ); + size_t *mac_length); psa_status_t mbedtls_test_transparent_mac_sign_setup( mbedtls_transparent_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_transparent_mac_verify_setup( mbedtls_transparent_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_transparent_mac_update( mbedtls_transparent_test_driver_mac_operation_t *operation, const uint8_t *input, - size_t input_length ); + size_t input_length); psa_status_t mbedtls_test_transparent_mac_sign_finish( mbedtls_transparent_test_driver_mac_operation_t *operation, uint8_t *mac, size_t mac_size, - size_t *mac_length ); + size_t *mac_length); psa_status_t mbedtls_test_transparent_mac_verify_finish( mbedtls_transparent_test_driver_mac_operation_t *operation, const uint8_t *mac, - size_t mac_length ); + size_t mac_length); psa_status_t mbedtls_test_transparent_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation ); + mbedtls_transparent_test_driver_mac_operation_t *operation); psa_status_t mbedtls_test_opaque_mac_compute( const psa_key_attributes_t *attributes, @@ -98,40 +98,40 @@ psa_status_t mbedtls_test_opaque_mac_compute( size_t input_length, uint8_t *mac, size_t mac_size, - size_t *mac_length ); + size_t *mac_length); psa_status_t mbedtls_test_opaque_mac_sign_setup( mbedtls_opaque_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_opaque_mac_verify_setup( mbedtls_opaque_test_driver_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t mbedtls_test_opaque_mac_update( mbedtls_opaque_test_driver_mac_operation_t *operation, const uint8_t *input, - size_t input_length ); + size_t input_length); psa_status_t mbedtls_test_opaque_mac_sign_finish( mbedtls_opaque_test_driver_mac_operation_t *operation, uint8_t *mac, size_t mac_size, - size_t *mac_length ); + size_t *mac_length); psa_status_t mbedtls_test_opaque_mac_verify_finish( mbedtls_opaque_test_driver_mac_operation_t *operation, const uint8_t *mac, - size_t mac_length ); + size_t mac_length); psa_status_t mbedtls_test_opaque_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation ); + mbedtls_opaque_test_driver_mac_operation_t *operation); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 67f2b29a35..4c56a121cf 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -38,11 +38,11 @@ typedef struct { #define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline mbedtls_test_driver_signature_hooks_t - mbedtls_test_driver_signature_hooks_init( void ) +mbedtls_test_driver_signature_hooks_init(void) { const mbedtls_test_driver_signature_hooks_t v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; - return( v ); + return v; } extern mbedtls_test_driver_signature_hooks_t @@ -59,7 +59,7 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( size_t input_length, uint8_t *signature, size_t signature_size, - size_t *signature_length ); + size_t *signature_length); psa_status_t mbedtls_test_opaque_signature_sign_message( const psa_key_attributes_t *attributes, @@ -70,7 +70,7 @@ psa_status_t mbedtls_test_opaque_signature_sign_message( size_t input_length, uint8_t *signature, size_t signature_size, - size_t *signature_length ); + size_t *signature_length); psa_status_t mbedtls_test_transparent_signature_verify_message( const psa_key_attributes_t *attributes, @@ -80,7 +80,7 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( const uint8_t *input, size_t input_length, const uint8_t *signature, - size_t signature_length ); + size_t signature_length); psa_status_t mbedtls_test_opaque_signature_verify_message( const psa_key_attributes_t *attributes, @@ -90,35 +90,35 @@ psa_status_t mbedtls_test_opaque_signature_verify_message( const uint8_t *input, size_t input_length, const uint8_t *signature, - size_t signature_length ); + size_t signature_length); psa_status_t mbedtls_test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); psa_status_t mbedtls_test_opaque_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); psa_status_t mbedtls_test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); psa_status_t mbedtls_test_opaque_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/include/test/fake_external_rng_for_test.h b/include/test/fake_external_rng_for_test.h index 9d56dabf0d..01bfb91a49 100644 --- a/include/test/fake_external_rng_for_test.h +++ b/include/test/fake_external_rng_for_test.h @@ -40,13 +40,13 @@ * of the PSA subsystem. You may disable it temporarily to simulate a * depleted entropy source. */ -void mbedtls_test_enable_insecure_external_rng( void ); +void mbedtls_test_enable_insecure_external_rng(void); /** Disable the insecure implementation of mbedtls_psa_external_get_random(). * * See mbedtls_test_enable_insecure_external_rng(). */ -void mbedtls_test_disable_insecure_external_rng( void ); +void mbedtls_test_disable_insecure_external_rng(void); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ #endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */ diff --git a/include/test/helpers.h b/include/test/helpers.h index b64bfcbcef..dd4a6a2b46 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -47,21 +47,18 @@ #endif /** The type of test case arguments that contain binary data. */ -typedef struct data_tag -{ - uint8_t * x; +typedef struct data_tag { + uint8_t *x; uint32_t len; } data_t; -typedef enum -{ +typedef enum { MBEDTLS_TEST_RESULT_SUCCESS = 0, MBEDTLS_TEST_RESULT_FAILED, MBEDTLS_TEST_RESULT_SKIPPED } mbedtls_test_result_t; -typedef struct -{ +typedef struct { mbedtls_test_result_t result; const char *test; const char *filename; @@ -76,8 +73,8 @@ typedef struct mbedtls_test_info_t; extern mbedtls_test_info_t mbedtls_test_info; -int mbedtls_test_platform_setup( void ); -void mbedtls_test_platform_teardown( void ); +int mbedtls_test_platform_setup(void); +void mbedtls_test_platform_teardown(void); /** * \brief Record the current test case as a failure. @@ -95,7 +92,7 @@ void mbedtls_test_platform_teardown( void ); * \param line_no Line number where the failure originated. * \param filename Filename where the failure originated. */ -void mbedtls_test_fail( const char *test, int line_no, const char* filename ); +void mbedtls_test_fail(const char *test, int line_no, const char *filename); /** * \brief Record the current test case as skipped. @@ -108,7 +105,7 @@ void mbedtls_test_fail( const char *test, int line_no, const char* filename ); * \param line_no Line number where the test case was skipped. * \param filename Filename where the test case was skipped. */ -void mbedtls_test_skip( const char *test, int line_no, const char* filename ); +void mbedtls_test_skip(const char *test, int line_no, const char *filename); /** * \brief Set the test step number for failure reports. @@ -120,12 +117,12 @@ void mbedtls_test_skip( const char *test, int line_no, const char* filename ); * * \param step The step number to report. */ -void mbedtls_test_set_step( unsigned long step ); +void mbedtls_test_set_step(unsigned long step); /** * \brief Reset mbedtls_test_info to a ready/starting state. */ -void mbedtls_test_info_reset( void ); +void mbedtls_test_info_reset(void); /** * \brief Record the current test case as a failure if two integers @@ -145,8 +142,8 @@ void mbedtls_test_info_reset( void ); * * \return \c 1 if the values are equal, otherwise \c 0. */ -int mbedtls_test_equal( const char *test, int line_no, const char* filename, - unsigned long long value1, unsigned long long value2 ); +int mbedtls_test_equal(const char *test, int line_no, const char *filename, + unsigned long long value1, unsigned long long value2); /** * \brief Record the current test case as a failure based @@ -166,8 +163,8 @@ int mbedtls_test_equal( const char *test, int line_no, const char* filename, * * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. */ -int mbedtls_test_le_u( const char *test, int line_no, const char* filename, - unsigned long long value1, unsigned long long value2 ); +int mbedtls_test_le_u(const char *test, int line_no, const char *filename, + unsigned long long value1, unsigned long long value2); /** * \brief Record the current test case as a failure based @@ -187,8 +184,8 @@ int mbedtls_test_le_u( const char *test, int line_no, const char* filename, * * \return \c 1 if \p value1 <= \p value2, otherwise \c 0. */ -int mbedtls_test_le_s( const char *test, int line_no, const char* filename, - long long value1, long long value2 ); +int mbedtls_test_le_s(const char *test, int line_no, const char *filename, + long long value1, long long value2); /** * \brief This function decodes the hexadecimal representation of @@ -208,12 +205,12 @@ int mbedtls_test_le_s( const char *test, int line_no, const char* filename, * \return \c -1 if the output buffer is too small or the input string * is not a valid hexadecimal representation. */ -int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, - const char *ibuf, size_t *len ); +int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax, + const char *ibuf, size_t *len); -void mbedtls_test_hexify( unsigned char *obuf, - const unsigned char *ibuf, - int len ); +void mbedtls_test_hexify(unsigned char *obuf, + const unsigned char *ibuf, + int len); /** * \brief Convert hexadecimal digit to an integer. @@ -233,7 +230,7 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc); * * For convenience, dies if allocation fails. */ -unsigned char *mbedtls_test_zero_alloc( size_t len ); +unsigned char *mbedtls_test_zero_alloc(size_t len); /** * Allocate and fill a buffer from hex data. @@ -245,10 +242,10 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); * * For convenience, dies if allocation fails. */ -unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); +unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen); -int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, - uint32_t a_len, uint32_t b_len ); +int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, + uint32_t a_len, uint32_t b_len); #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" @@ -257,11 +254,11 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, #if defined(MBEDTLS_TEST_MUTEX_USAGE) /** Permanently activate the mutex usage verification framework. See * threading_helpers.c for information. */ -void mbedtls_test_mutex_usage_init( void ); +void mbedtls_test_mutex_usage_init(void); /** Call this function after executing a test case to check for mutex usage * errors. */ -void mbedtls_test_mutex_usage_check( void ); +void mbedtls_test_mutex_usage_check(void); #endif /* MBEDTLS_TEST_MUTEX_USAGE */ #if defined(MBEDTLS_TEST_HOOKS) @@ -276,8 +273,8 @@ void mbedtls_test_mutex_usage_check( void ); * * \note If the check fails, fail the test currently being run. */ -void mbedtls_test_err_add_check( int high, int low, - const char *file, int line); +void mbedtls_test_err_add_check(int high, int low, + const char *file, int line); #endif #endif /* TEST_HELPERS_H */ diff --git a/include/test/macros.h b/include/test/macros.h index 695a2433ad..83a48cd1e2 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -51,14 +51,14 @@ * * \param TEST The test expression to be tested. */ -#define TEST_ASSERT( TEST ) \ +#define TEST_ASSERT(TEST) \ do { \ - if( ! (TEST) ) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } while( 0 ) + if (!(TEST)) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ + goto exit; \ + } \ + } while (0) /** Evaluate two integer expressions and fail the test case if they have * different values. @@ -69,12 +69,12 @@ * \param expr1 An integral-typed expression to evaluate. * \param expr2 Another integral-typed expression to evaluate. */ -#define TEST_EQUAL( expr1, expr2 ) \ +#define TEST_EQUAL(expr1, expr2) \ do { \ - if( ! mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ - expr1, expr2 ) ) \ - goto exit; \ - } while( 0 ) + if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ + expr1, expr2)) \ + goto exit; \ + } while (0) /** Evaluate two unsigned integer expressions and fail the test case * if they are not in increasing order (left <= right). @@ -82,12 +82,12 @@ * \param expr1 An integral-typed expression to evaluate. * \param expr2 Another integral-typed expression to evaluate. */ -#define TEST_LE_U( expr1, expr2 ) \ +#define TEST_LE_U(expr1, expr2) \ do { \ - if( ! mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \ - expr1, expr2 ) ) \ - goto exit; \ - } while( 0 ) + if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \ + expr1, expr2)) \ + goto exit; \ + } while (0) /** Evaluate two signed integer expressions and fail the test case * if they are not in increasing order (left <= right). @@ -95,12 +95,12 @@ * \param expr1 An integral-typed expression to evaluate. * \param expr2 Another integral-typed expression to evaluate. */ -#define TEST_LE_S( expr1, expr2 ) \ +#define TEST_LE_S(expr1, expr2) \ do { \ - if( ! mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \ - expr1, expr2 ) ) \ - goto exit; \ - } while( 0 ) + if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \ + expr1, expr2)) \ + goto exit; \ + } while (0) /** Allocate memory dynamically and fail the test case if this fails. * The allocated memory will be filled with zeros. @@ -122,36 +122,36 @@ * This expression may be evaluated multiple times. * */ -#define ASSERT_ALLOC( pointer, length ) \ +#define ASSERT_ALLOC(pointer, length) \ do \ { \ - TEST_ASSERT( ( pointer ) == NULL ); \ - if( ( length ) != 0 ) \ + TEST_ASSERT((pointer) == NULL); \ + if ((length) != 0) \ { \ - ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ - ( length ) ); \ - TEST_ASSERT( ( pointer ) != NULL ); \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ + (length)); \ + TEST_ASSERT((pointer) != NULL); \ } \ } \ - while( 0 ) + while (0) /** Allocate memory dynamically. If the allocation fails, skip the test case. * * This macro behaves like #ASSERT_ALLOC, except that if the allocation * fails, it marks the test as skipped rather than failed. */ -#define ASSERT_ALLOC_WEAK( pointer, length ) \ +#define ASSERT_ALLOC_WEAK(pointer, length) \ do \ { \ - TEST_ASSERT( ( pointer ) == NULL ); \ - if( ( length ) != 0 ) \ + TEST_ASSERT((pointer) == NULL); \ + if ((length) != 0) \ { \ - ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ - ( length ) ); \ - TEST_ASSUME( ( pointer ) != NULL ); \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ + (length)); \ + TEST_ASSUME((pointer) != NULL); \ } \ } \ - while( 0 ) + while (0) /** Compare two buffers and fail the test case if they differ. * @@ -165,14 +165,14 @@ * \param size2 Size of the second buffer in bytes. * This expression may be evaluated multiple times. */ -#define ASSERT_COMPARE( p1, size1, p2, size2 ) \ +#define ASSERT_COMPARE(p1, size1, p2, size2) \ do \ { \ - TEST_ASSERT( ( size1 ) == ( size2 ) ); \ - if( ( size1 ) != 0 ) \ - TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \ + TEST_ASSERT((size1) == (size2)); \ + if ((size1) != 0) \ + TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ } \ - while( 0 ) + while (0) /** * \brief This macro tests the expression passed to it and skips the @@ -180,21 +180,21 @@ * * \param TEST The test expression to be tested. */ -#define TEST_ASSUME( TEST ) \ +#define TEST_ASSUME(TEST) \ do { \ - if( ! (TEST) ) \ + if (!(TEST)) \ { \ - mbedtls_test_skip( #TEST, __LINE__, __FILE__ ); \ + mbedtls_test_skip( #TEST, __LINE__, __FILE__); \ goto exit; \ } \ - } while( 0 ) + } while (0) -#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ -{ \ - mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ - __FILE__, __LINE__, #a ); \ - mbedtls_exit( 1 ); \ -} +#define TEST_HELPER_ASSERT(a) if (!(a)) \ + { \ + mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \ + __FILE__, __LINE__, #a); \ + mbedtls_exit(1); \ + } /** \def ARRAY_LENGTH * Return the number of elements of a static or stack array. @@ -205,34 +205,34 @@ */ /* A correct implementation of ARRAY_LENGTH, but which silently gives * a nonsensical result if called with a pointer rather than an array. */ -#define ARRAY_LENGTH_UNSAFE( array ) \ - ( sizeof( array ) / sizeof( *( array ) ) ) +#define ARRAY_LENGTH_UNSAFE(array) \ + (sizeof(array) / sizeof(*(array))) #if defined(__GNUC__) /* Test if arg and &(arg)[0] have the same type. This is true if arg is * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER( arg ) \ - ( ! __builtin_types_compatible_p( __typeof__( arg ), \ - __typeof__( &( arg )[0] ) ) ) +#define IS_ARRAY_NOT_POINTER(arg) \ + (!__builtin_types_compatible_p(__typeof__(arg), \ + __typeof__(&(arg)[0]))) /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR( const_expr ) \ - ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) +#define STATIC_ASSERT_EXPR(const_expr) \ + (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ - ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) +#define STATIC_ASSERT_THEN_RETURN(condition, value) \ + (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) -#define ARRAY_LENGTH( array ) \ - ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ - ARRAY_LENGTH_UNSAFE( array ) ) ) +#define ARRAY_LENGTH(array) \ + (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ + ARRAY_LENGTH_UNSAFE(array))) #else /* If we aren't sure the compiler supports our non-standard tricks, * fall back to the unsafe implementation. */ -#define ARRAY_LENGTH( array ) ARRAY_LENGTH_UNSAFE( array ) +#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) #endif /** Return the smaller of two values. @@ -242,7 +242,7 @@ * * \return The smaller of \p x and \p y. */ -#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) ) +#define MIN(x, y) ((x) < (y) ? (x) : (y)) /** Return the larger of two values. * @@ -251,29 +251,29 @@ * * \return The larger of \p x and \p y. */ -#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) ) +#define MAX(x, y) ((x) > (y) ? (x) : (y)) /* * 32-bit integer manipulation macros (big endian) */ #ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} +#define GET_UINT32_BE(n, b, i) \ + { \ + (n) = ((uint32_t) (b)[(i)] << 24) \ + | ((uint32_t) (b)[(i) + 1] << 16) \ + | ((uint32_t) (b)[(i) + 2] << 8) \ + | ((uint32_t) (b)[(i) + 3]); \ + } #endif #ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} +#define PUT_UINT32_BE(n, b, i) \ + { \ + (b)[(i)] = (unsigned char) ((n) >> 24); \ + (b)[(i) + 1] = (unsigned char) ((n) >> 16); \ + (b)[(i) + 2] = (unsigned char) ((n) >> 8); \ + (b)[(i) + 3] = (unsigned char) ((n)); \ + } #endif #endif /* TEST_MACROS_H */ diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 3542950915..19a0483cc8 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -36,11 +36,11 @@ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) /* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */ -int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ); +int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id); /** Destroy persistent keys recorded with #TEST_USES_KEY_ID. */ -void mbedtls_test_psa_purge_key_storage( void ); +void mbedtls_test_psa_purge_key_storage(void); /** Purge the in-memory cache of persistent keys recorded with * #TEST_USES_KEY_ID. @@ -48,7 +48,7 @@ void mbedtls_test_psa_purge_key_storage( void ); * Call this function before calling PSA_DONE() if it's ok for * persistent keys to still exist at this point. */ -void mbedtls_test_psa_purge_key_cache( void ); +void mbedtls_test_psa_purge_key_cache(void); /** \def TEST_USES_KEY_ID * @@ -75,18 +75,18 @@ void mbedtls_test_psa_purge_key_cache( void ); * * \param key_id The PSA key identifier to record. */ -#define TEST_USES_KEY_ID( key_id ) \ - TEST_ASSERT( mbedtls_test_uses_key_id( key_id ) ) +#define TEST_USES_KEY_ID(key_id) \ + TEST_ASSERT(mbedtls_test_uses_key_id(key_id)) #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) -#define mbedtls_test_psa_purge_key_storage( ) ( (void) 0 ) -#define mbedtls_test_psa_purge_key_cache( ) ( (void) 0 ) +#define TEST_USES_KEY_ID(key_id) ((void) (key_id)) +#define mbedtls_test_psa_purge_key_storage() ((void) 0) +#define mbedtls_test_psa_purge_key_cache() ((void) 0) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) +#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) /** Check for things that have not been cleaned up properly in the * PSA subsystem. @@ -95,7 +95,7 @@ void mbedtls_test_psa_purge_key_cache( void ); * \return A string literal explaining what has not been cleaned up * if applicable. */ -const char *mbedtls_test_helper_is_psa_leaking( void ); +const char *mbedtls_test_helper_is_psa_leaking(void); /** Check that no PSA Crypto key slots are in use. * @@ -104,13 +104,13 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` * but with a more informative message. */ -#define ASSERT_PSA_PRISTINE( ) \ +#define ASSERT_PSA_PRISTINE() \ do \ { \ - if( test_fail_if_psa_leaking( __LINE__, __FILE__ ) ) \ - goto exit; \ + if (test_fail_if_psa_leaking(__LINE__, __FILE__)) \ + goto exit; \ } \ - while( 0 ) + while (0) /** Shut down the PSA Crypto subsystem and destroy persistent keys. * Expect a clean shutdown, with no slots in use. @@ -122,14 +122,14 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before * creating them. */ -#define PSA_DONE( ) \ +#define PSA_DONE() \ do \ { \ - test_fail_if_psa_leaking( __LINE__, __FILE__ ); \ - mbedtls_test_psa_purge_key_storage( ); \ - mbedtls_psa_crypto_free( ); \ + test_fail_if_psa_leaking(__LINE__, __FILE__); \ + mbedtls_test_psa_purge_key_storage(); \ + mbedtls_psa_crypto_free(); \ } \ - while( 0 ) + while (0) /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. @@ -137,22 +137,22 @@ const char *mbedtls_test_helper_is_psa_leaking( void ); * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ -#define PSA_SESSION_DONE( ) \ +#define PSA_SESSION_DONE() \ do \ { \ - mbedtls_test_psa_purge_key_cache( ); \ - ASSERT_PSA_PRISTINE( ); \ - mbedtls_psa_crypto_free( ); \ + mbedtls_test_psa_purge_key_cache(); \ + ASSERT_PSA_PRISTINE(); \ + mbedtls_psa_crypto_free(); \ } \ - while( 0 ) + while (0) #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) -psa_status_t mbedtls_test_record_status( psa_status_t status, - const char *func, - const char *file, int line, - const char *expr ); +psa_status_t mbedtls_test_record_status(psa_status_t status, + const char *func, + const char *file, int line, + const char *expr); /** Return value logging wrapper macro. * @@ -178,8 +178,8 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, * a value of type #psa_status_t. * \return The value of \p expr. */ -#define RECORD_STATUS( string, expr ) \ - mbedtls_test_record_status( ( expr ), string, __FILE__, __LINE__, #expr ) +#define RECORD_STATUS(string, expr) \ + mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr) #include "instrument_record_status.h" @@ -191,7 +191,7 @@ psa_status_t mbedtls_test_record_status( psa_status_t status, * permissions of other usage policies * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE). */ -psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags ); +psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or @@ -220,18 +220,18 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags #define MBEDTLS_TEST_HAVE_ALT_AES 0 #endif -#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_bits ) \ +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \ do \ { \ - if( ( MBEDTLS_TEST_HAVE_ALT_AES ) && \ - ( ( key_type ) == PSA_KEY_TYPE_AES ) && \ - ( key_bits == 192 ) ) \ + if ((MBEDTLS_TEST_HAVE_ALT_AES) && \ + ((key_type) == PSA_KEY_TYPE_AES) && \ + (key_bits == 192)) \ { \ - mbedtls_test_skip( "AES-192 not supported", __LINE__, __FILE__ ); \ + mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \ goto exit; \ } \ } \ - while( 0 ) + while (0) /** Skip a test case if a GCM operation with a nonce length different from * 12 bytes fails and was performed by an accelerator or alternative @@ -262,30 +262,30 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags #define MBEDTLS_TEST_HAVE_ALT_GCM 0 #endif -#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, \ - nonce_length ) \ +#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \ + nonce_length) \ do \ { \ - if( ( MBEDTLS_TEST_HAVE_ALT_GCM ) && \ - ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( ( alg ) , 0 ) == \ - PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) && \ - ( ( nonce_length ) != 12 ) ) \ + if ((MBEDTLS_TEST_HAVE_ALT_GCM) && \ + (PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \ + PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \ + ((nonce_length) != 12)) \ { \ - mbedtls_test_skip( "GCM with non-12-byte IV is not supported", __LINE__, __FILE__ ); \ + mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \ goto exit; \ } \ } \ - while( 0 ) + while (0) #if !defined(MBEDTLS_MD_C) -#define PSA_INIT_IF_NO_MD( ) PSA_INIT( ) -#define PSA_DONE_IF_NO_MD( ) PSA_DONE( ) +#define PSA_INIT_IF_NO_MD() PSA_INIT() +#define PSA_DONE_IF_NO_MD() PSA_DONE() #endif #endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_MD_C) -#define PSA_INIT_IF_NO_MD( ) ( (void) 0 ) -#define PSA_DONE_IF_NO_MD( ) ( (void) 0 ) +#define PSA_INIT_IF_NO_MD() ((void) 0) +#define PSA_DONE_IF_NO_MD() ((void) 0) #endif /** \def USE_PSA_INIT * @@ -303,14 +303,14 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags * #MBEDTLS_USE_PSA_CRYPTO is disabled. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#define USE_PSA_INIT( ) PSA_INIT( ) -#define USE_PSA_DONE( ) PSA_DONE( ) +#define USE_PSA_INIT() PSA_INIT() +#define USE_PSA_DONE() PSA_DONE() #else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* Define empty macros so that we can use them in the preamble and teardown * of every test function that uses PSA conditionally based on * MBEDTLS_USE_PSA_CRYPTO. */ -#define USE_PSA_INIT( ) ( (void) 0 ) -#define USE_PSA_DONE( ) ( (void) 0 ) +#define USE_PSA_INIT() ((void) 0) +#define USE_PSA_DONE() ((void) 0) #endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index aa0aeb5afd..eb69fc661e 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -77,7 +77,7 @@ * This is used in some smoke tests. */ #if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) -#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) ) +#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG)) #define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC #elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) #define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC @@ -133,12 +133,12 @@ * \return \c 1 on success, \c 0 on failure. */ int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t* operation, + psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, - const unsigned char* input1, size_t input1_length, - const unsigned char* input2, size_t input2_length, - size_t capacity ); + const unsigned char *input1, size_t input1_length, + const unsigned char *input2, size_t input2_length, + size_t capacity); /** Perform a key agreement using the given key pair against its public key * using psa_raw_key_agreement(). @@ -154,7 +154,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap( */ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_algorithm_t alg, - mbedtls_svc_key_id_t key ); + mbedtls_svc_key_id_t key); /** Perform a key agreement using the given key pair against its public key * using psa_key_derivation_raw_key(). @@ -173,7 +173,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( */ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key ); + mbedtls_svc_key_id_t key); /** Perform sanity checks on the given key representation. * @@ -195,7 +195,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( */ int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, - const uint8_t *exported, size_t exported_length ); + const uint8_t *exported, size_t exported_length); /** Do smoke tests on a key. * @@ -224,11 +224,11 @@ int mbedtls_test_psa_exported_key_sanity_check( * \retval 0 The key failed the smoke tests. * \retval 1 The key passed the smoke tests. */ -int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ); +int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg); -psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, - psa_algorithm_t alg ); +psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, + psa_algorithm_t alg); #endif /* PSA_EXERCISE_KEY_H */ diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h index f438a71fb6..2665fac394 100644 --- a/include/test/psa_helpers.h +++ b/include/test/psa_helpers.h @@ -31,6 +31,6 @@ * to a \c psa_xxx function that returns a value of type * #psa_status_t. */ -#define PSA_ASSERT( expr ) TEST_EQUAL( ( expr ), PSA_SUCCESS ) +#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS) #endif /* PSA_HELPERS_H */ diff --git a/include/test/random.h b/include/test/random.h index 58548a2c8b..c5572088ac 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -30,12 +30,11 @@ #include #include -typedef struct -{ +typedef struct { unsigned char *buf; /* Pointer to a buffer of length bytes. */ size_t length; /* If fallback_f_rng is NULL, fail after delivering length bytes. */ - int ( *fallback_f_rng )( void*, unsigned char *, size_t ); + int (*fallback_f_rng)(void *, unsigned char *, size_t); void *fallback_p_rng; } mbedtls_test_rnd_buf_info; @@ -46,8 +45,7 @@ typedef struct * Do not forget endianness! * State( v0, v1 ) should be set to zero. */ -typedef struct -{ +typedef struct { uint32_t key[16]; uint32_t v0, v1; } mbedtls_test_rnd_pseudo_info; @@ -61,18 +59,18 @@ typedef struct * * rng_state shall be NULL. */ -int mbedtls_test_rnd_std_rand( void *rng_state, - unsigned char *output, - size_t len ); +int mbedtls_test_rnd_std_rand(void *rng_state, + unsigned char *output, + size_t len); /** * This function only returns zeros. * * \p rng_state shall be \c NULL. */ -int mbedtls_test_rnd_zero_rand( void *rng_state, - unsigned char *output, - size_t len ); +int mbedtls_test_rnd_zero_rand(void *rng_state, + unsigned char *output, + size_t len); /** * This function returns random data based on a buffer it receives. @@ -86,9 +84,9 @@ int mbedtls_test_rnd_zero_rand( void *rng_state, * #mbedtls_test_rnd_buf_info structure if there is one, and * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise. */ -int mbedtls_test_rnd_buffer_rand( void *rng_state, - unsigned char *output, - size_t len ); +int mbedtls_test_rnd_buffer_rand(void *rng_state, + unsigned char *output, + size_t len); /** * This function returns random based on a pseudo random function. @@ -98,8 +96,8 @@ int mbedtls_test_rnd_buffer_rand( void *rng_state, * * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure. */ -int mbedtls_test_rnd_pseudo_rand( void *rng_state, - unsigned char *output, - size_t len ); +int mbedtls_test_rnd_pseudo_rand(void *rng_state, + unsigned char *output, + size_t len); #endif /* TEST_RANDOM_H */ diff --git a/src/asn1_helpers.c b/src/asn1_helpers.c index 79aa166ce6..aaf7587aa7 100644 --- a/src/asn1_helpers.c +++ b/src/asn1_helpers.c @@ -27,48 +27,48 @@ #include -int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end, - size_t min_bits, size_t max_bits, - int must_be_odd ) +int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, + size_t min_bits, size_t max_bits, + int must_be_odd) { size_t len; size_t actual_bits; unsigned char msb; - TEST_EQUAL( mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_INTEGER ), - 0 ); + TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_INTEGER), + 0); /* Check if the retrieved length doesn't extend the actual buffer's size. * It is assumed here, that end >= p, which validates casting to size_t. */ - TEST_ASSERT( len <= (size_t)( end - *p) ); + TEST_ASSERT(len <= (size_t) (end - *p)); /* Tolerate a slight departure from DER encoding: * - 0 may be represented by an empty string or a 1-byte string. * - The sign bit may be used as a value bit. */ - if( ( len == 1 && ( *p )[0] == 0 ) || - ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) ) - { - ++( *p ); + if ((len == 1 && (*p)[0] == 0) || + (len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) { + ++(*p); --len; } - if( min_bits == 0 && len == 0 ) - return( 1 ); - msb = ( *p )[0]; - TEST_ASSERT( msb != 0 ); - actual_bits = 8 * ( len - 1 ); - while( msb != 0 ) - { + if (min_bits == 0 && len == 0) { + return 1; + } + msb = (*p)[0]; + TEST_ASSERT(msb != 0); + actual_bits = 8 * (len - 1); + while (msb != 0) { msb >>= 1; ++actual_bits; } - TEST_ASSERT( actual_bits >= min_bits ); - TEST_ASSERT( actual_bits <= max_bits ); - if( must_be_odd ) - TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 ); + TEST_ASSERT(actual_bits >= min_bits); + TEST_ASSERT(actual_bits <= max_bits); + if (must_be_odd) { + TEST_ASSERT(((*p)[len-1] & 1) != 0); + } *p += len; - return( 1 ); + return 1; exit: - return( 0 ); + return 0; } #endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index d6ec9bd3cc..4dd37915e2 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -38,105 +38,107 @@ #include #include -int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs, - const char *input ) +int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, + const char *input) { /* Sanity check */ - if( *pX != NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (*pX != NULL) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - size_t hex_len = strlen( input ); - size_t byte_len = ( hex_len + 1 ) / 2; - *plimbs = CHARS_TO_LIMBS( byte_len ); + size_t hex_len = strlen(input); + size_t byte_len = (hex_len + 1) / 2; + *plimbs = CHARS_TO_LIMBS(byte_len); /* A core bignum is not allowed to be empty. Forbid it as test data, * this way static analyzers have a chance of knowing we don't expect * the bignum functions to support empty inputs. */ - if( *plimbs == 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (*plimbs == 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } - *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); - if( *pX == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + *pX = mbedtls_calloc(*plimbs, sizeof(**pX)); + if (*pX == NULL) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + } - unsigned char *byte_start = ( unsigned char * ) *pX; - if( byte_len % sizeof( mbedtls_mpi_uint ) != 0 ) - { - byte_start += sizeof( mbedtls_mpi_uint ) - byte_len % sizeof( mbedtls_mpi_uint ); + unsigned char *byte_start = (unsigned char *) *pX; + if (byte_len % sizeof(mbedtls_mpi_uint) != 0) { + byte_start += sizeof(mbedtls_mpi_uint) - byte_len % sizeof(mbedtls_mpi_uint); } - if( ( hex_len & 1 ) != 0 ) - { + if ((hex_len & 1) != 0) { /* mbedtls_test_unhexify wants an even number of hex digits */ - TEST_ASSERT( mbedtls_test_ascii2uc( *input, byte_start ) == 0 ); + TEST_ASSERT(mbedtls_test_ascii2uc(*input, byte_start) == 0); ++byte_start; ++input; --byte_len; } - TEST_ASSERT( mbedtls_test_unhexify( byte_start, - byte_len, - input, - &byte_len ) == 0 ); + TEST_ASSERT(mbedtls_test_unhexify(byte_start, + byte_len, + input, + &byte_len) == 0); - mbedtls_mpi_core_bigendian_to_host( *pX, *plimbs ); - return( 0 ); + mbedtls_mpi_core_bigendian_to_host(*pX, *plimbs); + return 0; exit: - mbedtls_free( *pX ); - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + mbedtls_free(*pX); + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } -int mbedtls_test_read_mpi_modulus( mbedtls_mpi_mod_modulus *N, - const char *s, - mbedtls_mpi_mod_rep_selector int_rep ) +int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, + const char *s, + mbedtls_mpi_mod_rep_selector int_rep) { mbedtls_mpi_uint *p = NULL; size_t limbs = 0; - if( N->limbs != 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - int ret = mbedtls_test_read_mpi_core( &p, &limbs, s ); - if( ret != 0 ) - return( ret ); - ret = mbedtls_mpi_mod_modulus_setup( N, p, limbs, int_rep ); - if( ret != 0 ) - mbedtls_free( p ); - return( ret ); + if (N->limbs != 0) { + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + } + int ret = mbedtls_test_read_mpi_core(&p, &limbs, s); + if (ret != 0) { + return ret; + } + ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep); + if (ret != 0) { + mbedtls_free(p); + } + return ret; } -void mbedtls_test_mpi_mod_modulus_free_with_limbs( mbedtls_mpi_mod_modulus *N ) +void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N) { - mbedtls_free( (mbedtls_mpi_uint*) N->p ); - mbedtls_mpi_mod_modulus_free( N ); + mbedtls_free((mbedtls_mpi_uint *) N->p); + mbedtls_mpi_mod_modulus_free(N); } -int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s ) +int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) { int negative = 0; /* Always set the sign bit to -1 if the input has a minus sign, even for 0. * This creates an invalid representation, which mbedtls_mpi_read_string() * avoids but we want to be able to create that in test data. */ - if( s[0] == '-' ) - { + if (s[0] == '-') { ++s; negative = 1; } /* mbedtls_mpi_read_string() currently retains leading zeros. * It always allocates at least one limb for the value 0. */ - if( s[0] == 0 ) - { - mbedtls_mpi_free( X ); - return( 0 ); + if (s[0] == 0) { + mbedtls_mpi_free(X); + return 0; } - int ret = mbedtls_mpi_read_string( X, 16, s ); - if( ret != 0 ) - return( ret ); - if( negative ) - { - if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) + int ret = mbedtls_mpi_read_string(X, 16, s); + if (ret != 0) { + return ret; + } + if (negative) { + if (mbedtls_mpi_cmp_int(X, 0) == 0) { ++mbedtls_test_case_uses_negative_0; + } X->s = -1; } - return( 0 ); + return 0; } #endif /* MBEDTLS_BIGNUM_C */ - diff --git a/src/certs.c b/src/certs.c index ca03b29d45..1fcdc42c43 100644 --- a/src/certs.c +++ b/src/certs.c @@ -59,50 +59,50 @@ /* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ #define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ + 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ + 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ + 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ + 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ + 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ + 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ + 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ + 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ + 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ + 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ + 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ + 0xf5, 0xae, 0x1c, 0x42 \ } /* END FILE */ @@ -125,20 +125,20 @@ /* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ #define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ } /* END FILE */ @@ -171,76 +171,76 @@ * using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ #define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ } /* END FILE */ @@ -272,76 +272,76 @@ /* This is taken from tests/data_files/test-ca-sha1.crt.der. */ /* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ #define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ - 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ - 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ - 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ - 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ - 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ - 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ - 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ - 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ - 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ - 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ - 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ - 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ - 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ - 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ - 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ - 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ - 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ - 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ - 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ - 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ - 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ + 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ + 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ + 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ + 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ + 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ + 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ + 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ + 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ + 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ + 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ + 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ + 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ + 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ + 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ + 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ + 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ + 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ + 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ + 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ + 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ + 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ } /* END FILE */ @@ -385,106 +385,106 @@ /* This was generated from test-ca.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ #define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ } /* END FILE */ @@ -523,52 +523,52 @@ /* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ #define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ + 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ + 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ + 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ + 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ + 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ + 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ + 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ + 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ + 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ + 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ + 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ } /* END FILE */ @@ -585,17 +585,17 @@ /* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ #define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ } /* END FILE */ @@ -627,175 +627,175 @@ /* This is taken from tests/data_files/server2-sha256.crt.der. */ /* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ #define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ } /* END FILE */ /* This is taken from tests/data_files/server2.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ #define TEST_SRV_CRT_RSA_SHA1_PEM \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ -"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ -"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ -"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ -"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ -"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ -"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ -"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ -"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ -"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ -"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ -"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ -"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ -"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ -"Awgk0+4m0T25cNs=\r\n" \ -"-----END CERTIFICATE-----\r\n" + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ + "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ + "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ + "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ + "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ + "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ + "Awgk0+4m0T25cNs=\r\n" \ + "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is taken from tests/data_files/server2.crt.der. */ /* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ #define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ - 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ - 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ - 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ - 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ - 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ - 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ - 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ - 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ - 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ - 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ - 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ - 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ - 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ - 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ - 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ - 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ - 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ - 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ - 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ - 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ - 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ + 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ + 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ + 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ + 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ + 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ + 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ + 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ + 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ + 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ + 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ + 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ + 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ + 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ + 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ + 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ + 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ + 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ + 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ + 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ + 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ + 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ } /* END FILE */ @@ -834,106 +834,106 @@ /* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ #define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ } /* END FILE */ @@ -971,47 +971,47 @@ /* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ #define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ } /* END FILE */ @@ -1028,17 +1028,17 @@ /* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ #define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ } /* END FILE */ @@ -1071,76 +1071,76 @@ using `xxd -i.` */ /* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ #define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ } /* END FILE */ @@ -1178,106 +1178,106 @@ /* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ #define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ } /* END FILE */ @@ -1308,32 +1308,32 @@ const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = TEST_CA_CRT_RSA_SHA256_DER; const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof( mbedtls_test_ca_crt_ec_pem ); + sizeof(mbedtls_test_ca_crt_ec_pem); const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof( mbedtls_test_ca_key_ec_pem ); + sizeof(mbedtls_test_ca_key_ec_pem); const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_ca_pwd_ec_pem) - 1; const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof( mbedtls_test_ca_key_rsa_pem ); + sizeof(mbedtls_test_ca_key_rsa_pem); const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1; const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_pem ); + sizeof(mbedtls_test_ca_crt_rsa_sha1_pem); const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_pem ); + sizeof(mbedtls_test_ca_crt_rsa_sha256_pem); const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof( mbedtls_test_ca_crt_ec_der ); + sizeof(mbedtls_test_ca_crt_ec_der); const size_t mbedtls_test_ca_key_ec_der_len = - sizeof( mbedtls_test_ca_key_ec_der ); + sizeof(mbedtls_test_ca_key_ec_der); const size_t mbedtls_test_ca_pwd_ec_der_len = 0; const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof( mbedtls_test_ca_key_rsa_der ); + sizeof(mbedtls_test_ca_key_rsa_der); const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ); + sizeof(mbedtls_test_ca_crt_rsa_sha1_der); const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ); + sizeof(mbedtls_test_ca_crt_rsa_sha256_der); /* * Server @@ -1356,32 +1356,32 @@ const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = TEST_SRV_CRT_RSA_SHA256_DER; const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof( mbedtls_test_srv_crt_ec_pem ); + sizeof(mbedtls_test_srv_crt_ec_pem); const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof( mbedtls_test_srv_key_ec_pem ); + sizeof(mbedtls_test_srv_key_ec_pem); const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_srv_pwd_ec_pem) - 1; const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof( mbedtls_test_srv_key_rsa_pem ); + sizeof(mbedtls_test_srv_key_rsa_pem); const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1; const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_pem ); + sizeof(mbedtls_test_srv_crt_rsa_sha1_pem); const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_pem ); + sizeof(mbedtls_test_srv_crt_rsa_sha256_pem); const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof( mbedtls_test_srv_crt_ec_der ); + sizeof(mbedtls_test_srv_crt_ec_der); const size_t mbedtls_test_srv_key_ec_der_len = - sizeof( mbedtls_test_srv_key_ec_der ); + sizeof(mbedtls_test_srv_key_ec_der); const size_t mbedtls_test_srv_pwd_ec_der_len = 0; const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof( mbedtls_test_srv_key_rsa_der ); + sizeof(mbedtls_test_srv_key_rsa_der); const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_der ); + sizeof(mbedtls_test_srv_crt_rsa_sha1_der); const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_der ); + sizeof(mbedtls_test_srv_crt_rsa_sha256_der); /* * Client @@ -1400,26 +1400,26 @@ const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof( mbedtls_test_cli_crt_ec_pem ); + sizeof(mbedtls_test_cli_crt_ec_pem); const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof( mbedtls_test_cli_key_ec_pem ); + sizeof(mbedtls_test_cli_key_ec_pem); const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_cli_pwd_ec_pem) - 1; const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof( mbedtls_test_cli_key_rsa_pem ); + sizeof(mbedtls_test_cli_key_rsa_pem); const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1; const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof( mbedtls_test_cli_crt_rsa_pem ); + sizeof(mbedtls_test_cli_crt_rsa_pem); const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof( mbedtls_test_cli_crt_ec_der ); + sizeof(mbedtls_test_cli_crt_ec_der); const size_t mbedtls_test_cli_key_ec_der_len = - sizeof( mbedtls_test_cli_key_ec_der ); + sizeof(mbedtls_test_cli_key_ec_der); const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof( mbedtls_test_cli_key_rsa_der ); + sizeof(mbedtls_test_cli_key_rsa_der); const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof( mbedtls_test_cli_crt_rsa_der ); + sizeof(mbedtls_test_cli_crt_rsa_der); /* * @@ -1521,47 +1521,47 @@ const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; const size_t mbedtls_test_ca_key_rsa_len = - sizeof( mbedtls_test_ca_key_rsa ); + sizeof(mbedtls_test_ca_key_rsa); const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof( mbedtls_test_ca_pwd_rsa ) - 1; + sizeof(mbedtls_test_ca_pwd_rsa) - 1; const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256 ); + sizeof(mbedtls_test_ca_crt_rsa_sha256); const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1 ); + sizeof(mbedtls_test_ca_crt_rsa_sha1); const size_t mbedtls_test_ca_key_ec_len = - sizeof( mbedtls_test_ca_key_ec ); + sizeof(mbedtls_test_ca_key_ec); const size_t mbedtls_test_ca_pwd_ec_len = - sizeof( mbedtls_test_ca_pwd_ec ) - 1; + sizeof(mbedtls_test_ca_pwd_ec) - 1; const size_t mbedtls_test_ca_crt_ec_len = - sizeof( mbedtls_test_ca_crt_ec ); + sizeof(mbedtls_test_ca_crt_ec); const size_t mbedtls_test_srv_key_rsa_len = - sizeof( mbedtls_test_srv_key_rsa ); + sizeof(mbedtls_test_srv_key_rsa); const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof( mbedtls_test_srv_pwd_rsa ) -1; + sizeof(mbedtls_test_srv_pwd_rsa) -1; const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256 ); + sizeof(mbedtls_test_srv_crt_rsa_sha256); const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1 ); + sizeof(mbedtls_test_srv_crt_rsa_sha1); const size_t mbedtls_test_srv_key_ec_len = - sizeof( mbedtls_test_srv_key_ec ); + sizeof(mbedtls_test_srv_key_ec); const size_t mbedtls_test_srv_pwd_ec_len = - sizeof( mbedtls_test_srv_pwd_ec ) - 1; + sizeof(mbedtls_test_srv_pwd_ec) - 1; const size_t mbedtls_test_srv_crt_ec_len = - sizeof( mbedtls_test_srv_crt_ec ); + sizeof(mbedtls_test_srv_crt_ec); const size_t mbedtls_test_cli_key_rsa_len = - sizeof( mbedtls_test_cli_key_rsa ); + sizeof(mbedtls_test_cli_key_rsa); const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof( mbedtls_test_cli_pwd_rsa ) - 1; + sizeof(mbedtls_test_cli_pwd_rsa) - 1; const size_t mbedtls_test_cli_crt_rsa_len = - sizeof( mbedtls_test_cli_crt_rsa ); + sizeof(mbedtls_test_cli_crt_rsa); const size_t mbedtls_test_cli_key_ec_len = - sizeof( mbedtls_test_cli_key_ec ); + sizeof(mbedtls_test_cli_key_ec); const size_t mbedtls_test_cli_pwd_ec_len = - sizeof( mbedtls_test_cli_pwd_ec ) - 1; + sizeof(mbedtls_test_cli_pwd_ec) - 1; const size_t mbedtls_test_cli_crt_ec_len = - sizeof( mbedtls_test_cli_crt_ec ); + sizeof(mbedtls_test_cli_crt_ec); /* * Dispatch between SHA-1 and SHA-256 @@ -1579,9 +1579,9 @@ const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; const size_t mbedtls_test_ca_crt_rsa_len = - sizeof( mbedtls_test_ca_crt_rsa ); + sizeof(mbedtls_test_ca_crt_rsa); const size_t mbedtls_test_srv_crt_rsa_len = - sizeof( mbedtls_test_srv_crt_rsa ); + sizeof(mbedtls_test_srv_crt_rsa); /* * Dispatch between RSA and EC @@ -1644,25 +1644,25 @@ const char *mbedtls_test_cli_pwd = test_cli_pwd; const char *mbedtls_test_cli_crt = test_cli_crt; const size_t mbedtls_test_ca_key_len = - sizeof( test_ca_key ); + sizeof(test_ca_key); const size_t mbedtls_test_ca_pwd_len = - sizeof( test_ca_pwd ) - 1; + sizeof(test_ca_pwd) - 1; const size_t mbedtls_test_ca_crt_len = - sizeof( test_ca_crt ); + sizeof(test_ca_crt); const size_t mbedtls_test_srv_key_len = - sizeof( test_srv_key ); + sizeof(test_srv_key); const size_t mbedtls_test_srv_pwd_len = - sizeof( test_srv_pwd ) - 1; + sizeof(test_srv_pwd) - 1; const size_t mbedtls_test_srv_crt_len = - sizeof( test_srv_crt ); + sizeof(test_srv_crt); const size_t mbedtls_test_cli_key_len = - sizeof( test_cli_key ); + sizeof(test_cli_key); const size_t mbedtls_test_cli_pwd_len = - sizeof( test_cli_pwd ) - 1; + sizeof(test_cli_pwd) - 1; const size_t mbedtls_test_cli_crt_len = - sizeof( test_cli_crt ); + sizeof(test_cli_crt); /* * @@ -1671,7 +1671,7 @@ const size_t mbedtls_test_cli_crt_len = */ /* List of CAs in PEM or DER, depending on config */ -const char * mbedtls_test_cas[] = { +const char *mbedtls_test_cas[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha1, #endif @@ -1685,19 +1685,19 @@ const char * mbedtls_test_cas[] = { }; const size_t mbedtls_test_cas_len[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - sizeof( mbedtls_test_ca_crt_rsa_sha1 ), + sizeof(mbedtls_test_ca_crt_rsa_sha1), #endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - sizeof( mbedtls_test_ca_crt_rsa_sha256 ), + sizeof(mbedtls_test_ca_crt_rsa_sha256), #endif #if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec ), + sizeof(mbedtls_test_ca_crt_ec), #endif 0 }; /* List of all available CA certificates in DER format */ -const unsigned char * mbedtls_test_cas_der[] = { +const unsigned char *mbedtls_test_cas_der[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha256_der, @@ -1715,14 +1715,14 @@ const unsigned char * mbedtls_test_cas_der[] = { const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), + sizeof(mbedtls_test_ca_crt_rsa_sha256_der), #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), + sizeof(mbedtls_test_ca_crt_rsa_sha1_der), #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec_der ), + sizeof(mbedtls_test_ca_crt_ec_der), #endif /* MBEDTLS_ECDSA_C */ 0 }; @@ -1742,5 +1742,5 @@ const char mbedtls_test_cas_pem[] = TEST_CA_CRT_EC_PEM #endif /* MBEDTLS_ECDSA_C */ ""; -const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); +const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); #endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 44e0e80591..7487e84500 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -34,28 +34,25 @@ mbedtls_test_driver_hash_hooks_t psa_status_t mbedtls_test_transparent_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, size_t *hash_length ) + uint8_t *hash, size_t hash_size, size_t *hash_length) { mbedtls_test_driver_hash_hooks.hits++; - if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_compute( alg, input, input_length, - hash, hash_size, hash_length ); + hash, hash_size, hash_length); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_compute( alg, input, input_length, - hash, hash_size, hash_length ); + hash, hash_size, hash_length); #else (void) alg; (void) input; @@ -67,29 +64,26 @@ psa_status_t mbedtls_test_transparent_hash_compute( #endif } - return( mbedtls_test_driver_hash_hooks.driver_status ); + return mbedtls_test_driver_hash_hooks.driver_status; } psa_status_t mbedtls_test_transparent_hash_setup( mbedtls_transparent_test_driver_hash_operation_t *operation, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_hash_hooks.hits++; - if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_setup( operation, alg ); + libtestdriver1_mbedtls_psa_hash_setup(operation, alg); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_setup( operation, alg ); + mbedtls_psa_hash_setup(operation, alg); #else (void) operation; (void) alg; @@ -97,30 +91,27 @@ psa_status_t mbedtls_test_transparent_hash_setup( #endif } - return( mbedtls_test_driver_hash_hooks.driver_status ); + return mbedtls_test_driver_hash_hooks.driver_status; } psa_status_t mbedtls_test_transparent_hash_clone( const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation ) + mbedtls_transparent_test_driver_hash_operation_t *target_operation) { mbedtls_test_driver_hash_hooks.hits++; - if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_clone( source_operation, - target_operation ); + libtestdriver1_mbedtls_psa_hash_clone(source_operation, + target_operation); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_clone( source_operation, target_operation ); + mbedtls_psa_hash_clone(source_operation, target_operation); #else (void) source_operation; (void) target_operation; @@ -128,31 +119,28 @@ psa_status_t mbedtls_test_transparent_hash_clone( #endif } - return( mbedtls_test_driver_hash_hooks.driver_status ); + return mbedtls_test_driver_hash_hooks.driver_status; } psa_status_t mbedtls_test_transparent_hash_update( mbedtls_transparent_test_driver_hash_operation_t *operation, const uint8_t *input, - size_t input_length ) + size_t input_length) { mbedtls_test_driver_hash_hooks.hits++; - if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_update( - operation, input, input_length ); + operation, input, input_length); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_update( operation, input, input_length ); + mbedtls_psa_hash_update(operation, input, input_length); #else (void) operation; (void) input; @@ -161,32 +149,29 @@ psa_status_t mbedtls_test_transparent_hash_update( #endif } - return( mbedtls_test_driver_hash_hooks.driver_status ); + return mbedtls_test_driver_hash_hooks.driver_status; } psa_status_t mbedtls_test_transparent_hash_finish( mbedtls_transparent_test_driver_hash_operation_t *operation, uint8_t *hash, size_t hash_size, - size_t *hash_length ) + size_t *hash_length) { mbedtls_test_driver_hash_hooks.hits++; - if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_finish( - operation, hash, hash_size, hash_length ); + operation, hash, hash_size, hash_length); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); + mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length); #else (void) operation; (void) hash; @@ -196,34 +181,31 @@ psa_status_t mbedtls_test_transparent_hash_finish( #endif } - return( mbedtls_test_driver_hash_hooks.driver_status ); + return mbedtls_test_driver_hash_hooks.driver_status; } psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation ) + mbedtls_transparent_test_driver_hash_operation_t *operation) { mbedtls_test_driver_hash_hooks.hits++; - if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_test_driver_hash_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_test_driver_hash_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - libtestdriver1_mbedtls_psa_hash_abort( operation ); + libtestdriver1_mbedtls_psa_hash_abort(operation); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_psa_hash_abort( operation ); + mbedtls_psa_hash_abort(operation); #else (void) operation; mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } - return( mbedtls_test_driver_hash_hooks.driver_status ); + return mbedtls_test_driver_hash_hooks.driver_status; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index da5865d869..6334a438e5 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -29,8 +29,7 @@ #include #endif -typedef struct -{ +typedef struct { psa_key_id_t builtin_key_id; psa_key_lifetime_t lifetime; psa_drv_slot_number_t slot_number; @@ -42,52 +41,50 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ), - PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION), + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, #else - {0, 0, 0} + { 0, 0, 0 } #endif }; psa_status_t mbedtls_psa_platform_get_builtin_key( mbedtls_svc_key_id_t key_id, psa_key_lifetime_t *lifetime, - psa_drv_slot_number_t *slot_number ) + psa_drv_slot_number_t *slot_number) { - psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ); + psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id); const mbedtls_psa_builtin_key_description_t *builtin_key; - for( size_t i = 0; - i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) - { + for (size_t i = 0; + i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) { builtin_key = &builtin_keys[i]; - if( builtin_key->builtin_key_id == app_key_id ) - { + if (builtin_key->builtin_key_id == app_key_id) { *lifetime = builtin_key->lifetime; *slot_number = builtin_key->slot_number; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } } - return( PSA_ERROR_DOES_NOT_EXIST ); + return PSA_ERROR_DOES_NOT_EXIST; } diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 93a75f68a3..4bf2a86e25 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -39,28 +39,25 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) + uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length) { mbedtls_test_driver_aead_hooks.hits_encrypt++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = libtestdriver1_mbedtls_psa_aead_encrypt( - (const libtestdriver1_psa_key_attributes_t *)attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length ); + ciphertext, ciphertext_size, ciphertext_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( @@ -69,7 +66,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( nonce, nonce_length, additional_data, additional_data_length, plaintext, plaintext_length, - ciphertext, ciphertext_size, ciphertext_length ); + ciphertext, ciphertext_size, ciphertext_length); #else (void) attributes; (void) key_buffer; @@ -88,7 +85,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_decrypt( @@ -98,28 +95,25 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) + uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length) { mbedtls_test_driver_aead_hooks.hits_decrypt++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = libtestdriver1_mbedtls_psa_aead_decrypt( - (const libtestdriver1_psa_key_attributes_t *)attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, nonce, nonce_length, additional_data, additional_data_length, ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length ); + plaintext, plaintext_size, plaintext_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( @@ -128,7 +122,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( nonce, nonce_length, additional_data, additional_data_length, ciphertext, ciphertext_length, - plaintext, plaintext_size, plaintext_length ); + plaintext, plaintext_size, plaintext_length); #else (void) attributes; (void) key_buffer; @@ -147,35 +141,33 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_encrypt_setup( mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_aead_hooks.hits_encrypt_setup++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_encrypt_setup( operation, - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, - key_buffer_size, alg ); + libtestdriver1_mbedtls_psa_aead_encrypt_setup(operation, + (const libtestdriver1_psa_key_attributes_t + *) attributes, + key_buffer, + key_buffer_size, alg); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, - key_buffer_size, alg ); + mbedtls_psa_aead_encrypt_setup(operation, attributes, key_buffer, + key_buffer_size, alg); #else (void) operation; (void) attributes; @@ -186,34 +178,32 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_decrypt_setup( mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_aead_hooks.hits_decrypt_setup++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_decrypt_setup( operation, - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, alg ); + libtestdriver1_mbedtls_psa_aead_decrypt_setup(operation, + (const libtestdriver1_psa_key_attributes_t + *) attributes, + key_buffer, key_buffer_size, alg); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, - key_buffer_size, alg ); + mbedtls_psa_aead_decrypt_setup(operation, attributes, key_buffer, + key_buffer_size, alg); #else (void) operation; (void) attributes; @@ -224,30 +214,27 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_set_nonce( mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *nonce, - size_t nonce_length ) + size_t nonce_length) { mbedtls_test_driver_aead_hooks.hits_set_nonce++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); + libtestdriver1_mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); + mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length); #else (void) operation; (void) nonce; @@ -256,32 +243,29 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_set_lengths( mbedtls_transparent_test_driver_aead_operation_t *operation, size_t ad_length, - size_t plaintext_length ) + size_t plaintext_length) { mbedtls_test_driver_aead_hooks.hits_set_lengths++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_set_lengths( operation, ad_length, - plaintext_length ); + libtestdriver1_mbedtls_psa_aead_set_lengths(operation, ad_length, + plaintext_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths( operation, ad_length, - plaintext_length ); + mbedtls_psa_aead_set_lengths(operation, ad_length, + plaintext_length); #else (void) operation; (void) ad_length; @@ -290,30 +274,27 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_update_ad( mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, - size_t input_length ) + size_t input_length) { mbedtls_test_driver_aead_hooks.hits_update_ad++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_update_ad( operation, input, input_length ); + libtestdriver1_mbedtls_psa_aead_update_ad(operation, input, input_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_update_ad( operation, input, input_length ); + mbedtls_psa_aead_update_ad(operation, input, input_length); #else (void) operation; (void) input; @@ -322,36 +303,33 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_update( - mbedtls_transparent_test_driver_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) + mbedtls_transparent_test_driver_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) { mbedtls_test_driver_aead_hooks.hits_update++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_update( operation, input, - input_length, output, - output_size, output_length ); + libtestdriver1_mbedtls_psa_aead_update(operation, input, + input_length, output, + output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_update( operation, input, input_length, output, - output_size, output_length ); + mbedtls_psa_aead_update(operation, input, input_length, output, + output_size, output_length); #else (void) operation; (void) input; @@ -363,38 +341,35 @@ psa_status_t mbedtls_test_transparent_aead_update( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_finish( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length ) + mbedtls_transparent_test_driver_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length) { - mbedtls_test_driver_aead_hooks.hits_finish++; + mbedtls_test_driver_aead_hooks.hits_finish++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_finish( operation, ciphertext, - ciphertext_size, ciphertext_length, - tag, tag_size, tag_length ); + libtestdriver1_mbedtls_psa_aead_finish(operation, ciphertext, + ciphertext_size, ciphertext_length, + tag, tag_size, tag_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, - tag_length ); + mbedtls_psa_aead_finish(operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, + tag_length); #else (void) operation; (void) ciphertext; @@ -407,48 +382,45 @@ psa_status_t mbedtls_test_transparent_aead_finish( #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_verify( - mbedtls_transparent_test_driver_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length ) + mbedtls_transparent_test_driver_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length) { - mbedtls_test_driver_aead_hooks.hits_verify++; + mbedtls_test_driver_aead_hooks.hits_verify++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { - uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - size_t check_tag_length = 0; + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length = 0; #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_finish( operation, - plaintext, - plaintext_size, - plaintext_length, - check_tag, - sizeof( check_tag ), - &check_tag_length ); + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_finish(operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof(check_tag), + &check_tag_length); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_finish( operation, - plaintext, - plaintext_size, - plaintext_length, - check_tag, - sizeof( check_tag ), - &check_tag_length ); + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish(operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof(check_tag), + &check_tag_length); #else (void) operation; (void) plaintext; @@ -457,47 +429,44 @@ psa_status_t mbedtls_test_transparent_aead_verify( mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif - if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) - { - if( tag_length != check_tag_length || - mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) - != 0 ) - mbedtls_test_driver_aead_hooks.driver_status = - PSA_ERROR_INVALID_SIGNATURE; - } + if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) { + if (tag_length != check_tag_length || + mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) + != 0) { + mbedtls_test_driver_aead_hooks.driver_status = + PSA_ERROR_INVALID_SIGNATURE; + } + } - mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); + mbedtls_platform_zeroize(check_tag, sizeof(check_tag)); } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } psa_status_t mbedtls_test_transparent_aead_abort( - mbedtls_transparent_test_driver_aead_operation_t *operation ) + mbedtls_transparent_test_driver_aead_operation_t *operation) { - mbedtls_test_driver_aead_hooks.hits_abort++; + mbedtls_test_driver_aead_hooks.hits_abort++; - if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_test_driver_aead_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - libtestdriver1_mbedtls_psa_aead_abort( operation ); + libtestdriver1_mbedtls_psa_aead_abort(operation); #elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_abort( operation ); + mbedtls_psa_aead_abort(operation); #else (void) operation; mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } - return( mbedtls_test_driver_aead_hooks.driver_status ); + return mbedtls_test_driver_aead_hooks.driver_status; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index 506c29bd0e..8c5e207adf 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -37,82 +37,84 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ) + uint8_t *output, size_t output_size, size_t *output_length) { mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL ) - { - if( output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ); + memcpy(output, + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length); *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); + return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; } - if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); + if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_asymmetric_encrypt( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length ) ); + return libtestdriver1_mbedtls_psa_asymmetric_encrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); #else - return( mbedtls_psa_asymmetric_encrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length ) ); + return mbedtls_psa_asymmetric_encrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_asymmetric_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ) + uint8_t *output, size_t output_size, size_t *output_length) { mbedtls_test_driver_asymmetric_encryption_hooks.hits++; - if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL ) - { - if( output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, - mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length ); + memcpy(output, + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output, + mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length); *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length; - return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); + return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; } - if( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_asymmetric_encryption_hooks.forced_status ); + if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_asymmetric_decrypt( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length ) ); + return libtestdriver1_mbedtls_psa_asymmetric_decrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); #else - return( mbedtls_psa_asymmetric_decrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, salt, salt_length, - output, output_size, output_length ) ); + return mbedtls_psa_asymmetric_decrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } /* @@ -122,7 +124,7 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ) + uint8_t *output, size_t output_size, size_t *output_length) { (void) attributes; (void) key; @@ -135,14 +137,14 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( (void) output; (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_asymmetric_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, size_t *output_length ) + uint8_t *output, size_t output_size, size_t *output_length) { (void) attributes; (void) key; @@ -155,7 +157,7 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt( (void) output; (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 353640807f..f0cb6b262f 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -50,41 +50,42 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ) + size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) - { - if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length ); + memcpy(output, + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length); *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( mbedtls_test_driver_cipher_hooks.forced_status ); + return mbedtls_test_driver_cipher_hooks.forced_status; } - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_encrypt( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, - alg, iv, iv_length, input, input_length, - output, output_size, output_length ) ); + return libtestdriver1_mbedtls_psa_cipher_encrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, iv, iv_length, input, input_length, + output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_encrypt( - attributes, key_buffer, key_buffer_size, - alg, iv, iv_length, input, input_length, - output, output_size, output_length ) ); + return mbedtls_psa_cipher_encrypt( + attributes, key_buffer, key_buffer_size, + alg, iv, iv_length, input, input_length, + output, output_size, output_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_cipher_decrypt( @@ -96,41 +97,42 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ) + size_t *output_length) { - mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits++; - if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) - { - if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length ); + memcpy(output, + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length); *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( mbedtls_test_driver_cipher_hooks.forced_status ); + return mbedtls_test_driver_cipher_hooks.forced_status; } - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_decrypt( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length ) ); + return libtestdriver1_mbedtls_psa_cipher_decrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_decrypt( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length ) ); + return mbedtls_psa_cipher_decrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( @@ -145,23 +147,24 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( * useful for the test suite, since it gives a chance of catching memory * corruption errors should the core not have allocated (enough) memory for * our context struct. */ - memset( operation, 0, sizeof( *operation ) ); + memset(operation, 0, sizeof(*operation)); - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *)attributes, - key, key_length, alg ) ); + return libtestdriver1_mbedtls_psa_cipher_encrypt_setup( + operation, + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_length, alg); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_encrypt_setup( - operation, attributes, key, key_length, alg ) ); + return mbedtls_psa_cipher_encrypt_setup( + operation, attributes, key, key_length, alg); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( @@ -172,21 +175,22 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( { mbedtls_test_driver_cipher_hooks.hits++; - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - operation, - (const libtestdriver1_psa_key_attributes_t *)attributes, - key, key_length, alg ) ); + return libtestdriver1_mbedtls_psa_cipher_decrypt_setup( + operation, + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_length, alg); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_decrypt_setup( - operation, attributes, key, key_length, alg ) ); + return mbedtls_psa_cipher_decrypt_setup( + operation, attributes, key, key_length, alg); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_cipher_abort( @@ -196,18 +200,18 @@ psa_status_t mbedtls_test_transparent_cipher_abort( #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - libtestdriver1_mbedtls_psa_cipher_abort( operation ); + libtestdriver1_mbedtls_psa_cipher_abort(operation); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - mbedtls_psa_cipher_abort( operation ); + mbedtls_psa_cipher_abort(operation); #endif /* Wiping the entire struct here, instead of member-by-member. This is * useful for the test suite, since it gives a chance of catching memory * corruption errors should the core not have allocated (enough) memory for * our context struct. */ - memset( operation, 0, sizeof( *operation ) ); + memset(operation, 0, sizeof(*operation)); - return( mbedtls_test_driver_cipher_hooks.forced_status ); + return mbedtls_test_driver_cipher_hooks.forced_status; } psa_status_t mbedtls_test_transparent_cipher_set_iv( @@ -217,18 +221,19 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( { mbedtls_test_driver_cipher_hooks.hits++; - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_set_iv( - operation, iv, iv_length ) ); + return libtestdriver1_mbedtls_psa_cipher_set_iv( + operation, iv, iv_length); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); + return mbedtls_psa_cipher_set_iv(operation, iv, iv_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_cipher_update( @@ -241,34 +246,35 @@ psa_status_t mbedtls_test_transparent_cipher_update( { mbedtls_test_driver_cipher_hooks.hits++; - if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) - { - if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) + if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length ); + memcpy(output, + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length); *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( mbedtls_test_driver_cipher_hooks.forced_status ); + return mbedtls_test_driver_cipher_hooks.forced_status; } - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_update( - operation, input, input_length, - output, output_size, output_length ) ); + return libtestdriver1_mbedtls_psa_cipher_update( + operation, input, input_length, + output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_update( - operation, input, input_length, - output, output_size, output_length ) ); + return mbedtls_psa_cipher_update( + operation, input, input_length, + output, output_size, output_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_cipher_finish( @@ -279,32 +285,33 @@ psa_status_t mbedtls_test_transparent_cipher_finish( { mbedtls_test_driver_cipher_hooks.hits++; - if( mbedtls_test_driver_cipher_hooks.forced_output != NULL ) - { - if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length ) + if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( output, - mbedtls_test_driver_cipher_hooks.forced_output, - mbedtls_test_driver_cipher_hooks.forced_output_length ); + memcpy(output, + mbedtls_test_driver_cipher_hooks.forced_output, + mbedtls_test_driver_cipher_hooks.forced_output_length); *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length; - return( mbedtls_test_driver_cipher_hooks.forced_status ); + return mbedtls_test_driver_cipher_hooks.forced_status; } - if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_cipher_hooks.forced_status ); + if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) - return( libtestdriver1_mbedtls_psa_cipher_finish( - operation, output, output_size, output_length ) ); + return libtestdriver1_mbedtls_psa_cipher_finish( + operation, output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) - return( mbedtls_psa_cipher_finish( - operation, output, output_size, output_length ) ); + return mbedtls_psa_cipher_finish( + operation, output, output_size, output_length); #endif - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } /* @@ -329,7 +336,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( (void) output; (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_decrypt( @@ -348,7 +355,7 @@ psa_status_t mbedtls_test_opaque_cipher_decrypt( (void) output; (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( @@ -362,7 +369,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt_setup( (void) key; (void) key_length; (void) alg; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( @@ -376,14 +383,14 @@ psa_status_t mbedtls_test_opaque_cipher_decrypt_setup( (void) key; (void) key_length; (void) alg; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_abort( - mbedtls_opaque_test_driver_cipher_operation_t *operation ) + mbedtls_opaque_test_driver_cipher_operation_t *operation) { (void) operation; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_set_iv( @@ -394,7 +401,7 @@ psa_status_t mbedtls_test_opaque_cipher_set_iv( (void) operation; (void) iv; (void) iv_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_update( @@ -411,7 +418,7 @@ psa_status_t mbedtls_test_opaque_cipher_update( (void) output; (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_cipher_finish( @@ -424,6 +431,6 @@ psa_status_t mbedtls_test_opaque_cipher_finish( (void) output; (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 7c37b03272..d1fd891e79 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -47,42 +47,42 @@ psa_status_t mbedtls_test_transparent_key_agreement( size_t peer_key_length, uint8_t *shared_secret, size_t shared_secret_size, - size_t *shared_secret_length ) + size_t *shared_secret_length) { mbedtls_test_driver_key_agreement_hooks.hits++; - if( mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_agreement_hooks.forced_status ); + if (mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_key_agreement_hooks.forced_status; + } - if( mbedtls_test_driver_key_agreement_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mbedtls_test_driver_key_agreement_hooks.forced_output != NULL) { + if (mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output, - mbedtls_test_driver_key_agreement_hooks.forced_output_length ); + memcpy(shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output, + mbedtls_test_driver_key_agreement_hooks.forced_output_length); *shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } - if( PSA_ALG_IS_ECDH(alg) ) - { + if (PSA_ALG_IS_ECDH(alg)) { #if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH)) - return( libtestdriver1_mbedtls_psa_key_agreement_ecdh( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, - shared_secret, shared_secret_size, - shared_secret_length ) ); + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH)) + return libtestdriver1_mbedtls_psa_key_agreement_ecdh( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, peer_key, peer_key_length, + shared_secret, shared_secret_size, + shared_secret_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) - return( mbedtls_psa_key_agreement_ecdh( - attributes, - key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, - shared_secret, shared_secret_size, - shared_secret_length ) ); + return mbedtls_psa_key_agreement_ecdh( + attributes, + key_buffer, key_buffer_size, + alg, peer_key, peer_key_length, + shared_secret, shared_secret_size, + shared_secret_length); #else (void) attributes; (void) key_buffer; @@ -92,12 +92,10 @@ psa_status_t mbedtls_test_transparent_key_agreement( (void) shared_secret; (void) shared_secret_size; (void) shared_secret_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; #endif - } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); + } else { + return PSA_ERROR_INVALID_ARGUMENT; } } @@ -111,7 +109,7 @@ psa_status_t mbedtls_test_opaque_key_agreement( size_t peer_key_length, uint8_t *shared_secret, size_t shared_secret_size, - size_t *shared_secret_length ) + size_t *shared_secret_length) { (void) attributes; (void) key_buffer; @@ -122,7 +120,7 @@ psa_status_t mbedtls_test_opaque_key_agreement( (void) shared_secret; (void) shared_secret_size; (void) shared_secret_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 974d498755..4e340aae6e 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -44,53 +44,54 @@ mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; const uint8_t mbedtls_test_driver_aes_key[16] = - { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, - 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; +{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, + 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; const uint8_t mbedtls_test_driver_ecdsa_key[32] = - { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, - 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, - 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, - 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; +{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, + 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, + 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, + 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = - { 0x04, - 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, - 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, - 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a, - 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19, - 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31, - 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b, - 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, - 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; - -psa_status_t mbedtls_test_transparent_init( void ) +{ 0x04, + 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, + 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, + 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a, + 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19, + 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31, + 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b, + 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, + 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; + +psa_status_t mbedtls_test_transparent_init(void) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - status = libtestdriver1_psa_crypto_init( ); - if( status != PSA_SUCCESS ) - return( status ); + status = libtestdriver1_psa_crypto_init(); + if (status != PSA_SUCCESS) { + return status; + } #endif - (void)status; - return( PSA_SUCCESS ); + (void) status; + return PSA_SUCCESS; } -void mbedtls_test_transparent_free( void ) +void mbedtls_test_transparent_free(void) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) - libtestdriver1_mbedtls_psa_crypto_free( ); + libtestdriver1_mbedtls_psa_crypto_free(); #endif return; } -psa_status_t mbedtls_test_opaque_init( void ) +psa_status_t mbedtls_test_opaque_init(void) { - return( PSA_SUCCESS ); + return PSA_SUCCESS; } -void mbedtls_test_opaque_free( void ) +void mbedtls_test_opaque_free(void) { return; } @@ -102,22 +103,23 @@ void mbedtls_test_opaque_free( void ) * prefixing to the key. */ #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ - PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE + PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE size_t mbedtls_test_opaque_size_function( const psa_key_type_t key_type, - const size_t key_bits ) + const size_t key_bits) { size_t key_buffer_size = 0; - key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ); - if( key_buffer_size == 0 ) - return( 0 ); + key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits); + if (key_buffer_size == 0) { + return 0; + } /* Include spacing for base size overhead over the key size * */ key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; - return( key_buffer_size ); + return key_buffer_size; } static size_t mbedtls_test_opaque_get_base_size() @@ -138,22 +140,24 @@ static psa_status_t mbedtls_test_opaque_wrap_key( size_t key_length, uint8_t *wrapped_key_buffer, size_t wrapped_key_buffer_size, - size_t *wrapped_key_buffer_length ) + size_t *wrapped_key_buffer_length) { size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; - if( key_length + opaque_key_base_size > wrapped_key_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (key_length + opaque_key_base_size > wrapped_key_buffer_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } /* Write in the opaque pad prefix */ - memcpy( wrapped_key_buffer, &prefix, opaque_key_base_size ); + memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size); wrapped_key_buffer += opaque_key_base_size; *wrapped_key_buffer_length = key_length + opaque_key_base_size; - while( key_length-- ) + while (key_length--) { wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; - return( PSA_SUCCESS ); + } + return PSA_SUCCESS; } /* @@ -177,79 +181,80 @@ static psa_status_t mbedtls_test_opaque_unwrap_key( size_t clear_key_size; /* Check for underflow */ - if( wrapped_key_length < opaque_key_base_size ) - return( PSA_ERROR_DATA_CORRUPT ); + if (wrapped_key_length < opaque_key_base_size) { + return PSA_ERROR_DATA_CORRUPT; + } clear_key_size = wrapped_key_length - opaque_key_base_size; wrapped_key += opaque_key_base_size; - if( clear_key_size > key_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (clear_key_size > key_buffer_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } *key_buffer_length = clear_key_size; - while( clear_key_size-- ) + while (clear_key_size--) { key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; - return( PSA_SUCCESS ); + } + return PSA_SUCCESS; } psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ) + uint8_t *key, size_t key_size, size_t *key_length) { ++mbedtls_test_driver_key_management_hooks.hits; - if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_management_hooks.forced_status ); + if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_key_management_hooks.forced_status; + } - if( mbedtls_test_driver_key_management_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_key_management_hooks.forced_output_length > - key_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, mbedtls_test_driver_key_management_hooks.forced_output, - mbedtls_test_driver_key_management_hooks.forced_output_length ); + if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { + if (mbedtls_test_driver_key_management_hooks.forced_output_length > + key_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output, + mbedtls_test_driver_key_management_hooks.forced_output_length); *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } - if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) - && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) - { + if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes)) + && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) - return( libtestdriver1_mbedtls_psa_ecp_generate_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key, key_size, key_length ) ); + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) + return libtestdriver1_mbedtls_psa_ecp_generate_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_size, key_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) - return( mbedtls_psa_ecp_generate_key( - attributes, key, key_size, key_length ) ); + return mbedtls_psa_ecp_generate_key( + attributes, key, key_size, key_length); #endif - } - else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { + } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) - return( libtestdriver1_mbedtls_psa_rsa_generate_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key, key_size, key_length ) ); + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) + return libtestdriver1_mbedtls_psa_rsa_generate_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_size, key_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) - return( mbedtls_psa_rsa_generate_key( - attributes, key, key_size, key_length ) ); + return mbedtls_psa_rsa_generate_key( + attributes, key, key_size, key_length); #endif } - (void)attributes; - return( PSA_ERROR_NOT_SUPPORTED ); + (void) attributes; + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ) + uint8_t *key, size_t key_size, size_t *key_length) { (void) attributes; (void) key; (void) key_size; (void) key_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_import_key( @@ -261,62 +266,60 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *key_buffer_length, size_t *bits) { - psa_key_type_t type = psa_get_key_type( attributes ); + psa_key_type_t type = psa_get_key_type(attributes); ++mbedtls_test_driver_key_management_hooks.hits; mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; - if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_management_hooks.forced_status ); + if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_key_management_hooks.forced_status; + } - if( PSA_KEY_TYPE_IS_ECC( type ) ) - { + if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) - return( libtestdriver1_mbedtls_psa_ecp_import_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_ecp_import_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return( mbedtls_psa_ecp_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return mbedtls_psa_ecp_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #endif - } - else if( PSA_KEY_TYPE_IS_RSA( type ) ) - { + } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) ) - return( libtestdriver1_mbedtls_psa_rsa_import_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_rsa_import_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return( mbedtls_psa_rsa_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_rsa_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #endif } - (void)data; - (void)data_length; - (void)key_buffer; - (void)key_buffer_size; - (void)key_buffer_length; - (void)bits; - (void)type; + (void) data; + (void) data_length; + (void) key_buffer; + (void) key_buffer_size; + (void) key_buffer_length; + (void) bits; + (void) type; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } @@ -330,7 +333,7 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *bits) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type( attributes ); + psa_key_type_t type = psa_get_key_type(attributes); /* This buffer will be used as an intermediate placeholder for * the clear key till we wrap it */ uint8_t *key_buffer_temp; @@ -338,331 +341,329 @@ psa_status_t mbedtls_test_opaque_import_key( ++mbedtls_test_driver_key_management_hooks.hits; mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; - if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_management_hooks.forced_status ); + if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_key_management_hooks.forced_status; + } - key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); - if( key_buffer_temp == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + key_buffer_temp = mbedtls_calloc(1, key_buffer_size); + if (key_buffer_temp == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - { - *bits = PSA_BYTES_TO_BITS( data_length ); + if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { + *bits = PSA_BYTES_TO_BITS(data_length); - status = psa_validate_unstructured_key_bit_size( type, - *bits ); - if( status != PSA_SUCCESS ) + status = psa_validate_unstructured_key_bit_size(type, + *bits); + if (status != PSA_SUCCESS) { goto exit; + } - if( data_length > key_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (data_length > key_buffer_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } /* Copy the key material accounting for opaque key padding. */ - memcpy( key_buffer_temp, data, data_length ); + memcpy(key_buffer_temp, data, data_length); *key_buffer_length = data_length; - } - else if( PSA_KEY_TYPE_IS_ECC( type ) ) - { + } else if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) + (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) status = libtestdriver1_mbedtls_psa_ecp_import_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits ); + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer_temp, key_buffer_size, + key_buffer_length, bits); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_import_key( - attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits ); + attributes, + data, data_length, + key_buffer_temp, key_buffer_size, + key_buffer_length, bits); #else status = PSA_ERROR_NOT_SUPPORTED; #endif - if( status != PSA_SUCCESS ) - goto exit; - } - else if( PSA_KEY_TYPE_IS_RSA( type ) ) - { + if (status != PSA_SUCCESS) { + goto exit; + } + } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) + (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) status = libtestdriver1_mbedtls_psa_rsa_import_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits ); + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer_temp, key_buffer_size, + key_buffer_length, bits); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_import_key( - attributes, - data, data_length, - key_buffer_temp, key_buffer_size, - key_buffer_length, bits ); + attributes, + data, data_length, + key_buffer_temp, key_buffer_size, + key_buffer_length, bits); #else status = PSA_ERROR_NOT_SUPPORTED; #endif - if( status != PSA_SUCCESS ) - goto exit; - } - else - { + if (status != PSA_SUCCESS) { + goto exit; + } + } else { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - status = mbedtls_test_opaque_wrap_key( key_buffer_temp, *key_buffer_length, - key_buffer, key_buffer_size, key_buffer_length ); + status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length, + key_buffer, key_buffer_size, key_buffer_length); exit: - mbedtls_free( key_buffer_temp ); - return( status ); + mbedtls_free(key_buffer_temp); + return status; } psa_status_t mbedtls_test_opaque_export_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length ) + uint8_t *data, size_t data_size, size_t *data_length) { - if( key_length == sizeof( psa_drv_slot_number_t ) ) - { + if (key_length == sizeof(psa_drv_slot_number_t)) { /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); - switch( slot_number ) - { + switch (slot_number) { case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: /* This is the ECDSA slot. Verify the key's attributes before * returning the private key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, mbedtls_test_driver_ecdsa_key, - sizeof( mbedtls_test_driver_ecdsa_key ) ); - *data_length = sizeof( mbedtls_test_driver_ecdsa_key ); - return( PSA_SUCCESS ); + if (psa_get_key_type(attributes) != + PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (psa_get_key_bits(attributes) != 256) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (psa_get_key_algorithm(attributes) != + PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if ((psa_get_key_usage_flags(attributes) & + PSA_KEY_USAGE_EXPORT) == 0) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + + if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(data, mbedtls_test_driver_ecdsa_key, + sizeof(mbedtls_test_driver_ecdsa_key)); + *data_length = sizeof(mbedtls_test_driver_ecdsa_key); + return PSA_SUCCESS; case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: /* This is the AES slot. Verify the key's attributes before * returning the key. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 128 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( ( psa_get_key_usage_flags( attributes ) & - PSA_KEY_USAGE_EXPORT ) == 0 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( mbedtls_test_driver_aes_key ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, mbedtls_test_driver_aes_key, - sizeof( mbedtls_test_driver_aes_key ) ); - *data_length = sizeof( mbedtls_test_driver_aes_key ); - return( PSA_SUCCESS ); + if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (psa_get_key_bits(attributes) != 128) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if ((psa_get_key_usage_flags(attributes) & + PSA_KEY_USAGE_EXPORT) == 0) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + + if (data_size < sizeof(mbedtls_test_driver_aes_key)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(data, mbedtls_test_driver_aes_key, + sizeof(mbedtls_test_driver_aes_key)); + *data_length = sizeof(mbedtls_test_driver_aes_key); + return PSA_SUCCESS; default: - return( PSA_ERROR_DOES_NOT_EXIST ); + return PSA_ERROR_DOES_NOT_EXIST; } - } - else - { + } else { /* This buffer will be used as an intermediate placeholder for * the opaque key till we unwrap the key into key_buffer */ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type( attributes ); - - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) || - PSA_KEY_TYPE_IS_RSA( type ) || - PSA_KEY_TYPE_IS_ECC( type ) ) - { - status = mbedtls_test_opaque_unwrap_key( key, key_length, - data, data_size, data_length ); - return( status ); + psa_key_type_t type = psa_get_key_type(attributes); + + if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) || + PSA_KEY_TYPE_IS_RSA(type) || + PSA_KEY_TYPE_IS_ECC(type)) { + status = mbedtls_test_opaque_unwrap_key(key, key_length, + data, data_size, data_length); + return status; } } - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) + uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; - if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_management_hooks.forced_status ); + if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_key_management_hooks.forced_status; + } - if( mbedtls_test_driver_key_management_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_key_management_hooks.forced_output_length > - data_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, mbedtls_test_driver_key_management_hooks.forced_output, - mbedtls_test_driver_key_management_hooks.forced_output_length ); + if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { + if (mbedtls_test_driver_key_management_hooks.forced_output_length > + data_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output, + mbedtls_test_driver_key_management_hooks.forced_output_length); *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } - psa_key_type_t key_type = psa_get_key_type( attributes ); + psa_key_type_t key_type = psa_get_key_type(attributes); - if( PSA_KEY_TYPE_IS_ECC( key_type ) ) - { + if (PSA_KEY_TYPE_IS_ECC(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) - return( libtestdriver1_mbedtls_psa_ecp_export_public_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_ecp_export_public_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return( mbedtls_psa_ecp_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ) ); + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return mbedtls_psa_ecp_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #endif - } - else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) - { + } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) ) - return( libtestdriver1_mbedtls_psa_rsa_export_public_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_rsa_export_public_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return( mbedtls_psa_rsa_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ) ); + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_rsa_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #endif } - (void)key_buffer; - (void)key_buffer_size; - (void)key_type; + (void) key_buffer; + (void) key_buffer_size; + (void) key_type; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_opaque_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, - uint8_t *data, size_t data_size, size_t *data_length ) + uint8_t *data, size_t data_size, size_t *data_length) { - if( key_length != sizeof( psa_drv_slot_number_t ) ) - { + if (key_length != sizeof(psa_drv_slot_number_t)) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t key_type = psa_get_key_type( attributes ); + psa_key_type_t key_type = psa_get_key_type(attributes); uint8_t *key_buffer_temp; - key_buffer_temp = mbedtls_calloc( 1, key_length ); - if( key_buffer_temp == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + key_buffer_temp = mbedtls_calloc(1, key_length); + if (key_buffer_temp == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } - if( PSA_KEY_TYPE_IS_ECC( key_type ) ) - { - status = mbedtls_test_opaque_unwrap_key( key, key_length, - key_buffer_temp, key_length, data_length ); - if( status == PSA_SUCCESS ) - { + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + status = mbedtls_test_opaque_unwrap_key(key, key_length, + key_buffer_temp, key_length, data_length); + if (status == PSA_SUCCESS) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) + (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) status = libtestdriver1_mbedtls_psa_ecp_export_public_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer_temp, *data_length, - data, data_size, data_length ); + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer_temp, *data_length, + data, data_size, data_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length ); + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length); #else status = PSA_ERROR_NOT_SUPPORTED; #endif } - } - else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) - { - status = mbedtls_test_opaque_unwrap_key( key, key_length, - key_buffer_temp, key_length, data_length ); - if( status == PSA_SUCCESS ) - { + } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { + status = mbedtls_test_opaque_unwrap_key(key, key_length, + key_buffer_temp, key_length, data_length); + if (status == PSA_SUCCESS) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) + (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) status = libtestdriver1_mbedtls_psa_rsa_export_public_key( - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer_temp, *data_length, - data, data_size, data_length ); + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer_temp, *data_length, + data, data_size, data_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_export_public_key( - attributes, - key_buffer_temp, *data_length, - data, data_size, data_length ); + attributes, + key_buffer_temp, *data_length, + data, data_size, data_length); #else status = PSA_ERROR_NOT_SUPPORTED; #endif } - } - else - { + } else { status = PSA_ERROR_NOT_SUPPORTED; - (void)key; - (void)key_type; + (void) key; + (void) key_type; } - mbedtls_free( key_buffer_temp ); - return( status ); + mbedtls_free(key_buffer_temp); + return status; } /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - switch( slot_number ) - { + psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); + switch (slot_number) { case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: /* This is the ECDSA slot. Verify the key's attributes before * returning the public key. */ - if( psa_get_key_type( attributes ) != - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_bits( attributes ) != 256 ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != - PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - if( data_size < sizeof( mbedtls_test_driver_ecdsa_pubkey ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( data, mbedtls_test_driver_ecdsa_pubkey, - sizeof( mbedtls_test_driver_ecdsa_pubkey ) ); - *data_length = sizeof( mbedtls_test_driver_ecdsa_pubkey ); - return( PSA_SUCCESS ); + if (psa_get_key_type(attributes) != + PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (psa_get_key_bits(attributes) != 256) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (psa_get_key_algorithm(attributes) != + PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + + if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(data, mbedtls_test_driver_ecdsa_pubkey, + sizeof(mbedtls_test_driver_ecdsa_pubkey)); + *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey); + return PSA_SUCCESS; default: - return( PSA_ERROR_DOES_NOT_EXIST ); + return PSA_ERROR_DOES_NOT_EXIST; } } @@ -679,49 +680,50 @@ psa_status_t mbedtls_test_opaque_export_public_key( psa_status_t mbedtls_test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { - switch( slot_number ) - { + switch (slot_number) { case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: - psa_set_key_type( attributes, PSA_KEY_TYPE_AES ); - psa_set_key_bits( attributes, 128 ); + psa_set_key_type(attributes, PSA_KEY_TYPE_AES); + psa_set_key_bits(attributes, 128); psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( attributes, PSA_ALG_CTR ); + PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(attributes, PSA_ALG_CTR); - if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - *( (psa_drv_slot_number_t*) key_buffer ) = + *((psa_drv_slot_number_t *) key_buffer) = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; - *key_buffer_length = sizeof( psa_drv_slot_number_t ); - return( PSA_SUCCESS ); + *key_buffer_length = sizeof(psa_drv_slot_number_t); + return PSA_SUCCESS; case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: psa_set_key_type( attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); - psa_set_key_bits( attributes, 256 ); + PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); + psa_set_key_bits(attributes, 256); psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_EXPORT ); + PSA_KEY_USAGE_EXPORT); psa_set_key_algorithm( - attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); + attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); - if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - *( (psa_drv_slot_number_t*) key_buffer ) = + *((psa_drv_slot_number_t *) key_buffer) = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; - *key_buffer_length = sizeof( psa_drv_slot_number_t ); - return( PSA_SUCCESS ); + *key_buffer_length = sizeof(psa_drv_slot_number_t); + return PSA_SUCCESS; default: - return( PSA_ERROR_DOES_NOT_EXIST ); + return PSA_ERROR_DOES_NOT_EXIST; } } @@ -736,13 +738,14 @@ psa_status_t mbedtls_test_opaque_copy_key( * copied keys. This could change when the opaque test driver is extended * to support SE with storage, or to emulate an SE without storage but * still holding some slot references */ - if( source_key_length > key_buffer_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (source_key_length > key_buffer_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( key_buffer, source_key, source_key_length ); + memcpy(key_buffer, source_key, source_key_length); *key_buffer_length = source_key_length; - (void)attributes; - return( PSA_SUCCESS ); + (void) attributes; + return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index f909785dfd..ea09cf43f7 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -40,31 +40,28 @@ psa_status_t mbedtls_test_transparent_mac_compute( size_t input_length, uint8_t *mac, size_t mac_size, - size_t *mac_length ) + size_t *mac_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_compute( - (const libtestdriver1_psa_key_attributes_t *)attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, input, input_length, - mac, mac_size, mac_length ); + mac, mac_size, mac_length); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, - mac, mac_size, mac_length ); + mac, mac_size, mac_length); #else (void) attributes; (void) key_buffer; @@ -79,7 +76,7 @@ psa_status_t mbedtls_test_transparent_mac_compute( #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_transparent_mac_sign_setup( @@ -87,28 +84,25 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_sign_setup( operation, - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, alg ); + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, alg); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + operation, attributes, key_buffer, key_buffer_size, alg); #else (void) operation; (void) attributes; @@ -119,7 +113,7 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_transparent_mac_verify_setup( @@ -127,28 +121,25 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_verify_setup( operation, - (const libtestdriver1_psa_key_attributes_t *)attributes, - key_buffer, key_buffer_size, alg ); + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, alg); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + operation, attributes, key_buffer, key_buffer_size, alg); #else (void) operation; (void) attributes; @@ -159,32 +150,29 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_transparent_mac_update( mbedtls_transparent_test_driver_mac_operation_t *operation, const uint8_t *input, - size_t input_length ) + size_t input_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_update( - operation, input, input_length ); + operation, input, input_length); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_update( - operation, input, input_length ); + operation, input, input_length); #else (void) operation; (void) input; @@ -193,33 +181,30 @@ psa_status_t mbedtls_test_transparent_mac_update( #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_transparent_mac_sign_finish( mbedtls_transparent_test_driver_mac_operation_t *operation, uint8_t *mac, size_t mac_size, - size_t *mac_length ) + size_t *mac_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_sign_finish( - operation, mac, mac_size, mac_length ); + operation, mac, mac_size, mac_length); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_sign_finish( - operation, mac, mac_size, mac_length ); + operation, mac, mac_size, mac_length); #else (void) operation; (void) mac; @@ -229,32 +214,29 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_transparent_mac_verify_finish( mbedtls_transparent_test_driver_mac_operation_t *operation, const uint8_t *mac, - size_t mac_length ) + size_t mac_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_verify_finish( - operation, mac, mac_length ); + operation, mac, mac_length); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_verify_finish( - operation, mac, mac_length ); + operation, mac, mac_length); #else (void) operation; (void) mac; @@ -263,35 +245,32 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_transparent_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation ) + mbedtls_transparent_test_driver_mac_operation_t *operation) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = - libtestdriver1_mbedtls_psa_mac_abort( operation ); + libtestdriver1_mbedtls_psa_mac_abort(operation); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_psa_mac_abort( operation ); + mbedtls_psa_mac_abort(operation); #else (void) operation; mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_compute( @@ -303,17 +282,14 @@ psa_status_t mbedtls_test_opaque_mac_compute( size_t input_length, uint8_t *mac, size_t mac_size, - size_t *mac_length ) + size_t *mac_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) attributes; (void) key_buffer; (void) key_buffer_size; @@ -326,7 +302,7 @@ psa_status_t mbedtls_test_opaque_mac_compute( mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_sign_setup( @@ -334,17 +310,14 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) operation; (void) attributes; (void) key_buffer; @@ -353,7 +326,7 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup( mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_verify_setup( @@ -361,17 +334,14 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) + psa_algorithm_t alg) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) operation; (void) attributes; (void) key_buffer; @@ -380,47 +350,41 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup( mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_update( mbedtls_opaque_test_driver_mac_operation_t *operation, const uint8_t *input, - size_t input_length ) + size_t input_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) operation; (void) input; (void) input_length; mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_sign_finish( mbedtls_opaque_test_driver_mac_operation_t *operation, uint8_t *mac, size_t mac_size, - size_t *mac_length ) + size_t *mac_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) operation; (void) mac; (void) mac_size; @@ -428,49 +392,43 @@ psa_status_t mbedtls_test_opaque_mac_sign_finish( mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_verify_finish( mbedtls_opaque_test_driver_mac_operation_t *operation, const uint8_t *mac, - size_t mac_length ) + size_t mac_length) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) operation; (void) mac; (void) mac_length; mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } psa_status_t mbedtls_test_opaque_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation ) + mbedtls_opaque_test_driver_mac_operation_t *operation) { mbedtls_test_driver_mac_hooks.hits++; - if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) - { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_test_driver_mac_hooks.forced_status; - } - else - { + if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; + } else { (void) operation; mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } - return( mbedtls_test_driver_mac_hooks.driver_status ); + return mbedtls_test_driver_mac_hooks.driver_status; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index ef6d135eb8..11815b03f3 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -60,72 +60,63 @@ psa_status_t sign_hash( size_t hash_length, uint8_t *signature, size_t signature_size, - size_t *signature_length ) + size_t *signature_length) { - if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || - PSA_ALG_IS_RSA_PSS( alg) ) - { + if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || + PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ) - return( libtestdriver1_mbedtls_psa_rsa_sign_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)) + return libtestdriver1_mbedtls_psa_rsa_sign_hash( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return( mbedtls_psa_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + return mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length); #endif + } else { + return PSA_ERROR_INVALID_ARGUMENT; } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - } - else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( PSA_ALG_IS_ECDSA( alg ) ) - { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) - return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) + return libtestdriver1_mbedtls_psa_ecdsa_sign_hash( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - return( mbedtls_psa_ecdsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + return mbedtls_psa_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length); #endif - } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); + } else { + return PSA_ERROR_INVALID_ARGUMENT; } } - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t verify_hash( @@ -136,71 +127,62 @@ psa_status_t verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, - size_t signature_length ) + size_t signature_length) { - if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) - { - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || - PSA_ALG_IS_RSA_PSS( alg) ) - { + if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || + PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ) - return( libtestdriver1_mbedtls_psa_rsa_verify_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)) + return libtestdriver1_mbedtls_psa_rsa_verify_hash( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return( mbedtls_psa_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + return mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length); #endif + } else { + return PSA_ERROR_INVALID_ARGUMENT; } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - } - else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( PSA_ALG_IS_ECDSA( alg ) ) - { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) - return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - (const libtestdriver1_psa_key_attributes_t *) attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) + return libtestdriver1_mbedtls_psa_ecdsa_verify_hash( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - return( mbedtls_psa_ecdsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + return mbedtls_psa_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length); #endif - } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); + } else { + return PSA_ERROR_INVALID_ARGUMENT; } } - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_signature_sign_message( @@ -212,7 +194,7 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( size_t input_length, uint8_t *signature, size_t signature_size, - size_t *signature_length ) + size_t *signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t hash_length; @@ -220,41 +202,43 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( ++mbedtls_test_driver_signature_sign_hooks.hits; - if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_sign_hooks.forced_status ); + if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_signature_sign_hooks.forced_status; + } - if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) { + if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } - memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length); *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, - hash, sizeof( hash ), &hash_length ); + PSA_ALG_SIGN_GET_HASH(alg), input, input_length, + hash, sizeof(hash), &hash_length); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) status = mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, - hash, sizeof( hash ), &hash_length ); + PSA_ALG_SIGN_GET_HASH(alg), input, input_length, + hash, sizeof(hash), &hash_length); #else (void) input; (void) input_length; status = PSA_ERROR_NOT_SUPPORTED; #endif - if( status != PSA_SUCCESS ) + if (status != PSA_SUCCESS) { return status; + } - return( sign_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return sign_hash(attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length); } psa_status_t mbedtls_test_opaque_signature_sign_message( @@ -266,7 +250,7 @@ psa_status_t mbedtls_test_opaque_signature_sign_message( size_t input_length, uint8_t *signature, size_t signature_size, - size_t *signature_length ) + size_t *signature_length) { (void) attributes; (void) key; @@ -278,7 +262,7 @@ psa_status_t mbedtls_test_opaque_signature_sign_message( (void) signature_size; (void) signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_signature_verify_message( @@ -289,7 +273,7 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( const uint8_t *input, size_t input_length, const uint8_t *signature, - size_t signature_length ) + size_t signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t hash_length; @@ -297,29 +281,31 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( ++mbedtls_test_driver_signature_verify_hooks.hits; - if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_verify_hooks.forced_status ); + if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_signature_verify_hooks.forced_status; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, - hash, sizeof( hash ), &hash_length ); + PSA_ALG_SIGN_GET_HASH(alg), input, input_length, + hash, sizeof(hash), &hash_length); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) status = mbedtls_psa_hash_compute( - PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, - hash, sizeof( hash ), &hash_length ); + PSA_ALG_SIGN_GET_HASH(alg), input, input_length, + hash, sizeof(hash), &hash_length); #else (void) input; (void) input_length; status = PSA_ERROR_NOT_SUPPORTED; #endif - if( status != PSA_SUCCESS ) + if (status != PSA_SUCCESS) { return status; + } - return( verify_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return verify_hash(attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length); } psa_status_t mbedtls_test_opaque_signature_verify_message( @@ -330,7 +316,7 @@ psa_status_t mbedtls_test_opaque_signature_verify_message( const uint8_t *input, size_t input_length, const uint8_t *signature, - size_t signature_length ) + size_t signature_length) { (void) attributes; (void) key; @@ -341,7 +327,7 @@ psa_status_t mbedtls_test_opaque_signature_verify_message( (void) signature; (void) signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_signature_sign_hash( @@ -349,26 +335,27 @@ psa_status_t mbedtls_test_transparent_signature_sign_hash( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) + uint8_t *signature, size_t signature_size, size_t *signature_length) { ++mbedtls_test_driver_signature_sign_hooks.hits; - if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_sign_hooks.forced_status ); + if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_signature_sign_hooks.forced_status; + } - if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) { + if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length); *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } - return( sign_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return sign_hash(attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length); } psa_status_t mbedtls_test_opaque_signature_sign_hash( @@ -376,7 +363,7 @@ psa_status_t mbedtls_test_opaque_signature_sign_hash( const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) + uint8_t *signature, size_t signature_size, size_t *signature_length) { (void) attributes; (void) key; @@ -388,7 +375,7 @@ psa_status_t mbedtls_test_opaque_signature_sign_hash( (void) signature_size; (void) signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_test_transparent_signature_verify_hash( @@ -396,16 +383,17 @@ psa_status_t mbedtls_test_transparent_signature_verify_hash( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) + const uint8_t *signature, size_t signature_length) { ++mbedtls_test_driver_signature_verify_hooks.hits; - if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_verify_hooks.forced_status ); + if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) { + return mbedtls_test_driver_signature_verify_hooks.forced_status; + } - return verify_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ); + return verify_hash(attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length); } psa_status_t mbedtls_test_opaque_signature_verify_hash( @@ -413,7 +401,7 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( const uint8_t *key, size_t key_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) + const uint8_t *signature, size_t signature_length) { (void) attributes; (void) key; @@ -423,7 +411,7 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( (void) hash_length; (void) signature; (void) signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return PSA_ERROR_NOT_SUPPORTED; } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/fake_external_rng_for_test.c b/src/fake_external_rng_for_test.c index 9c2195bf0c..89af7d34f5 100644 --- a/src/fake_external_rng_for_test.c +++ b/src/fake_external_rng_for_test.c @@ -28,29 +28,30 @@ static int test_insecure_external_rng_enabled = 0; -void mbedtls_test_enable_insecure_external_rng( void ) +void mbedtls_test_enable_insecure_external_rng(void) { test_insecure_external_rng_enabled = 1; } -void mbedtls_test_disable_insecure_external_rng( void ) +void mbedtls_test_disable_insecure_external_rng(void) { test_insecure_external_rng_enabled = 0; } psa_status_t mbedtls_psa_external_get_random( mbedtls_psa_external_random_context_t *context, - uint8_t *output, size_t output_size, size_t *output_length ) + uint8_t *output, size_t output_size, size_t *output_length) { (void) context; - if( !test_insecure_external_rng_enabled ) - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + if (!test_insecure_external_rng_enabled) { + return PSA_ERROR_INSUFFICIENT_ENTROPY; + } /* This implementation is for test purposes only! * Use the libc non-cryptographic random generator. */ - mbedtls_test_rnd_std_rand( NULL, output, output_size ); + mbedtls_test_rnd_std_rand(NULL, output, output_size); *output_length = output_size; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ diff --git a/src/helpers.c b/src/helpers.c index be5c465fd9..30fd362c01 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -32,40 +32,40 @@ mbedtls_test_info_t mbedtls_test_info; /*----------------------------------------------------------------------------*/ /* Helper Functions */ -int mbedtls_test_platform_setup( void ) +int mbedtls_test_platform_setup(void) { int ret = 0; #if defined(MBEDTLS_PLATFORM_C) - ret = mbedtls_platform_setup( &platform_ctx ); + ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ - return( ret ); + return ret; } -void mbedtls_test_platform_teardown( void ) +void mbedtls_test_platform_teardown(void) { #if defined(MBEDTLS_PLATFORM_C) - mbedtls_platform_teardown( &platform_ctx ); + mbedtls_platform_teardown(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ } int mbedtls_test_ascii2uc(const char c, unsigned char *uc) { - if( ( c >= '0' ) && ( c <= '9' ) ) + if ((c >= '0') && (c <= '9')) { *uc = c - '0'; - else if( ( c >= 'a' ) && ( c <= 'f' ) ) + } else if ((c >= 'a') && (c <= 'f')) { *uc = c - 'a' + 10; - else if( ( c >= 'A' ) && ( c <= 'F' ) ) + } else if ((c >= 'A') && (c <= 'F')) { *uc = c - 'A' + 10; - else - return( -1 ); + } else { + return -1; + } - return( 0 ); + return 0; } -void mbedtls_test_fail( const char *test, int line_no, const char* filename ) +void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) - { + if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return; @@ -76,7 +76,7 @@ void mbedtls_test_fail( const char *test, int line_no, const char* filename ) mbedtls_test_info.filename = filename; } -void mbedtls_test_skip( const char *test, int line_no, const char* filename ) +void mbedtls_test_skip(const char *test, int line_no, const char *filename) { mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; mbedtls_test_info.test = test; @@ -84,7 +84,7 @@ void mbedtls_test_skip( const char *test, int line_no, const char* filename ) mbedtls_test_info.filename = filename; } -void mbedtls_test_set_step( unsigned long step ) +void mbedtls_test_set_step(unsigned long step) { mbedtls_test_info.step = step; } @@ -93,201 +93,205 @@ void mbedtls_test_set_step( unsigned long step ) unsigned mbedtls_test_case_uses_negative_0 = 0; #endif -void mbedtls_test_info_reset( void ) +void mbedtls_test_info_reset(void) { mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; - mbedtls_test_info.step = (unsigned long)( -1 ); + mbedtls_test_info.step = (unsigned long) (-1); mbedtls_test_info.test = 0; mbedtls_test_info.line_no = 0; mbedtls_test_info.filename = 0; - memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) ); - memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) ); + memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_case_uses_negative_0 = 0; #endif } -int mbedtls_test_equal( const char *test, int line_no, const char* filename, - unsigned long long value1, unsigned long long value2 ) +int mbedtls_test_equal(const char *test, int line_no, const char *filename, + unsigned long long value1, unsigned long long value2) { - TEST_CF_PUBLIC( &value1, sizeof( value1 ) ); - TEST_CF_PUBLIC( &value2, sizeof( value2 ) ); + TEST_CF_PUBLIC(&value1, sizeof(value1)); + TEST_CF_PUBLIC(&value2, sizeof(value2)); - if( value1 == value2 ) - return( 1 ); + if (value1 == value2) { + return 1; + } - if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) - { + if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ - return( 0 ); + return 0; } - mbedtls_test_fail( test, line_no, filename ); - (void) mbedtls_snprintf( mbedtls_test_info.line1, - sizeof( mbedtls_test_info.line1 ), - "lhs = 0x%016llx = %lld", - value1, (long long) value1 ); - (void) mbedtls_snprintf( mbedtls_test_info.line2, - sizeof( mbedtls_test_info.line2 ), - "rhs = 0x%016llx = %lld", - value2, (long long) value2 ); - return( 0 ); + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(mbedtls_test_info.line1, + sizeof(mbedtls_test_info.line1), + "lhs = 0x%016llx = %lld", + value1, (long long) value1); + (void) mbedtls_snprintf(mbedtls_test_info.line2, + sizeof(mbedtls_test_info.line2), + "rhs = 0x%016llx = %lld", + value2, (long long) value2); + return 0; } -int mbedtls_test_le_u( const char *test, int line_no, const char* filename, - unsigned long long value1, unsigned long long value2 ) +int mbedtls_test_le_u(const char *test, int line_no, const char *filename, + unsigned long long value1, unsigned long long value2) { - TEST_CF_PUBLIC( &value1, sizeof( value1 ) ); - TEST_CF_PUBLIC( &value2, sizeof( value2 ) ); + TEST_CF_PUBLIC(&value1, sizeof(value1)); + TEST_CF_PUBLIC(&value2, sizeof(value2)); - if( value1 <= value2 ) - return( 1 ); + if (value1 <= value2) { + return 1; + } - if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) - { + if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ - return( 0 ); + return 0; } - mbedtls_test_fail( test, line_no, filename ); - (void) mbedtls_snprintf( mbedtls_test_info.line1, - sizeof( mbedtls_test_info.line1 ), - "lhs = 0x%016llx = %llu", - value1, value1 ); - (void) mbedtls_snprintf( mbedtls_test_info.line2, - sizeof( mbedtls_test_info.line2 ), - "rhs = 0x%016llx = %llu", - value2, value2 ); - return( 0 ); + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(mbedtls_test_info.line1, + sizeof(mbedtls_test_info.line1), + "lhs = 0x%016llx = %llu", + value1, value1); + (void) mbedtls_snprintf(mbedtls_test_info.line2, + sizeof(mbedtls_test_info.line2), + "rhs = 0x%016llx = %llu", + value2, value2); + return 0; } -int mbedtls_test_le_s( const char *test, int line_no, const char* filename, - long long value1, long long value2 ) +int mbedtls_test_le_s(const char *test, int line_no, const char *filename, + long long value1, long long value2) { - TEST_CF_PUBLIC( &value1, sizeof( value1 ) ); - TEST_CF_PUBLIC( &value2, sizeof( value2 ) ); + TEST_CF_PUBLIC(&value1, sizeof(value1)); + TEST_CF_PUBLIC(&value2, sizeof(value2)); - if( value1 <= value2 ) - return( 1 ); + if (value1 <= value2) { + return 1; + } - if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ) - { + if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ - return( 0 ); + return 0; } - mbedtls_test_fail( test, line_no, filename ); - (void) mbedtls_snprintf( mbedtls_test_info.line1, - sizeof( mbedtls_test_info.line1 ), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1 ); - (void) mbedtls_snprintf( mbedtls_test_info.line2, - sizeof( mbedtls_test_info.line2 ), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2 ); - return( 0 ); + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(mbedtls_test_info.line1, + sizeof(mbedtls_test_info.line1), + "lhs = 0x%016llx = %lld", + (unsigned long long) value1, value1); + (void) mbedtls_snprintf(mbedtls_test_info.line2, + sizeof(mbedtls_test_info.line2), + "rhs = 0x%016llx = %lld", + (unsigned long long) value2, value2); + return 0; } -int mbedtls_test_unhexify( unsigned char *obuf, - size_t obufmax, - const char *ibuf, - size_t *len ) +int mbedtls_test_unhexify(unsigned char *obuf, + size_t obufmax, + const char *ibuf, + size_t *len) { unsigned char uc, uc2; - *len = strlen( ibuf ); + *len = strlen(ibuf); /* Must be even number of bytes. */ - if ( ( *len ) & 1 ) - return( -1 ); + if ((*len) & 1) { + return -1; + } *len /= 2; - if ( (*len) > obufmax ) - return( -1 ); + if ((*len) > obufmax) { + return -1; + } - while( *ibuf != 0 ) - { - if ( mbedtls_test_ascii2uc( *(ibuf++), &uc ) != 0 ) - return( -1 ); + while (*ibuf != 0) { + if (mbedtls_test_ascii2uc(*(ibuf++), &uc) != 0) { + return -1; + } - if ( mbedtls_test_ascii2uc( *(ibuf++), &uc2 ) != 0 ) - return( -1 ); + if (mbedtls_test_ascii2uc(*(ibuf++), &uc2) != 0) { + return -1; + } - *(obuf++) = ( uc << 4 ) | uc2; + *(obuf++) = (uc << 4) | uc2; } - return( 0 ); + return 0; } -void mbedtls_test_hexify( unsigned char *obuf, - const unsigned char *ibuf, - int len ) +void mbedtls_test_hexify(unsigned char *obuf, + const unsigned char *ibuf, + int len) { unsigned char l, h; - while( len != 0 ) - { + while (len != 0) { h = *ibuf / 16; l = *ibuf % 16; - if( h < 10 ) + if (h < 10) { *obuf++ = '0' + h; - else + } else { *obuf++ = 'a' + h - 10; + } - if( l < 10 ) + if (l < 10) { *obuf++ = '0' + l; - else + } else { *obuf++ = 'a' + l - 10; + } ++ibuf; len--; } } -unsigned char *mbedtls_test_zero_alloc( size_t len ) +unsigned char *mbedtls_test_zero_alloc(size_t len) { void *p; - size_t actual_len = ( len != 0 ) ? len : 1; + size_t actual_len = (len != 0) ? len : 1; - p = mbedtls_calloc( 1, actual_len ); - TEST_HELPER_ASSERT( p != NULL ); + p = mbedtls_calloc(1, actual_len); + TEST_HELPER_ASSERT(p != NULL); - memset( p, 0x00, actual_len ); + memset(p, 0x00, actual_len); - return( p ); + return p; } -unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) +unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen) { unsigned char *obuf; size_t len; - *olen = strlen( ibuf ) / 2; + *olen = strlen(ibuf) / 2; - if( *olen == 0 ) - return( mbedtls_test_zero_alloc( *olen ) ); + if (*olen == 0) { + return mbedtls_test_zero_alloc(*olen); + } - obuf = mbedtls_calloc( 1, *olen ); - TEST_HELPER_ASSERT( obuf != NULL ); - TEST_HELPER_ASSERT( mbedtls_test_unhexify( obuf, *olen, ibuf, &len ) == 0 ); + obuf = mbedtls_calloc(1, *olen); + TEST_HELPER_ASSERT(obuf != NULL); + TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0); - return( obuf ); + return obuf; } -int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, - uint32_t a_len, uint32_t b_len ) +int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, + uint32_t a_len, uint32_t b_len) { int ret = 0; uint32_t i = 0; - if( a_len != b_len ) - return( -1 ); + if (a_len != b_len) { + return -1; + } - for( i = 0; i < a_len; i++ ) - { - if( a[i] != b[i] ) - { + for (i = 0; i < a_len; i++) { + if (a[i] != b[i]) { ret = -1; break; } @@ -296,8 +300,8 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, } #if defined(MBEDTLS_TEST_HOOKS) -void mbedtls_test_err_add_check( int high, int low, - const char *file, int line ) +void mbedtls_test_err_add_check(int high, int low, + const char *file, int line) { /* Error codes are always negative (a value of zero is a success) however * their positive opposites can be easier to understand. The following @@ -311,42 +315,33 @@ void mbedtls_test_err_add_check( int high, int low, * and module-dependent error code (bits 7..11)). * l = low level error code. */ - if ( high > -0x1000 && high != 0 ) - /* high < 0001000000000000 - * No high level module ID bits are set. - */ - { - mbedtls_test_fail( "'high' is not a high-level error code", - line, file ); - } - else if ( high < -0x7F80 ) - /* high > 0111111110000000 - * Error code is greater than the largest allowed high level module ID. - */ - { - mbedtls_test_fail( "'high' error code is greater than 15 bits", - line, file ); - } - else if ( ( high & 0x7F ) != 0 ) - /* high & 0000000001111111 - * Error code contains low level error code bits. - */ - { - mbedtls_test_fail( "'high' contains a low-level error code", - line, file ); - } - else if ( low < -0x007F ) - /* low > 0000000001111111 - * Error code contains high or module level error code bits. - */ - { - mbedtls_test_fail( "'low' error code is greater than 7 bits", - line, file ); - } - else if ( low > 0 ) - { - mbedtls_test_fail( "'low' error code is greater than zero", - line, file ); + if (high > -0x1000 && high != 0) { + /* high < 0001000000000000 + * No high level module ID bits are set. + */ + mbedtls_test_fail("'high' is not a high-level error code", + line, file); + } else if (high < -0x7F80) { + /* high > 0111111110000000 + * Error code is greater than the largest allowed high level module ID. + */ + mbedtls_test_fail("'high' error code is greater than 15 bits", + line, file); + } else if ((high & 0x7F) != 0) { + /* high & 0000000001111111 + * Error code contains low level error code bits. + */ + mbedtls_test_fail("'high' contains a low-level error code", + line, file); + } else if (low < -0x007F) { + /* low > 0000000001111111 + * Error code contains high or module level error code bits. + */ + mbedtls_test_fail("'low' error code is greater than 7 bits", + line, file); + } else if (low > 0) { + mbedtls_test_fail("'low' error code is greater than zero", + line, file); } } #endif /* MBEDTLS_TEST_HOOKS */ diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 299b6d125d..06274d388c 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -36,96 +36,106 @@ static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; -int mbedtls_test_uses_key_id( mbedtls_svc_key_id_t key_id ) +int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id) { size_t i; - if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > - PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) - { + if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) > + PSA_MAX_PERSISTENT_KEY_IDENTIFIER) { /* Don't touch key id values that designate non-key files. */ - return( 1 ); + return 1; } - for( i = 0; i < num_key_ids_used ; i++ ) - { - if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) - return( 1 ); + for (i = 0; i < num_key_ids_used; i++) { + if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) { + return 1; + } + } + if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) { + return 0; } - if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) - return( 0 ); key_ids_used_in_test[num_key_ids_used] = key_id; ++num_key_ids_used; - return( 1 ); + return 1; } -void mbedtls_test_psa_purge_key_storage( void ) +void mbedtls_test_psa_purge_key_storage(void) { size_t i; - for( i = 0; i < num_key_ids_used; i++ ) - psa_destroy_persistent_key( key_ids_used_in_test[i] ); + for (i = 0; i < num_key_ids_used; i++) { + psa_destroy_persistent_key(key_ids_used_in_test[i]); + } num_key_ids_used = 0; } -void mbedtls_test_psa_purge_key_cache( void ) +void mbedtls_test_psa_purge_key_cache(void) { size_t i; - for( i = 0; i < num_key_ids_used; i++ ) - psa_purge_key( key_ids_used_in_test[i] ); + for (i = 0; i < num_key_ids_used; i++) { + psa_purge_key(key_ids_used_in_test[i]); + } } #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -const char *mbedtls_test_helper_is_psa_leaking( void ) +const char *mbedtls_test_helper_is_psa_leaking(void) { mbedtls_psa_stats_t stats; - mbedtls_psa_get_stats( &stats ); + mbedtls_psa_get_stats(&stats); - if( stats.volatile_slots != 0 ) - return( "A volatile slot has not been closed properly." ); - if( stats.persistent_slots != 0 ) - return( "A persistent slot has not been closed properly." ); - if( stats.external_slots != 0 ) - return( "An external slot has not been closed properly." ); - if( stats.half_filled_slots != 0 ) - return( "A half-filled slot has not been cleared properly." ); - if( stats.locked_slots != 0 ) - return( "Some slots are still marked as locked." ); + if (stats.volatile_slots != 0) { + return "A volatile slot has not been closed properly."; + } + if (stats.persistent_slots != 0) { + return "A persistent slot has not been closed properly."; + } + if (stats.external_slots != 0) { + return "An external slot has not been closed properly."; + } + if (stats.half_filled_slots != 0) { + return "A half-filled slot has not been cleared properly."; + } + if (stats.locked_slots != 0) { + return "Some slots are still marked as locked."; + } - return( NULL ); + return NULL; } #if defined(RECORD_PSA_STATUS_COVERAGE_LOG) /** Name of the file where return statuses are logged by #RECORD_STATUS. */ #define STATUS_LOG_FILE_NAME "statuses.log" -psa_status_t mbedtls_test_record_status( psa_status_t status, - const char *func, - const char *file, int line, - const char *expr ) +psa_status_t mbedtls_test_record_status(psa_status_t status, + const char *func, + const char *file, int line, + const char *expr) { /* We open the log file on first use. * We never close the log file, so the record_status feature is not * compatible with resource leak detectors such as Asan. */ static FILE *log; - if( log == NULL ) - log = fopen( STATUS_LOG_FILE_NAME, "a" ); - fprintf( log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr ); - return( status ); + if (log == NULL) { + log = fopen(STATUS_LOG_FILE_NAME, "a"); + } + fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr); + return status; } #endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */ -psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags ) +psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) { psa_key_usage_t updated_usage = usage_flags; - if( usage_flags & PSA_KEY_USAGE_SIGN_HASH ) + if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) { updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } - if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH ) + if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) { updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } - return( updated_usage ); + return updated_usage; } #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 08c3b46856..ecd1ec4cd0 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -33,14 +33,14 @@ #include #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) +static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) { - return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != - PSA_KEY_LOCATION_LOCAL_STORAGE ); + return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) != + PSA_KEY_LOCATION_LOCAL_STORAGE; } #endif -static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) +static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -49,58 +49,54 @@ static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) psa_key_type_t type; size_t bits; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - lifetime = psa_get_key_lifetime( &attributes ); - id = psa_get_key_id( &attributes ); - type = psa_get_key_type( &attributes ); - bits = psa_get_key_bits( &attributes ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + lifetime = psa_get_key_lifetime(&attributes); + id = psa_get_key_id(&attributes); + type = psa_get_key_type(&attributes); + bits = psa_get_key_bits(&attributes); /* Persistence */ - if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) - { + if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { TEST_ASSERT( - ( PSA_KEY_ID_VOLATILE_MIN <= - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && - ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= - PSA_KEY_ID_VOLATILE_MAX ) ); - } - else - { + (PSA_KEY_ID_VOLATILE_MIN <= + MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) && + (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= + PSA_KEY_ID_VOLATILE_MAX)); + } else { TEST_ASSERT( - ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && - ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) ); + (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) && + (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX)); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* randomly-generated 64-bit constant, should never appear in test data */ psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; - psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); - if( lifetime_is_dynamic_secure_element( lifetime ) ) - { + psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number); + if (lifetime_is_dynamic_secure_element(lifetime)) { /* Mbed Crypto currently always exposes the slot number to * applications. This is not mandated by the PSA specification * and may change in future versions. */ - TEST_EQUAL( status, 0 ); - TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 ); - } - else - { - TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); + TEST_EQUAL(status, 0); + TEST_ASSERT(slot_number != 0xec94d4a5058a1a21); + } else { + TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); } #endif /* Type and size */ - TEST_ASSERT( type != 0 ); - TEST_ASSERT( bits != 0 ); - TEST_ASSERT( bits <= PSA_MAX_KEY_BITS ); - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - TEST_ASSERT( bits % 8 == 0 ); + TEST_ASSERT(type != 0); + TEST_ASSERT(bits != 0); + TEST_ASSERT(bits <= PSA_MAX_KEY_BITS); + if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { + TEST_ASSERT(bits % 8 == 0); + } /* MAX macros concerning specific key types */ - if( PSA_KEY_TYPE_IS_ECC( type ) ) - TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS ); - else if( PSA_KEY_TYPE_IS_RSA( type ) ) - TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS ); - TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE ); + if (PSA_KEY_TYPE_IS_ECC(type)) { + TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS); + } else if (PSA_KEY_TYPE_IS_RSA(type)) { + TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS); + } + TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE); ok = 1; @@ -109,410 +105,389 @@ static int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - return( ok ); + return ok; } -static int exercise_mac_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_mac_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; const unsigned char input[] = "foo"; - unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; - size_t mac_length = sizeof( mac ); + unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 }; + size_t mac_length = sizeof(mac); /* Convert wildcard algorithm to exercisable algorithm */ - if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) - { - alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) ); + if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { + alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg)); } - if( usage & PSA_KEY_USAGE_SIGN_HASH ) - { - PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_mac_update( &operation, - input, sizeof( input ) ) ); - PSA_ASSERT( psa_mac_sign_finish( &operation, - mac, sizeof( mac ), - &mac_length ) ); + if (usage & PSA_KEY_USAGE_SIGN_HASH) { + PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); + PSA_ASSERT(psa_mac_update(&operation, + input, sizeof(input))); + PSA_ASSERT(psa_mac_sign_finish(&operation, + mac, sizeof(mac), + &mac_length)); } - if( usage & PSA_KEY_USAGE_VERIFY_HASH ) - { + if (usage & PSA_KEY_USAGE_VERIFY_HASH) { psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_mac_update( &operation, - input, sizeof( input ) ) ); - TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), - verify_status ); + (usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE); + PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); + PSA_ASSERT(psa_mac_update(&operation, + input, sizeof(input))); + TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length), + verify_status); } - return( 1 ); + return 1; exit: - psa_mac_abort( &operation ); - return( 0 ); + psa_mac_abort(&operation); + return 0; } -static int exercise_cipher_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_cipher_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = {0}; + unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 }; size_t iv_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; const unsigned char plaintext[16] = "Hello, world..."; unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof( ciphertext ); - unsigned char decrypted[sizeof( ciphertext )]; + size_t ciphertext_length = sizeof(ciphertext); + unsigned char decrypted[sizeof(ciphertext)]; size_t part_length; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_type = psa_get_key_type( &attributes ); - iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_type = psa_get_key_type(&attributes); + iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg); - if( usage & PSA_KEY_USAGE_ENCRYPT ) - { - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); - if( iv_length != 0 ) - { - PSA_ASSERT( psa_cipher_generate_iv( &operation, - iv, sizeof( iv ), - &iv_length ) ); + if (usage & PSA_KEY_USAGE_ENCRYPT) { + PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); + if (iv_length != 0) { + PSA_ASSERT(psa_cipher_generate_iv(&operation, + iv, sizeof(iv), + &iv_length)); } - PSA_ASSERT( psa_cipher_update( &operation, - plaintext, sizeof( plaintext ), - ciphertext, sizeof( ciphertext ), - &ciphertext_length ) ); - PSA_ASSERT( psa_cipher_finish( &operation, - ciphertext + ciphertext_length, - sizeof( ciphertext ) - ciphertext_length, - &part_length ) ); + PSA_ASSERT(psa_cipher_update(&operation, + plaintext, sizeof(plaintext), + ciphertext, sizeof(ciphertext), + &ciphertext_length)); + PSA_ASSERT(psa_cipher_finish(&operation, + ciphertext + ciphertext_length, + sizeof(ciphertext) - ciphertext_length, + &part_length)); ciphertext_length += part_length; } - if( usage & PSA_KEY_USAGE_DECRYPT ) - { + if (usage & PSA_KEY_USAGE_DECRYPT) { psa_status_t status; int maybe_invalid_padding = 0; - if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) - { - maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); + if (!(usage & PSA_KEY_USAGE_ENCRYPT)) { + maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg); } - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); - if( iv_length != 0 ) - { - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, iv_length ) ); + PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); + if (iv_length != 0) { + PSA_ASSERT(psa_cipher_set_iv(&operation, + iv, iv_length)); } - PSA_ASSERT( psa_cipher_update( &operation, - ciphertext, ciphertext_length, - decrypted, sizeof( decrypted ), - &part_length ) ); - status = psa_cipher_finish( &operation, - decrypted + part_length, - sizeof( decrypted ) - part_length, - &part_length ); + PSA_ASSERT(psa_cipher_update(&operation, + ciphertext, ciphertext_length, + decrypted, sizeof(decrypted), + &part_length)); + status = psa_cipher_finish(&operation, + decrypted + part_length, + sizeof(decrypted) - part_length, + &part_length); /* For a stream cipher, all inputs are valid. For a block cipher, * if the input is some arbitrary data rather than an actual - ciphertext, a padding error is likely. */ - if( maybe_invalid_padding ) - TEST_ASSERT( status == PSA_SUCCESS || - status == PSA_ERROR_INVALID_PADDING ); - else - PSA_ASSERT( status ); + ciphertext, a padding error is likely. */ + if (maybe_invalid_padding) { + TEST_ASSERT(status == PSA_SUCCESS || + status == PSA_ERROR_INVALID_PADDING); + } else { + PSA_ASSERT(status); + } } - return( 1 ); + return 1; exit: - psa_cipher_abort( &operation ); - psa_reset_key_attributes( &attributes ); - return( 0 ); + psa_cipher_abort(&operation); + psa_reset_key_attributes(&attributes); + return 0; } -static int exercise_aead_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_aead_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { - unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = {0}; + unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 }; size_t nonce_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; unsigned char plaintext[16] = "Hello, world..."; unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof( ciphertext ); - size_t plaintext_length = sizeof( ciphertext ); + size_t ciphertext_length = sizeof(ciphertext); + size_t plaintext_length = sizeof(ciphertext); /* Convert wildcard algorithm to exercisable algorithm */ - if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) - { - alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ); + if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { + alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg)); } - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_type = psa_get_key_type( &attributes ); - nonce_length = PSA_AEAD_NONCE_LENGTH( key_type, alg ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_type = psa_get_key_type(&attributes); + nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg); - if( usage & PSA_KEY_USAGE_ENCRYPT ) - { - PSA_ASSERT( psa_aead_encrypt( key, alg, - nonce, nonce_length, - NULL, 0, - plaintext, sizeof( plaintext ), - ciphertext, sizeof( ciphertext ), - &ciphertext_length ) ); + if (usage & PSA_KEY_USAGE_ENCRYPT) { + PSA_ASSERT(psa_aead_encrypt(key, alg, + nonce, nonce_length, + NULL, 0, + plaintext, sizeof(plaintext), + ciphertext, sizeof(ciphertext), + &ciphertext_length)); } - if( usage & PSA_KEY_USAGE_DECRYPT ) - { + if (usage & PSA_KEY_USAGE_DECRYPT) { psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_ENCRYPT ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_aead_decrypt( key, alg, - nonce, nonce_length, - NULL, 0, - ciphertext, ciphertext_length, - plaintext, sizeof( plaintext ), - &plaintext_length ), - verify_status ); + (usage & PSA_KEY_USAGE_ENCRYPT ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE); + TEST_EQUAL(psa_aead_decrypt(key, alg, + nonce, nonce_length, + NULL, 0, + ciphertext, ciphertext_length, + plaintext, sizeof(plaintext), + &plaintext_length), + verify_status); } - return( 1 ); + return 1; exit: - psa_reset_key_attributes( &attributes ); - return( 0 ); + psa_reset_key_attributes(&attributes); + return 0; } -static int can_sign_or_verify_message( psa_key_usage_t usage, - psa_algorithm_t alg ) +static int can_sign_or_verify_message(psa_key_usage_t usage, + psa_algorithm_t alg) { /* Sign-the-unspecified-hash algorithms can only be used with * {sign,verify}_hash, not with {sign,verify}_message. */ - if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) - return( 0 ); - return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_VERIFY_MESSAGE ) ); + if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { + return 0; + } + return usage & (PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_VERIFY_MESSAGE); } -static int exercise_signature_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_signature_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { - if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) ) - { - unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; + if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH)) { + unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; size_t payload_length = 16; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; - size_t signature_length = sizeof( signature ); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; + size_t signature_length = sizeof(signature); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); /* If the policy allows signing with any hash, just pick one. */ - if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH ) - { + if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) { #if defined(KNOWN_SUPPORTED_HASH_ALG) hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); + TEST_ASSERT(!"No hash algorithm for hash-and-sign testing"); #endif } /* Some algorithms require the payload to have the size of * the hash encoded in the algorithm. Use this input size * even for algorithms that allow other input sizes. */ - if( hash_alg != 0 ) - payload_length = PSA_HASH_LENGTH( hash_alg ); + if (hash_alg != 0) { + payload_length = PSA_HASH_LENGTH(hash_alg); + } - if( usage & PSA_KEY_USAGE_SIGN_HASH ) - { - PSA_ASSERT( psa_sign_hash( key, alg, - payload, payload_length, - signature, sizeof( signature ), - &signature_length ) ); + if (usage & PSA_KEY_USAGE_SIGN_HASH) { + PSA_ASSERT(psa_sign_hash(key, alg, + payload, payload_length, + signature, sizeof(signature), + &signature_length)); } - if( usage & PSA_KEY_USAGE_VERIFY_HASH ) - { + if (usage & PSA_KEY_USAGE_VERIFY_HASH) { psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( key, alg, - payload, payload_length, - signature, signature_length ), - verify_status ); + (usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE); + TEST_EQUAL(psa_verify_hash(key, alg, + payload, payload_length, + signature, signature_length), + verify_status); } } - if( can_sign_or_verify_message( usage, alg ) ) - { + if (can_sign_or_verify_message(usage, alg)) { unsigned char message[256] = "Hello, world..."; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; size_t message_length = 16; - size_t signature_length = sizeof( signature ); + size_t signature_length = sizeof(signature); - if( usage & PSA_KEY_USAGE_SIGN_MESSAGE ) - { - PSA_ASSERT( psa_sign_message( key, alg, - message, message_length, - signature, sizeof( signature ), - &signature_length ) ); + if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { + PSA_ASSERT(psa_sign_message(key, alg, + message, message_length, + signature, sizeof(signature), + &signature_length)); } - if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) - { + if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_message( key, alg, - message, message_length, - signature, signature_length ), - verify_status ); + (usage & PSA_KEY_USAGE_SIGN_MESSAGE ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE); + TEST_EQUAL(psa_verify_message(key, alg, + message, message_length, + signature, signature_length), + verify_status); } } - return( 1 ); + return 1; exit: - return( 0 ); + return 0; } -static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { unsigned char plaintext[256] = "Hello, world..."; unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; - size_t ciphertext_length = sizeof( ciphertext ); + size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; - if( usage & PSA_KEY_USAGE_ENCRYPT ) - { - PSA_ASSERT( psa_asymmetric_encrypt( key, alg, - plaintext, plaintext_length, - NULL, 0, - ciphertext, sizeof( ciphertext ), - &ciphertext_length ) ); + if (usage & PSA_KEY_USAGE_ENCRYPT) { + PSA_ASSERT(psa_asymmetric_encrypt(key, alg, + plaintext, plaintext_length, + NULL, 0, + ciphertext, sizeof(ciphertext), + &ciphertext_length)); } - if( usage & PSA_KEY_USAGE_DECRYPT ) - { + if (usage & PSA_KEY_USAGE_DECRYPT) { psa_status_t status = - psa_asymmetric_decrypt( key, alg, - ciphertext, ciphertext_length, - NULL, 0, - plaintext, sizeof( plaintext ), - &plaintext_length ); - TEST_ASSERT( status == PSA_SUCCESS || - ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 && - ( status == PSA_ERROR_INVALID_ARGUMENT || - status == PSA_ERROR_INVALID_PADDING ) ) ); + psa_asymmetric_decrypt(key, alg, + ciphertext, ciphertext_length, + NULL, 0, + plaintext, sizeof(plaintext), + &plaintext_length); + TEST_ASSERT(status == PSA_SUCCESS || + ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 && + (status == PSA_ERROR_INVALID_ARGUMENT || + status == PSA_ERROR_INVALID_PADDING))); } - return( 1 ); + return 1; exit: - return( 0 ); + return 0; } int mbedtls_test_psa_setup_key_derivation_wrap( - psa_key_derivation_operation_t* operation, + psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, - const unsigned char* input1, size_t input1_length, - const unsigned char* input2, size_t input2_length, - size_t capacity ) + const unsigned char *input1, size_t input1_length, + const unsigned char *input2, size_t input2_length, + size_t capacity) { - PSA_ASSERT( psa_key_derivation_setup( operation, alg ) ); - if( PSA_ALG_IS_HKDF( alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_SALT, - input1, input1_length ) ); - PSA_ASSERT( psa_key_derivation_input_key( operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_INFO, - input2, - input2_length ) ); - } - else if( PSA_ALG_IS_TLS12_PRF( alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_SEED, - input1, input1_length ) ); - PSA_ASSERT( psa_key_derivation_input_key( operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( operation, - PSA_KEY_DERIVATION_INPUT_LABEL, - input2, input2_length ) ); - } - else - { - TEST_ASSERT( ! "Key derivation algorithm not supported" ); - } - - if( capacity != SIZE_MAX ) - PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) ); - - return( 1 ); + PSA_ASSERT(psa_key_derivation_setup(operation, alg)); + if (PSA_ALG_IS_HKDF(alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input1, input1_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_INFO, + input2, + input2_length)); + } else if (PSA_ALG_IS_TLS12_PRF(alg) || + PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SEED, + input1, input1_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_LABEL, + input2, input2_length)); + } else { + TEST_ASSERT(!"Key derivation algorithm not supported"); + } + + if (capacity != SIZE_MAX) { + PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity)); + } + + return 1; exit: - return( 0 ); + return 0; } -static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_key_derivation_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input1[] = "Input 1"; - size_t input1_length = sizeof( input1 ); + size_t input1_length = sizeof(input1); unsigned char input2[] = "Input 2"; - size_t input2_length = sizeof( input2 ); + size_t input2_length = sizeof(input2); unsigned char output[1]; - size_t capacity = sizeof( output ); + size_t capacity = sizeof(output); - if( usage & PSA_KEY_USAGE_DERIVE ) - { - if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg, - input1, input1_length, - input2, input2_length, - capacity ) ) + if (usage & PSA_KEY_USAGE_DERIVE) { + if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg, + input1, input1_length, + input2, input2_length, + capacity)) { goto exit; + } - PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - capacity ) ); - PSA_ASSERT( psa_key_derivation_abort( &operation ) ); + PSA_ASSERT(psa_key_derivation_output_bytes(&operation, + output, + capacity)); + PSA_ASSERT(psa_key_derivation_abort(&operation)); } - return( 1 ); + return 1; exit: - return( 0 ); + return 0; } /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key ) + mbedtls_svc_key_id_t key) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -525,34 +500,34 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - private_key_type = psa_get_key_type( &attributes ); - key_bits = psa_get_key_bits( &attributes ); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits ); - ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, - &public_key_length ) ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + private_key_type = psa_get_key_type(&attributes); + key_bits = psa_get_key_bits(&attributes); + public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); + public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); + ASSERT_ALLOC(public_key, public_key_length); + PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, + &public_key_length)); status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, - public_key, public_key_length ); + public_key, public_key_length); exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - mbedtls_free( public_key ); - return( status ); + mbedtls_free(public_key); + return status; } /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_algorithm_t alg, - mbedtls_svc_key_id_t key ) + mbedtls_svc_key_id_t key) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -567,26 +542,25 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - private_key_type = psa_get_key_type( &attributes ); - key_bits = psa_get_key_bits( &attributes ); - public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); - public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits ); - ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( key, - public_key, public_key_length, - &public_key_length ) ); - - status = psa_raw_key_agreement( alg, key, - public_key, public_key_length, - output, sizeof( output ), &output_length ); - if ( status == PSA_SUCCESS ) - { - TEST_ASSERT( output_length <= - PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type, - key_bits ) ); - TEST_ASSERT( output_length <= - PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + private_key_type = psa_get_key_type(&attributes); + key_bits = psa_get_key_bits(&attributes); + public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); + public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); + ASSERT_ALLOC(public_key, public_key_length); + PSA_ASSERT(psa_export_public_key(key, + public_key, public_key_length, + &public_key_length)); + + status = psa_raw_key_agreement(alg, key, + public_key, public_key_length, + output, sizeof(output), &output_length); + if (status == PSA_SUCCESS) { + TEST_ASSERT(output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type, + key_bits)); + TEST_ASSERT(output_length <= + PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE); } exit: @@ -594,119 +568,112 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - mbedtls_free( public_key ); - return( status ); + mbedtls_free(public_key); + return status; } -static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { int ok = 0; - if( usage & PSA_KEY_USAGE_DERIVE ) - { + if (usage & PSA_KEY_USAGE_DERIVE) { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) ); + PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key)); } ok = 1; exit: - return( ok ); + return ok; } -static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static int exercise_key_agreement_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input[1] = { 0 }; unsigned char output[1]; int ok = 0; - psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); psa_status_t expected_key_agreement_status = PSA_SUCCESS; - if( usage & PSA_KEY_USAGE_DERIVE ) - { + if (usage & PSA_KEY_USAGE_DERIVE) { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SEED, - input, sizeof( input ) ) ); + PSA_ASSERT(psa_key_derivation_setup(&operation, alg)); + if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || + PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_SEED, + input, sizeof(input))); } - if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - input, sizeof( input ) ) ); + if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_SALT, + input, sizeof(input))); } /* For HKDF_EXPAND input secret may fail as secret size may not match to expected PRK size. In practice it means that key bits must match hash length. Otherwise test should fail with INVALID_ARGUMENT. */ - if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) - { + if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - size_t key_bits = psa_get_key_bits( &attributes ); - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + size_t key_bits = psa_get_key_bits(&attributes); + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); - if( PSA_BITS_TO_BYTES( key_bits ) != PSA_HASH_LENGTH( hash_alg ) ) + if (PSA_BITS_TO_BYTES(key_bits) != PSA_HASH_LENGTH(hash_alg)) { expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT; + } } - TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( &operation, key ), - expected_key_agreement_status ); - - if( expected_key_agreement_status != PSA_SUCCESS ) - return( 1 ); + TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key), + expected_key_agreement_status); - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_LABEL, - input, sizeof( input ) ) ); + if (expected_key_agreement_status != PSA_SUCCESS) { + return 1; } - else if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) - { - PSA_ASSERT( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - input, sizeof( input ) ) ); + + if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || + PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_LABEL, + input, sizeof(input))); + } else if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_INFO, + input, sizeof(input))); } - PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - sizeof( output ) ) ); - PSA_ASSERT( psa_key_derivation_abort( &operation ) ); + PSA_ASSERT(psa_key_derivation_output_bytes(&operation, + output, + sizeof(output))); + PSA_ASSERT(psa_key_derivation_abort(&operation)); } ok = 1; exit: - return( ok ); + return ok; } int mbedtls_test_psa_exported_key_sanity_check( psa_key_type_t type, size_t bits, - const uint8_t *exported, size_t exported_length ) + const uint8_t *exported, size_t exported_length) { - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) ); + TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits)); - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); - else + if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { + TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); + } else #if defined(MBEDTLS_ASN1_PARSE_C) - if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { - uint8_t *p = (uint8_t*) exported; + if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + uint8_t *p = (uint8_t *) exported; const uint8_t *end = exported + exported_length; size_t len; /* RSAPrivateKey ::= SEQUENCE { @@ -721,140 +688,139 @@ int mbedtls_test_psa_exported_key_sanity_check( * coefficient INTEGER, -- (inverse of q) mod p * } */ - TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ), 0 ); - TEST_EQUAL( len, end - p ); - if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) ) + TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED), 0); + TEST_EQUAL(len, end - p); + if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { goto exit; + } /* Require d to be at least half the size of n. */ - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) ) + if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) { goto exit; + } /* Require p and q to be at most half the size of n, rounded up. */ - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; - TEST_EQUAL( p - end, 0 ); + } + TEST_EQUAL(p - end, 0); - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); - } - else + TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); + } else #endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_ECP_C) - if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - { + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { /* Just the secret value */ - TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); + TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); - TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); - } - else + TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); + } else #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_ASN1_PARSE_C) - if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) - { - uint8_t *p = (uint8_t*) exported; + if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) { + uint8_t *p = (uint8_t *) exported; const uint8_t *end = exported + exported_length; size_t len; /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e */ - TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ), - 0 ); - TEST_EQUAL( len, end - p ); - if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) ) + TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED), + 0); + TEST_EQUAL(len, end - p); + if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { goto exit; - if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) ) + } + if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { goto exit; - TEST_EQUAL( p - end, 0 ); + } + TEST_EQUAL(p - end, 0); - TEST_ASSERT( exported_length <= - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) ); - TEST_ASSERT( exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); - } - else + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); + } else #endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_ECP_C) - if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) - { + if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { - TEST_ASSERT( exported_length <= - PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) ); - TEST_ASSERT( exported_length <= - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); - if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY ) - { + if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) { /* The representation of an ECC Montgomery public key is * the raw compressed point */ - TEST_EQUAL( PSA_BITS_TO_BYTES( bits ), exported_length ); - } - else - { + TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); + } else { /* The representation of an ECC Weierstrass public key is: * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian; * - where m is the bit size associated with the curve. */ - TEST_EQUAL( 1 + 2 * PSA_BITS_TO_BYTES( bits ), exported_length ); - TEST_EQUAL( exported[0], 4 ); + TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length); + TEST_EQUAL(exported[0], 4); } - } - else + } else #endif /* MBEDTLS_ECP_C */ { (void) exported; - TEST_ASSERT( ! "Sanity check not implemented for this key type" ); + TEST_ASSERT(!"Sanity check not implemented for this key type"); } #if defined(MBEDTLS_DES_C) - if( type == PSA_KEY_TYPE_DES ) - { + if (type == PSA_KEY_TYPE_DES) { /* Check the parity bits. */ unsigned i; - for( i = 0; i < bits / 8; i++ ) - { + for (i = 0; i < bits / 8; i++) { unsigned bit_count = 0; unsigned m; - for( m = 1; m <= 0x100; m <<= 1 ) - { - if( exported[i] & m ) + for (m = 1; m <= 0x100; m <<= 1) { + if (exported[i] & m) { ++bit_count; + } } - TEST_ASSERT( bit_count % 2 != 0 ); + TEST_ASSERT(bit_count % 2 != 0); } } #endif - return( 1 ); + return 1; exit: - return( 0 ); + return 0; } -static int exercise_export_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage ) +static int exercise_export_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *exported = NULL; @@ -862,42 +828,41 @@ static int exercise_export_key( mbedtls_svc_key_id_t key, size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type( &attributes ), - psa_get_key_bits( &attributes ) ); - ASSERT_ALLOC( exported, exported_size ); - - if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && - ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) - { - TEST_EQUAL( psa_export_key( key, exported, - exported_size, &exported_length ), - PSA_ERROR_NOT_PERMITTED ); + psa_get_key_type(&attributes), + psa_get_key_bits(&attributes)); + ASSERT_ALLOC(exported, exported_size); + + if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && + !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { + TEST_EQUAL(psa_export_key(key, exported, + exported_size, &exported_length), + PSA_ERROR_NOT_PERMITTED); ok = 1; goto exit; } - PSA_ASSERT( psa_export_key( key, - exported, exported_size, - &exported_length ) ); + PSA_ASSERT(psa_export_key(key, + exported, exported_size, + &exported_length)); ok = mbedtls_test_psa_exported_key_sanity_check( - psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ), - exported, exported_length ); + psa_get_key_type(&attributes), psa_get_key_bits(&attributes), + exported, exported_length); exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - mbedtls_free( exported ); - return( ok ); + mbedtls_free(exported); + return ok; } -static int exercise_export_public_key( mbedtls_svc_key_id_t key ) +static int exercise_export_public_key(mbedtls_svc_key_id_t key) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t public_type; @@ -906,119 +871,113 @@ static int exercise_export_public_key( mbedtls_svc_key_id_t key ) size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) - { + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) { exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - psa_get_key_type( &attributes ), - psa_get_key_bits( &attributes ) ); - ASSERT_ALLOC( exported, exported_size ); + psa_get_key_type(&attributes), + psa_get_key_bits(&attributes)); + ASSERT_ALLOC(exported, exported_size); - TEST_EQUAL( psa_export_public_key( key, exported, - exported_size, &exported_length ), - PSA_ERROR_INVALID_ARGUMENT ); + TEST_EQUAL(psa_export_public_key(key, exported, + exported_size, &exported_length), + PSA_ERROR_INVALID_ARGUMENT); ok = 1; goto exit; } public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( - psa_get_key_type( &attributes ) ); - exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, - psa_get_key_bits( &attributes ) ); - ASSERT_ALLOC( exported, exported_size ); - - PSA_ASSERT( psa_export_public_key( key, - exported, exported_size, - &exported_length ) ); + psa_get_key_type(&attributes)); + exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, + psa_get_key_bits(&attributes)); + ASSERT_ALLOC(exported, exported_size); + + PSA_ASSERT(psa_export_public_key(key, + exported, exported_size, + &exported_length)); ok = mbedtls_test_psa_exported_key_sanity_check( - public_type, psa_get_key_bits( &attributes ), - exported, exported_length ); + public_type, psa_get_key_bits(&attributes), + exported, exported_length); exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - mbedtls_free( exported ); - return( ok ); + mbedtls_free(exported); + return ok; } -int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) +int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { int ok = 0; - if( ! check_key_attributes_sanity( key ) ) - return( 0 ); + if (!check_key_attributes_sanity(key)) { + return 0; + } - if( alg == 0 ) + if (alg == 0) { ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */ - else if( PSA_ALG_IS_MAC( alg ) ) - ok = exercise_mac_key( key, usage, alg ); - else if( PSA_ALG_IS_CIPHER( alg ) ) - ok = exercise_cipher_key( key, usage, alg ); - else if( PSA_ALG_IS_AEAD( alg ) ) - ok = exercise_aead_key( key, usage, alg ); - else if( PSA_ALG_IS_SIGN( alg ) ) - ok = exercise_signature_key( key, usage, alg ); - else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - ok = exercise_asymmetric_encryption_key( key, usage, alg ); - else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) - ok = exercise_key_derivation_key( key, usage, alg ); - else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) - ok = exercise_raw_key_agreement_key( key, usage, alg ); - else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - ok = exercise_key_agreement_key( key, usage, alg ); - else - TEST_ASSERT( ! "No code to exercise this category of algorithm" ); - - ok = ok && exercise_export_key( key, usage ); - ok = ok && exercise_export_public_key( key ); + } else if (PSA_ALG_IS_MAC(alg)) { + ok = exercise_mac_key(key, usage, alg); + } else if (PSA_ALG_IS_CIPHER(alg)) { + ok = exercise_cipher_key(key, usage, alg); + } else if (PSA_ALG_IS_AEAD(alg)) { + ok = exercise_aead_key(key, usage, alg); + } else if (PSA_ALG_IS_SIGN(alg)) { + ok = exercise_signature_key(key, usage, alg); + } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { + ok = exercise_asymmetric_encryption_key(key, usage, alg); + } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) { + ok = exercise_key_derivation_key(key, usage, alg); + } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { + ok = exercise_raw_key_agreement_key(key, usage, alg); + } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { + ok = exercise_key_agreement_key(key, usage, alg); + } else { + TEST_ASSERT(!"No code to exercise this category of algorithm"); + } + + ok = ok && exercise_export_key(key, usage); + ok = ok && exercise_export_public_key(key); exit: - return( ok ); + return ok; } -psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, - psa_algorithm_t alg ) +psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, + psa_algorithm_t alg) { - if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) - { - if( PSA_ALG_IS_SIGN_HASH( alg ) ) - { - if( PSA_ALG_SIGN_GET_HASH( alg ) ) - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); + if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) { + if (PSA_ALG_IS_SIGN_HASH(alg)) { + if (PSA_ALG_SIGN_GET_HASH(alg)) { + return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? + PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; + } + } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) { + return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? + PSA_KEY_USAGE_VERIFY_MESSAGE : + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE; } - else if( PSA_ALG_IS_SIGN_MESSAGE( alg) ) - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_MESSAGE : - PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); - - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); - } - else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || - PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - { - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_ENCRYPT : - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - } - else if( PSA_ALG_IS_KEY_DERIVATION( alg ) || - PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - { - return( PSA_KEY_USAGE_DERIVE ); - } - else - { - return( 0 ); + + return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? + PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; + } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) || + PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { + return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ? + PSA_KEY_USAGE_ENCRYPT : + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; + } else if (PSA_ALG_IS_KEY_DERIVATION(alg) || + PSA_ALG_IS_KEY_AGREEMENT(alg)) { + return PSA_KEY_USAGE_DERIVE; + } else { + return 0; } } diff --git a/src/random.c b/src/random.c index 7f3f40166c..e74e689549 100644 --- a/src/random.c +++ b/src/random.c @@ -37,109 +37,111 @@ #include -int mbedtls_test_rnd_std_rand( void *rng_state, - unsigned char *output, - size_t len ) +int mbedtls_test_rnd_std_rand(void *rng_state, + unsigned char *output, + size_t len) { #if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; - if( rng_state != NULL ) + if (rng_state != NULL) { rng_state = NULL; + } - for( i = 0; i < len; ++i ) + for (i = 0; i < len; ++i) { output[i] = rand(); + } #else - if( rng_state != NULL ) + if (rng_state != NULL) { rng_state = NULL; + } - arc4random_buf( output, len ); + arc4random_buf(output, len); #endif /* !OpenBSD && !NetBSD */ - return( 0 ); + return 0; } -int mbedtls_test_rnd_zero_rand( void *rng_state, - unsigned char *output, - size_t len ) +int mbedtls_test_rnd_zero_rand(void *rng_state, + unsigned char *output, + size_t len) { - if( rng_state != NULL ) + if (rng_state != NULL) { rng_state = NULL; + } - memset( output, 0, len ); + memset(output, 0, len); - return( 0 ); + return 0; } -int mbedtls_test_rnd_buffer_rand( void *rng_state, - unsigned char *output, - size_t len ) +int mbedtls_test_rnd_buffer_rand(void *rng_state, + unsigned char *output, + size_t len) { mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state; size_t use_len; - if( rng_state == NULL ) - return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); + if (rng_state == NULL) { + return mbedtls_test_rnd_std_rand(NULL, output, len); + } use_len = len; - if( len > info->length ) + if (len > info->length) { use_len = info->length; + } - if( use_len ) - { - memcpy( output, info->buf, use_len ); + if (use_len) { + memcpy(output, info->buf, use_len); info->buf += use_len; info->length -= use_len; } - if( len - use_len > 0 ) - { - if( info->fallback_f_rng != NULL ) - { - return( info->fallback_f_rng( info->fallback_p_rng, - output + use_len, - len - use_len ) ); + if (len - use_len > 0) { + if (info->fallback_f_rng != NULL) { + return info->fallback_f_rng(info->fallback_p_rng, + output + use_len, + len - use_len); + } else { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; } - else - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); } - return( 0 ); + return 0; } -int mbedtls_test_rnd_pseudo_rand( void *rng_state, - unsigned char *output, - size_t len ) +int mbedtls_test_rnd_pseudo_rand(void *rng_state, + unsigned char *output, + size_t len) { mbedtls_test_rnd_pseudo_info *info = (mbedtls_test_rnd_pseudo_info *) rng_state; - uint32_t i, *k, sum, delta=0x9E3779B9; + uint32_t i, *k, sum, delta = 0x9E3779B9; unsigned char result[4], *out = output; - if( rng_state == NULL ) - return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); + if (rng_state == NULL) { + return mbedtls_test_rnd_std_rand(NULL, output, len); + } k = info->key; - while( len > 0 ) - { - size_t use_len = ( len > 4 ) ? 4 : len; + while (len > 0) { + size_t use_len = (len > 4) ? 4 : len; sum = 0; - for( i = 0; i < 32; i++ ) - { - info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) - + info->v1 ) ^ ( sum + k[sum & 3] ); + for (i = 0; i < 32; i++) { + info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + + info->v1) ^ (sum + k[sum & 3]); sum += delta; - info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) - + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); + info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + + info->v0) ^ (sum + k[(sum>>11) & 3]); } - PUT_UINT32_BE( info->v0, result, 0 ); - memcpy( out, result, use_len ); + PUT_UINT32_BE(info->v0, result, 0); + memcpy(out, result, use_len); len -= use_len; out += 4; } - return( 0 ); + return 0; } diff --git a/src/threading_helpers.c b/src/threading_helpers.c index ca91b7933a..ae6e59072a 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -70,8 +70,7 @@ * indicate the exact location of the problematic call. To locate the error, * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). */ -enum value_of_mutex_is_valid_field -{ +enum value_of_mutex_is_valid_field { /* Potential values for the is_valid field of mbedtls_threading_mutex_t. * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for * compatibility with threading_mutex_init_pthread() and @@ -82,12 +81,11 @@ enum value_of_mutex_is_valid_field MUTEX_LOCKED = 2, //!< Set by our lock }; -typedef struct -{ - void (*init)( mbedtls_threading_mutex_t * ); - void (*free)( mbedtls_threading_mutex_t * ); - int (*lock)( mbedtls_threading_mutex_t * ); - int (*unlock)( mbedtls_threading_mutex_t * ); +typedef struct { + void (*init)(mbedtls_threading_mutex_t *); + void (*free)(mbedtls_threading_mutex_t *); + int (*lock)(mbedtls_threading_mutex_t *); + int (*unlock)(mbedtls_threading_mutex_t *); } mutex_functions_t; static mutex_functions_t mutex_functions; @@ -98,94 +96,96 @@ static mutex_functions_t mutex_functions; */ static int live_mutexes; -static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex, - const char *msg ) +static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, + const char *msg) { (void) mutex; - if( mbedtls_test_info.mutex_usage_error == NULL ) + if (mbedtls_test_info.mutex_usage_error == NULL) { mbedtls_test_info.mutex_usage_error = msg; - mbedtls_fprintf( stdout, "[mutex: %s] ", msg ); + } + mbedtls_fprintf(stdout, "[mutex: %s] ", msg); /* Don't mark the test as failed yet. This way, if the test fails later * for a functional reason, the test framework will report the message * and location for this functional reason. If the test passes, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } -static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex ) +static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { - mutex_functions.init( mutex ); - if( mutex->is_valid ) + mutex_functions.init(mutex); + if (mutex->is_valid) { ++live_mutexes; + } } -static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex ) +static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - switch( mutex->is_valid ) - { + switch (mutex->is_valid) { case MUTEX_FREED: - mbedtls_test_mutex_usage_error( mutex, "free without init or double free" ); + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); break; case MUTEX_IDLE: /* Do nothing. The underlying free function will reset is_valid * to 0. */ break; case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error( mutex, "free without unlock" ); + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); break; default: - mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); break; } - if( mutex->is_valid ) + if (mutex->is_valid) { --live_mutexes; - mutex_functions.free( mutex ); + } + mutex_functions.free(mutex); } -static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex ) +static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) { - int ret = mutex_functions.lock( mutex ); - switch( mutex->is_valid ) - { + int ret = mutex_functions.lock(mutex); + switch (mutex->is_valid) { case MUTEX_FREED: - mbedtls_test_mutex_usage_error( mutex, "lock without init" ); + mbedtls_test_mutex_usage_error(mutex, "lock without init"); break; case MUTEX_IDLE: - if( ret == 0 ) + if (ret == 0) { mutex->is_valid = 2; + } break; case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error( mutex, "double lock" ); + mbedtls_test_mutex_usage_error(mutex, "double lock"); break; default: - mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); break; } - return( ret ); + return ret; } -static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex ) +static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) { - int ret = mutex_functions.unlock( mutex ); - switch( mutex->is_valid ) - { + int ret = mutex_functions.unlock(mutex); + switch (mutex->is_valid) { case MUTEX_FREED: - mbedtls_test_mutex_usage_error( mutex, "unlock without init" ); + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); break; case MUTEX_IDLE: - mbedtls_test_mutex_usage_error( mutex, "unlock without lock" ); + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); break; case MUTEX_LOCKED: - if( ret == 0 ) + if (ret == 0) { mutex->is_valid = MUTEX_IDLE; + } break; default: - mbedtls_test_mutex_usage_error( mutex, "corrupted state" ); + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); break; } - return( ret ); + return ret; } -void mbedtls_test_mutex_usage_init( void ) +void mbedtls_test_mutex_usage_init(void) { mutex_functions.init = mbedtls_mutex_init; mutex_functions.free = mbedtls_mutex_free; @@ -197,25 +197,24 @@ void mbedtls_test_mutex_usage_init( void ) mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; } -void mbedtls_test_mutex_usage_check( void ) +void mbedtls_test_mutex_usage_check(void) { - if( live_mutexes != 0 ) - { + if (live_mutexes != 0) { /* A positive number (more init than free) means that a mutex resource * is leaking (on platforms where a mutex consumes more than the * mbedtls_threading_mutex_t object itself). The rare case of a * negative number means a missing init somewhere. */ - mbedtls_fprintf( stdout, "[mutex: %d leaked] ", live_mutexes ); + mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); live_mutexes = 0; - if( mbedtls_test_info.mutex_usage_error == NULL ) + if (mbedtls_test_info.mutex_usage_error == NULL) { mbedtls_test_info.mutex_usage_error = "missing free"; + } } - if( mbedtls_test_info.mutex_usage_error != NULL && - mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED ) - { + if (mbedtls_test_info.mutex_usage_error != NULL && + mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { /* Functionally, the test passed. But there was a mutex usage error, * so mark the test as failed after all. */ - mbedtls_test_fail( "Mutex usage error", __LINE__, __FILE__ ); + mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); } mbedtls_test_info.mutex_usage_error = NULL; } From e03a3cf8811a29d038feb45bac1c8c64c10d9e80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Feb 2023 09:15:04 +0100 Subject: [PATCH 293/553] Use ASSERT_COMPARE in test_suite_md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/test/macros.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/macros.h b/include/test/macros.h index 83a48cd1e2..2eba0c1028 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -168,7 +168,7 @@ #define ASSERT_COMPARE(p1, size1, p2, size2) \ do \ { \ - TEST_ASSERT((size1) == (size2)); \ + TEST_EQUAL((size1), (size2)); \ if ((size1) != 0) \ TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ } \ From 444e936a2c08ae19fa7653ac04032ac72c33450e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Feb 2023 14:46:15 +0100 Subject: [PATCH 294/553] test_suite_ssl: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti --- src/certs.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/certs.c b/src/certs.c index 1fcdc42c43..5099577c54 100644 --- a/src/certs.c +++ b/src/certs.c @@ -25,6 +25,8 @@ #include "mbedtls/legacy_or_psa.h" +#include "pk_wrap.c" + /* * Test CA Certificates * @@ -1678,7 +1680,7 @@ const char *mbedtls_test_cas[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) mbedtls_test_ca_crt_rsa_sha256, #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) mbedtls_test_ca_crt_ec, #endif NULL @@ -1690,7 +1692,7 @@ const size_t mbedtls_test_cas_len[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) sizeof(mbedtls_test_ca_crt_rsa_sha256), #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) sizeof(mbedtls_test_ca_crt_ec), #endif 0 @@ -1706,9 +1708,9 @@ const unsigned char *mbedtls_test_cas_der[] = { mbedtls_test_ca_crt_rsa_sha1_der, #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) mbedtls_test_ca_crt_ec_der, -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ NULL }; @@ -1721,9 +1723,9 @@ const size_t mbedtls_test_cas_der_len[] = { sizeof(mbedtls_test_ca_crt_rsa_sha1_der), #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) sizeof(mbedtls_test_ca_crt_ec_der), -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ 0 }; @@ -1738,9 +1740,9 @@ const char mbedtls_test_cas_pem[] = TEST_CA_CRT_RSA_SHA1_PEM #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) TEST_CA_CRT_EC_PEM -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ ""; const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); #endif /* MBEDTLS_PEM_PARSE_C */ From 1e41d4ed00f41891d06ff5e62cd3eeb9f120c3a6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Feb 2023 11:09:40 +0100 Subject: [PATCH 295/553] test: adjust include after PK_CAN_ECDSA_SOME was moved Signed-off-by: Valerio Setti --- src/certs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/certs.c b/src/certs.c index 5099577c54..bd5c49e646 100644 --- a/src/certs.c +++ b/src/certs.c @@ -25,7 +25,7 @@ #include "mbedtls/legacy_or_psa.h" -#include "pk_wrap.c" +#include "mbedtls/pk.h" /* * Test CA Certificates From 74f0d91c9c1ac846765b3ded61e041adaf210de6 Mon Sep 17 00:00:00 2001 From: oberon-sk Date: Mon, 13 Feb 2023 12:13:20 +0100 Subject: [PATCH 296/553] Handle Edwards curves similar to Montgomery curves wrt key export length. Signed-off-by: Stephan Koch --- src/psa_exercise_key.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index ecd1ec4cd0..6c04c3b54d 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -778,6 +778,10 @@ int mbedtls_test_psa_exported_key_sanity_check( /* The representation of an ECC Montgomery public key is * the raw compressed point */ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); + } else if(PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { + /* The representation of an ECC Edwards public key is + * the raw compressed point */ + TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); } else { /* The representation of an ECC Weierstrass public key is: * - The byte 0x04; From 41f1f7a8a8d7fc8b70a672941803ae3a020a7e11 Mon Sep 17 00:00:00 2001 From: oberon-sk Date: Wed, 15 Feb 2023 19:43:30 +0100 Subject: [PATCH 297/553] Add check, if the algorithm supports psa_sign_hash() before running the test. Signed-off-by: Stephan Koch --- src/psa_exercise_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index ecd1ec4cd0..950136da73 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -295,7 +295,8 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH)) { + if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && + PSA_ALG_IS_SIGN_HASH(alg)) { unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; size_t payload_length = 16; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; From f106c8763b537364f2aacc85cc98bcb338b1081f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 13:53:26 +0100 Subject: [PATCH 298/553] Add test driver impl for pake Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 140 +++++++++++ src/drivers/test_driver_pake.c | 428 +++++++++++++++++++++++++++++++++ 2 files changed, 568 insertions(+) create mode 100644 include/test/drivers/pake.h create mode 100644 src/drivers/test_driver_pake.c diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h new file mode 100644 index 0000000000..81e87113b5 --- /dev/null +++ b/include/test/drivers/pake.h @@ -0,0 +1,140 @@ +/* + * Test driver for PAKE driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H +#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H + +#include "mbedtls/build_info.h" + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times PAKE driver functions are called. */ + unsigned long hits; + /* Status returned by the last PAKE driver function call. */ + psa_status_t driver_status; + /* Output returned by pake_output */ + void *forced_output; + size_t forced_output_length; +} mbedtls_test_driver_pake_hooks_t; + +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { 0, 0, 0, NULL, 0 } +static inline mbedtls_test_driver_pake_hooks_t +mbedtls_test_driver_pake_hooks_init(void) +{ + const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT; + return v; +} + +extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; + +psa_status_t mbedtls_test_transparent_pake_setup( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t mbedtls_test_transparent_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_transparent_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size); + +psa_status_t mbedtls_test_transparent_pake_set_user( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +psa_status_t mbedtls_test_transparent_pake_set_peer( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +psa_status_t mbedtls_test_transparent_pake_set_role( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_role_t role); + +psa_status_t mbedtls_test_transparent_pake_output( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t mbedtls_test_transparent_pake_input( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +psa_status_t mbedtls_test_transparent_pake_get_implicit_key( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +psa_status_t mbedtls_test_transparent_pake_abort( + mbedtls_transparent_test_driver_pake_operation_t *operation); + +psa_status_t mbedtls_test_opaque_pake_setup( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t mbedtls_test_opaque_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_opaque_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size); + +psa_status_t mbedtls_test_opaque_pake_set_user( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +psa_status_t mbedtls_test_opaque_pake_set_peer( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +psa_status_t mbedtls_test_opaque_pake_set_role( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_role_t role); + +psa_status_t mbedtls_test_opaque_pake_output( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t mbedtls_test_opaque_pake_input( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +psa_status_t mbedtls_test_opaque_pake_get_implicit_key( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +psa_status_t mbedtls_test_opaque_pake_abort( + mbedtls_opaque_test_driver_pake_operation_t *operation); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */ diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c new file mode 100644 index 0000000000..1ced55936b --- /dev/null +++ b/src/drivers/test_driver_pake.c @@ -0,0 +1,428 @@ +/* + * Test driver for MAC entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa_crypto_pake.h" + +#include "test/drivers/pake.h" +#include "string.h" + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_pake.h" +#endif + +mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = + MBEDTLS_TEST_DRIVER_PAKE_INIT; + + +psa_status_t mbedtls_test_transparent_pake_setup( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_setup( + operation, (const libtestdriver1_psa_pake_cipher_suite_t *) cipher_suite); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_setup( + operation, cipher_suite); +#else + (void) operation; + (void) cipher_suite; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_transparent_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_password_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + operation, key_buffer, key_size); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_password_key( + attributes, operation, key_buffer, key_size); +#else + (void) operation; + (void) key_buffer, + (void) key_size; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_set_user( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_user( + operation, user_id, user_id_len); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_user( + operation, user_id, user_id_len); +#else + (void) operation; + (void) user_id; + (void) user_id_len; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + + +psa_status_t mbedtls_test_transparent_pake_set_peer( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_peer( + operation, peer_id, peer_id_len); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_peer( + operation, peer_id, peer_id_len); +#else + (void) operation; + (void) peer_id; + (void) peer_id_len; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_set_role( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_role_t role) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_role( + operation, role); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_role( + operation, role); +#else + (void) operation; + (void) role; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_output( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(output, + mbedtls_test_driver_pake_hooks.forced_output, + mbedtls_test_driver_pake_hooks.forced_output_length); + *output_length = mbedtls_test_driver_pake_hooks.forced_output_length; + + return mbedtls_test_driver_pake_hooks.forced_status; + } + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_output( + operation, step, output, output_size, output_length); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_output( + operation, step, output, output_size, output_length); +#else + (void) operation; + (void) step; + (void) output; + (void) output_size; + (void) output_length; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_input( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_input( + operation, step, input, input_length); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_input( + operation, step, input, input_length); +#else + (void) operation; + (void) step; + (void) input; + (void) input_length; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_get_implicit_key( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_get_implicit_key( + operation, (libtestdriver1_psa_key_derivation_operation_t *) output); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_get_implicit_key( + operation, output); +#else + (void) operation; + (void) output; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_abort( + mbedtls_transparent_test_driver_pake_operation_t *operation) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_abort( + operation); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_abort( + operation); +#else + (void) operation; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +/* + * opaque versions, to do + */ +psa_status_t mbedtls_test_opaque_pake_setup( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite) +{ + (void) operation; + (void) cipher_suite; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_opaque_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size) +{ + (void) attributes; + (void) operation; + (void) key_buffer; + (void) key_size; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_set_user( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len) +{ + (void) operation; + (void) user_id; + (void) user_id_len; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_set_peer( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len) +{ + (void) operation; + (void) peer_id; + (void) peer_id_len; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_set_role( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_role_t role) +{ + (void) operation; + (void) role; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_output( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) step; + (void) output; + (void) output_size; + (void) output_length; + + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_input( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length) +{ + (void) operation; + (void) step; + (void) input; + (void) input_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_get_implicit_key( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output) +{ + (void) operation; + (void) output; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_abort( + mbedtls_opaque_test_driver_pake_operation_t *operation) +{ + (void) operation; + return PSA_ERROR_NOT_SUPPORTED; +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 992fd09c811fe0efd34978cba69a10949aa8cc11 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:11:31 +0100 Subject: [PATCH 299/553] Add pake.h to test driver header Signed-off-by: Przemek Stekiel --- include/test/drivers/test_driver.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 0a65b40bf8..541ee03d0c 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -38,6 +38,7 @@ #include "test/drivers/signature.h" #include "test/drivers/asymmetric_encryption.h" #include "test/drivers/key_agreement.h" +#include "test/drivers/pake.h" #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVER_H */ From c795372269c55933940b5c6d6afdab65a0f16ea5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:16:36 +0100 Subject: [PATCH 300/553] Add ALG_TLS12_PRF, TLS12_PSK_TO_MS, LG_TLS12_ECJPAKE_TO_PMS support to test driver extensions Signed-off-by: Przemek Stekiel --- .../crypto_config_test_driver_extension.h | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index fbfe8da7ad..393d6326e5 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -206,6 +206,30 @@ #endif #endif +#if defined(PSA_WANT_ALG_TLS12_PRF) +#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) +#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF +#else +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) +#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS +#else +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) +#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS +#else +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS 1 +#endif +#endif + #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 @@ -218,8 +242,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 #define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) From 14610806a9ed7ddbbfdb628f660f0216c2eac04a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 29 Nov 2022 14:53:13 +0100 Subject: [PATCH 301/553] mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 4 ++-- src/drivers/test_driver_pake.c | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 81e87113b5..5ee401b7d8 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -87,7 +87,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output); + uint8_t *output, size_t *output_size); psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation); @@ -131,7 +131,7 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output); + uint8_t *output, size_t *output_size); psa_status_t mbedtls_test_opaque_pake_abort( mbedtls_opaque_test_driver_pake_operation_t *operation); diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 1ced55936b..3495705d65 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -270,7 +270,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output) + uint8_t *output, size_t *output_size) { mbedtls_test_driver_pake_hooks.hits++; @@ -282,11 +282,11 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_get_implicit_key( - operation, (libtestdriver1_psa_key_derivation_operation_t *) output); + operation, output, output_size); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_get_implicit_key( - operation, output); + operation, output, output_size); #else (void) operation; (void) output; @@ -411,10 +411,11 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output) + uint8_t *output, size_t *output_size) { (void) operation; (void) output; + (void) output_size; return PSA_ERROR_NOT_SUPPORTED; } From e1a7de2cff5d61b625263904e71970e09561e2a6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 7 Dec 2022 11:04:51 +0100 Subject: [PATCH 302/553] Divide pake operation into two phases collecting inputs and computation. Functions that only set inputs do not have driver entry points. Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 24 +----- src/drivers/test_driver_pake.c | 137 ++------------------------------- 2 files changed, 8 insertions(+), 153 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 5ee401b7d8..b1d3d44745 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -50,27 +50,7 @@ extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); - -psa_status_t mbedtls_test_transparent_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t mbedtls_test_transparent_pake_set_user( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t mbedtls_test_transparent_pake_set_peer( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t mbedtls_test_transparent_pake_set_role( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_role_t role); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, @@ -94,7 +74,7 @@ psa_status_t mbedtls_test_transparent_pake_abort( psa_status_t mbedtls_test_opaque_pake_setup( mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t mbedtls_test_opaque_set_password_key( const psa_key_attributes_t *attributes, diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 3495705d65..06168a1426 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -35,7 +35,7 @@ mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { mbedtls_test_driver_pake_hooks.hits++; @@ -47,139 +47,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_setup( - operation, (const libtestdriver1_psa_pake_cipher_suite_t *) cipher_suite); + operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_setup( - operation, cipher_suite); + operation, inputs); #else (void) operation; - (void) cipher_suite; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_password_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - operation, key_buffer, key_size); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_password_key( - attributes, operation, key_buffer, key_size); -#else - (void) operation; - (void) key_buffer, - (void) key_size; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_set_user( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_user( - operation, user_id, user_id_len); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_user( - operation, user_id, user_id_len); -#else - (void) operation; - (void) user_id; - (void) user_id_len; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - - -psa_status_t mbedtls_test_transparent_pake_set_peer( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_peer( - operation, peer_id, peer_id_len); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_peer( - operation, peer_id, peer_id_len); -#else - (void) operation; - (void) peer_id; - (void) peer_id_len; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_set_role( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_role_t role) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_role( - operation, role); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_role( - operation, role); -#else - (void) operation; - (void) role; + (void) inputs; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } @@ -329,10 +204,10 @@ psa_status_t mbedtls_test_transparent_pake_abort( */ psa_status_t mbedtls_test_opaque_pake_setup( mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { (void) operation; - (void) cipher_suite; + (void) inputs; return PSA_ERROR_NOT_SUPPORTED; } From c46d136219cbeecedb98f28e87e997cf31869ce8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 14 Dec 2022 08:22:25 +0100 Subject: [PATCH 303/553] Add forced status for pake setup Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 5 ++++- src/drivers/test_driver_pake.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index b1d3d44745..041229601e 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -29,6 +29,9 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; + /* PAKE driver setup is executed on the first call to + pake_output/pake_input (added to distinguish forced statuses). */ + psa_status_t forced_setup_status; /* Count the amount of times PAKE driver functions are called. */ unsigned long hits; /* Status returned by the last PAKE driver function call. */ @@ -38,7 +41,7 @@ typedef struct { size_t forced_output_length; } mbedtls_test_driver_pake_hooks_t; -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { 0, 0, 0, NULL, 0 } +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, 0, PSA_SUCCESS, NULL, 0 } static inline mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks_init(void) { diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 06168a1426..437c4995fc 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -39,9 +39,9 @@ psa_status_t mbedtls_test_transparent_pake_setup( { mbedtls_test_driver_pake_hooks.hits++; - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; + mbedtls_test_driver_pake_hooks.forced_setup_status; } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) From 9b9efe22e7caa484e4511a72f7a200d26a7a6838 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 21 Dec 2022 12:54:46 +0100 Subject: [PATCH 304/553] Move JPAKE state machine logic from driver to core - Add `alg` and `computation_stage` to `psa_pake_operation_s`. Now when logic is moved to core information about `alg` is required. `computation_stage` is a structure that provides a union of computation stages for pake algorithms. - Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms. - Removed test that seems to be redundant as we can't be sure that operation is aborted after failure. Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 4 ++++ src/drivers/test_driver_pake.c | 25 +++++++++++++++++++++---- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 041229601e..1f530081a5 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -58,6 +58,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length); @@ -65,6 +66,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length); @@ -102,6 +104,7 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length); @@ -109,6 +112,7 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length); diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 437c4995fc..21719e6d74 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -65,6 +65,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length) @@ -92,14 +93,20 @@ psa_status_t mbedtls_test_transparent_pake_output( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); + operation, + step, + (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, + output, + output_size, + output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); + operation, step, computation_stage, output, output_size, output_length); #else (void) operation; (void) step; + (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -113,6 +120,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length) { @@ -126,14 +134,19 @@ psa_status_t mbedtls_test_transparent_pake_input( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_input( - operation, step, input, input_length); + operation, + step, + (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, + input, + input_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_input( - operation, step, input, input_length); + operation, step, computation_stage, input, input_length); #else (void) operation; (void) step; + (void) computation_stage; (void) input; (void) input_length; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; @@ -258,12 +271,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length) { (void) operation; (void) step; + (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -274,11 +289,13 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length) { (void) operation; (void) step; + (void) computation_stage; (void) input; (void) input_length; return PSA_ERROR_NOT_SUPPORTED; From dec3d0fd4c6171cb2af192d843fe3c71d4ab27fe Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 12:05:38 +0100 Subject: [PATCH 305/553] Combine core pake computation stage(step,sequence,state) into single driver step Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 12 ++++-------- src/drivers/test_driver_pake.c | 33 ++++++++------------------------- 2 files changed, 12 insertions(+), 33 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 1f530081a5..23cb98aa43 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -57,16 +57,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length); @@ -103,16 +101,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length); diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 21719e6d74..e0be17dd05 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -64,8 +64,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -93,20 +92,14 @@ psa_status_t mbedtls_test_transparent_pake_output( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_output( - operation, - step, - (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, - output, - output_size, - output_length); + operation, step, output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_output( - operation, step, computation_stage, output, output_size, output_length); + operation, step, output, output_size, output_length); #else (void) operation; (void) step; - (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -119,8 +112,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length) { @@ -134,19 +126,14 @@ psa_status_t mbedtls_test_transparent_pake_input( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_input( - operation, - step, - (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, - input, - input_length); + operation, step, input, input_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_input( - operation, step, computation_stage, input, input_length); + operation, step, input, input_length); #else (void) operation; (void) step; - (void) computation_stage; (void) input; (void) input_length; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; @@ -270,15 +257,13 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length) { (void) operation; (void) step; - (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -288,14 +273,12 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length) { (void) operation; (void) step; - (void) computation_stage; (void) input; (void) input_length; return PSA_ERROR_NOT_SUPPORTED; From 6819b9e3781c5afc8f50c2143c2d4b7032ae9d55 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 31 Jan 2023 20:03:57 +0100 Subject: [PATCH 306/553] mbedtls_test_transparent_pake_abort: call driver/build-in impl even when status is forced This is done to solve the problem with memory leak when pake abort status is forced. In this case the driver/build-in abort function was not executed. After failure core clears the operation object and no successive abort call is possible. Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_pake.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index e0be17dd05..9d51ea10b7 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -177,25 +177,28 @@ psa_status_t mbedtls_test_transparent_pake_abort( { mbedtls_test_driver_pake_hooks.hits++; - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_abort( - operation); + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_abort( + operation); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_abort( - operation); + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_abort( + operation); #else - (void) operation; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; + (void) operation; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif + + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS && + mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; } + return mbedtls_test_driver_pake_hooks.driver_status; } From 03ca7d985abe1f34a4816573dfc752064f659db2 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 17 Feb 2023 14:30:50 +0100 Subject: [PATCH 307/553] Adapt names to more suitable and fix conditional compilation flags Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 8 ++++---- src/drivers/test_driver_pake.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 23cb98aa43..d082d6e5ed 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -57,14 +57,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); @@ -101,14 +101,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 9d51ea10b7..615f7ef8a1 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -64,7 +64,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -112,7 +112,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -260,7 +260,7 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -276,7 +276,7 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { From e7df65df60906f5624a929d484744a447b314e86 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 19 Feb 2023 22:55:33 +0100 Subject: [PATCH 308/553] Documentation fixes and code adaptation Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 4 ++-- src/drivers/test_driver_pake.c | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index d082d6e5ed..4a2b7c4614 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -70,7 +70,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation); @@ -114,7 +114,7 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_abort( mbedtls_opaque_test_driver_pake_operation_t *operation); diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 615f7ef8a1..3eaf38a654 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -145,7 +145,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size) + uint8_t *output, size_t output_size, size_t *output_length) { mbedtls_test_driver_pake_hooks.hits++; @@ -157,11 +157,11 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_get_implicit_key( - operation, output, output_size); + operation, output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_get_implicit_key( - operation, output, output_size); + operation, output, output_size, output_length); #else (void) operation; (void) output; @@ -289,11 +289,12 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size) + uint8_t *output, size_t output_size, size_t *output_length) { (void) operation; (void) output; (void) output_size; + (void) output_length; return PSA_ERROR_NOT_SUPPORTED; } From 7214cb39a43e474489993faaaaa18353bc6de9cc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 21 Feb 2023 12:20:46 +0100 Subject: [PATCH 309/553] Remove support for pake opaque driver Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 44 -------------- src/drivers/test_driver_pake.c | 105 +-------------------------------- 2 files changed, 2 insertions(+), 147 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 4a2b7c4614..80307248fb 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -75,49 +75,5 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation); -psa_status_t mbedtls_test_opaque_pake_setup( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs); - -psa_status_t mbedtls_test_opaque_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t mbedtls_test_opaque_pake_set_user( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t mbedtls_test_opaque_pake_set_peer( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t mbedtls_test_opaque_pake_set_role( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_role_t role); - -psa_status_t mbedtls_test_opaque_pake_output( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length); - -psa_status_t mbedtls_test_opaque_pake_input( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_opaque_pake_get_implicit_key( - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_pake_abort( - mbedtls_opaque_test_driver_pake_operation_t *operation); - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */ diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 3eaf38a654..03f387fa18 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -165,6 +165,8 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( #else (void) operation; (void) output; + (void) output_size; + (void) output_length; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } @@ -202,107 +204,4 @@ psa_status_t mbedtls_test_transparent_pake_abort( return mbedtls_test_driver_pake_hooks.driver_status; } -/* - * opaque versions, to do - */ -psa_status_t mbedtls_test_opaque_pake_setup( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs) -{ - (void) operation; - (void) inputs; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size) -{ - (void) attributes; - (void) operation; - (void) key_buffer; - (void) key_size; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_set_user( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - (void) operation; - (void) user_id; - (void) user_id_len; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_set_peer( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - (void) operation; - (void) peer_id; - (void) peer_id_len; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_set_role( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_role_t role) -{ - (void) operation; - (void) role; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_output( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - (void) operation; - (void) step; - (void) output; - (void) output_size; - (void) output_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_input( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length) -{ - (void) operation; - (void) step; - (void) input; - (void) input_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_get_implicit_key( - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) operation; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_abort( - mbedtls_opaque_test_driver_pake_operation_t *operation) -{ - (void) operation; - return PSA_ERROR_NOT_SUPPORTED; -} - #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 5d6e126d847cf3de4c197024daf5d443c2936cbc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 22 Feb 2023 11:02:40 +0100 Subject: [PATCH 310/553] Optimize pake tests Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 11 +++++++++-- src/drivers/test_driver_pake.c | 15 ++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 80307248fb..99ca8f275a 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -33,7 +33,14 @@ typedef struct { pake_output/pake_input (added to distinguish forced statuses). */ psa_status_t forced_setup_status; /* Count the amount of times PAKE driver functions are called. */ - unsigned long hits; + struct { + unsigned long total; + unsigned long setup; + unsigned long input; + unsigned long output; + unsigned long implicit_key; + unsigned long abort; + } hits; /* Status returned by the last PAKE driver function call. */ psa_status_t driver_status; /* Output returned by pake_output */ @@ -41,7 +48,7 @@ typedef struct { size_t forced_output_length; } mbedtls_test_driver_pake_hooks_t; -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, 0, PSA_SUCCESS, NULL, 0 } +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, {0, 0, 0, 0, 0, 0}, PSA_SUCCESS, NULL, 0 } static inline mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks_init(void) { diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 03f387fa18..7eafe14d85 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -37,7 +37,8 @@ psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.setup++; if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = @@ -69,7 +70,8 @@ psa_status_t mbedtls_test_transparent_pake_output( size_t output_size, size_t *output_length) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.output++; if (mbedtls_test_driver_pake_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) { @@ -116,7 +118,8 @@ psa_status_t mbedtls_test_transparent_pake_input( const uint8_t *input, size_t input_length) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.input++; if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = @@ -147,7 +150,8 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.implicit_key++; if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = @@ -177,7 +181,8 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.abort++; #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) From dca8dca6ea02a966174ce00158dc18c40f16ec5a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Feb 2023 22:09:51 +0100 Subject: [PATCH 311/553] Test the PSA alternative header configuration macros Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes after the standard directory in the include file search path. Signed-off-by: Gilles Peskine --- include/alt-extra/psa/crypto.h | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 include/alt-extra/psa/crypto.h diff --git a/include/alt-extra/psa/crypto.h b/include/alt-extra/psa/crypto.h new file mode 100644 index 0000000000..005f3aeea0 --- /dev/null +++ b/include/alt-extra/psa/crypto.h @@ -0,0 +1,7 @@ +/* The goal of the include/alt-extra directory is to test what happens + * if certain files come _after_ the normal include directory. + * Make sure that if the alt-extra directory comes before the normal + * directory (so we wouldn't be achieving our test objective), the build + * will fail. + */ +#error "The normal include directory must come first in the include path" From 48c037956a21ba27a52094db5b0bfc8900e153a0 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 23 Feb 2023 17:28:23 +0100 Subject: [PATCH 312/553] Fix code style Signed-off-by: Przemek Stekiel --- include/test/drivers/pake.h | 3 ++- src/drivers/test_driver_pake.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 99ca8f275a..331ee49da7 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -48,7 +48,8 @@ typedef struct { size_t forced_output_length; } mbedtls_test_driver_pake_hooks_t; -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, {0, 0, 0, 0, 0, 0}, PSA_SUCCESS, NULL, 0 } +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \ + NULL, 0 } static inline mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks_init(void) { diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 7eafe14d85..9c72483084 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -185,7 +185,7 @@ psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_test_driver_pake_hooks.hits.abort++; #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_abort( operation); From 322a4d8a4f40a6a762e6907cf1731b0cb9c9a957 Mon Sep 17 00:00:00 2001 From: Stephan Koch Date: Fri, 3 Mar 2023 17:48:40 +0100 Subject: [PATCH 313/553] Fix codestyle with uncrustify. Signed-off-by: Stephan Koch --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 6c04c3b54d..5f9f767e77 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -778,10 +778,10 @@ int mbedtls_test_psa_exported_key_sanity_check( /* The representation of an ECC Montgomery public key is * the raw compressed point */ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); - } else if(PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { + } else if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { /* The representation of an ECC Edwards public key is * the raw compressed point */ - TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); + TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); } else { /* The representation of an ECC Weierstrass public key is: * - The byte 0x04; From b14a363abe034d6aa1bc177261711f81468a5157 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 27 Feb 2023 13:00:57 +0100 Subject: [PATCH 314/553] Fix configuration for accelerated jpake Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 393d6326e5..26c432cdea 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -158,6 +158,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_JPAKE) +#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) +#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE +#else +#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES From 36947f4bb9355bc3f469a815a9da11a055748f76 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 10 Mar 2023 17:44:08 +0000 Subject: [PATCH 315/553] Remove duplicate test macros Signed-off-by: Dave Rodgman --- include/test/macros.h | 23 ----------------------- src/random.c | 3 ++- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 2eba0c1028..ab8260b759 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -253,27 +253,4 @@ */ #define MAX(x, y) ((x) > (y) ? (x) : (y)) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n, b, i) \ - { \ - (n) = ((uint32_t) (b)[(i)] << 24) \ - | ((uint32_t) (b)[(i) + 1] << 16) \ - | ((uint32_t) (b)[(i) + 2] << 8) \ - | ((uint32_t) (b)[(i) + 3]); \ - } -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n, b, i) \ - { \ - (b)[(i)] = (unsigned char) ((n) >> 24); \ - (b)[(i) + 1] = (unsigned char) ((n) >> 16); \ - (b)[(i) + 2] = (unsigned char) ((n) >> 8); \ - (b)[(i) + 3] = (unsigned char) ((n)); \ - } -#endif - #endif /* TEST_MACROS_H */ diff --git a/src/random.c b/src/random.c index e74e689549..5ca333a675 100644 --- a/src/random.c +++ b/src/random.c @@ -36,6 +36,7 @@ #include #include +#include "../../library/alignment.h" int mbedtls_test_rnd_std_rand(void *rng_state, unsigned char *output, @@ -137,7 +138,7 @@ int mbedtls_test_rnd_pseudo_rand(void *rng_state, + info->v0) ^ (sum + k[(sum>>11) & 3]); } - PUT_UINT32_BE(info->v0, result, 0); + MBEDTLS_PUT_UINT32_BE(info->v0, result, 0); memcpy(out, result, use_len); len -= use_len; out += 4; From b8f2a893f65ff35a05459b8e3c723abbb9429fc0 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 24 Oct 2022 14:42:01 +0800 Subject: [PATCH 316/553] Create ssl_helpers.c to hold functions of TLS connection test_suite_ssl.function contains many functions that are used to set up a TLS connection. To reduce its file size, those functions would be moved to ssl_helpers.c under tests/src. As the start of this implementation, some necessary header files are moved in advance. Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 28 ++++++++++++++++++++++++++++ src/ssl_helpers.c | 23 +++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 include/test/ssl_helpers.h create mode 100644 src/ssl_helpers.c diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h new file mode 100644 index 0000000000..0209f47755 --- /dev/null +++ b/include/test/ssl_helpers.h @@ -0,0 +1,28 @@ +/** \file ssl_helpers.h + * + * \brief This file contains helper functions to set up a TLS connection. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SSL_HELPERS_H +#define SSL_HELPERS_H + +#include + +#endif /* SSL_HELPERS_H */ diff --git a/src/ssl_helpers.c b/src/ssl_helpers.c new file mode 100644 index 0000000000..618b3ec174 --- /dev/null +++ b/src/ssl_helpers.c @@ -0,0 +1,23 @@ +/** \file ssl_helpers.c + * + * \brief Helper functions to set up a TLS connection. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include From f33a78404fc1157685025895e0119efd2c759010 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 26 Oct 2022 09:57:53 +0800 Subject: [PATCH 317/553] Move the renamed typedef statements to ssl_helpers.h With this change, the renamed typedef statements (commit de3caee) are moved from test_suite_ssl.function into ssl_helpers.h Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 117 +++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 0209f47755..a292def7b2 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -24,5 +24,122 @@ #define SSL_HELPERS_H #include +#include + +#if defined(MBEDTLS_SSL_CACHE_C) +#include "mbedtls/ssl_cache.h" +#endif + +typedef struct mbedtls_test_ssl_log_pattern { + const char *pattern; + size_t counter; +} mbedtls_test_ssl_log_pattern; + +typedef struct mbedtls_test_handshake_test_options { + const char *cipher; + mbedtls_ssl_protocol_version client_min_version; + mbedtls_ssl_protocol_version client_max_version; + mbedtls_ssl_protocol_version server_min_version; + mbedtls_ssl_protocol_version server_max_version; + mbedtls_ssl_protocol_version expected_negotiated_version; + int expected_handshake_result; + int expected_ciphersuite; + int pk_alg; + int opaque_alg; + int opaque_alg2; + int opaque_usage; + data_t *psk_str; + int dtls; + int srv_auth_mode; + int serialize; + int mfl; + int cli_msg_len; + int srv_msg_len; + int expected_cli_fragments; + int expected_srv_fragments; + int renegotiate; + int legacy_renegotiation; + void *srv_log_obj; + void *cli_log_obj; + void (*srv_log_fun)(void *, int, const char *, int, const char *); + void (*cli_log_fun)(void *, int, const char *, int, const char *); + int resize_buffers; +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_context *cache; +#endif +} mbedtls_test_handshake_test_options; + +typedef struct mbedtls_test_ssl_buffer { + size_t start; + size_t content_length; + size_t capacity; + unsigned char *buffer; +} mbedtls_test_ssl_buffer; + +/* + * Context for a message metadata queue (fifo) that is on top of the ring buffer. + */ +typedef struct mbedtls_test_ssl_message_queue { + size_t *messages; + int pos; + int num; + int capacity; +} mbedtls_test_ssl_message_queue; + +/* + * Context for the I/O callbacks simulating network connection. + */ + +#define MBEDTLS_MOCK_SOCKET_CONNECTED 1 + +typedef struct mbedtls_test_mock_socket { + int status; + mbedtls_test_ssl_buffer *input; + mbedtls_test_ssl_buffer *output; + struct mbedtls_test_mock_socket *peer; +} mbedtls_test_mock_socket; + +/* Errors used in the message socket mocks */ + +#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55 +#define MBEDTLS_TEST_ERROR_SEND_FAILED -66 +#define MBEDTLS_TEST_ERROR_RECV_FAILED -77 + +/* + * Structure used as an addon, or a wrapper, around the mocked sockets. + * Contains an input queue, to which the other socket pushes metadata, + * and an output queue, to which this one pushes metadata. This context is + * considered as an owner of the input queue only, which is initialized and + * freed in the respective setup and free calls. + */ +typedef struct mbedtls_test_message_socket_context { + mbedtls_test_ssl_message_queue *queue_input; + mbedtls_test_ssl_message_queue *queue_output; + mbedtls_test_mock_socket *socket; +} mbedtls_test_message_socket_context; + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +/* + * Structure with endpoint's certificates for SSL communication tests. + */ +typedef struct mbedtls_test_ssl_endpoint_certificate { + mbedtls_x509_crt *ca_cert; + mbedtls_x509_crt *cert; + mbedtls_pk_context *pkey; +} mbedtls_test_ssl_endpoint_certificate; + +/* + * Endpoint structure for SSL communication tests. + */ +typedef struct mbedtls_test_ssl_endpoint { + const char *name; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_test_mock_socket socket; + mbedtls_test_ssl_endpoint_certificate cert; +} mbedtls_test_ssl_endpoint; + +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* SSL_HELPERS_H */ From 880c0b8c60d0165052dc30e2082e5283e826af68 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 27 Oct 2022 12:11:18 +0800 Subject: [PATCH 318/553] Move TLS connection related functions to ssl_helpers.c Some functions are renamed in commit d51d285. This change moves all those functions which are used to set up a TLS connection from test_suite_ssl.function into ssl_helpers.c. Signed-off-by: Yanray Wang --- src/ssl_helpers.c | 2425 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2425 insertions(+) diff --git a/src/ssl_helpers.c b/src/ssl_helpers.c index 618b3ec174..150f6e84de 100644 --- a/src/ssl_helpers.c +++ b/src/ssl_helpers.c @@ -21,3 +21,2428 @@ */ #include + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static int rng_seed = 0xBEEF; +static int rng_get(void *p_rng, unsigned char *output, size_t output_len) +{ + (void) p_rng; + for (size_t i = 0; i < output_len; i++) { + output[i] = rand(); + } + + return 0; +} +#endif + +/* + * This function can be passed to mbedtls to receive output logs from it. In + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. + */ +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str) +{ + mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; + + (void) level; + (void) line; + (void) file; + + if (NULL != p && + NULL != p->pattern && + NULL != strstr(str, p->pattern)) { + p->counter++; + } +} + +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts) +{ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + srand(rng_seed); + rng_seed += 0xD0; +#endif + opts->cipher = ""; + opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; + opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; + opts->expected_handshake_result = 0; + opts->expected_ciphersuite = 0; + opts->pk_alg = MBEDTLS_PK_RSA; + opts->opaque_alg = 0; + opts->opaque_alg2 = 0; + opts->opaque_usage = 0; + opts->psk_str = NULL; + opts->dtls = 0; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->serialize = 0; + opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; + opts->cli_msg_len = 100; + opts->srv_msg_len = 100; + opts->expected_cli_fragments = 1; + opts->expected_srv_fragments = 1; + opts->renegotiate = 0; + opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; + opts->srv_log_obj = NULL; + opts->srv_log_obj = NULL; + opts->srv_log_fun = NULL; + opts->cli_log_fun = NULL; + opts->resize_buffers = 1; +#if defined(MBEDTLS_SSL_CACHE_C) + opts->cache = NULL; + ASSERT_ALLOC(opts->cache, 1); + mbedtls_ssl_cache_init(opts->cache); +exit: + return; +#endif +} + +void mbedtls_test_free_handshake_options( + mbedtls_test_handshake_test_options *opts) +{ +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_free(opts->cache); + mbedtls_free(opts->cache); +#else + (void) opts; +#endif +} + +#if defined(MBEDTLS_TEST_HOOKS) +static void set_chk_buf_ptr_args( + mbedtls_ssl_chk_buf_ptr_args *args, + unsigned char *cur, unsigned char *end, size_t need) +{ + args->cur = cur; + args->end = end; + args->need = need; +} + +static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) +{ + memset(args, 0, sizeof(*args)); +} +#endif /* MBEDTLS_TEST_HOOKS */ + +/* + * Buffer structure for custom I/O callbacks. + */ + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_free()` on \p buf. + */ +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) +{ + memset(buf, 0, sizeof(*buf)); +} + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. + */ +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity) +{ + buf->buffer = (unsigned char *) mbedtls_calloc(capacity, + sizeof(unsigned char)); + if (NULL == buf->buffer) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + buf->capacity = capacity; + + return 0; +} + +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) +{ + if (buf->buffer != NULL) { + mbedtls_free(buf->buffer); + } + + memset(buf, 0, sizeof(*buf)); +} + +/* + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len) +{ + size_t overflow = 0; + + if ((buf == NULL) || (buf->buffer == NULL)) { + return -1; + } + + /* Reduce input_len to a number that fits in the buffer. */ + if ((buf->content_length + input_len) > buf->capacity) { + input_len = buf->capacity - buf->content_length; + } + + if (input == NULL) { + return (input_len == 0) ? 0 : -1; + } + + /* Check if the buffer has not come full circle and free space is not in + * the middle */ + if (buf->start + buf->content_length < buf->capacity) { + + /* Calculate the number of bytes that need to be placed at lower memory + * address */ + if (buf->start + buf->content_length + input_len + > buf->capacity) { + overflow = (buf->start + buf->content_length + input_len) + % buf->capacity; + } + + memcpy(buf->buffer + buf->start + buf->content_length, input, + input_len - overflow); + memcpy(buf->buffer, input + input_len - overflow, overflow); + + } else { + /* The buffer has come full circle and free space is in the middle */ + memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity, + input, input_len); + } + + buf->content_length += input_len; + return input_len; +} + +/* + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL or it hasn't been set up. + */ +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len) +{ + size_t overflow = 0; + + if ((buf == NULL) || (buf->buffer == NULL)) { + return -1; + } + + if (output == NULL && output_len == 0) { + return 0; + } + + if (buf->content_length < output_len) { + output_len = buf->content_length; + } + + /* Calculate the number of bytes that need to be drawn from lower memory + * address */ + if (buf->start + output_len > buf->capacity) { + overflow = (buf->start + output_len) % buf->capacity; + } + + if (output != NULL) { + memcpy(output, buf->buffer + buf->start, output_len - overflow); + memcpy(output + output_len - overflow, buf->buffer, overflow); + } + + buf->content_length -= output_len; + buf->start = (buf->start + output_len) % buf->capacity; + + return output_len; +} + +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, + size_t capacity) +{ + queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); + if (NULL == queue->messages) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + queue->capacity = capacity; + queue->pos = 0; + queue->num = 0; + + return 0; +} + +void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) +{ + if (queue == NULL) { + return; + } + + if (queue->messages != NULL) { + mbedtls_free(queue->messages); + } + + memset(queue, 0, sizeof(*queue)); +} + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len) +{ + int place; + if (queue == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + + if (queue->num >= queue->capacity) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + place = (queue->pos + queue->num) % queue->capacity; + queue->messages[place] = len; + queue->num++; + return len; +} + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len) +{ + size_t message_length; + if (queue == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + if (queue->num == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + message_length = queue->messages[queue->pos]; + queue->messages[queue->pos] = 0; + queue->num--; + queue->pos++; + queue->pos %= queue->capacity; + if (queue->pos < 0) { + queue->pos += queue->capacity; + } + + return (message_length > buf_len) ? buf_len : message_length; +} + +/* + * Take a peek on the info about the next message length from the queue. + * This will be the oldest inserted message length(fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval 0, if the peek was successful. + * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is + * too small to fit the message. In this case the \p msg_len will be + * set to the full message length so that the + * caller knows what portion of the message can be dropped. + */ +int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, + size_t buf_len, size_t *msg_len) +{ + if (queue == NULL || msg_len == NULL) { + return MBEDTLS_TEST_ERROR_ARG_NULL; + } + if (queue->num == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + *msg_len = queue->messages[queue->pos]; + return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; +} + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) +{ + memset(socket, 0, sizeof(*socket)); +} + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) +{ + if (socket == NULL) { + return; + } + + if (socket->input != NULL) { + mbedtls_test_ssl_buffer_free(socket->input); + mbedtls_free(socket->input); + } + + if (socket->output != NULL) { + mbedtls_test_ssl_buffer_free(socket->output); + mbedtls_free(socket->output); + } + + if (socket->peer != NULL) { + memset(socket->peer, 0, sizeof(*socket->peer)); + } + + memset(socket, 0, sizeof(*socket)); +} + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacities of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize) +{ + int ret = -1; + + peer1->output = + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); + if (peer1->output == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_ssl_buffer_init(peer1->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) { + goto exit; + } + + peer2->output = + (mbedtls_test_ssl_buffer *) mbedtls_calloc( + 1, sizeof(mbedtls_test_ssl_buffer)); + if (peer2->output == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + mbedtls_test_ssl_buffer_init(peer2->output); + if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) { + goto exit; + } + + peer1->peer = peer2; + peer2->peer = peer1; + peer1->input = peer2->output; + peer2->input = peer1->output; + + peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED; + ret = 0; + +exit: + + if (ret != 0) { + mbedtls_test_mock_socket_close(peer1); + mbedtls_test_mock_socket_close(peer2); + } + + return ret; +} + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, + size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); +} + +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); +} + +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, + size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + if (socket->output->capacity == socket->output->content_length) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + return mbedtls_test_ssl_buffer_put(socket->output, buf, len); +} + +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) +{ + mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; + + if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) { + return -1; + } + + if (socket->input->content_length == 0) { + return MBEDTLS_ERR_SSL_WANT_READ; + } + + return mbedtls_test_ssl_buffer_get(socket->input, buf, len); +} + +void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) +{ + ctx->queue_input = NULL; + ctx->queue_output = NULL; + ctx->socket = NULL; +} + +/* + * Setup a given message socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx) +{ + int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity); + if (ret != 0) { + return ret; + } + ctx->queue_input = queue_input; + ctx->queue_output = queue_output; + ctx->socket = socket; + mbedtls_mock_socket_init(socket); + + return 0; +} + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) +{ + if (ctx == NULL) { + return; + } + + mbedtls_test_ssl_message_queue_free(ctx->queue_input); + mbedtls_test_mock_socket_close(ctx->socket); + memset(ctx, 0, sizeof(*ctx)); +} + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_ssl_message_queue_push_info. + */ +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, + size_t len) +{ + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; + + if (context == NULL || context->socket == NULL + || context->queue_output == NULL) { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_output; + socket = context->socket; + + if (queue->num >= queue->capacity) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } + + if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) { + return MBEDTLS_TEST_ERROR_SEND_FAILED; + } + + return mbedtls_test_ssl_message_queue_push_info(queue, len); +} + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. + */ +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, + size_t buf_len) +{ + mbedtls_test_ssl_message_queue *queue; + mbedtls_test_mock_socket *socket; + mbedtls_test_message_socket_context *context = + (mbedtls_test_message_socket_context *) ctx; + size_t drop_len = 0; + size_t msg_len; + int ret; + + if (context == NULL || context->socket == NULL + || context->queue_input == NULL) { + return MBEDTLS_TEST_ERROR_CONTEXT_ERROR; + } + + queue = context->queue_input; + socket = context->socket; + + /* Peek first, so that in case of a socket error the data remains in + * the queue. */ + ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); + if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { + /* Calculate how much to drop */ + drop_len = msg_len - buf_len; + + /* Set the requested message len to be buffer length */ + msg_len = buf_len; + } else if (ret != 0) { + return ret; + } + + if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) { + return MBEDTLS_TEST_ERROR_RECV_FAILED; + } + + if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { + /* Drop the remaining part of the message */ + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) + != (int) drop_len) { + /* Inconsistent state - part of the message was read, + * and a part couldn't. Not much we can do here, but it should not + * happen in test environment, unless forced manually. */ + } + } + mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); + + return msg_len; +} + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +/* + * Deinitializes certificates from endpoint represented by \p ep. + */ +void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) +{ + mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); + if (cert != NULL) { + if (cert->ca_cert != NULL) { + mbedtls_x509_crt_free(cert->ca_cert); + mbedtls_free(cert->ca_cert); + cert->ca_cert = NULL; + } + if (cert->cert != NULL) { + mbedtls_x509_crt_free(cert->cert); + mbedtls_free(cert->cert); + cert->cert = NULL; + } + if (cert->pkey != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { + mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; + psa_destroy_key(*key_slot); + } +#endif + mbedtls_pk_free(cert->pkey); + mbedtls_free(cert->pkey); + cert->pkey = NULL; + } + } +} + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg, + int opaque_alg, int opaque_alg2, + int opaque_usage) +{ + int i = 0; + int ret = -1; + mbedtls_test_ssl_endpoint_certificate *cert = NULL; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; +#endif + + if (ep == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + cert = &(ep->cert); + ASSERT_ALLOC(cert->ca_cert, 1); + ASSERT_ALLOC(cert->cert, 1); + ASSERT_ALLOC(cert->pkey, 1); + + mbedtls_x509_crt_init(cert->ca_cert); + mbedtls_x509_crt_init(cert->cert); + mbedtls_pk_init(cert->pkey); + + /* Load the trusted CA */ + + for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { + ret = mbedtls_x509_crt_parse_der( + cert->ca_cert, + (const unsigned char *) mbedtls_test_cas_der[i], + mbedtls_test_cas_der_len[i]); + TEST_ASSERT(ret == 0); + } + + /* Load own certificate and private key */ + + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + if (pk_alg == MBEDTLS_PK_RSA) { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } else { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } + } else { + if (pk_alg == MBEDTLS_PK_RSA) { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } else { + ret = mbedtls_x509_crt_parse( + cert->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); + TEST_ASSERT(ret == 0); + + ret = mbedtls_pk_parse_key( + cert->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL); + TEST_ASSERT(ret == 0); + } + } + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (opaque_alg != 0) { + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot, + opaque_alg, opaque_usage, + opaque_alg2), 0); + } +#else + (void) opaque_alg; + (void) opaque_alg2; + (void) opaque_usage; +#endif + + mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, + cert->pkey); + TEST_ASSERT(ret == 0); + TEST_ASSERT(ep->conf.key_cert != NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); + TEST_ASSERT(ret == 0); + TEST_ASSERT(ep->conf.key_cert == NULL); + + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, + cert->pkey); + TEST_ASSERT(ret == 0); + +exit: + if (ret != 0) { + mbedtls_endpoint_certificate_free(ep); + } + + return ret; +} + +/* + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and + * MBEDTLS_PK_ECDSA are supported. + * \p dtls_context - in case of DTLS - this is the context handling metadata. + * \p input_queue - used only in case of DTLS. + * \p output_queue - used only in case of DTLS. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + uint16_t *group_list) +{ + int ret = -1; + uintptr_t user_data_n; + + if (dtls_context != NULL && + (input_queue == NULL || output_queue == NULL)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + + } + + if (ep == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + memset(ep, 0, sizeof(*ep)); + + ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client"; + + mbedtls_ssl_init(&(ep->ssl)); + mbedtls_ssl_config_init(&(ep->conf)); + mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL); + + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&ep->ssl) == NULL); + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); + + (void) mbedtls_test_rnd_std_rand(NULL, + (void *) &user_data_n, + sizeof(user_data_n)); + mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); + mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); + + if (dtls_context != NULL) { + TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context) == 0); + } else { + mbedtls_mock_socket_init(&(ep->socket)); + } + + /* Non-blocking callbacks without timeout */ + if (dtls_context != NULL) { + mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + } else { + mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, + NULL); + } + + ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, + (dtls_context != NULL) ? + MBEDTLS_SSL_TRANSPORT_DATAGRAM : + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); + TEST_ASSERT(ret == 0); + + if (group_list != NULL) { + mbedtls_ssl_conf_groups(&(ep->conf), group_list); + } + + mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + +#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { + mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, + mbedtls_ssl_cache_get, + mbedtls_ssl_cache_set); + } +#endif + + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); + TEST_ASSERT(ret == 0); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { + mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); + } +#endif + + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, + options->opaque_alg, + options->opaque_alg2, + options->opaque_usage); + TEST_ASSERT(ret == 0); + + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); + mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); + mbedtls_ssl_set_user_data_p(&ep->ssl, ep); + +exit: + return ret; +} + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context) +{ + mbedtls_endpoint_certificate_free(ep); + + mbedtls_ssl_free(&(ep->ssl)); + mbedtls_ssl_config_free(&(ep->conf)); + + if (context != NULL) { + mbedtls_test_message_socket_close(context); + } else { + mbedtls_test_mock_socket_close(&(ep->socket)); + } +} + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state) +{ + enum { BUFFSIZE = 1024 }; + int max_steps = 1000; + int ret = 0; + + if (ssl == NULL || second_ssl == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + /* Perform communication via connected sockets */ + while ((ssl->state != state) && (--max_steps >= 0)) { + /* If /p second_ssl ends the handshake procedure before /p ssl then + * there is no need to call the next step */ + if (!mbedtls_ssl_is_handshake_over(second_ssl)) { + ret = mbedtls_ssl_handshake_step(second_ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + + /* We only care about the \p ssl state and returns, so we call it last, + * to leave the iteration as soon as the state is as expected. */ + ret = mbedtls_ssl_handshake_step(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + } + + return (max_steps >= 0) ? ret : -1; +} + +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +/* + * Write application data. Increase write counter if necessary. + */ +int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, + int buf_len, int *written, + const int expected_fragments) +{ + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); + } + + int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); + if (ret > 0) { + *written += ret; + } + + if (expected_fragments == 0) { + /* Used for DTLS and the message size larger than MFL. In that case + * the message can not be fragmented and the library should return + * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned + * to prevent a dead loop inside mbedtls_exchange_data(). */ + return ret; + } else if (expected_fragments == 1) { + /* Used for TLS/DTLS and the message size lower than MFL */ + TEST_ASSERT(ret == buf_len || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } else { + /* Used for TLS and the message size larger than MFL */ + TEST_ASSERT(expected_fragments > 1); + TEST_ASSERT((ret >= 0 && ret <= buf_len) || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } + + return 0; + +exit: + /* Some of the tests failed */ + return -1; +} + +/* + * Read application data and increase read counter and fragments counter + * if necessary. + */ +int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, + int buf_len, int *read, + int *fragments, const int expected_fragments) +{ + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); + } + + int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); + if (ret > 0) { + (*fragments)++; + *read += ret; + } + + if (expected_fragments == 0) { + TEST_ASSERT(ret == 0); + } else if (expected_fragments == 1) { + TEST_ASSERT(ret == buf_len || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } else { + TEST_ASSERT(expected_fragments > 1); + TEST_ASSERT((ret >= 0 && ret <= buf_len) || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + } + + return 0; + +exit: + /* Some of the tests failed */ + return -1; +} + +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ + +#define CHK(x) \ + do \ + { \ + if (!(x)) \ + { \ + ret = -1; \ + goto cleanup; \ + } \ + } while (0) + +void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, + int *forced_ciphersuite) +{ + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + forced_ciphersuite[1] = 0; + + ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); + + TEST_ASSERT(ciphersuite_info != NULL); + TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); + TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); + + if (conf->max_tls_version > ciphersuite_info->max_tls_version) { + conf->max_tls_version = ciphersuite_info->max_tls_version; + } + if (conf->min_tls_version < ciphersuite_info->min_tls_version) { + conf->min_tls_version = ciphersuite_info->min_tls_version; + } + + mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); + +exit: + return; +} + +int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) +{ + (void) p_info; + (void) ssl; + (void) name; + (void) name_len; + + return 0; +} + +#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX +#else +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) +int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, + const unsigned char *iv, + size_t iv_len, + const unsigned char *input, + size_t ilen, + unsigned char *output, + size_t *olen) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; + size_t part_len; + + status = psa_cipher_encrypt_setup(&cipher_op, + transform->psa_key_enc, + transform->psa_alg); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + status = psa_cipher_set_iv(&cipher_op, iv, iv_len); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, + &part_len); + + if (status != PSA_SUCCESS) { + return PSA_TO_MBEDTLS_ERR(status); + } + + *olen += part_len; + return 0; +#else + return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, + iv, iv_len, input, ilen, output, olen); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && + MBEDTLS_AES_C */ + +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, + size_t cid0_len, + size_t cid1_len) +{ + mbedtls_cipher_info_t const *cipher_info; + int ret = 0; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t key_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + size_t key_bits; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#endif + + size_t keylen, maclen, ivlen; + unsigned char *key0 = NULL, *key1 = NULL; + unsigned char *md0 = NULL, *md1 = NULL; + unsigned char iv_enc[16], iv_dec[16]; + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + unsigned char cid0[SSL_CID_LEN_MIN]; + unsigned char cid1[SSL_CID_LEN_MIN]; + + mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0)); + mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1)); +#else + ((void) cid0_len); + ((void) cid1_len); +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + maclen = 0; + + /* Pick cipher */ + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + CHK(cipher_info != NULL); + CHK(cipher_info->iv_size <= 16); + CHK(cipher_info->key_bitlen % 8 == 0); + + /* Pick keys */ + keylen = cipher_info->key_bitlen / 8; + /* Allocate `keylen + 1` bytes to ensure that we get + * a non-NULL pointers from `mbedtls_calloc` even if + * `keylen == 0` in the case of the NULL cipher. */ + CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL); + CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL); + memset(key0, 0x1, keylen); + memset(key1, 0x2, keylen); + +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + /* Setup cipher contexts */ + CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); + CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + if (cipher_info->mode == MBEDTLS_MODE_CBC) { + CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, + MBEDTLS_PADDING_NONE) == 0); + CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, + MBEDTLS_PADDING_NONE) == 0); + } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + + CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, + keylen << 3, MBEDTLS_ENCRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, + keylen << 3, MBEDTLS_DECRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, + keylen << 3, MBEDTLS_ENCRYPT) == 0); + CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, + keylen << 3, MBEDTLS_DECRYPT) == 0); +#endif + + /* Setup MAC contexts */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + if (cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_STREAM) { +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); + CHK(md_info != NULL); +#endif + maclen = mbedtls_hash_info_get_size(hash_id); + CHK(maclen != 0); + /* Pick hash keys */ + CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); + CHK((md1 = mbedtls_calloc(1, maclen)) != NULL); + memset(md0, 0x5, maclen); + memset(md1, 0x6, maclen); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + alg = mbedtls_hash_info_psa_from_md(hash_id); + + CHK(alg != 0); + + t_out->psa_mac_alg = PSA_ALG_HMAC(alg); + t_in->psa_mac_alg = PSA_ALG_HMAC(alg); + t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; + t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; + t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; + t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; + + psa_reset_key_attributes(&attributes); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); + psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); + + CHK(psa_import_key(&attributes, + md0, maclen, + &t_in->psa_mac_enc) == PSA_SUCCESS); + + CHK(psa_import_key(&attributes, + md1, maclen, + &t_out->psa_mac_enc) == PSA_SUCCESS); + + if (cipher_info->mode == MBEDTLS_MODE_STREAM || + etm == MBEDTLS_SSL_ETM_DISABLED) { + /* mbedtls_ct_hmac() requires the key to be exportable */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_VERIFY_HASH); + } else { + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + } + + CHK(psa_import_key(&attributes, + md1, maclen, + &t_in->psa_mac_dec) == PSA_SUCCESS); + + CHK(psa_import_key(&attributes, + md0, maclen, + &t_out->psa_mac_dec) == PSA_SUCCESS); +#else + CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); + CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); + + CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, + md0, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, + md1, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, + md1, maclen) == 0); + CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, + md0, maclen) == 0); +#endif + } +#else + ((void) hash_id); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + + + /* Pick IV's (regardless of whether they + * are being used by the transform). */ + ivlen = cipher_info->iv_size; + memset(iv_enc, 0x3, sizeof(iv_enc)); + memset(iv_dec, 0x4, sizeof(iv_dec)); + + /* + * Setup transforms + */ + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) + t_out->encrypt_then_mac = etm; + t_in->encrypt_then_mac = etm; +#else + ((void) etm); +#endif + + t_out->tls_version = tls_version; + t_in->tls_version = tls_version; + t_out->ivlen = ivlen; + t_in->ivlen = ivlen; + + switch (cipher_info->mode) { + case MBEDTLS_MODE_GCM: + case MBEDTLS_MODE_CCM: +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + } else +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + { + t_out->fixed_ivlen = 4; + t_in->fixed_ivlen = 4; + } + t_out->maclen = 0; + t_in->maclen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + ret = 1; + goto cleanup; + } + break; + + case MBEDTLS_MODE_CHACHAPOLY: + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + t_out->maclen = 0; + t_in->maclen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + ret = 1; + goto cleanup; + } + break; + + case MBEDTLS_MODE_STREAM: + case MBEDTLS_MODE_CBC: + t_out->fixed_ivlen = 0; /* redundant, must be 0 */ + t_in->fixed_ivlen = 0; /* redundant, must be 0 */ + t_out->taglen = 0; + t_in->taglen = 0; + switch (tag_mode) { + case 0: /* Full tag */ + t_out->maclen = maclen; + t_in->maclen = maclen; + break; + default: + ret = 1; + goto cleanup; + } + break; + default: + ret = 1; + goto cleanup; + break; + } + + /* Setup IV's */ + + memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec)); + memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc)); + memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc)); + memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec)); + +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + /* Add CID */ + memcpy(&t_in->in_cid, cid0, cid0_len); + memcpy(&t_in->out_cid, cid1, cid1_len); + t_in->in_cid_len = cid0_len; + t_in->out_cid_len = cid1_len; + memcpy(&t_out->in_cid, cid1, cid1_len); + memcpy(&t_out->out_cid, cid0, cid0_len); + t_out->in_cid_len = cid1_len; + t_out->out_cid_len = cid0_len; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + status = mbedtls_ssl_cipher_to_psa(cipher_type, + t_in->taglen, + &alg, + &key_type, + &key_bits); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + t_in->psa_alg = alg; + t_out->psa_alg = alg; + + if (alg != MBEDTLS_SSL_NULL_CIPHER) { + psa_reset_key_attributes(&attributes); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + status = psa_import_key(&attributes, + key0, + PSA_BITS_TO_BYTES(key_bits), + &t_in->psa_key_enc); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + status = psa_import_key(&attributes, + key1, + PSA_BITS_TO_BYTES(key_bits), + &t_out->psa_key_enc); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); + + status = psa_import_key(&attributes, + key1, + PSA_BITS_TO_BYTES(key_bits), + &t_in->psa_key_dec); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + + status = psa_import_key(&attributes, + key0, + PSA_BITS_TO_BYTES(key_bits), + &t_out->psa_key_dec); + + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +cleanup: + + mbedtls_free(key0); + mbedtls_free(key1); + + mbedtls_free(md0); + mbedtls_free(md1); + + return ret; +} + +/* + * Populate a session structure for serialization tests. + * Choose dummy values, mostly non-0 to distinguish from the init default. + */ +int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file) +{ +#if defined(MBEDTLS_HAVE_TIME) + session->start = mbedtls_time(NULL) - 42; +#endif + session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + session->ciphersuite = 0xabcd; + session->id_len = sizeof(session->id); + memset(session->id, 66, session->id_len); + memset(session->master, 17, sizeof(session->master)); + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO) + if (crt_file != NULL && strlen(crt_file) != 0) { + mbedtls_x509_crt tmp_crt; + int ret; + + mbedtls_x509_crt_init(&tmp_crt); + ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file); + if (ret != 0) { + return ret; + } + +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + /* Move temporary CRT. */ + session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert)); + if (session->peer_cert == NULL) { + return -1; + } + *session->peer_cert = tmp_crt; + memset(&tmp_crt, 0, sizeof(tmp_crt)); +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* Calculate digest of temporary CRT. */ + session->peer_cert_digest = + mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); + if (session->peer_cert_digest == NULL) { + return -1; + } + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); + size_t hash_size = 0; + psa_status_t status = psa_hash_compute( + psa_alg, tmp_crt.raw.p, + tmp_crt.raw.len, + session->peer_cert_digest, + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, + &hash_size); + ret = PSA_TO_MBEDTLS_ERR(status); +#else + ret = mbedtls_md(mbedtls_md_info_from_type( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), + tmp_crt.raw.p, tmp_crt.raw.len, + session->peer_cert_digest); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (ret != 0) { + return ret; + } + session->peer_cert_digest_type = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; + session->peer_cert_digest_len = + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + + mbedtls_x509_crt_free(&tmp_crt); + } +#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ + (void) crt_file; +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ + session->verify_result = 0xdeadbeef; + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + if (ticket_len != 0) { + session->ticket = mbedtls_calloc(1, ticket_len); + if (session->ticket == NULL) { + return -1; + } + memset(session->ticket, 33, ticket_len); + } + session->ticket_len = ticket_len; + session->ticket_lifetime = 86401; +#else + (void) ticket_len; +#endif + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + session->mfl_code = 1; +#endif +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + session->encrypt_then_mac = 1; +#endif + + return 0; +} + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type) +{ + ((void) ticket_len); + session->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; + session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; + session->ciphersuite = 0xabcd; + session->ticket_age_add = 0x87654321; + session->ticket_flags = 0x7; + + session->resumption_key_len = 32; + memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); + +#if defined(MBEDTLS_HAVE_TIME) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + session->start = mbedtls_time(NULL) - 42; + } +#endif + +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_HAVE_TIME) + session->ticket_received = mbedtls_time(NULL) - 40; +#endif + session->ticket_lifetime = 0xfedcba98; + + session->ticket_len = ticket_len; + if (ticket_len != 0) { + session->ticket = mbedtls_calloc(1, ticket_len); + if (session->ticket == NULL) { + return -1; + } + memset(session->ticket, 33, ticket_len); + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + + return 0; +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the + * message was sent in the correct number of fragments. + * + * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both + * of them must be initialized and connected + * beforehand. + * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. + * /p expected_fragments_1 and /p expected_fragments_2 determine in how many + * fragments the message should be sent. + * expected_fragments is 0: can be used for DTLS testing while the message + * size is larger than MFL. In that case the message + * cannot be fragmented and sent to the second + * endpoint. + * This value can be used for negative tests. + * expected_fragments is 1: can be used for TLS/DTLS testing while the + * message size is below MFL + * expected_fragments > 1: can be used for TLS testing while the message + * size is larger than MFL + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2) +{ + unsigned char *msg_buf_1 = malloc(msg_len_1); + unsigned char *msg_buf_2 = malloc(msg_len_2); + unsigned char *in_buf_1 = malloc(msg_len_2); + unsigned char *in_buf_2 = malloc(msg_len_1); + int msg_type, ret = -1; + + /* Perform this test with two message types. At first use a message + * consisting of only 0x00 for the client and only 0xFF for the server. + * At the second time use message with generated data */ + for (msg_type = 0; msg_type < 2; msg_type++) { + int written_1 = 0; + int written_2 = 0; + int read_1 = 0; + int read_2 = 0; + int fragments_1 = 0; + int fragments_2 = 0; + + if (msg_type == 0) { + memset(msg_buf_1, 0x00, msg_len_1); + memset(msg_buf_2, 0xff, msg_len_2); + } else { + int i, j = 0; + for (i = 0; i < msg_len_1; i++) { + msg_buf_1[i] = j++ & 0xFF; + } + for (i = 0; i < msg_len_2; i++) { + msg_buf_2[i] = (j -= 5) & 0xFF; + } + } + + while (read_1 < msg_len_2 || read_2 < msg_len_1) { + /* ssl_1 sending */ + if (msg_len_1 > written_1) { + ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1, + msg_len_1, &written_1, + expected_fragments_1); + if (expected_fragments_1 == 0) { + /* This error is expected when the message is too large and + * cannot be fragmented */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + msg_len_1 = 0; + } else { + TEST_ASSERT(ret == 0); + } + } + + /* ssl_2 sending */ + if (msg_len_2 > written_2) { + ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2, + msg_len_2, &written_2, + expected_fragments_2); + if (expected_fragments_2 == 0) { + /* This error is expected when the message is too large and + * cannot be fragmented */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + msg_len_2 = 0; + } else { + TEST_ASSERT(ret == 0); + } + } + + /* ssl_1 reading */ + if (read_1 < msg_len_2) { + ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1, + msg_len_2, &read_1, + &fragments_2, + expected_fragments_2); + TEST_ASSERT(ret == 0); + } + + /* ssl_2 reading */ + if (read_2 < msg_len_1) { + ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2, + msg_len_1, &read_2, + &fragments_1, + expected_fragments_1); + TEST_ASSERT(ret == 0); + } + } + + ret = -1; + TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); + TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); + TEST_ASSERT(fragments_1 == expected_fragments_1); + TEST_ASSERT(fragments_2 == expected_fragments_2); + } + + ret = 0; + +exit: + free(msg_buf_1); + free(in_buf_1); + free(msg_buf_2); + free(in_buf_2); + + return ret; +} + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints + * must be initialized and connected beforehand. + * + * \retval 0 on success, otherwise error code. + */ +int exchange_data(mbedtls_ssl_context *ssl_1, + mbedtls_ssl_context *ssl_2) +{ + return mbedtls_exchange_data(ssl_1, 256, 1, + ssl_2, 256, 1); +} + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static int check_ssl_version( + mbedtls_ssl_protocol_version expected_negotiated_version, + const mbedtls_ssl_context *ssl) +{ + const char *version_string = mbedtls_ssl_get_version(ssl); + mbedtls_ssl_protocol_version version_number = + mbedtls_ssl_get_version_number(ssl); + + TEST_EQUAL(ssl->tls_version, expected_negotiated_version); + + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_EQUAL(version_string[0], 'D'); + ++version_string; + } + + switch (expected_negotiated_version) { + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); + TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); + break; + + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); + TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); + break; + + default: + TEST_ASSERT( + !"Version check not implemented for this protocol version"); + } + + return 1; + +exit: + return 0; +} +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options) +{ + /* forced_ciphersuite needs to last until the end of the handshake */ + int forced_ciphersuite[2]; + enum { BUFFSIZE = 17000 }; + mbedtls_test_ssl_endpoint client, server; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif +#if defined(MBEDTLS_TIMING_C) + mbedtls_timing_delay_context timer_client, timer_server; +#endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + unsigned char *context_buf = NULL; + size_t context_buf_len; +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + int ret = -1; +#endif + int expected_handshake_result = options->expected_handshake_result; + + USE_PSA_INIT(); + mbedtls_platform_zeroize(&client, sizeof(client)); + mbedtls_platform_zeroize(&server, sizeof(server)); + mbedtls_test_ssl_message_queue server_queue, client_queue; + mbedtls_test_message_socket_context server_context, client_context; + mbedtls_test_message_socket_init(&server_context); + mbedtls_test_message_socket_init(&client_context); + + /* Client side */ + if (options->dtls != 0) { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, &client_context, + &client_queue, + &server_queue, NULL) == 0); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, NULL, NULL, + NULL, NULL) == 0); + } + + if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_min_tls_version(&client.conf, + options->client_min_version); + } + + if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_max_tls_version(&client.conf, + options->client_max_version); + } + + if (strlen(options->cipher) > 0) { + set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); + } + +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun) { + mbedtls_debug_set_threshold(4); + mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, + options->cli_log_obj); + } +#endif + + /* Server side */ + if (options->dtls != 0) { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, &server_context, + &server_queue, + &client_queue, NULL) == 0); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, NULL, NULL, NULL, + NULL) == 0); + } + + mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + + if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_min_tls_version(&server.conf, + options->server_min_version); + } + + if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_max_tls_version(&server.conf, + options->server_max_version); + } + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), + (unsigned char) options->mfl) + == 0); + TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), + (unsigned char) options->mfl) + == 0); +#else + TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_ASSERT(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); + + TEST_ASSERT(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)) == 0); +#if defined(MBEDTLS_SSL_SRV_C) + mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); +#endif + } +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&(server.conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_renegotiation(&(client.conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + + mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), + options->legacy_renegotiation); + mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + +#if defined(MBEDTLS_DEBUG_C) + if (options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, + options->srv_log_obj); + } +#endif + + TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE) == 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + + if (options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN) { + expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; + } + + TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER) + == expected_handshake_result); + + if (expected_handshake_result != 0) { + /* Connection will have failed by this point, skip to cleanup */ + goto exit; + } + + TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); + + /* Make sure server state is moved to HANDSHAKE_OVER also. */ + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), + &(client.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), + 0); + + TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); + /* Check that both sides have negotiated the expected version. */ + mbedtls_test_set_step(0); + if (!check_ssl_version(options->expected_negotiated_version, + &client.ssl)) { + goto exit; + } + + mbedtls_test_set_step(1); + if (!check_ssl_version(options->expected_negotiated_version, + &server.ssl)) { + goto exit; + } + + if (options->expected_ciphersuite != 0) { + TEST_EQUAL(server.ssl.session->ciphersuite, + options->expected_ciphersuite); + } + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* A server, when using DTLS, might delay a buffer resize to happen + * after it receives a message, so we force it. */ + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + + TEST_ASSERT(client.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_ASSERT(client.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif + + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + /* Start data exchanging test */ + TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments) + == 0); + } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if (options->serialize == 1) { + TEST_ASSERT(options->dtls == 1); + + TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, + 0, &context_buf_len) + == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + + context_buf = mbedtls_calloc(1, context_buf_len); + TEST_ASSERT(context_buf != NULL); + + TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, + context_buf_len, + &context_buf_len) + == 0); + + mbedtls_ssl_free(&(server.ssl)); + mbedtls_ssl_init(&(server.ssl)); + + TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); + + mbedtls_ssl_set_bio(&(server.ssl), &server_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + + mbedtls_ssl_set_user_data_p(&server.ssl, &server); + +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, + context_buf_len) == 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after context deserialization */ + if (options->resize_buffers != 0) { + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif + /* Retest writing/reading */ + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + TEST_ASSERT(mbedtls_exchange_data( + &(client.ssl), + options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), + options->srv_msg_len, + options->expected_srv_fragments) + == 0); + } + } +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + /* Start test with renegotiation */ + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + /* After calling this function for the server, it only sends a handshake + * request. All renegotiation should happen during data exchanging */ + TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ + ret = mbedtls_ssl_renegotiate(&(client.ssl)); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(ret == 0 || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_ASSERT(server.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_ASSERT(client.ssl.renego_status == + MBEDTLS_SSL_RENEGOTIATION_DONE); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after renegotiation */ + if (options->resize_buffers != 0) { + TEST_ASSERT(client.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_ASSERT(client.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_ASSERT(server.ssl.out_buf_len == + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_ASSERT(server.ssl.in_buf_len == + mbedtls_ssl_get_input_buflen(&server.ssl)); + } +#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); + +exit: + mbedtls_test_ssl_endpoint_free(&client, + options->dtls != 0 ? + &client_context : NULL); + mbedtls_test_ssl_endpoint_free(&server, + options->dtls != 0 ? + &server_context : NULL); +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(0); + } +#endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) + if (context_buf != NULL) { + mbedtls_free(context_buf); + } +#endif + USE_PSA_DONE(); +} +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_TEST_HOOKS) +/* + * Tweak vector lengths in a TLS 1.3 Certificate message + * + * \param[in] buf Buffer containing the Certificate message to tweak + * \param[in]]out] end End of the buffer to parse + * \param tweak Tweak identifier (from 1 to the number of tweaks). + * \param[out] expected_result Error code expected from the parsing function + * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that + * is expected to fail. All zeroes if no + * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. + */ +int tweak_tls13_certificate_msg_vector_len( + unsigned char *buf, unsigned char **end, int tweak, + int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) +{ +/* + * The definition of the tweaks assume that the certificate list contains only + * one certificate. + */ + +/* + * struct { + * opaque cert_data<1..2^24-1>; + * Extension extensions<0..2^16-1>; + * } CertificateEntry; + * + * struct { + * opaque certificate_request_context<0..2^8-1>; + * CertificateEntry certificate_list<0..2^24-1>; + * } Certificate; + */ + unsigned char *p_certificate_request_context_len = buf; + size_t certificate_request_context_len = buf[0]; + + unsigned char *p_certificate_list_len = + buf + 1 + certificate_request_context_len; + unsigned char *certificate_list = p_certificate_list_len + 3; + size_t certificate_list_len = + MBEDTLS_GET_UINT24_BE(p_certificate_list_len, 0); + + unsigned char *p_cert_data_len = certificate_list; + unsigned char *cert_data = p_cert_data_len + 3; + size_t cert_data_len = MBEDTLS_GET_UINT24_BE(p_cert_data_len, 0); + + unsigned char *p_extensions_len = cert_data + cert_data_len; + unsigned char *extensions = p_extensions_len + 2; + size_t extensions_len = MBEDTLS_GET_UINT16_BE(p_extensions_len, 0); + + *expected_result = MBEDTLS_ERR_SSL_DECODE_ERROR; + + switch (tweak) { + case 1: + /* Failure when checking if the certificate request context length + * and certificate list length can be read + */ + *end = buf + 3; + set_chk_buf_ptr_args(args, buf, *end, 4); + break; + + case 2: + /* Invalid certificate request context length. + */ + *p_certificate_request_context_len = + certificate_request_context_len + 1; + reset_chk_buf_ptr_args(args); + break; + + case 3: + /* Failure when checking if certificate_list data can be read. */ + MBEDTLS_PUT_UINT24_BE(certificate_list_len + 1, + p_certificate_list_len, 0); + set_chk_buf_ptr_args(args, certificate_list, *end, + certificate_list_len + 1); + break; + + case 4: + /* Failure when checking if the cert_data length can be read. */ + MBEDTLS_PUT_UINT24_BE(2, p_certificate_list_len, 0); + set_chk_buf_ptr_args(args, p_cert_data_len, certificate_list + 2, 3); + break; + + case 5: + /* Failure when checking if cert_data data can be read. */ + MBEDTLS_PUT_UINT24_BE(certificate_list_len - 3 + 1, + p_cert_data_len, 0); + set_chk_buf_ptr_args(args, cert_data, + certificate_list + certificate_list_len, + certificate_list_len - 3 + 1); + break; + + case 6: + /* Failure when checking if the extensions length can be read. */ + MBEDTLS_PUT_UINT24_BE(certificate_list_len - extensions_len - 1, + p_certificate_list_len, 0); + set_chk_buf_ptr_args( + args, p_extensions_len, + certificate_list + certificate_list_len - extensions_len - 1, 2); + break; + + case 7: + /* Failure when checking if extensions data can be read. */ + MBEDTLS_PUT_UINT16_BE(extensions_len + 1, p_extensions_len, 0); + + set_chk_buf_ptr_args( + args, extensions, + certificate_list + certificate_list_len, extensions_len + 1); + break; + + default: + return -1; + } + + return 0; +} +#endif /* MBEDTLS_TEST_HOOKS */ From c4eb65411364e30399aae1cceff091166680f06e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 27 Oct 2022 15:28:16 +0800 Subject: [PATCH 319/553] Resolve build errors for ssl_helpers.c and test_suite_ssl.c Since we move many functions from test_suite_ssl.function to ssl_helpers.c in commit 8e2bbdd. This causes various of build errors. This commit fixes all the build errors by - including header files - providing function definition - adding guards for typedef statements and functions Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 373 ++++++++++++++++++++++++++++++++++++- src/ssl_helpers.c | 8 +- 2 files changed, 374 insertions(+), 7 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index a292def7b2..72095ea610 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -23,8 +23,22 @@ #ifndef SSL_HELPERS_H #define SSL_HELPERS_H +#include "mbedtls/build_info.h" + +#include + #include -#include +#include +#include +#include + +#if defined(MBEDTLS_SSL_TLS_C) +#include +#include +#include +#include "hash_info.h" + +#include "test/certs.h" #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" @@ -142,4 +156,361 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* + * This function can be passed to mbedtls to receive output logs from it. In + * this case, it will count the instances of a mbedtls_test_ssl_log_pattern + * in the received logged messages. + */ +void mbedtls_test_ssl_log_analyzer(void *ctx, int level, + const char *file, int line, + const char *str); + +void mbedtls_test_init_handshake_options( + mbedtls_test_handshake_test_options *opts); + +void mbedtls_test_free_handshake_options( + mbedtls_test_handshake_test_options *opts); + +/* + * Initialises \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_free()` on \p buf. + */ +void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf); + +/* + * Sets up \p buf. After calling this function it is safe to call + * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` + * on \p buf. + */ +int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, + size_t capacity); + +void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); + +/* + * + * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p input_len, if the data fits. + * \retval 0 <= value < \p input_len, if the data does not fit. + * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not + * zero and \p input is NULL. + */ +int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, + const unsigned char *input, size_t input_len); + +/* + * Gets \p output_len bytes from the ring buffer \p buf into the + * \p output buffer. The output buffer can be NULL, in this case a part of the + * ring buffer will be dropped, if the requested length is available. + * + * \p buf must have been initialized and set up by calling + * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. + * + * \retval \p output_len, if the data is available. + * \retval 0 <= value < \p output_len, if the data is not available. + * \retval -1, if \buf is NULL or it hasn't been set up. + */ +int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, + unsigned char *output, size_t output_len); + +/* + * Errors used in the message transport mock tests + */ + #define MBEDTLS_TEST_ERROR_ARG_NULL -11 + #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 + +/* + * Setup and free functions for the message metadata queue. + * + * \p capacity describes the number of message metadata chunks that can be held + * within the queue. + * + * \retval 0, if a metadata queue of a given length can be allocated. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. + */ +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity); + +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue); + +/* + * Push message length information onto the message metadata queue. + * This will become the last element to leave it (fifo). + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. + * \retval \p len, if the push was successful. + */ +int mbedtls_test_ssl_message_queue_push_info( + mbedtls_test_ssl_message_queue *queue, size_t len); + +/* + * Pop information about the next message length from the queue. This will be + * the oldest inserted message length(fifo). \p msg_len can be null, in which + * case the data will be popped from the queue but not copied anywhere. + * + * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. + * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. + * \retval message length, if the pop was successful, up to the given + \p buf_len. + */ +int mbedtls_test_ssl_message_queue_pop_info( + mbedtls_test_ssl_message_queue *queue, size_t buf_len); + +/* + * Setup and teardown functions for mock sockets. + */ +void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket); + +/* + * Closes the socket \p socket. + * + * \p socket must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * This function frees all allocated resources and both sockets are aware of the + * new connection state. + * + * That is, this function does not simulate half-open TCP connections and the + * phenomenon that when closing a UDP connection the peer is not aware of the + * connection having been closed. + */ +void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); + +/* + * Establishes a connection between \p peer1 and \p peer2. + * + * \p peer1 and \p peer2 must have been previously initialized by calling + * mbedtls_mock_socket_init(). + * + * The capacities of the internal buffers are set to \p bufsize. Setting this to + * the correct value allows for simulation of MTU, sanity testing the mock + * implementation and mocking TCP connections with lower memory cost. + */ +int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, + mbedtls_test_mock_socket *peer2, + size_t bufsize); + + +/* + * Callbacks for simulating blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, + size_t len); + +int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); + +/* + * Callbacks for simulating non-blocking I/O over connection-oriented transport. + */ + +int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, + size_t len); + +int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); + +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx); + +/* + * Setup a given message socket context including initialization of + * input/output queues to a chosen capacity of messages. Also set the + * corresponding mock socket. + * + * \retval 0, if everything succeeds. + * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message + * queue failed. + */ +int mbedtls_test_message_socket_setup( + mbedtls_test_ssl_message_queue *queue_input, + mbedtls_test_ssl_message_queue *queue_output, + size_t queue_capacity, mbedtls_test_mock_socket *socket, + mbedtls_test_message_socket_context *ctx); + +/* + * Close a given message socket context, along with the socket itself. Free the + * memory allocated by the input queue. + */ +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx); + +/* + * Send one message through a given message socket context. + * + * \retval \p len, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if + * mbedtls_test_mock_tcp_send_b failed. + * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. + * + * This function will also return any error from + * mbedtls_test_ssl_message_queue_push_info. + */ +int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, + size_t len); + +/* + * Receive one message from a given message socket context and return message + * length or an error. + * + * \retval message length, if everything succeeds. + * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context + * elements or the context itself is null. + * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if + * mbedtls_test_mock_tcp_recv_b failed. + * + * This function will also return any error other than + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from + * mbedtls_test_message_queue_peek_info. + */ +int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, + size_t buf_len); + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +/* + * Initializes \p ep_cert structure and assigns it to endpoint + * represented by \p ep. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, + int pk_alg, + int opaque_alg, int opaque_alg2, + int opaque_usage); + +/* + * Initializes \p ep structure. It is important to call + * `mbedtls_test_ssl_endpoint_free()` after calling this function + * even if it fails. + * + * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or + * MBEDTLS_SSL_IS_CLIENT. + * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and + * MBEDTLS_PK_ECDSA are supported. + * \p dtls_context - in case of DTLS - this is the context handling metadata. + * \p input_queue - used only in case of DTLS. + * \p output_queue - used only in case of DTLS. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + mbedtls_test_handshake_test_options *options, + mbedtls_test_message_socket_context *dtls_context, + mbedtls_test_ssl_message_queue *input_queue, + mbedtls_test_ssl_message_queue *output_queue, + uint16_t *group_list); + +/* + * Deinitializes endpoint represented by \p ep. + */ +void mbedtls_test_ssl_endpoint_free( + mbedtls_test_ssl_endpoint *ep, + mbedtls_test_message_socket_context *context); + +/* + * This function moves ssl handshake from \p ssl to prescribed \p state. + * /p second_ssl is used as second endpoint and their sockets have to be + * connected before calling this function. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, + mbedtls_ssl_context *second_ssl, + int state); + +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) +int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, + const unsigned char *iv, + size_t iv_len, + const unsigned char *input, + size_t ilen, + unsigned char *output, + size_t *olen); +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && + MBEDTLS_AES_C */ + +int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, + mbedtls_ssl_protocol_version tls_version, + size_t cid0_len, + size_t cid1_len); + +/* + * Populate a session structure for serialization tests. + * Choose dummy values, mostly non-0 to distinguish from the init default. + */ +int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, + int ticket_len, + const char *crt_file); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, + int ticket_len, + int endpoint_type); +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +/* + * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the + * message was sent in the correct number of fragments. + * + * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both + * of them must be initialized and connected + * beforehand. + * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. + * /p expected_fragments_1 and /p expected_fragments_2 determine in how many + * fragments the message should be sent. + * expected_fragments is 0: can be used for DTLS testing while the message + * size is larger than MFL. In that case the message + * cannot be fragmented and sent to the second + * endpoint. + * This value can be used for negative tests. + * expected_fragments is 1: can be used for TLS/DTLS testing while the + * message size is below MFL + * expected_fragments > 1: can be used for TLS testing while the message + * size is larger than MFL + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2); + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +void mbedtls_test_ssl_perform_handshake( + mbedtls_test_handshake_test_options *options); +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_TEST_HOOKS) +/* + * Tweak vector lengths in a TLS 1.3 Certificate message + * + * \param[in] buf Buffer containing the Certificate message to tweak + * \param[in]]out] end End of the buffer to parse + * \param tweak Tweak identifier (from 1 to the number of tweaks). + * \param[out] expected_result Error code expected from the parsing function + * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that + * is expected to fail. All zeroes if no + * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. + */ +int tweak_tls13_certificate_msg_vector_len( + unsigned char *buf, unsigned char **end, int tweak, + int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_SSL_TLS_C */ + #endif /* SSL_HELPERS_H */ diff --git a/src/ssl_helpers.c b/src/ssl_helpers.c index 150f6e84de..793eed6056 100644 --- a/src/ssl_helpers.c +++ b/src/ssl_helpers.c @@ -22,6 +22,7 @@ #include +#if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int rng_seed = 0xBEEF; static int rng_get(void *p_rng, unsigned char *output, size_t output_len) @@ -269,12 +270,6 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return output_len; } -/* - * Errors used in the message transport mock tests - */ - #define MBEDTLS_TEST_ERROR_ARG_NULL -11 - #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44 - /* * Setup and free functions for the message metadata queue. * @@ -2446,3 +2441,4 @@ int tweak_tls13_certificate_msg_vector_len( return 0; } #endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_SSL_TLS_C */ From 0bb355d576f4ccc6798b2582957b831fc3114704 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 6 Feb 2023 12:10:48 +0800 Subject: [PATCH 320/553] ssl_helpers.c: remove duplicate comments for some functions Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 18 ++- src/ssl_helpers.c | 234 ++----------------------------------- 2 files changed, 22 insertions(+), 230 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 72095ea610..fecfad9060 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -188,7 +188,6 @@ int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf); /* - * * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. * * \p buf must have been initialized and set up by calling @@ -300,7 +299,6 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, /* * Callbacks for simulating blocking I/O over connection-oriented transport. */ - int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len); @@ -309,7 +307,6 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); /* * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ - int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len); @@ -429,6 +426,21 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ +#define CHK(x) \ + do \ + { \ + if (!(x)) \ + { \ + ret = -1; \ + goto cleanup; \ + } \ + } while (0) + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, diff --git a/src/ssl_helpers.c b/src/ssl_helpers.c index 793eed6056..8dcb6d2783 100644 --- a/src/ssl_helpers.c +++ b/src/ssl_helpers.c @@ -36,11 +36,6 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len) } #endif -/* - * This function can be passed to mbedtls to receive output logs from it. In - * this case, it will count the instances of a mbedtls_test_ssl_log_pattern - * in the received logged messages. - */ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, const char *str) @@ -133,20 +128,11 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) * Buffer structure for custom I/O callbacks. */ -/* - * Initialises \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_free()` on \p buf. - */ void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); } -/* - * Sets up \p buf. After calling this function it is safe to call - * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()` - * on \p buf. - */ int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf, size_t capacity) { @@ -169,17 +155,6 @@ void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf) memset(buf, 0, sizeof(*buf)); } -/* - * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p input_len, if the data fits. - * \retval 0 <= value < \p input_len, if the data does not fit. - * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not - * zero and \p input is NULL. - */ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, const unsigned char *input, size_t input_len) { @@ -224,18 +199,6 @@ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, return input_len; } -/* - * Gets \p output_len bytes from the ring buffer \p buf into the - * \p output buffer. The output buffer can be NULL, in this case a part of the - * ring buffer will be dropped, if the requested length is available. - * - * \p buf must have been initialized and set up by calling - * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`. - * - * \retval \p output_len, if the data is available. - * \retval 0 <= value < \p output_len, if the data is not available. - * \retval -1, if \buf is NULL or it hasn't been set up. - */ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, unsigned char *output, size_t output_len) { @@ -270,15 +233,6 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return output_len; } -/* - * Setup and free functions for the message metadata queue. - * - * \p capacity describes the number of message metadata chunks that can be held - * within the queue. - * - * \retval 0, if a metadata queue of a given length can be allocated. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed. - */ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, size_t capacity) { @@ -307,14 +261,6 @@ void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) memset(queue, 0, sizeof(*queue)); } -/* - * Push message length information onto the message metadata queue. - * This will become the last element to leave it (fifo). - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full. - * \retval \p len, if the push was successful. - */ int mbedtls_test_ssl_message_queue_push_info( mbedtls_test_ssl_message_queue *queue, size_t len) { @@ -333,16 +279,6 @@ int mbedtls_test_ssl_message_queue_push_info( return len; } -/* - * Pop information about the next message length from the queue. This will be - * the oldest inserted message length(fifo). \p msg_len can be null, in which - * case the data will be popped from the queue but not copied anywhere. - * - * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null. - * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty. - * \retval message length, if the pop was successful, up to the given - \p buf_len. - */ int mbedtls_test_ssl_message_queue_pop_info( mbedtls_test_ssl_message_queue *queue, size_t buf_len) { @@ -392,27 +328,11 @@ int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -/* - * Setup and teardown functions for mock sockets. - */ void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } -/* - * Closes the socket \p socket. - * - * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * This function frees all allocated resources and both sockets are aware of the - * new connection state. - * - * That is, this function does not simulate half-open TCP connections and the - * phenomenon that when closing a UDP connection the peer is not aware of the - * connection having been closed. - */ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) { if (socket == NULL) { @@ -436,16 +356,6 @@ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket) memset(socket, 0, sizeof(*socket)); } -/* - * Establishes a connection between \p peer1 and \p peer2. - * - * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). - * - * The capacities of the internal buffers are set to \p bufsize. Setting this to - * the correct value allows for simulation of MTU, sanity testing the mock - * implementation and mocking TCP connections with lower memory cost. - */ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, mbedtls_test_mock_socket *peer2, size_t bufsize) @@ -494,10 +404,6 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, return ret; } -/* - * Callbacks for simulating blocking I/O over connection-oriented transport. - */ - int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len) { @@ -521,10 +427,6 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -/* - * Callbacks for simulating non-blocking I/O over connection-oriented transport. - */ - int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len) { @@ -563,15 +465,6 @@ void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) ctx->socket = NULL; } -/* - * Setup a given message socket context including initialization of - * input/output queues to a chosen capacity of messages. Also set the - * corresponding mock socket. - * - * \retval 0, if everything succeeds. - * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message - * queue failed. - */ int mbedtls_test_message_socket_setup( mbedtls_test_ssl_message_queue *queue_input, mbedtls_test_ssl_message_queue *queue_output, @@ -591,10 +484,6 @@ int mbedtls_test_message_socket_setup( return 0; } -/* - * Close a given message socket context, along with the socket itself. Free the - * memory allocated by the input queue. - */ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { @@ -606,19 +495,6 @@ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) memset(ctx, 0, sizeof(*ctx)); } -/* - * Send one message through a given message socket context. - * - * \retval \p len, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if - * mbedtls_test_mock_tcp_send_b failed. - * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full. - * - * This function will also return any error from - * mbedtls_test_ssl_message_queue_push_info. - */ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len) { @@ -646,20 +522,6 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, return mbedtls_test_ssl_message_queue_push_info(queue, len); } -/* - * Receive one message from a given message socket context and return message - * length or an error. - * - * \retval message length, if everything succeeds. - * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context - * elements or the context itself is null. - * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if - * mbedtls_test_mock_tcp_recv_b failed. - * - * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. - */ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len) { @@ -743,12 +605,6 @@ void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) } } -/* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, int opaque_alg, int opaque_alg2, @@ -879,21 +735,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, return ret; } -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. - * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, mbedtls_test_handshake_test_options *options, @@ -1000,9 +841,6 @@ int mbedtls_test_ssl_endpoint_init( return ret; } -/* - * Deinitializes endpoint represented by \p ep. - */ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) @@ -1019,13 +857,6 @@ void mbedtls_test_ssl_endpoint_free( } } -/* - * This function moves ssl handshake from \p ssl to prescribed \p state. - * /p second_ssl is used as second endpoint and their sockets have to be - * connected before calling this function. - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, mbedtls_ssl_context *second_ssl, int state) @@ -1067,8 +898,9 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, /* * Write application data. Increase write counter if necessary. */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *written, +int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *written, const int expected_fragments) { /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is @@ -1112,9 +944,10 @@ int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, * Read application data and increase read counter and fragments counter * if necessary. */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, - int buf_len, int *read, - int *fragments, const int expected_fragments) +int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, + unsigned char *buf, int buf_len, + int *read, int *fragments, + const int expected_fragments) { /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ @@ -1148,22 +981,6 @@ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, return -1; } -/* - * Helper function setting up inverse record transformations - * using given cipher, hash, EtM mode, authentication tag length, - * and version. - */ - -#define CHK(x) \ - do \ - { \ - if (!(x)) \ - { \ - ret = -1; \ - goto cleanup; \ - } \ - } while (0) - void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, int *forced_ciphersuite) { @@ -1611,10 +1428,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, return ret; } -/* - * Populate a session structure for serialization tests. - * Choose dummy values, mostly non-0 to distinguish from the init default. - */ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) @@ -1756,28 +1569,6 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -/* - * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the - * message was sent in the correct number of fragments. - * - * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both - * of them must be initialized and connected - * beforehand. - * /p msg_len_1 and /p msg_len_2 specify the size of the message to send. - * /p expected_fragments_1 and /p expected_fragments_2 determine in how many - * fragments the message should be sent. - * expected_fragments is 0: can be used for DTLS testing while the message - * size is larger than MFL. In that case the message - * cannot be fragmented and sent to the second - * endpoint. - * This value can be used for negative tests. - * expected_fragments is 1: can be used for TLS/DTLS testing while the - * message size is below MFL - * expected_fragments > 1: can be used for TLS testing while the message - * size is larger than MFL - * - * \retval 0 on success, otherwise error code. - */ int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, int msg_len_1, const int expected_fragments_1, mbedtls_ssl_context *ssl_2, @@ -2326,17 +2117,6 @@ void mbedtls_test_ssl_perform_handshake( #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) -/* - * Tweak vector lengths in a TLS 1.3 Certificate message - * - * \param[in] buf Buffer containing the Certificate message to tweak - * \param[in]]out] end End of the buffer to parse - * \param tweak Tweak identifier (from 1 to the number of tweaks). - * \param[out] expected_result Error code expected from the parsing function - * \param[out] args Arguments of the MBEDTLS_SSL_CHK_BUF_READ_PTR call that - * is expected to fail. All zeroes if no - * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. - */ int tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) From cb086c9b4e99f55de7ccd60dc0896b0e495a5240 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 28 Oct 2022 11:49:33 +0800 Subject: [PATCH 321/553] Fix build errors in CMake tests/src/ssl_helpers.c depends on functions defined in library/*.c. If it's complied as an OBJECT with other c files, cmake complains undefined reference in link stage under programs/. Therefore, tests/src/test_helpers/ is created to hold c files with dependency of library/*.c. Besides, tests/src/test_helper/*.c is separated into another OBJECT, mbedtls_test_helpers, as sources to build all test suite executables. In addition, everest header directory is included in case MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is enabled. Signed-off-by: Yanray Wang --- src/{ => test_helpers}/ssl_helpers.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/{ => test_helpers}/ssl_helpers.c (100%) diff --git a/src/ssl_helpers.c b/src/test_helpers/ssl_helpers.c similarity index 100% rename from src/ssl_helpers.c rename to src/test_helpers/ssl_helpers.c From 430bd7209bda3d07789d96775b1a999fd351c1f1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 28 Oct 2022 18:12:01 +0800 Subject: [PATCH 322/553] Fix build error in CI about test_fail_if_psa_leaking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit During test of component build_arm_linux_gnueabi_gcc_arm5vte and build_arm_none_eabi_gcc_m0plus. It fails with - error: implicit declaration of function ‘test_fail_if_psa_leaking’ It happens because test_fail_if_psa_leaking is defined in helpers.function. This block of code is not converted into C code while compiling ssl_helpers.c. The function has been moved to psa_crypto_helpers.c in order to fix this build error. Signed-off-by: Yanray Wang --- include/test/psa_crypto_helpers.h | 22 +++++++++++++++------- src/psa_crypto_helpers.c | 11 +++++++++++ 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 19a0483cc8..ac6eb2083a 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -104,11 +104,11 @@ const char *mbedtls_test_helper_is_psa_leaking(void); * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )` * but with a more informative message. */ -#define ASSERT_PSA_PRISTINE() \ +#define ASSERT_PSA_PRISTINE() \ do \ { \ - if (test_fail_if_psa_leaking(__LINE__, __FILE__)) \ - goto exit; \ + if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \ + goto exit; \ } \ while (0) @@ -122,12 +122,12 @@ const char *mbedtls_test_helper_is_psa_leaking(void); * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before * creating them. */ -#define PSA_DONE() \ +#define PSA_DONE() \ do \ { \ - test_fail_if_psa_leaking(__LINE__, __FILE__); \ - mbedtls_test_psa_purge_key_storage(); \ - mbedtls_psa_crypto_free(); \ + mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ + mbedtls_test_psa_purge_key_storage(); \ + mbedtls_psa_crypto_free(); \ } \ while (0) @@ -193,6 +193,14 @@ psa_status_t mbedtls_test_record_status(psa_status_t status, */ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags); +/** Check that no PSA Crypto key slots are in use. + * + * If any slots are in use, mark the current test as failed. + * + * \return 0 if the key store is empty, 1 otherwise. + */ +int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); + /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or * alternative implementation. diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 06274d388c..77c2f89764 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -138,4 +138,15 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) return updated_usage; } +int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) +{ + const char *msg = mbedtls_test_helper_is_psa_leaking(); + if (msg == NULL) { + return 0; + } else { + mbedtls_test_fail(msg, line_no, filename); + return 1; + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 9a0d14289e326ffb45f4eaf374435150d1e93fb0 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 3 Nov 2022 11:51:59 +0800 Subject: [PATCH 323/553] Fix issue of conversion from size_t to int ssl_helpers.c is treated with W3 warning level in MSVC complier. So that it's reported as error for warning of conversion from size_t to int. This change fixes all this type of warning seen in Microsoft Visual Studio 12.0. Besides, some potential problems of type conversion are also handled. Signed-off-by: Yanray Wang --- src/test_helpers/ssl_helpers.c | 39 +++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 8dcb6d2783..776755ccbc 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -196,7 +196,7 @@ int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf, } buf->content_length += input_len; - return input_len; + return (input_len > INT_MAX) ? INT_MAX : (int) input_len; } int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, @@ -230,7 +230,7 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, buf->content_length -= output_len; buf->start = (buf->start + output_len) % buf->capacity; - return output_len; + return (output_len > INT_MAX) ? INT_MAX : (int) output_len; } int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, @@ -241,7 +241,7 @@ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - queue->capacity = capacity; + queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity; queue->pos = 0; queue->num = 0; @@ -276,7 +276,7 @@ int mbedtls_test_ssl_message_queue_push_info( place = (queue->pos + queue->num) % queue->capacity; queue->messages[place] = len; queue->num++; - return len; + return (len > INT_MAX) ? INT_MAX : (int) len; } int mbedtls_test_ssl_message_queue_pop_info( @@ -299,7 +299,8 @@ int mbedtls_test_ssl_message_queue_pop_info( queue->pos += queue->capacity; } - return (message_length > buf_len) ? buf_len : message_length; + return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX : + (message_length > buf_len) ? (int) buf_len : (int) message_length; } /* @@ -569,7 +570,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, } mbedtls_test_ssl_message_queue_pop_info(queue, buf_len); - return msg_len; + return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -1151,13 +1152,21 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, #endif /* MBEDTLS_CIPHER_MODE_CBC */ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - keylen << 3, MBEDTLS_ENCRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_ENCRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - keylen << 3, MBEDTLS_DECRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_DECRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - keylen << 3, MBEDTLS_ENCRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_ENCRYPT) + == 0); CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - keylen << 3, MBEDTLS_DECRYPT) == 0); + (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, + MBEDTLS_DECRYPT) + == 0); #endif /* Setup MAC contexts */ @@ -1344,12 +1353,12 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Add CID */ memcpy(&t_in->in_cid, cid0, cid0_len); memcpy(&t_in->out_cid, cid1, cid1_len); - t_in->in_cid_len = cid0_len; - t_in->out_cid_len = cid1_len; + t_in->in_cid_len = (uint8_t) cid0_len; + t_in->out_cid_len = (uint8_t) cid1_len; memcpy(&t_out->in_cid, cid1, cid1_len); memcpy(&t_out->out_cid, cid0, cid0_len); - t_out->in_cid_len = cid1_len; - t_out->out_cid_len = cid0_len; + t_out->in_cid_len = (uint8_t) cid1_len; + t_out->out_cid_len = (uint8_t) cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -2169,7 +2178,7 @@ int tweak_tls13_certificate_msg_vector_len( /* Invalid certificate request context length. */ *p_certificate_request_context_len = - certificate_request_context_len + 1; + (unsigned char) certificate_request_context_len + 1; reset_chk_buf_ptr_args(args); break; From 1f52451a13b4334bdc5dbd02a31dd002226c2fae Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Feb 2023 11:01:29 +0800 Subject: [PATCH 324/553] Move ECJPAKE_TEST_SET_PASSWORD into ssl_helpers.h Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index fecfad9060..eb89d19564 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -523,6 +523,22 @@ int tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ + +#define ECJPAKE_TEST_PWD "bla" + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ + ret = (use_opaque_arg) ? \ + mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ + mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ + TEST_EQUAL(ret, exp_ret_val) +#else +#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ + ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ + pwd_string, pwd_len); \ + TEST_EQUAL(ret, exp_ret_val) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #endif /* MBEDTLS_SSL_TLS_C */ #endif /* SSL_HELPERS_H */ From d9dbdb58bcfa3db921fed2b12f38be4e68fcdebe Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Feb 2023 11:04:38 +0800 Subject: [PATCH 325/553] Move TEST_AVAILABLE_ECC into ssl_helpers.h Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index eb89d19564..9d88ad1152 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -539,6 +539,25 @@ int tweak_tls13_certificate_msg_vector_len( TEST_EQUAL(ret, exp_ret_val) #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ + TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ + group_id_); \ + TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ + tls_id_); \ + TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ + &psa_family, &psa_bits), PSA_SUCCESS); \ + TEST_EQUAL(psa_family_, psa_family); \ + TEST_EQUAL(psa_bits_, psa_bits); + +#define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ + TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ + MBEDTLS_ECP_DP_NONE); \ + TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ + 0); \ + TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ + &psa_family, &psa_bits), \ + PSA_ERROR_NOT_SUPPORTED); + #endif /* MBEDTLS_SSL_TLS_C */ #endif /* SSL_HELPERS_H */ From fb5b3275f885a09ccd0b752c579ae46d55aadbe7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Feb 2023 11:07:56 +0800 Subject: [PATCH 326/553] Move #define Directive into ssl_helpers.h Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 9d88ad1152..cb6fd2efdd 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -44,6 +44,24 @@ #include "mbedtls/ssl_cache.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +#endif +enum { +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ + tls13_label_ ## name, + MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL +}; + typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; size_t counter; From eecfbed990be2c6f08c49d1840c5ccd2b9e4799e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Feb 2023 17:56:51 +0800 Subject: [PATCH 327/553] ssl_helpers.c: fix review comments and improve code readability Signed-off-by: Yanray Wang --- src/test_helpers/ssl_helpers.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 776755ccbc..d18114b14d 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -428,8 +428,8 @@ int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, - size_t len) +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -496,8 +496,8 @@ void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) memset(ctx, 0, sizeof(*ctx)); } -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, - size_t len) +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; @@ -523,8 +523,8 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, return mbedtls_test_ssl_message_queue_push_info(queue, len); } -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, - size_t buf_len) +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len) { mbedtls_test_ssl_message_queue *queue; mbedtls_test_mock_socket *socket; From bbe20483093df63c754c3e2a68cb1fec4ace7572 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Mar 2023 16:07:30 +0100 Subject: [PATCH 328/553] libtestdriver: add EC support when only ECJPAKE is accelarated Signed-off-by: Valerio Setti --- include/test/drivers/crypto_config_test_driver_extension.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 26c432cdea..5b1a15ac7f 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -253,6 +253,7 @@ #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) +#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 @@ -268,6 +269,7 @@ #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 #endif #endif +#endif #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 From 2627b5b2f3295c82f51cbc923b9cfc30ab9e37c9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Mar 2023 19:22:36 +0800 Subject: [PATCH 329/553] ssl_helpers.c: improve code readability Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 16 ++++++++-------- src/test_helpers/ssl_helpers.c | 14 ++++++-------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index cb6fd2efdd..b38c58aee1 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -317,16 +317,16 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, /* * Callbacks for simulating blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, - size_t len); +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len); int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len); /* * Callbacks for simulating non-blocking I/O over connection-oriented transport. */ -int mbedtls_test_mock_tcp_send_nb(void *ctx, const unsigned char *buf, - size_t len); +int mbedtls_test_mock_tcp_send_nb(void *ctx, + const unsigned char *buf, size_t len); int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len); @@ -368,8 +368,8 @@ void mbedtls_test_message_socket_close( * This function will also return any error from * mbedtls_test_ssl_message_queue_push_info. */ -int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, - size_t len); +int mbedtls_test_mock_tcp_send_msg(void *ctx, + const unsigned char *buf, size_t len); /* * Receive one message from a given message socket context and return message @@ -385,8 +385,8 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, const unsigned char *buf, * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from * mbedtls_test_message_queue_peek_info. */ -int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, - size_t buf_len); +int mbedtls_test_mock_tcp_recv_msg(void *ctx, + unsigned char *buf, size_t buf_len); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d18114b14d..d248e29359 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -405,8 +405,8 @@ int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1, return ret; } -int mbedtls_test_mock_tcp_send_b(void *ctx, const unsigned char *buf, - size_t len) +int mbedtls_test_mock_tcp_send_b(void *ctx, + const unsigned char *buf, size_t len) { mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx; @@ -561,8 +561,8 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Drop the remaining part of the message */ - if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) - != (int) drop_len) { + if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) != + (int) drop_len) { /* Inconsistent state - part of the message was read, * and a part couldn't. Not much we can do here, but it should not * happen in test environment, unless forced manually. */ @@ -2106,11 +2106,9 @@ void mbedtls_test_ssl_perform_handshake( exit: mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? - &client_context : NULL); + options->dtls != 0 ? &client_context : NULL); mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? - &server_context : NULL); + options->dtls != 0 ? &server_context : NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); From a031bfbe021fd74b8a00efcab8610683e6784401 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 Mar 2023 19:38:32 +0100 Subject: [PATCH 330/553] crypto_config_test_driver_extension: small reshape of guard symbols Signed-off-by: Valerio Setti --- .../test/drivers/crypto_config_test_driver_extension.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 5b1a15ac7f..ff2abfb372 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -251,9 +251,9 @@ #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 #define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 @@ -268,8 +268,6 @@ #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 #define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 #endif -#endif -#endif #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 From 1c72f1dbb8109645971a2746bfba31a8c0884a86 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Mar 2023 11:47:39 +0800 Subject: [PATCH 331/553] ssl_helpers.c: unify code format between source file and header file Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 3 ++- src/test_helpers/ssl_helpers.c | 13 ++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index b38c58aee1..281d1f55a9 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -345,7 +345,8 @@ void mbedtls_test_message_socket_init( int mbedtls_test_message_socket_setup( mbedtls_test_ssl_message_queue *queue_input, mbedtls_test_ssl_message_queue *queue_output, - size_t queue_capacity, mbedtls_test_mock_socket *socket, + size_t queue_capacity, + mbedtls_test_mock_socket *socket, mbedtls_test_message_socket_context *ctx); /* diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d248e29359..a698f379b7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -233,8 +233,8 @@ int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf, return (output_len > INT_MAX) ? INT_MAX : (int) output_len; } -int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, - size_t capacity) +int mbedtls_test_ssl_message_queue_setup( + mbedtls_test_ssl_message_queue *queue, size_t capacity) { queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t)); if (NULL == queue->messages) { @@ -248,7 +248,8 @@ int mbedtls_test_ssl_message_queue_setup(mbedtls_test_ssl_message_queue *queue, return 0; } -void mbedtls_test_ssl_message_queue_free(mbedtls_test_ssl_message_queue *queue) +void mbedtls_test_ssl_message_queue_free( + mbedtls_test_ssl_message_queue *queue) { if (queue == NULL) { return; @@ -459,7 +460,8 @@ int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len) return mbedtls_test_ssl_buffer_get(socket->input, buf, len); } -void mbedtls_test_message_socket_init(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_init( + mbedtls_test_message_socket_context *ctx) { ctx->queue_input = NULL; ctx->queue_output = NULL; @@ -485,7 +487,8 @@ int mbedtls_test_message_socket_setup( return 0; } -void mbedtls_test_message_socket_close(mbedtls_test_message_socket_context *ctx) +void mbedtls_test_message_socket_close( + mbedtls_test_message_socket_context *ctx) { if (ctx == NULL) { return; From 80b7389d8742258d89dceed08992ee9d271ff3e1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 15 Mar 2023 16:39:05 +0800 Subject: [PATCH 332/553] ssl_helpers.c: move #define Directive to header file Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 9 +++++++++ src/test_helpers/ssl_helpers.c | 11 ----------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 281d1f55a9..2c6bf790a2 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -101,6 +101,9 @@ typedef struct mbedtls_test_handshake_test_options { #endif } mbedtls_test_handshake_test_options; +/* + * Buffer structure for custom I/O callbacks. + */ typedef struct mbedtls_test_ssl_buffer { size_t start; size_t content_length; @@ -460,6 +463,12 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, } \ } while (0) +#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX +#else +#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX +#endif + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index a698f379b7..b82a72c6cb 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -124,10 +124,6 @@ static void reset_chk_buf_ptr_args(mbedtls_ssl_chk_buf_ptr_args *args) } #endif /* MBEDTLS_TEST_HOOKS */ -/* - * Buffer structure for custom I/O callbacks. - */ - void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf) { memset(buf, 0, sizeof(*buf)); @@ -1023,12 +1019,6 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, return 0; } -#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX -#else -#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, @@ -1736,7 +1726,6 @@ static int check_ssl_version( } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options) From e3c707e2a2351f84e2db69a8c362d38c1ecf2801 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Mar 2023 12:04:49 +0800 Subject: [PATCH 333/553] ssl_helpers.c: move some internal functions to static Signed-off-by: Yanray Wang --- src/test_helpers/ssl_helpers.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index b82a72c6cb..abbe9579c8 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -981,8 +981,9 @@ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, return -1; } -void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, + int *forced_ciphersuite) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); @@ -1007,9 +1008,13 @@ void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, exit: return; } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_SSL_SRV_C) +static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) { (void) p_info; (void) ssl; @@ -1018,6 +1023,9 @@ int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, return 0; } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && + MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) @@ -1680,12 +1688,18 @@ int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, * * \retval 0 on success, otherwise error code. */ -int exchange_data(mbedtls_ssl_context *ssl_1, - mbedtls_ssl_context *ssl_2) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + (defined(MBEDTLS_SSL_RENEGOTIATION) || \ + defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)) +static int exchange_data(mbedtls_ssl_context *ssl_1, + mbedtls_ssl_context *ssl_2) { return mbedtls_exchange_data(ssl_1, 256, 1, ssl_2, 256, 1); } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && + (MBEDTLS_SSL_RENEGOTIATION || + MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int check_ssl_version( From 341947a7044322c8ac95898ba7988d0c48e93b4e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 15 Mar 2023 16:05:14 +0800 Subject: [PATCH 334/553] ssl_helpers.c: change prefix and move *certificate_free to static Signed-off-by: Yanray Wang --- src/test_helpers/ssl_helpers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index abbe9579c8..a55df1bccf 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -577,7 +577,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, /* * Deinitializes certificates from endpoint represented by \p ep. */ -void mbedtls_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) +static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) { mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); if (cert != NULL) { @@ -729,7 +729,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, exit: if (ret != 0) { - mbedtls_endpoint_certificate_free(ep); + test_ssl_endpoint_certificate_free(ep); } return ret; @@ -845,7 +845,7 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { - mbedtls_endpoint_certificate_free(ep); + test_ssl_endpoint_certificate_free(ep); mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); From 509c8772d7a6e255740d94413915b2e06879c4d1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Mar 2023 14:57:54 +0800 Subject: [PATCH 335/553] ssl_helpers.c: change prefix and move *queue_peek_info to static Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 3 +-- src/test_helpers/ssl_helpers.c | 7 ++++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 2c6bf790a2..15ad98a353 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -386,8 +386,7 @@ int mbedtls_test_mock_tcp_send_msg(void *ctx, * mbedtls_test_mock_tcp_recv_b failed. * * This function will also return any error other than - * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from - * mbedtls_test_message_queue_peek_info. + * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info. */ int mbedtls_test_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len); diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index a55df1bccf..eb671cf4b0 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -312,8 +312,9 @@ int mbedtls_test_ssl_message_queue_pop_info( * set to the full message length so that the * caller knows what portion of the message can be dropped. */ -int mbedtls_test_message_queue_peek_info(mbedtls_test_ssl_message_queue *queue, - size_t buf_len, size_t *msg_len) +static int test_ssl_message_queue_peek_info( + mbedtls_test_ssl_message_queue *queue, + size_t buf_len, size_t *msg_len) { if (queue == NULL || msg_len == NULL) { return MBEDTLS_TEST_ERROR_ARG_NULL; @@ -543,7 +544,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, /* Peek first, so that in case of a socket error the data remains in * the queue. */ - ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len); + ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len); if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) { /* Calculate how much to drop */ drop_len = msg_len - buf_len; From 47667c80f7ca0082482fe4b571e1d96313241d16 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 15 Mar 2023 16:02:29 +0800 Subject: [PATCH 336/553] ssl_helpers.c: add mbedtls_test prefix for mbedtls_mock_socket_init Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 6 +++--- src/test_helpers/ssl_helpers.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 15ad98a353..ac76116e1a 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -285,13 +285,13 @@ int mbedtls_test_ssl_message_queue_pop_info( /* * Setup and teardown functions for mock sockets. */ -void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket); +void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket); /* * Closes the socket \p socket. * * \p socket must have been previously initialized by calling - * mbedtls_mock_socket_init(). + * mbedtls_test_mock_socket_init(). * * This function frees all allocated resources and both sockets are aware of the * new connection state. @@ -306,7 +306,7 @@ void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket); * Establishes a connection between \p peer1 and \p peer2. * * \p peer1 and \p peer2 must have been previously initialized by calling - * mbedtls_mock_socket_init(). + * mbedtls_test_mock_socket_init(). * * The capacities of the internal buffers are set to \p bufsize. Setting this to * the correct value allows for simulation of MTU, sanity testing the mock diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index eb671cf4b0..2472dec46c 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -327,7 +327,7 @@ static int test_ssl_message_queue_peek_info( return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0; } -void mbedtls_mock_socket_init(mbedtls_test_mock_socket *socket) +void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket) { memset(socket, 0, sizeof(*socket)); } @@ -479,7 +479,7 @@ int mbedtls_test_message_socket_setup( ctx->queue_input = queue_input; ctx->queue_output = queue_output; ctx->socket = socket; - mbedtls_mock_socket_init(socket); + mbedtls_test_mock_socket_init(socket); return 0; } @@ -781,7 +781,7 @@ int mbedtls_test_ssl_endpoint_init( 100, &(ep->socket), dtls_context) == 0); } else { - mbedtls_mock_socket_init(&(ep->socket)); + mbedtls_test_mock_socket_init(&(ep->socket)); } /* Non-blocking callbacks without timeout */ From 760335c7a773ed738dcdc784e7c397507138ee16 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Mar 2023 12:15:49 +0800 Subject: [PATCH 337/553] ssl_helpers.c: add mbedtls_test_ssl prefix for *_exchange_data Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 9 +++++---- src/test_helpers/ssl_helpers.c | 32 ++++++++++++++++---------------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index ac76116e1a..b46861b0db 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -524,10 +524,11 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, * * \retval 0 on success, otherwise error code. */ -int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2); +int mbedtls_test_ssl_exchange_data( + mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 2472dec46c..d17d8ac935 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -919,7 +919,7 @@ int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, /* Used for DTLS and the message size larger than MFL. In that case * the message can not be fragmented and the library should return * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned - * to prevent a dead loop inside mbedtls_exchange_data(). */ + * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */ return ret; } else if (expected_fragments == 1) { /* Used for TLS/DTLS and the message size lower than MFL */ @@ -1580,10 +1580,11 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, - int msg_len_1, const int expected_fragments_1, - mbedtls_ssl_context *ssl_2, - int msg_len_2, const int expected_fragments_2) +int mbedtls_test_ssl_exchange_data( + mbedtls_ssl_context *ssl_1, + int msg_len_1, const int expected_fragments_1, + mbedtls_ssl_context *ssl_2, + int msg_len_2, const int expected_fragments_2) { unsigned char *msg_buf_1 = malloc(msg_len_1); unsigned char *msg_buf_2 = malloc(msg_len_2); @@ -1695,8 +1696,8 @@ int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1, static int exchange_data(mbedtls_ssl_context *ssl_1, mbedtls_ssl_context *ssl_2) { - return mbedtls_exchange_data(ssl_1, 256, 1, - ssl_2, 256, 1); + return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1, + ssl_2, 256, 1); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && (MBEDTLS_SSL_RENEGOTIATION || @@ -1969,10 +1970,11 @@ void mbedtls_test_ssl_perform_handshake( if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) + TEST_ASSERT(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments) == 0); } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -2029,12 +2031,10 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_exchange_data( - &(client.ssl), - options->cli_msg_len, + TEST_ASSERT(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, options->expected_cli_fragments, - &(server.ssl), - options->srv_msg_len, + &(server.ssl), options->srv_msg_len, options->expected_srv_fragments) == 0); } From 5e86c9b7ae89320f6c9ff877404e13b0fff77cc5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Mar 2023 12:21:33 +0800 Subject: [PATCH 338/553] ssl_helpers.c: add mbedtls_test prefix for tweak_tls13_certificate* Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 2 +- src/test_helpers/ssl_helpers.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index b46861b0db..b7d9900601 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -547,7 +547,7 @@ void mbedtls_test_ssl_perform_handshake( * is expected to fail. All zeroes if no * MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected. */ -int tweak_tls13_certificate_msg_vector_len( +int mbedtls_test_tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d17d8ac935..52e288d5ff 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -2131,7 +2131,7 @@ void mbedtls_test_ssl_perform_handshake( #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) -int tweak_tls13_certificate_msg_vector_len( +int mbedtls_test_tweak_tls13_certificate_msg_vector_len( unsigned char *buf, unsigned char **end, int tweak, int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args) { From a46d4c597c331db4bec60d2b5c98756103b74ae2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 10:07:51 +0100 Subject: [PATCH 339/553] Fix failures in builds without PSA_CRYPTO_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index ac6eb2083a..f27f88eb6b 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -295,6 +295,7 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); #define PSA_INIT_IF_NO_MD() ((void) 0) #define PSA_DONE_IF_NO_MD() ((void) 0) #endif + /** \def USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO @@ -321,4 +322,9 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); #define USE_PSA_DONE() ((void) 0) #endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ +#if !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_INIT() ((void) 0) +#define PSA_DONE() ((void) 0) +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ From db98a8be9a4071c178da5e97deaeae38b941615d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2023 10:26:46 +0100 Subject: [PATCH 340/553] Clarify real/dummy def of PSA_INIT/DONE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 58 ++++++++++++++++--------------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index f27f88eb6b..38a60b4f15 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -24,15 +24,43 @@ #include "test/helpers.h" #if defined(MBEDTLS_PSA_CRYPTO_C) - #include "test/psa_helpers.h" - #include +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +/** Initialize the PSA Crypto subsystem. */ +#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) + +/** Shut down the PSA Crypto subsystem and destroy persistent keys. + * Expect a clean shutdown, with no slots in use. + * + * If some key slots are still in use, record the test case as failed, + * but continue executing. This macro is suitable (and primarily intended) + * for use in the cleanup section of test functions. + * + * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before + * creating them. + */ +#define PSA_DONE() \ + do \ + { \ + mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ + mbedtls_test_psa_purge_key_storage(); \ + mbedtls_psa_crypto_free(); \ + } \ + while (0) +#else /*MBEDTLS_PSA_CRYPTO_C */ +#define PSA_INIT() ((void) 0) +#define PSA_DONE() ((void) 0) +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#if defined(MBEDTLS_PSA_CRYPTO_C) + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) /* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */ @@ -86,8 +114,6 @@ void mbedtls_test_psa_purge_key_cache(void); #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) - /** Check for things that have not been cleaned up properly in the * PSA subsystem. * @@ -112,25 +138,6 @@ const char *mbedtls_test_helper_is_psa_leaking(void); } \ while (0) -/** Shut down the PSA Crypto subsystem and destroy persistent keys. - * Expect a clean shutdown, with no slots in use. - * - * If some key slots are still in use, record the test case as failed, - * but continue executing. This macro is suitable (and primarily intended) - * for use in the cleanup section of test functions. - * - * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before - * creating them. - */ -#define PSA_DONE() \ - do \ - { \ - mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ - mbedtls_test_psa_purge_key_storage(); \ - mbedtls_psa_crypto_free(); \ - } \ - while (0) - /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. * @@ -322,9 +329,4 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); #define USE_PSA_DONE() ((void) 0) #endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#define PSA_INIT() ((void) 0) -#define PSA_DONE() ((void) 0) -#endif /* MBEDTLS_PSA_CRYPTO_C */ - #endif /* PSA_CRYPTO_HELPERS_H */ From d8e6474f438222204acde26c59b6485f369be72e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2023 23:37:18 +0100 Subject: [PATCH 341/553] Make MD_PSA_INIT/DONE available to all suites MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 38a60b4f15..860e071c0d 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -32,6 +32,18 @@ #include "mbedtls/psa_util.h" #endif +#if defined(MBEDTLS_MD_LIGHT) +#include "mbedtls/md.h" +#endif + +#if defined(MBEDTLS_MD_SOME_PSA) +#define MD_PSA_INIT() PSA_INIT() +#define MD_PSA_DONE() PSA_DONE() +#else /* MBEDTLS_MD_SOME_PSA */ +#define MD_PSA_INIT() ((void) 0) +#define MD_PSA_DONE() ((void) 0) +#endif /* MBEDTLS_MD_SOME_PSA */ + #if defined(MBEDTLS_PSA_CRYPTO_C) /** Initialize the PSA Crypto subsystem. */ #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) From 970ba8fc17747966ac1db2ae47c6ab60cc52736d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 17 Mar 2023 11:59:12 +0100 Subject: [PATCH 342/553] PK: fix test failures MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 77 ++++++++++++++++++++++--------- 1 file changed, 55 insertions(+), 22 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 860e071c0d..ed64ed0edd 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -36,14 +36,6 @@ #include "mbedtls/md.h" #endif -#if defined(MBEDTLS_MD_SOME_PSA) -#define MD_PSA_INIT() PSA_INIT() -#define MD_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_MD_SOME_PSA */ -#define MD_PSA_INIT() ((void) 0) -#define MD_PSA_DONE() ((void) 0) -#endif /* MBEDTLS_MD_SOME_PSA */ - #if defined(MBEDTLS_PSA_CRYPTO_C) /** Initialize the PSA Crypto subsystem. */ #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) @@ -304,31 +296,24 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); } \ while (0) -#if !defined(MBEDTLS_MD_C) -#define PSA_INIT_IF_NO_MD() PSA_INIT() -#define PSA_DONE_IF_NO_MD() PSA_DONE() -#endif #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_MD_C) -#define PSA_INIT_IF_NO_MD() ((void) 0) -#define PSA_DONE_IF_NO_MD() ((void) 0) -#endif - /** \def USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the * TLS 1.3 one uses PSA independently of the definition of - * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. If the - * initialization fails, mark the test case as failed and jump to the \p exit - * label. + * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. */ /** \def USE_PSA_DONE * * Call this macro at the end of a test case if you called #USE_PSA_INIT. - * This is like #PSA_DONE, except that it does nothing if - * #MBEDTLS_USE_PSA_CRYPTO is disabled. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #USE_PSA_INIT. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USE_PSA_INIT() PSA_INIT() @@ -341,4 +326,52 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); #define USE_PSA_DONE() ((void) 0) #endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ +/** \def MD_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if MD uses a driver, + * and do nothing otherwise. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def MD_PSA_DONE + * + * Call this macro at the end of a test case if you called #MD_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #MD_PSA_INIT. + */ +#if defined(MBEDTLS_MD_SOME_PSA) +#define MD_PSA_INIT() PSA_INIT() +#define MD_PSA_DONE() PSA_DONE() +#else /* MBEDTLS_MD_SOME_PSA */ +#define MD_PSA_INIT() ((void) 0) +#define MD_PSA_DONE() ((void) 0) +#endif /* MBEDTLS_MD_SOME_PSA */ + +/** \def MD_OR_USE_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if MD uses a driver, + * of if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, + * and do nothing otherwise. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def MD_OR_USE_PSA_DONE + * + * Call this macro at the end of a test case if you called #MD_OR_USE_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #MD_OR_USE_PSA_INIT. + */ +#if defined(MBEDTLS_MD_SOME_PSA) || \ + defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MD_OR_USE_PSA_INIT() PSA_INIT() +#define MD_OR_USE_PSA_DONE() PSA_DONE() +#else +#define MD_OR_USE_PSA_INIT() ((void) 0) +#define MD_OR_USE_PSA_DONE() ((void) 0) +#endif + #endif /* PSA_CRYPTO_HELPERS_H */ From 52b0c9f33b4e4335c24bd0f157644017beb9f328 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 17 Mar 2023 12:50:01 +0100 Subject: [PATCH 343/553] SSL: use MD_CAN macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- src/certs.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/src/certs.c b/src/certs.c index bd5c49e646..9e67a049ae 100644 --- a/src/certs.c +++ b/src/certs.c @@ -1569,13 +1569,13 @@ const size_t mbedtls_test_cli_crt_ec_len = * Dispatch between SHA-1 and SHA-256 */ -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) #define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 #define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 #else #define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 #define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA256 */ const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; @@ -1674,10 +1674,10 @@ const size_t mbedtls_test_cli_crt_len = /* List of CAs in PEM or DER, depending on config */ const char *mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA1) mbedtls_test_ca_crt_rsa_sha1, #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) mbedtls_test_ca_crt_rsa_sha256, #endif #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -1686,10 +1686,10 @@ const char *mbedtls_test_cas[] = { NULL }; const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA1) sizeof(mbedtls_test_ca_crt_rsa_sha1), #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) sizeof(mbedtls_test_ca_crt_rsa_sha256), #endif #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -1701,12 +1701,12 @@ const size_t mbedtls_test_cas_len[] = { /* List of all available CA certificates in DER format */ const unsigned char *mbedtls_test_cas_der[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#endif /* MBEDTLS_MD_CAN_SHA256 */ +#if defined(MBEDTLS_MD_CAN_SHA1) mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) mbedtls_test_ca_crt_ec_der, @@ -1716,12 +1716,12 @@ const unsigned char *mbedtls_test_cas_der[] = { const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) sizeof(mbedtls_test_ca_crt_rsa_sha256_der), -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#endif /* MBEDTLS_MD_CAN_SHA256 */ +#if defined(MBEDTLS_MD_CAN_SHA1) sizeof(mbedtls_test_ca_crt_rsa_sha1_der), -#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) sizeof(mbedtls_test_ca_crt_ec_der), @@ -1733,12 +1733,12 @@ const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_PEM_PARSE_C) const char mbedtls_test_cas_pem[] = #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) TEST_CA_CRT_RSA_SHA256_PEM -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#endif /* MBEDTLS_MD_CAN_SHA256 */ +#if defined(MBEDTLS_MD_CAN_SHA1) TEST_CA_CRT_RSA_SHA1_PEM -#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) TEST_CA_CRT_EC_PEM From 6fc079a8c993dc16a983b281af67812f08a3bbcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 17 Mar 2023 13:34:11 +0100 Subject: [PATCH 344/553] SSL: fix test failures MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE. 2. Add missing occurrences - some of these were already necessary in principle (in one form or another) but where missing and this was not detected so far as `psa_hash` doesn't complain in case of a missing init, but now MD makes it visible. 3. Add missing include in ssl_test_lib.h. Signed-off-by: Manuel Pégourié-Gonnard --- src/test_helpers/ssl_helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d248e29359..b130eddba6 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1757,7 +1757,7 @@ void mbedtls_test_ssl_perform_handshake( #endif int expected_handshake_result = options->expected_handshake_result; - USE_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); mbedtls_test_ssl_message_queue server_queue, client_queue; @@ -2119,7 +2119,7 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_free(context_buf); } #endif - USE_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ From d15f66f4263141cc4c5116a3a96feb017a1b2d39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 17 Mar 2023 14:19:14 +0100 Subject: [PATCH 345/553] Remove legacy_or_psa.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- src/certs.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/certs.c b/src/certs.c index 9e67a049ae..8b6b988a7e 100644 --- a/src/certs.c +++ b/src/certs.c @@ -23,8 +23,6 @@ #include "mbedtls/build_info.h" -#include "mbedtls/legacy_or_psa.h" - #include "mbedtls/pk.h" /* From 43e05f974d259d4208099f503569bf881d03f437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 16:22:59 +0100 Subject: [PATCH 346/553] Fix typos & improve wording in comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index ed64ed0edd..6ff235dbb4 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -352,7 +352,7 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); /** \def MD_OR_USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if MD uses a driver, - * of if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, + * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, * and do nothing otherwise. * * If the initialization fails, mark the test case as failed and jump to the From 2e5abc8974b99c89f11d1ae2ce8747b0c01cde2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 13 Feb 2023 12:29:33 +0100 Subject: [PATCH 347/553] Force SHA-256 for entropy in libtestdriver1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We only enable SHA-256, so let's use that. Previously the entropy module was deciding which hash to use based on MBEDTLS_xxx_C feature macros, and since only SHA256_C was defined in config_test_driver.h, it used that and things worked. However since entropy was changed to use MD light, and MBEDTLS_MD_CAN_xxx feature macros, we had an issue: when building libtestdriver1 with its default config, MBEDTLS_PSA_ACCEL_ALG_SHA_512 is defined even though there's no actual accelerator in the build. (This is done so that PSA_WANT_ALG_SHA_512 can remain defined in order to match the application's config, while not defining MBEDTLS_PSA_BUILTIN_ALG_SHA_512 in order to only include what we need in the build of libtestdriver1.) This will cause MD to dispatch to PSA in order to take advantage of the accelerator, which will then fail because there is no accelerator not builtin for this hash. In the long-term, perhaps it would be best to address the root of the issue: defining MBEDTLS_PSA_ACCEL_ALG_SHA_512 in a build that doesn't actually have a SHA-512 accelerator is a lie. But that would require significant changes in libtestdriver1. So for now, just fix the most obvious symptom (picking a non-supported hash in entropy.h) by forcing the choice of hash to match what's in the libtestdriver1 config. Note: if the copy of entropy module in libtestdriver1 doesn't work, we'll get a failure when calling libtestdriver1_psa_crypto_init(), which we do, from mbedtls_test_transparent_init(), indirectly called by our psa_crypto_init() which will then fail. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/drivers/config_test_driver.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 22518bfc4f..2585fd9f05 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -39,6 +39,7 @@ #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_ENTROPY_FORCE_SHA256 /* * Configuration options that may need to be additionally enabled for the From 862bf51c4b5722cc8457f3500cb41c0e66db532d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 17:24:20 +0100 Subject: [PATCH 348/553] Manually fix two remaining instances of old macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unless I missed something, all remaining instance of all macros are in files where it makes sense to use these. I went over the output of: git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C' and I think all the files listed fall into one of the following acceptable categories: - documentation and historical documents: Changelog, docs/**/*.md - config files and related: mbedtls_config.h, configs/*.h, check_config.h, config_psa.h, etc. - scripts that build/modify configs: all.sh, depends.py, set_psa_test_dependencies.py, etc. - implementation of MD or PSA or related: md.h, psa_util.h, etc. and corresponding test suites - implementation of hashes: md5.c, sha256.h, etc. and corresponding test suites - two example programs using a low-level hash API: hash/hello.c, pkey/ecdsa.c - test/benchmark.c, test/selftest.c: actually want our built-in implementations - a function in test_suite_psa_crypto_storage_format that is specifically for checking if the hash is built in. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_exercise_key.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index eb69fc661e..b5e3d35426 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -34,7 +34,7 @@ */ #if defined(PSA_WANT_ALG_MD5) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of +/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be * implausible anyway. */ From 8c82d4e64655da35e727011284e1562f5502a752 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 16 Jan 2023 16:56:51 +0100 Subject: [PATCH 349/553] psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option The support for the PSA crypto driver interface is not optional anymore as the implementation of the PSA cryptography interface has been restructured around the PSA crypto driver interface (see psa-crypto-implementation-structure.md). There is thus no purpose for the configuration options MBEDTLS_PSA_CRYPTO_DRIVERS anymore. Signed-off-by: Ronald Cron --- src/drivers/hash.c | 4 ++-- src/drivers/test_driver_aead.c | 4 ++-- src/drivers/test_driver_asymmetric_encryption.c | 4 ++-- src/drivers/test_driver_cipher.c | 4 ++-- src/drivers/test_driver_key_agreement.c | 4 ++-- src/drivers/test_driver_key_management.c | 4 ++-- src/drivers/test_driver_mac.c | 4 ++-- src/drivers/test_driver_pake.c | 4 ++-- src/drivers/test_driver_signature.c | 4 ++-- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 7487e84500..8fb1982779 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -19,7 +19,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_hash.h" #include "test/drivers/hash.h" @@ -208,4 +208,4 @@ psa_status_t mbedtls_test_transparent_hash_abort( return mbedtls_test_driver_hash_hooks.driver_status; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 4bf2a86e25..8eb5547f47 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -19,7 +19,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_aead.h" #include "psa_crypto_core.h" @@ -469,4 +469,4 @@ psa_status_t mbedtls_test_transparent_aead_abort( return mbedtls_test_driver_aead_hooks.driver_status; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index 8c5e207adf..cf0e90caef 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -19,7 +19,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/rsa.h" #include "psa_crypto_rsa.h" @@ -160,4 +160,4 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt( return PSA_ERROR_NOT_SUPPORTED; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index f0cb6b262f..42e79c4903 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -20,7 +20,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_cipher.h" #include "psa_crypto_core.h" @@ -433,4 +433,4 @@ psa_status_t mbedtls_test_opaque_cipher_finish( (void) output_length; return PSA_ERROR_NOT_SUPPORTED; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index d1fd891e79..b60c412031 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -19,7 +19,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" @@ -123,4 +123,4 @@ psa_status_t mbedtls_test_opaque_key_agreement( return PSA_ERROR_NOT_SUPPORTED; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 4e340aae6e..a3ff2ddea6 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -20,7 +20,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" @@ -748,4 +748,4 @@ psa_status_t mbedtls_test_opaque_copy_key( return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index ea09cf43f7..96c1685f59 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -19,7 +19,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_mac.h" #include "test/drivers/mac.h" @@ -431,4 +431,4 @@ psa_status_t mbedtls_test_opaque_mac_abort( return mbedtls_test_driver_mac_hooks.driver_status; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 9c72483084..a8cf0d8608 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -19,7 +19,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_pake.h" #include "test/drivers/pake.h" @@ -209,4 +209,4 @@ psa_status_t mbedtls_test_transparent_pake_abort( return mbedtls_test_driver_pake_hooks.driver_status; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 11815b03f3..c312477c8a 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -21,7 +21,7 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" @@ -414,4 +414,4 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( return PSA_ERROR_NOT_SUPPORTED; } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ From b4ccac1838444af5ddf0364600540c091de52c29 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Mar 2023 17:47:42 +0100 Subject: [PATCH 350/553] tests: ssl: Move min/max TLS version setting to endpoint init Move min/max TLS version setting to endpoint init where it fits better: before the call to mbedtls_ssl_setup() and available for all tests not only those calling perform_handshake(). Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 42 ++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index b130eddba6..beccbb55cd 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -804,6 +804,28 @@ int mbedtls_test_ssl_endpoint_init( MBEDTLS_SSL_PRESET_DEFAULT); TEST_ASSERT(ret == 0); + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_min_tls_version(&(ep->conf), + options->client_min_version); + } + + if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_max_tls_version(&(ep->conf), + options->client_max_version); + } + } else { + if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_min_tls_version(&(ep->conf), + options->server_min_version); + } + + if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { + mbedtls_ssl_conf_max_tls_version(&(ep->conf), + options->server_max_version); + } + } + if (group_list != NULL) { mbedtls_ssl_conf_groups(&(ep->conf), group_list); } @@ -1784,16 +1806,6 @@ void mbedtls_test_ssl_perform_handshake( NULL, NULL) == 0); } - if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&client.conf, - options->client_min_version); - } - - if (options->client_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&client.conf, - options->client_max_version); - } - if (strlen(options->cipher) > 0) { set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); } @@ -1827,16 +1839,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); - if (options->server_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_min_tls_version(&server.conf, - options->server_min_version); - } - - if (options->server_max_version != MBEDTLS_SSL_VERSION_UNKNOWN) { - mbedtls_ssl_conf_max_tls_version(&server.conf, - options->server_max_version); - } - #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), (unsigned char) options->mfl) From cc0323c5f98bf05ff64d3880e855468b4a8722e3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Mar 2023 16:48:10 +0100 Subject: [PATCH 351/553] tests: ssl: Extend move to handshake state tests Extend move to handshake state tests to reach most of TLS 1.2 and 1.3 handshake states. Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index b38c58aee1..e7503c7d59 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -50,6 +50,35 @@ psa_generic_status_to_mbedtls) #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_MD_CAN_SHA384) +#define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 +#endif +#if defined(MBEDTLS_MD_CAN_SHA256) +#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 +#endif +#endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) +#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 +#define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 +#endif +#endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) +#define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 +#endif + +#if defined(MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384) || \ + defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256) || \ + defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256) || \ + defined(MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256) || \ + defined(MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256) +#define MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE +#endif + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) From 42488aa6e1ae03907311af6ddc22354930d83854 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Mar 2023 16:18:00 +0100 Subject: [PATCH 352/553] tls: srv: Set hybrid TLS 1.2/1.3 as default configuration Set hybrid TLS 1.2/1.3 as default server configuration if both TLS 1.2 and TLS 1.3 are enabled at build time. Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index beccbb55cd..08956e8800 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -65,7 +65,7 @@ void mbedtls_test_init_handshake_options( opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; - opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; + opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; opts->expected_handshake_result = 0; opts->expected_ciphersuite = 0; opts->pk_alg = MBEDTLS_PK_RSA; From 1aaf1dc86746052ecf774fea5f1c21ad21436df7 Mon Sep 17 00:00:00 2001 From: Mukesh Bharsakle Date: Sat, 8 Apr 2023 15:38:30 +0100 Subject: [PATCH 353/553] updating test-ca.key to use AES instead of DES Signed-off-by: Mukesh Bharsakle --- src/certs.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/src/certs.c b/src/certs.c index 8b6b988a7e..1f48570d7e 100644 --- a/src/certs.c +++ b/src/certs.c @@ -350,33 +350,33 @@ #define TEST_CA_KEY_RSA_PEM \ "-----BEGIN RSA PRIVATE KEY-----\r\n" \ "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \ + "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ "\r\n" \ - "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \ - "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \ - "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \ - "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \ - "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \ - "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \ - "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \ - "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \ - "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \ - "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \ - "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \ - "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \ - "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \ - "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \ - "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \ - "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \ - "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \ - "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \ - "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \ - "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \ - "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \ - "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \ - "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \ - "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \ - "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \ + "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ + "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ + "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ + "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ + "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ + "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ + "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ + "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ + "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ + "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ + "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ + "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ + "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ + "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ + "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ + "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ + "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ + "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ + "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ + "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ + "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ + "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ + "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ + "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ + "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ "-----END RSA PRIVATE KEY-----\r\n" /* END FILE */ From 2e31162c3a0952fdbd52de63980f356d685966f0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 5 Apr 2023 18:21:48 +0200 Subject: [PATCH 354/553] test: fix remaining failures in test due to the ECP_LIGHT symbol Changes in test_suite_psa_crypto are to enforce the dependency on ECP_C which is mandatory for some key's derivation. Signed-off-by: Valerio Setti --- src/psa_exercise_key.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 5f9f767e77..6c3d06f621 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -727,14 +727,14 @@ int mbedtls_test_psa_exported_key_sanity_check( } else #endif /* MBEDTLS_ASN1_PARSE_C */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { /* Just the secret value */ TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_ASN1_PARSE_C) if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) { @@ -766,7 +766,7 @@ int mbedtls_test_psa_exported_key_sanity_check( } else #endif /* MBEDTLS_ASN1_PARSE_C */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { TEST_ASSERT(exported_length <= @@ -793,7 +793,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(exported[0], 4); } } else -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_LIGHT */ { (void) exported; From c7f714a22ddd22563c9eb041dcae79e6bcb7e6fa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 13 Apr 2023 12:19:57 +0200 Subject: [PATCH 355/553] test: remove useless ECP_LIGHT guard in psa_exercise_key Signed-off-by: Valerio Setti --- src/psa_exercise_key.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 6c3d06f621..2656deb437 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -727,14 +727,12 @@ int mbedtls_test_psa_exported_key_sanity_check( } else #endif /* MBEDTLS_ASN1_PARSE_C */ -#if defined(MBEDTLS_ECP_LIGHT) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { /* Just the secret value */ TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits)); TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); } else -#endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_ASN1_PARSE_C) if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) { @@ -766,7 +764,6 @@ int mbedtls_test_psa_exported_key_sanity_check( } else #endif /* MBEDTLS_ASN1_PARSE_C */ -#if defined(MBEDTLS_ECP_LIGHT) if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { TEST_ASSERT(exported_length <= @@ -792,10 +789,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length); TEST_EQUAL(exported[0], 4); } - } else -#endif /* MBEDTLS_ECP_LIGHT */ - - { + } else { (void) exported; TEST_ASSERT(!"Sanity check not implemented for this key type"); } From 097bac5a1897877dde4fb2f20e87a706a622f053 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:09:40 +0100 Subject: [PATCH 356/553] Add sanity check for FFDH key excercise Signed-off-by: Przemek Stekiel --- src/psa_exercise_key.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 2656deb437..dc7c971ff7 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -789,6 +789,9 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length); TEST_EQUAL(exported[0], 4); } + } else + if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { + TEST_LE_U(exported_length, PSA_BITS_TO_BYTES(bits)); } else { (void) exported; TEST_ASSERT(!"Sanity check not implemented for this key type"); From 7b5efa1636c88924e52671d605a9ed4503aa15c7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Dec 2022 14:12:51 +0100 Subject: [PATCH 357/553] test driver: add support for FFDH key agreement Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_key_agreement.c | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index b60c412031..843ebf95b3 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -24,6 +24,7 @@ #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" +#include "psa_crypto_ffdh.h" #include "test/drivers/key_agreement.h" #include "test/drivers/test_driver.h" @@ -93,6 +94,37 @@ psa_status_t mbedtls_test_transparent_key_agreement( (void) shared_secret_size; (void) shared_secret_length; return PSA_ERROR_NOT_SUPPORTED; +#endif + } + if (PSA_ALG_IS_FFDH(alg)) { +#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) + return libtestdriver1_mbedtls_psa_key_agreement_ffdh( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, peer_key, peer_key_length, + shared_secret, shared_secret_size, + shared_secret_length); +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) + return mbedtls_psa_key_agreement_ffdh( + attributes, + peer_key, + peer_key_length, + key_buffer, + key_buffer_size, + shared_secret, + shared_secret_size, + shared_secret_length); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) peer_key; + (void) peer_key_length; + (void) shared_secret; + (void) shared_secret_size; + (void) shared_secret_length; + return PSA_ERROR_NOT_SUPPORTED; #endif } else { return PSA_ERROR_INVALID_ARGUMENT; From b113b46b6133c47057bfcd2c48b9ddafa20d8a30 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 15 Dec 2022 13:28:02 +0100 Subject: [PATCH 358/553] Fix typos, comments, style, optimize macros Signed-off-by: Przemek Stekiel --- src/psa_exercise_key.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index dc7c971ff7..61fc845b5f 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -791,7 +791,10 @@ int mbedtls_test_psa_exported_key_sanity_check( } } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - TEST_LE_U(exported_length, PSA_BITS_TO_BYTES(bits)); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); } else { (void) exported; TEST_ASSERT(!"Sanity check not implemented for this key type"); From b7a087a67650f980a3cafe9e534d9c54a65059ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 4 Dec 2022 13:10:55 +0100 Subject: [PATCH 359/553] Support different types in the parameter store The test framework stores size_t and int32_t values in the parameter store by converting them all to int. This is ok in practice, since we assume int covers int32_t and we don't have test data larger than 2GB. But it's confusing and error-prone. So make the parameter store a union, which allows size_t values not to be potentially truncated and makes the code a little clearer. Signed-off-by: Gilles Peskine --- include/test/arguments.h | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 include/test/arguments.h diff --git a/include/test/arguments.h b/include/test/arguments.h new file mode 100644 index 0000000000..7ff416e519 --- /dev/null +++ b/include/test/arguments.h @@ -0,0 +1,38 @@ +/** + * \file arguments.h + * + * \brief Manipulation of test arguments. + * + * Much of the code is in host_test.function, to be migrated here later. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_ARGUMENTS_H +#define TEST_ARGUMENTS_H + +#include "mbedtls/build_info.h" +#include +#include + +typedef union { + size_t len; + int32_t s32; +} mbedtls_test_argument_t; + +#endif /* TEST_ARGUMENTS_H */ From c51edd5b522b9a073c45950df2e670569bbc1c56 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 4 Dec 2022 15:32:54 +0100 Subject: [PATCH 360/553] Support larger integer test arguments: C part Change the type of signed integer arguments from int32_t to intmax_t. This allows the C code to work with test function arguments with a range larger than int32_t. A subsequent commit will change the .datax generator to support larger types. Signed-off-by: Gilles Peskine --- include/test/arguments.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/arguments.h b/include/test/arguments.h index 7ff416e519..74bbbd5690 100644 --- a/include/test/arguments.h +++ b/include/test/arguments.h @@ -32,7 +32,7 @@ typedef union { size_t len; - int32_t s32; + intmax_t sint; } mbedtls_test_argument_t; #endif /* TEST_ARGUMENTS_H */ From 8ee3d6ab81ab3341bde8f71faf631fcd18b96b53 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 13:04:20 +0200 Subject: [PATCH 361/553] mbedtls_test_psa_exported_key_sanity_check: check for length equality for DH keys Signed-off-by: Przemek Stekiel --- src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 61fc845b5f..5cb2296df4 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -791,7 +791,7 @@ int mbedtls_test_psa_exported_key_sanity_check( } } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - TEST_ASSERT(exported_length <= + TEST_ASSERT(exported_length == PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); TEST_ASSERT(exported_length <= PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); From 135b5b69088a87d0d61be36096d654279ddab603 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Apr 2023 21:01:49 +0200 Subject: [PATCH 362/553] Tests: provide necessary functions for MBEDTLS_PSA_INJECT_ENTROPY The build option MBEDTLS_PSA_INJECT_ENTROPY requires some extra platform functions, for historical reasons. To enable us to test this option, provide a version of these functions for testing. (These versions would actually work in production, but providing them in the library in a way that doesn't break existing users might be slightly tricky, so it's out of scope of this commit.) Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 19 +++++++++++++++++++ src/psa_crypto_helpers.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 6ff235dbb4..d50bc681ea 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -212,6 +212,25 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags) */ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); + + +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) +/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform + * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO + * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions + * is to read and write from the entropy seed file, which is located + * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID. + * (These could have been provided as library functions, but for historical + * reasons, they weren't, and so each integrator has to provide a copy + * of these functions.) + * + * Provide implementations of these functions for testing. */ +int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); +int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); +#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ + + + /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or * alternative implementation. diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 77c2f89764..7861185ee8 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -149,4 +149,35 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) } } +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) + +#include +#include + +int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len) +{ + size_t actual_len = 0; + psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID, + 0, len, buf, &actual_len); + if (status != 0) { + return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + } + if (actual_len != len) { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } + return 0; +} + +int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len) +{ + psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, + len, buf, 0); + if (status != 0) { + return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + } + return 0; +} + +#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 7be9f02116f1cff770ba3d9ea4476b8510c38f66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Apr 2023 23:39:45 +0200 Subject: [PATCH 363/553] MBEDTLS_PSA_INJECT_ENTROPY: Make sure the seed file exist when running tests The seed file must exist before running tests. Because the location is somewhat platform- and configuration-dependent, and to be friendly to developers who run test suites individually and aren't familiar with this feature, rely on the test framework code rather than on test scripts to create the seed file. Signed-off-by: Gilles Peskine --- include/test/psa_crypto_helpers.h | 16 ++++++++++++++++ src/helpers.c | 18 ++++++++++++++++++ src/psa_crypto_helpers.c | 14 ++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index d50bc681ea..15ffffbbfb 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -227,6 +227,22 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename); * Provide implementations of these functions for testing. */ int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); + + +/** Make sure that the injected entropy is present. + * + * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init() + * will fail if the PSA entropy seed is not present. + * This function must be called at least once in a test suite or other + * program before any call to psa_crypto_init(). + * It does not need to be called in each test case. + * + * The test framework calls this function before running any test case. + * + * The few tests that might remove the entropy file must call this function + * in their cleanup. + */ +int mbedtls_test_inject_entropy_restore(void); #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ diff --git a/src/helpers.c b/src/helpers.c index 30fd362c01..7cac6e0a05 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -20,6 +20,11 @@ #include #include +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) +#include +#include +#endif + /*----------------------------------------------------------------------------*/ /* Static global variables */ @@ -35,9 +40,22 @@ mbedtls_test_info_t mbedtls_test_info; int mbedtls_test_platform_setup(void) { int ret = 0; + +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) + /* Make sure that injected entropy is present. Otherwise + * psa_crypto_init() will fail. This is not necessary for test suites + * that don't use PSA, but it's harmless (except for leaving a file + * behind). */ + ret = mbedtls_test_inject_entropy_restore(); + if (ret != 0) { + return ret; + } +#endif + #if defined(MBEDTLS_PLATFORM_C) ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ + return ret; } diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 7861185ee8..cab96ab967 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -178,6 +178,20 @@ int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len) return 0; } +int mbedtls_test_inject_entropy_restore(void) +{ + unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; + for (size_t i = 0; i < sizeof(buf); i++) { + buf[i] = (unsigned char) i; + } + psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf)); + /* It's ok if the file was just created, or if it already exists. */ + if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) { + return status; + } + return PSA_SUCCESS; +} + #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ #endif /* MBEDTLS_PSA_CRYPTO_C */ From 8687c07f8eebe5bcdbc85eef3bb2d6795c1616cc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 4 May 2023 10:29:05 +0200 Subject: [PATCH 364/553] Add FFDH alg to test driver extensions Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index ff2abfb372..10d8e6edeb 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -62,6 +62,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) +#undef MBEDTLS_PSA_ACCEL_ALG_FFDH +#else +#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1 +#endif +#endif + #if defined(PSA_WANT_ALG_MD5) #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) #undef MBEDTLS_PSA_ACCEL_ALG_MD5 From ad3302b9f35d4426914f811ec15ee6ab02779c1a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Apr 2023 15:26:11 +0200 Subject: [PATCH 365/553] pk: fix library code for using the new opaque key solution Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index e79d152b6f..23f5977c3b 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -595,8 +595,7 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) if (cert->pkey != NULL) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; - psa_destroy_key(*key_slot); + psa_destroy_key(cert->pkey->opaque_id); } #endif mbedtls_pk_free(cert->pkey); From bc3ceb28959be6d0e8fdefc6bb7559159815ac67 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 May 2023 14:15:59 +0200 Subject: [PATCH 366/553] pk: use better naming for the new key ID field Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 23f5977c3b..fbf9ea5c89 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -595,7 +595,7 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) if (cert->pkey != NULL) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(cert->pkey->opaque_id); + psa_destroy_key(cert->pkey->priv_id); } #endif mbedtls_pk_free(cert->pkey); From 781060e25aec2191008084c16f371396733d9371 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:01:55 +0200 Subject: [PATCH 367/553] Add FFDH support for transparent drivers(generate, export public key) Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_key_management.c | 28 ++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index a3ff2ddea6..dba0c26225 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -25,6 +25,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" +#include "psa_crypto_ffdh.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -36,6 +37,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_ecp.h" #include "libtestdriver1/library/psa_crypto_rsa.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif #include @@ -239,6 +241,17 @@ psa_status_t mbedtls_test_transparent_generate_key( #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) + && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return libtestdriver1_mbedtls_psa_ffdh_generate_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_size, key_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return mbedtls_psa_ffdh_generate_key( + attributes, key, key_size, key_length); #endif } @@ -559,6 +572,21 @@ psa_status_t mbedtls_test_transparent_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(key_type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_export_ffdh_public_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + return mbedtls_psa_export_ffdh_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #endif } From 6855af88630672bf5933c0b76ab9f9337351e104 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:01 +0200 Subject: [PATCH 368/553] Adapt test driver configuration for FFDH Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 10d8e6edeb..f8b3a34a7e 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -206,6 +206,14 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR @@ -222,6 +230,7 @@ #endif #endif + #if defined(PSA_WANT_ALG_TLS12_PRF) #if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF @@ -283,3 +292,4 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 From c2bad284444d71b62944722001fe135e417f70fc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:05:11 +0200 Subject: [PATCH 369/553] Fix peer vs our key missmatch in ffdh key agreement transparent driver Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_key_agreement.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 843ebf95b3..6cfde20ad6 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/include/psa/crypto.h" #include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif mbedtls_test_driver_key_agreement_hooks_t @@ -101,8 +102,8 @@ psa_status_t mbedtls_test_transparent_key_agreement( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) return libtestdriver1_mbedtls_psa_key_agreement_ffdh( (const libtestdriver1_psa_key_attributes_t *) attributes, + peer_key, peer_key_length, key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, shared_secret, shared_secret_size, shared_secret_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) From e143fffc2438437f26be5376ac0340db16dc452c Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Tue, 28 Sep 2021 21:06:08 +0200 Subject: [PATCH 370/553] Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. Signed-off-by: Fredrik Hesse --- include/spe/crypto_spe.h | 8 ++++---- src/psa_exercise_key.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h index a79ce17385..de842642d4 100644 --- a/include/spe/crypto_spe.h +++ b/include/spe/crypto_spe.h @@ -19,13 +19,13 @@ /** * \file crypto_spe.h * - * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option - * enabled, this header is included by all .c files in Mbed Crypto that + * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option + * enabled, this header is included by all .c files in Mbed TLS that * use PSA Crypto function names. This avoids duplication of symbols - * between TF-M and Mbed Crypto. + * between TF-M and Mbed TLS. * * \note This file should be included before including any PSA Crypto headers - * from Mbed Crypto. + * from Mbed TLS. */ #ifndef CRYPTO_SPE_H diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 5cb2296df4..f6289347c8 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -72,7 +72,7 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number); if (lifetime_is_dynamic_secure_element(lifetime)) { - /* Mbed Crypto currently always exposes the slot number to + /* Mbed TLS currently always exposes the slot number to * applications. This is not mandated by the PSA specification * and may change in future versions. */ TEST_EQUAL(status, 0); From 543b54c685e572edd736bc0b8080a574b4000974 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 30 May 2023 15:16:35 +0200 Subject: [PATCH 371/553] Add driver support for DH import key and export public key Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_key_management.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index dba0c26225..3ff1053e30 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -321,9 +321,25 @@ psa_status_t mbedtls_test_transparent_import_key( data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); +#endif + } else if (PSA_KEY_TYPE_IS_DH(type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_ffdh_import_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_ffdh_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #endif } - (void) data; (void) data_length; (void) key_buffer; From 6e07886d5d4d1729d718d5509c9aec1ea2eca0d6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 15:05:18 +0800 Subject: [PATCH 372/553] Update cert macros in tests/src/certs.c This commit manually updates: - TEST_CA_CRT_EC_PEM - TEST_CA_CRT_EC_DER - TEST_SRV_CRT_EC_PEM - TEST_SRV_CRT_EC_DER Signed-off-by: Pengyu Lv --- src/certs.c | 238 ++++++++++++++++++++++++++-------------------------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/src/certs.c b/src/certs.c index 1f48570d7e..d2808d71c9 100644 --- a/src/certs.c +++ b/src/certs.c @@ -40,69 +40,69 @@ /* This is taken from tests/data_files/test-ca2.crt */ /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ + "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ + "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ + "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ + "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ + 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ + 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ + 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ + 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ + 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ + 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ + 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ + 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ + 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ + 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ } /* END FILE */ @@ -503,72 +503,72 @@ /* This is taken from tests/data_files/server5.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ + "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ + "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ + 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ + 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ + 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ + 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ + 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ + 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ + 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ + 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ + 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ + 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ + 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ } /* END FILE */ From 29cb46ef35a85b2c63ea1fc4a23de33b10a6c912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:14:24 +0200 Subject: [PATCH 373/553] Replace hash_info_get_type with MD function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mostly a search and replace with just two manual changes: 1. Now PK and TLS need MD light, so auto-enable it. 2. Remove the old function in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index fbf9ea5c89..efa7efe728 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1200,7 +1200,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); CHK(md_info != NULL); #endif - maclen = mbedtls_hash_info_get_size(hash_id); + maclen = mbedtls_md_get_size_from_type(hash_id); CHK(maclen != 0); /* Pick hash keys */ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); From 9f4f62d5d11cf6e4b64844487aa5ff016359b95a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:38:08 +0200 Subject: [PATCH 374/553] Use MD<->PSA functions from MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard --- src/test_helpers/ssl_helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index efa7efe728..d1e3d9ce83 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1209,7 +1209,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md1, 0x6, maclen); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_hash_info_psa_from_md(hash_id); + alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1501,7 +1501,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; psa_status_t status = psa_hash_compute( From a018a89231dad24322f7e8a0c3becc94284a7109 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:43:36 +0200 Subject: [PATCH 375/553] Remove hash_info.[ch] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/test/ssl_helpers.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 572b6cb71e..2841691c9c 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -36,7 +36,6 @@ #include #include #include -#include "hash_info.h" #include "test/certs.h" From 36d44afe3d4b13c58adeff9f2e97934c30019170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:33:20 +0200 Subject: [PATCH 376/553] Add missing include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard --- src/test_helpers/ssl_helpers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d1e3d9ce83..e8bbc78d1e 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -21,6 +21,7 @@ */ #include +#include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) From 55129ee3722eadaa86cff8c78d7746825a168653 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Jun 2023 11:52:39 +0200 Subject: [PATCH 377/553] Adapt function names Signed-off-by: Przemek Stekiel --- src/drivers/test_driver_key_agreement.c | 4 ++-- src/drivers/test_driver_key_management.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 6cfde20ad6..9cf82a37aa 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -100,14 +100,14 @@ psa_status_t mbedtls_test_transparent_key_agreement( if (PSA_ALG_IS_FFDH(alg)) { #if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) - return libtestdriver1_mbedtls_psa_key_agreement_ffdh( + return libtestdriver1_mbedtls_psa_ffdh_key_agreement( (const libtestdriver1_psa_key_attributes_t *) attributes, peer_key, peer_key_length, key_buffer, key_buffer_size, shared_secret, shared_secret_size, shared_secret_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) - return mbedtls_psa_key_agreement_ffdh( + return mbedtls_psa_ffdh_key_agreement( attributes, peer_key, peer_key_length, diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 3ff1053e30..68bf0f9db3 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -593,13 +593,13 @@ psa_status_t mbedtls_test_transparent_export_public_key( #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) - return libtestdriver1_mbedtls_psa_export_ffdh_public_key( + return libtestdriver1_mbedtls_psa_ffdh_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - return mbedtls_psa_export_ffdh_public_key( + return mbedtls_psa_ffdh_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length); From 433d94ed4f666be6629acc7a560b0e933bb08524 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 2 Jun 2023 14:52:28 +0200 Subject: [PATCH 378/553] Further code optimizations Signed-off-by: Przemek Stekiel --- include/test/ssl_helpers.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 572b6cb71e..e7bfec9135 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -602,8 +602,8 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ tls_id_); \ TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_family, &psa_bits), PSA_SUCCESS); \ - TEST_EQUAL(psa_family_, psa_family); \ + &psa_type, &psa_bits), PSA_SUCCESS); \ + TEST_EQUAL(psa_family_, PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type)); \ TEST_EQUAL(psa_bits_, psa_bits); #define TEST_UNAVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ @@ -612,7 +612,7 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( TEST_EQUAL(mbedtls_ssl_get_tls_id_from_ecp_group_id(group_id_), \ 0); \ TEST_EQUAL(mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id_, \ - &psa_family, &psa_bits), \ + &psa_type, &psa_bits), \ PSA_ERROR_NOT_SUPPORTED); #endif /* MBEDTLS_SSL_TLS_C */ From 7ea8686a70a5d2eed7a21a8ad61a979c63671e10 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:44:20 -0400 Subject: [PATCH 379/553] Move the ARRAY_LENGTH definition to common.h Reuse it in the library and tests. Signed-off-by: Andrzej Kurek --- include/test/macros.h | 39 --------------------------------------- src/psa_crypto_helpers.c | 1 + 2 files changed, 1 insertion(+), 39 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index ab8260b759..01eaff5c20 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -196,45 +196,6 @@ mbedtls_exit(1); \ } -/** \def ARRAY_LENGTH - * Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ -/* A correct implementation of ARRAY_LENGTH, but which silently gives - * a nonsensical result if called with a pointer rather than an array. */ -#define ARRAY_LENGTH_UNSAFE(array) \ - (sizeof(array) / sizeof(*(array))) - -#if defined(__GNUC__) -/* Test if arg and &(arg)[0] have the same type. This is true if arg is - * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER(arg) \ - (!__builtin_types_compatible_p(__typeof__(arg), \ - __typeof__(&(arg)[0]))) -/* A compile-time constant with the value 0. If `const_expr` is not a - * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR(const_expr) \ - (0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); })) - -/* Return the scalar value `value` (possibly promoted). This is a compile-time - * constant if `value` is. `condition` must be a compile-time constant. - * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN(condition, value) \ - (STATIC_ASSERT_EXPR(condition) ? 0 : (value)) - -#define ARRAY_LENGTH(array) \ - (STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \ - ARRAY_LENGTH_UNSAFE(array))) - -#else -/* If we aren't sure the compiler supports our non-standard tricks, - * fall back to the unsafe implementation. */ -#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array) -#endif - /** Return the smaller of two values. * * \param x An integer-valued expression without side effects. diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 77c2f89764..8f58d4dc16 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -24,6 +24,7 @@ #include #include #include +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) From 4de8232d1a5d4703b367b674b5d9f1b2021e9fad Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 30 May 2023 09:45:17 -0400 Subject: [PATCH 380/553] Move an include ARRAY_LENGTH macro was previously present in macros.h, so move the include there. Signed-off-by: Andrzej Kurek --- include/test/macros.h | 1 + src/psa_crypto_helpers.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/macros.h b/include/test/macros.h index 01eaff5c20..ae84ec2363 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -33,6 +33,7 @@ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" #endif +#include "common.h" /** * \brief This macro tests the expression passed to it as a test step or diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 8f58d4dc16..77c2f89764 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -24,7 +24,6 @@ #include #include #include -#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) From 265718ca5829336971cd6bd1d87bc2f751808269 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 10:26:51 +0200 Subject: [PATCH 381/553] pake: fixed warning for casting between different types Signed-off-by: Valerio Setti --- src/drivers/test_driver_pake.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index a8cf0d8608..69bd4ffe21 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -94,7 +94,8 @@ psa_status_t mbedtls_test_transparent_pake_output( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); + operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step, + output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_output( @@ -129,7 +130,8 @@ psa_status_t mbedtls_test_transparent_pake_input( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_input( - operation, step, input, input_length); + operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step, + input, input_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_input( From 6a64fa99418276d4c4bdaf640f92f26146ff6597 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 26 May 2023 13:37:26 +0200 Subject: [PATCH 382/553] crypto_config: introducing new definitions for PSA_WANT KEY_PAIRs - deprecate legacy PSA_WANT_KEY_TYPE_xxx_KEY_PAIR - introduce new PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy where - xxx is either RSA, DH or ECC - yyy can be USE, IMPORT, EXPORT, GENERATE, DERIVE Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 115 ++++++++++++++++-- 1 file changed, 106 insertions(+), 9 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index f8b3a34a7e..2aa4151c99 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -198,23 +198,120 @@ #endif #endif -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_USE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_USE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_USE #else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_USE 1 #endif #endif -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT #else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #endif #endif -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +#endif +#endif + +/* EC key pair derivation is not supported yet */ +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_USE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_USE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_USE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_USE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_DERIVE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_DERIVE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#endif +#endif + +#if defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR #else From 8861b1599237625baf2f94aa45e4f2efb57af742 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 26 May 2023 13:49:33 +0200 Subject: [PATCH 383/553] tests: replace deprecated symbols with temporary _LEGACY ones Signed-off-by: Valerio Setti --- src/drivers/test_driver_key_management.c | 32 ++++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 3ff1053e30..d5b110e878 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -224,21 +224,21 @@ psa_status_t mbedtls_test_transparent_generate_key( if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes)) && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) return libtestdriver1_mbedtls_psa_ecp_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) return mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length); #endif } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) return libtestdriver1_mbedtls_psa_rsa_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); #endif @@ -290,14 +290,14 @@ psa_status_t mbedtls_test_transparent_import_key( if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_ecp_import_key( (const libtestdriver1_psa_key_attributes_t *) attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_import_key( attributes, @@ -307,14 +307,14 @@ psa_status_t mbedtls_test_transparent_import_key( #endif } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_rsa_import_key( (const libtestdriver1_psa_key_attributes_t *) attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_import_key( attributes, @@ -404,7 +404,7 @@ psa_status_t mbedtls_test_opaque_import_key( data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_import_key( attributes, @@ -426,7 +426,7 @@ psa_status_t mbedtls_test_opaque_import_key( data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_import_key( attributes, @@ -561,13 +561,13 @@ psa_status_t mbedtls_test_transparent_export_public_key( if (PSA_KEY_TYPE_IS_ECC(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_ecp_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_export_public_key( attributes, @@ -576,13 +576,13 @@ psa_status_t mbedtls_test_transparent_export_public_key( #endif } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_rsa_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key( attributes, @@ -639,7 +639,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer_temp, *data_length, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_export_public_key( attributes, @@ -660,7 +660,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer_temp, *data_length, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_export_public_key( attributes, From 35508bf27f64c3b87ed81d950e5ac166bfa71db9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Jun 2023 14:10:15 +0200 Subject: [PATCH 384/553] config_psa: remove support for PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE Signed-off-by: Valerio Setti --- .../test/drivers/crypto_config_test_driver_extension.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 2aa4151c99..ba9021c6aa 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -271,14 +271,6 @@ #endif #endif -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_DERIVE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_DERIVE -#else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 -#endif -#endif - #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE From ad75a4800c5e3754a6b0ec987e4cd93513f34082 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 Jun 2023 14:32:58 +0200 Subject: [PATCH 385/553] crypto: move legacy symbols support to a dedicated header file Signed-off-by: Valerio Setti --- include/test/drivers/crypto_config_test_driver_extension.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index ba9021c6aa..c88f5d8596 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -6,6 +6,8 @@ * supports. */ +#include "psa/crypto_legacy.h" + #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) #undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING From 6e9eae0de0114b5c39c520408ac98d796b4d32ee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 9 Jun 2023 12:00:07 +0200 Subject: [PATCH 386/553] crypto_config_test_driver_extension: remove leftover comment Signed-off-by: Valerio Setti --- include/test/drivers/crypto_config_test_driver_extension.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index c88f5d8596..4f3e5adfa3 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -232,7 +232,6 @@ #endif #endif -/* EC key pair derivation is not supported yet */ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE From 8f5d073c817644e5ec14d5918b77d9d4d76adbba Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 9 Jun 2023 16:24:48 +0200 Subject: [PATCH 387/553] test_driver_extension: manage public and private keys the same way Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 4f3e5adfa3..755587027e 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -304,11 +304,27 @@ #endif #endif -#if defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY #else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 #endif #endif @@ -379,7 +395,4 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 From 66949c6828e7e5b347d35b4ae70e221d2a45810e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 15 Jun 2023 11:53:08 +0200 Subject: [PATCH 388/553] config_psa: replace USE symbols with BASIC one for all KEY_PAIRs Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 755587027e..138327ae87 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -200,11 +200,11 @@ #endif #endif -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_USE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_USE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_USE +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC #else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_USE 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #endif #endif @@ -240,11 +240,11 @@ #endif #endif -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_USE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_USE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_USE +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC #else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_USE 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC 1 #endif #endif @@ -272,11 +272,11 @@ #endif #endif -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE) -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE) -#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC #else -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_USE 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 #endif #endif From 9f9cf2d361ba83e69fc3e885727f68a2b2e53fbc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 May 2023 14:11:43 +0100 Subject: [PATCH 389/553] bignum_mod: Refactored `mbedtls_mpi_mod_modulus_setup()` This patch removes the `int_rep` input parameter for modular setup, aiming to align it with the optred variant. Test and test-suite helper functions have been updated accordingly. Signed-off-by: Minos Galanakis --- src/bignum_helpers.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index 4dd37915e2..efb2eca1c3 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, if (ret != 0) { return ret; } - ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep); + + switch (int_rep) { + case MBEDTLS_MPI_MOD_REP_MONTGOMERY: + ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs); + break; + case MBEDTLS_MPI_MOD_REP_OPT_RED: + ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL); + break; + default: + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + break; + } if (ret != 0) { mbedtls_free(p); } From 1bf209064023d56389848ac420fa4142db979204 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 24 Jun 2023 11:03:04 +0100 Subject: [PATCH 390/553] Don't directly access key_bitlen Signed-off-by: Dave Rodgman --- src/test_helpers/ssl_helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index e8bbc78d1e..6027671d62 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1143,10 +1143,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, cipher_info = mbedtls_cipher_info_from_type(cipher_type); CHK(cipher_info != NULL); CHK(cipher_info->iv_size <= 16); - CHK(cipher_info->key_bitlen % 8 == 0); + CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); /* Pick keys */ - keylen = cipher_info->key_bitlen / 8; + keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; /* Allocate `keylen + 1` bytes to ensure that we get * a non-NULL pointers from `mbedtls_calloc` even if * `keylen == 0` in the case of the NULL cipher. */ From 976eab1521229e114991273dfb54b69cc8296a0f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 24 Jun 2023 11:21:25 +0100 Subject: [PATCH 391/553] Don't directly access iv_size Signed-off-by: Dave Rodgman --- src/test_helpers/ssl_helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 6027671d62..8e67352662 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1142,7 +1142,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Pick cipher */ cipher_info = mbedtls_cipher_info_from_type(cipher_type); CHK(cipher_info != NULL); - CHK(cipher_info->iv_size <= 16); + CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); /* Pick keys */ @@ -1273,7 +1273,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Pick IV's (regardless of whether they * are being used by the transform). */ - ivlen = cipher_info->iv_size; + ivlen = mbedtls_cipher_info_get_iv_size(cipher_info); memset(iv_enc, 0x3, sizeof(iv_enc)); memset(iv_dec, 0x4, sizeof(iv_dec)); From 99a22814f5fb0f2b3b8e87ee996110bf36869295 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jun 2023 10:07:21 +0200 Subject: [PATCH 392/553] library/test: replace LEGACY symbol with BASIC_IMPORT_EXPORT Signed-off-by: Valerio Setti --- src/drivers/test_driver_key_management.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index d5b110e878..9ce5aa56b0 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -228,7 +228,7 @@ psa_status_t mbedtls_test_transparent_generate_key( return libtestdriver1_mbedtls_psa_ecp_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) return mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length); #endif @@ -297,7 +297,7 @@ psa_status_t mbedtls_test_transparent_import_key( data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_import_key( attributes, @@ -404,7 +404,7 @@ psa_status_t mbedtls_test_opaque_import_key( data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_import_key( attributes, @@ -567,7 +567,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_export_public_key( attributes, @@ -639,7 +639,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer_temp, *data_length, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_export_public_key( attributes, From d0ab7ca794e21f8d4b45a308a3afdd4b888d1e07 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jun 2023 10:05:50 +0200 Subject: [PATCH 393/553] psa: replace remaining ECC_KEY_PAIR_LEGACY symbols with proper ones Signed-off-by: Valerio Setti --- src/drivers/test_driver_key_management.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 9ce5aa56b0..aa3ac33924 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -224,11 +224,11 @@ psa_status_t mbedtls_test_transparent_generate_key( if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes)) && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_ecp_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) return mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length); #endif @@ -290,7 +290,7 @@ psa_status_t mbedtls_test_transparent_import_key( if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_ecp_import_key( (const libtestdriver1_psa_key_attributes_t *) attributes, @@ -561,7 +561,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( if (PSA_KEY_TYPE_IS_ECC(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_LEGACY) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_ecp_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, From 00a5c57181473955d1b1c800f5ed6c0b75e48662 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jun 2023 16:58:52 +0200 Subject: [PATCH 394/553] lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT Also the python script for automatic test generation is fixed accordingly Signed-off-by: Valerio Setti --- src/drivers/test_driver_key_management.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index aa3ac33924..3c2c750bbf 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -290,14 +290,14 @@ psa_status_t mbedtls_test_transparent_import_key( if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_ecp_import_key( (const libtestdriver1_psa_key_attributes_t *) attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_import_key( attributes, @@ -404,7 +404,7 @@ psa_status_t mbedtls_test_opaque_import_key( data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_import_key( attributes, @@ -561,13 +561,13 @@ psa_status_t mbedtls_test_transparent_export_public_key( if (PSA_KEY_TYPE_IS_ECC(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_ecp_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_export_public_key( attributes, @@ -639,7 +639,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer_temp, *data_length, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC_IMPORT_EXPORT) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) status = mbedtls_psa_ecp_export_public_key( attributes, From 8b430159243365d8366b708bace7146c06caf51d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 May 2023 16:10:09 +0800 Subject: [PATCH 395/553] Move certs/keys data to seperate file Signed-off-by: Jerry Yu --- src/certs.c | 1256 +-------------------------------------------- src/test_certs.h | 1274 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1275 insertions(+), 1255 deletions(-) create mode 100644 src/test_certs.h diff --git a/src/certs.c b/src/certs.c index d2808d71c9..b834e4aa14 100644 --- a/src/certs.c +++ b/src/certs.c @@ -25,1261 +25,7 @@ #include "mbedtls/pk.h" -/* - * Test CA Certificates - * - * We define test CA certificates for each choice of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - * - */ - -/* This is taken from tests/data_files/test-ca2.crt */ -/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ - "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ - "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ - "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ - "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ - 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ - 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ - 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ - 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ - 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ - 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ - 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ - 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ - 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ - 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ - 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca2.key.enc */ -/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ -#define TEST_CA_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ - "\r\n" \ - "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ - "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ - "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ - "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_EC_PEM "PolarSSLTest" - -/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ -#define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha256.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ -#define TEST_CA_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ - "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ - "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ - "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ - "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ - "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ - "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/test-ca-sha256.crt.der - * using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ -#define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha1.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ -#define TEST_CA_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ - "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \ - "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \ - "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \ - "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \ - "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \ - "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ -#define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ - 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ - 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ - 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ - 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ - 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ - 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ - 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ - 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ - 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ - 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ - 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ - 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ - 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ - 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ - 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ - 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ - 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ - 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ - 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ - 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ - 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca.key */ -/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ -#define TEST_CA_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ - "\r\n" \ - "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ - "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ - "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ - "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ - "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ - "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ - "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ - "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ - "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ - "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ - "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ - "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ - "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ - "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ - "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ - "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ - "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ - "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ - "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ - "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ - "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ - "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ - "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ - "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ - "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" - -/* This was generated from test-ca.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ -#define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ -} -/* END FILE */ - -/* - * Test server Certificates - * - * Test server certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/server5.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ - "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ - "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ - 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ - 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ - 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ - 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ - 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ - 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ - 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ - 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ - 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ - 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ - 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server5.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ -#define TEST_SRV_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ - "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ -#define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2-sha256.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ -#define TEST_SRV_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ - "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ - "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ - "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ - "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ - "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ - "pMZqLmbBm/7WPLc=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/server2-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ -#define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ -#define TEST_SRV_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ - "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ - "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ - "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ - "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ - "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ - "Awgk0+4m0T25cNs=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/server2.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ -#define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ - 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ - 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ - 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ - 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ - 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ - 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ - 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ - 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ - 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ - 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ - 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ - 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ - 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ - 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ - 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ - 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ - 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ - 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ - 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ - 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ - 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ -#define TEST_SRV_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ - "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ - "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ - "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ - "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ - "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ - "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ - "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ - "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ - "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ - "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ - "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ - "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ - "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ - "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ - "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ - "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ - "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ - "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ - "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ - "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ - "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ - "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ - "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ - "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ -#define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ -} -/* END FILE */ - -/* - * Test client Certificates - * - * Test client certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - RSA or EC key - * - * Things to add: - * - hash type - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/cli2.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ -#define TEST_CLI_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ - "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ - "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ - "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ - "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ - "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ - "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ - "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ - "a9Vk\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ -#define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli2.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ -#define TEST_CLI_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ - "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ -#define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ -#define TEST_CLI_CRT_RSA_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ - "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ - "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ - "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ - "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ - "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ - "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ - "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ - "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ - "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ - "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ - "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ - "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ - "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ - "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This was generated from tests/data_files/cli-rsa-sha256.crt.der - using `xxd -i.` */ -/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ -#define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli-rsa.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ -#define TEST_CLI_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ - "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ - "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ - "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ - "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ - "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ - "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ - "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ - "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ - "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ - "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ - "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ - "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ - "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ - "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ - "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ - "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ - "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ - "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ - "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ - "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ - "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ - "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ - "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ - "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ - -/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ -#define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ -} -/* END FILE */ +#include "test_certs.h" /* * diff --git a/src/test_certs.h b/src/test_certs.h new file mode 100644 index 0000000000..aa0819f415 --- /dev/null +++ b/src/test_certs.h @@ -0,0 +1,1274 @@ +/* + * X.509 test certificates + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Test CA Certificates + * + * We define test CA certificates for each choice of the following parameters: + * - PEM or DER encoding + * - SHA-1 or SHA-256 hash + * - RSA or EC key + * + * Things to add: + * - multiple EC curve types + * + */ + +/* This is taken from tests/data_files/test-ca2.crt */ +/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ + "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ + "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ + "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ + "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ + 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ + 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ + 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ + 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ + 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ + 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ + 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ + 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ + 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ + 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ + 0xf5, 0xae, 0x1c, 0x42 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca2.key.enc */ +/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ +#define TEST_CA_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ + "\r\n" \ + "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ + "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ + "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ + "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_EC_PEM "PolarSSLTest" + +/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ +#define TEST_CA_KEY_EC_DER { \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha256.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ +#define TEST_CA_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ + "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ + "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ + "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ + "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ + "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ + "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/test-ca-sha256.crt.der + * using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ +#define TEST_CA_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha1.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ +#define TEST_CA_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ + "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \ + "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \ + "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \ + "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \ + "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \ + "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ +#define TEST_CA_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ + 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ + 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ + 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ + 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ + 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ + 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ + 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ + 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ + 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ + 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ + 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ + 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ + 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ + 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ + 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ + 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ + 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ + 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ + 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ + 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ + 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca.key */ +/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ +#define TEST_CA_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ + "\r\n" \ + "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ + "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ + "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ + "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ + "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ + "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ + "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ + "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ + "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ + "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ + "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ + "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ + "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ + "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ + "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ + "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ + "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ + "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ + "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ + "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ + "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ + "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ + "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ + "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ + "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" + +/* This was generated from test-ca.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ +#define TEST_CA_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ +} +/* END FILE */ + +/* + * Test server Certificates + * + * Test server certificates are defined for each choice + * of the following parameters: + * - PEM or DER encoding + * - SHA-1 or SHA-256 hash + * - RSA or EC key + * + * Things to add: + * - multiple EC curve types + */ + +/* This is taken from tests/data_files/server5.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ + 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ + 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ + 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ + 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ + 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ + 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ + 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ + 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ + 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ + 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server5.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ +#define TEST_SRV_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ +#define TEST_SRV_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2-sha256.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ +#define TEST_SRV_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ + "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ + "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ + "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ + "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ + "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ + "pMZqLmbBm/7WPLc=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/server2-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ +#define TEST_SRV_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ +#define TEST_SRV_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ + "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ + "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ + "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ + "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ + "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ + "Awgk0+4m0T25cNs=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/server2.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ +#define TEST_SRV_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ + 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ + 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ + 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ + 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ + 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ + 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ + 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ + 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ + 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ + 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ + 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ + 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ + 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ + 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ + 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ + 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ + 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ + 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ + 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ + 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ + 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ +#define TEST_SRV_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ + "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ + "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ + "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ + "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ + "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ + "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ + "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ + "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ + "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ + "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ + "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ + "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ + "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ + "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ + "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ + "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ + "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ + "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ + "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ + "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ + "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ + "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ + "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ + "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ +#define TEST_SRV_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ +} +/* END FILE */ + +/* + * Test client Certificates + * + * Test client certificates are defined for each choice + * of the following parameters: + * - PEM or DER encoding + * - RSA or EC key + * + * Things to add: + * - hash type + * - multiple EC curve types + */ + +/* This is taken from tests/data_files/cli2.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ +#define TEST_CLI_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ + "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ + "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ + "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ + "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ + "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ + "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ + "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ + "a9Vk\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ +#define TEST_CLI_CRT_EC_DER { \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli2.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ +#define TEST_CLI_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ + "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ +#define TEST_CLI_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ +#define TEST_CLI_CRT_RSA_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ + "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ + "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ + "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ + "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ + "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ + "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ + "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ + "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ + "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ + "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ + "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ + "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ + "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ + "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This was generated from tests/data_files/cli-rsa-sha256.crt.der + using `xxd -i.` */ +/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ +#define TEST_CLI_CRT_RSA_DER { \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli-rsa.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ +#define TEST_CLI_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ + "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ + "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ + "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ + "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ + "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ + "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ + "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ + "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ + "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ + "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ + "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ + "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ + "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ + "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ + "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ + "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ + "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ + "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ + "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ + "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ + "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ + "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ + "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ + "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ + +/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ +#define TEST_CLI_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ +} +/* END FILE */ From 09637ab28717ed1caddaf3f988703db83104d2df Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 May 2023 16:30:43 +0800 Subject: [PATCH 396/553] Add commands for `test_certs.h` And update target file Signed-off-by: Jerry Yu --- src/test_certs.h | 2302 +++++++++++++++++++++++----------------------- 1 file changed, 1133 insertions(+), 1169 deletions(-) diff --git a/src/test_certs.h b/src/test_certs.h index aa0819f415..bbe7d4ecd0 100644 --- a/src/test_certs.h +++ b/src/test_certs.h @@ -17,1258 +17,1222 @@ * limitations under the License. */ -/* - * Test CA Certificates - * - * We define test CA certificates for each choice of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - * - */ +/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ +/* *INDENT-OFF* */ -/* This is taken from tests/data_files/test-ca2.crt */ -/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ +/* This is taken from test-ca2.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM test-ca2.crt */ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ + "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ + "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ + "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ + "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ +/* This is generated from test-ca2.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER test-ca2.crt.der */ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ + 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ + 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ + 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ + 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ + 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ + 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ + 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ + 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ + 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ + 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ + 0xf5, 0xae, 0x1c, 0x42 \ } /* END FILE */ -/* This is taken from tests/data_files/test-ca2.key.enc */ -/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ -#define TEST_CA_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ - "\r\n" \ - "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ - "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ - "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ - "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ +/* This is taken from test-ca2.key.enc. */ +/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM test-ca2.key.enc */ +#define TEST_CA_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ + "\r\n" \ + "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ + "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ + "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ + "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ "-----END EC PRIVATE KEY-----\r\n" /* END FILE */ #define TEST_CA_PWD_EC_PEM "PolarSSLTest" -/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ -#define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ +/* This is generated from test-ca2.key.der. */ +/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER test-ca2.key.der */ +#define TEST_CA_KEY_EC_DER { \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ } /* END FILE */ -/* This is taken from tests/data_files/test-ca-sha256.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ -#define TEST_CA_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ - "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ - "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ - "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ - "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ - "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ - "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ +/* This is taken from test-ca-sha256.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM test-ca-sha256.crt */ +#define TEST_CA_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ + "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ + "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ + "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ + "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ + "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ + "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from tests/data_files/test-ca-sha256.crt.der - * using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ -#define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ +/* This is generated from test-ca-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER test-ca-sha256.crt.der */ +#define TEST_CA_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ } /* END FILE */ -/* This is taken from tests/data_files/test-ca-sha1.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ -#define TEST_CA_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ - "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \ - "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \ - "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \ - "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \ - "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \ - "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \ +/* This is taken from test-ca-sha1.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM test-ca-sha1.crt */ +#define TEST_CA_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ + "A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL\r\n" \ + "hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm\r\n" \ + "8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD\r\n" \ + "zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ\r\n" \ + "0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/\r\n" \ + "mtxyUALj2pQxRitopORFQdn7AOY5\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ -#define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ - 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ - 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ - 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ - 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ - 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ - 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ - 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ - 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ - 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ - 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ - 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ - 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ - 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ - 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ - 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ - 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ - 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ - 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ - 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ - 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ - 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ +/* This is generated from test-ca-sha1.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER test-ca-sha1.crt.der */ +#define TEST_CA_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0x66, 0x23, 0x51, 0x15, 0xd8, 0x9a, \ + 0xea, 0x4b, 0x24, 0x68, 0xf9, 0xe1, 0xae, 0xa7, 0xa3, 0x21, 0x1a, 0xbc, \ + 0x60, 0xc1, 0x06, 0x01, 0xfd, 0xa8, 0x20, 0xf9, 0xf2, 0x67, 0xbf, 0x31, \ + 0xa3, 0x21, 0x11, 0x81, 0xcd, 0xf9, 0x94, 0x71, 0xb2, 0x32, 0xdb, 0x0b, \ + 0x85, 0x68, 0x9c, 0x36, 0x33, 0xf8, 0x77, 0xf8, 0x52, 0xf4, 0x0b, 0x38, \ + 0x8f, 0x92, 0x80, 0xda, 0x07, 0x4d, 0x1a, 0x2e, 0x44, 0x4c, 0x0d, 0x57, \ + 0xed, 0x2a, 0x30, 0x58, 0xe1, 0xac, 0xaf, 0x28, 0xaf, 0x4a, 0x93, 0x12, \ + 0x1d, 0x5c, 0xb5, 0xf8, 0x77, 0x5f, 0x5a, 0x5b, 0x18, 0x40, 0xec, 0xe6, \ + 0xf2, 0x8f, 0x9f, 0x69, 0x03, 0x54, 0x9b, 0xc5, 0xf3, 0x3d, 0x59, 0xad, \ + 0xb5, 0xf0, 0x15, 0xb2, 0x9c, 0x5e, 0x1d, 0x2c, 0x49, 0x67, 0x7e, 0x8e, \ + 0xa3, 0xe4, 0x16, 0x67, 0x9c, 0x19, 0x94, 0x22, 0x04, 0xca, 0x31, 0x1d, \ + 0x2d, 0x42, 0x1d, 0xf9, 0x39, 0xb8, 0x07, 0x3d, 0xc1, 0xe6, 0x34, 0x43, \ + 0xcd, 0x96, 0xbf, 0x49, 0xaa, 0x83, 0xa2, 0x4a, 0xba, 0xe8, 0xdd, 0xb3, \ + 0xa5, 0xb8, 0x0a, 0x28, 0x09, 0x77, 0x19, 0x4d, 0x8e, 0xfb, 0xe7, 0xc1, \ + 0xa8, 0xfd, 0x9d, 0x4a, 0x47, 0x50, 0xca, 0x49, 0x93, 0xc6, 0x12, 0xcb, \ + 0x59, 0x13, 0x7c, 0x14, 0x9a, 0xa1, 0x60, 0x04, 0xf2, 0x42, 0x7b, 0x59, \ + 0xd1, 0x04, 0xa2, 0xdd, 0x6f, 0x47, 0x7d, 0x26, 0x4f, 0x9c, 0x54, 0xdc, \ + 0x3c, 0x85, 0xde, 0xa2, 0x23, 0xdd, 0xda, 0x92, 0xe5, 0xc6, 0xdd, 0x61, \ + 0x66, 0xef, 0x1d, 0xc2, 0xcd, 0x8b, 0x4d, 0x71, 0x3a, 0xde, 0xe3, 0xfa, \ + 0x30, 0xce, 0x0b, 0x1e, 0xf5, 0xb1, 0x8a, 0xe2, 0x5a, 0x5a, 0x43, 0xff, \ + 0x9a, 0xdc, 0x72, 0x50, 0x02, 0xe3, 0xda, 0x94, 0x31, 0x46, 0x2b, 0x68, \ + 0xa4, 0xe4, 0x45, 0x41, 0xd9, 0xfb, 0x00, 0xe6, 0x39 \ } /* END FILE */ -/* This is taken from tests/data_files/test-ca.key */ -/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ -#define TEST_CA_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ - "\r\n" \ - "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ - "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ - "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ - "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ - "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ - "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ - "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ - "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ - "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ - "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ - "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ - "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ - "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ - "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ - "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ - "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ - "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ - "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ - "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ - "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ - "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ - "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ - "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ - "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ - "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ +/* This is taken from test-ca.key. */ +/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM test-ca.key */ +#define TEST_CA_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ + "\r\n" \ + "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ + "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ + "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ + "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ + "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ + "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ + "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ + "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ + "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ + "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ + "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ + "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ + "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ + "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ + "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ + "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ + "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ + "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ + "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ + "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ + "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ + "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ + "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ + "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ + "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ "-----END RSA PRIVATE KEY-----\r\n" /* END FILE */ #define TEST_CA_PWD_RSA_PEM "PolarSSLTest" -/* This was generated from test-ca.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ -#define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ +/* This is generated from test-ca.key.der. */ +/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER test-ca.key.der */ +#define TEST_CA_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ } /* END FILE */ -/* - * Test server Certificates - * - * Test server certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/server5.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ +/* This is taken from server5.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM server5.crt */ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +/* This is generated from server5.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER server5.crt.der */ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ + 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ + 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ + 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ + 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ + 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ + 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ + 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ + 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ + 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ + 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ } /* END FILE */ -/* This is taken from tests/data_files/server5.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ -#define TEST_SRV_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ - "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ +/* This is taken from server5.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM server5.key */ +#define TEST_SRV_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ "-----END EC PRIVATE KEY-----\r\n" /* END FILE */ -/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ -#define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ +/* This is generated from server5.key.der. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER server5.key.der */ +#define TEST_SRV_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ } /* END FILE */ -/* This is taken from tests/data_files/server2-sha256.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ -#define TEST_SRV_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ - "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ - "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ - "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ - "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ - "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ - "pMZqLmbBm/7WPLc=\r\n" \ +/* This is taken from server2-sha256.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM server2-sha256.crt */ +#define TEST_SRV_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ + "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ + "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ + "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ + "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ + "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ + "pMZqLmbBm/7WPLc=\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is taken from tests/data_files/server2-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ -#define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ +/* This is generated from server2-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER server2-sha256.crt.der */ +#define TEST_SRV_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ } /* END FILE */ -/* This is taken from tests/data_files/server2.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ -#define TEST_SRV_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ - "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ - "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ - "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ - "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ - "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ - "Awgk0+4m0T25cNs=\r\n" \ +/* This is taken from server2.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM server2.crt */ +#define TEST_SRV_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ + "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ + "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ + "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ + "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ + "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ + "Awgk0+4m0T25cNs=\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is taken from tests/data_files/server2.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ -#define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ - 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ - 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ - 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ - 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ - 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ - 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ - 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ - 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ - 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ - 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ - 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ - 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ - 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ - 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ - 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ - 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ - 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ - 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ - 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ - 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ - 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ +/* This is generated from server2.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER server2.crt.der */ +#define TEST_SRV_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x99, 0x25, 0x83, 0x74, 0x38, \ + 0x70, 0x1e, 0xef, 0xec, 0x1c, 0xec, 0xc4, 0xcf, 0xef, 0x2f, 0x22, 0x9c, \ + 0x70, 0xee, 0xa8, 0xa7, 0x4f, 0xe0, 0x67, 0x33, 0x38, 0x82, 0x1b, 0x8b, \ + 0xab, 0x66, 0x37, 0xda, 0x49, 0x74, 0xb0, 0xce, 0xa4, 0x48, 0xd5, 0x14, \ + 0x99, 0xdb, 0xae, 0xab, 0x7b, 0xbf, 0xf8, 0x69, 0x94, 0x64, 0xdd, 0x80, \ + 0x3b, 0xfe, 0xdc, 0xf8, 0x7c, 0x3b, 0x84, 0x31, 0x44, 0x22, 0xf6, 0x64, \ + 0xf7, 0xc6, 0x81, 0x1a, 0x30, 0x8b, 0xaa, 0x7d, 0xc3, 0x9a, 0x01, 0xc8, \ + 0xbf, 0xc4, 0xe8, 0x43, 0xae, 0xe7, 0x7a, 0x59, 0x50, 0xc7, 0x1d, 0x94, \ + 0x8f, 0x7d, 0x3d, 0x3d, 0xd8, 0x23, 0x36, 0x2f, 0xeb, 0xf4, 0x73, 0x9c, \ + 0x28, 0xd0, 0x18, 0x3d, 0xb0, 0x5c, 0x83, 0xa3, 0x09, 0x19, 0x65, 0xa3, \ + 0xd9, 0x32, 0x3a, 0xbc, 0xd6, 0x9c, 0x7a, 0x2a, 0x2c, 0xfc, 0x38, 0x4e, \ + 0x63, 0x1e, 0x55, 0xd2, 0x3e, 0x67, 0x7e, 0xa4, 0x89, 0xfe, 0x99, 0xd4, \ + 0xd2, 0x0f, 0x48, 0x82, 0x7d, 0x8b, 0x02, 0x18, 0x18, 0xa4, 0x62, 0x44, \ + 0x88, 0x43, 0x3d, 0xc1, 0x6e, 0xe1, 0x10, 0xc9, 0x30, 0x9a, 0x4d, 0x21, \ + 0xfe, 0xca, 0x99, 0xb2, 0xb2, 0x6c, 0x18, 0x7e, 0x58, 0xb0, 0x5f, 0xd5, \ + 0x4e, 0x14, 0xaa, 0xfc, 0x95, 0x4e, 0xd5, 0xed, 0xa6, 0x64, 0x7d, 0xaf, \ + 0xae, 0xec, 0x99, 0x28, 0x95, 0x41, 0xab, 0xef, 0x2d, 0x0c, 0xd6, 0x29, \ + 0x1e, 0x42, 0xba, 0xb5, 0x2c, 0x95, 0x61, 0x08, 0x73, 0x22, 0xdd, 0xd2, \ + 0xb4, 0xc2, 0x56, 0x28, 0xc9, 0x7f, 0xa3, 0x99, 0x36, 0x01, 0x8c, 0xfa, \ + 0xb5, 0x20, 0xb5, 0xeb, 0x8f, 0xb5, 0xa0, 0x6f, 0x8c, 0x2f, 0x72, 0xd6, \ + 0x83, 0xc5, 0xeb, 0x18, 0xa6, 0xbd, 0xd4, 0x7e, 0x14, 0x38, 0xa6, 0xa9, \ + 0x03, 0x08, 0x24, 0xd3, 0xee, 0x26, 0xd1, 0x3d, 0xb9, 0x70, 0xdb \ } /* END FILE */ -/* This is taken from tests/data_files/server2.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ -#define TEST_SRV_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ - "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ - "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ - "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ - "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ - "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ - "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ - "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ - "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ - "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ - "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ - "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ - "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ - "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ - "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ - "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ - "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ - "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ - "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ - "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ - "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ - "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ - "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ - "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ - "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ +/* This is taken from server2.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM server2.key */ +#define TEST_SRV_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ + "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ + "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ + "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ + "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ + "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ + "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ + "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ + "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ + "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ + "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ + "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ + "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ + "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ + "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ + "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ + "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ + "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ + "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ + "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ + "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ + "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ + "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ + "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ + "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ "-----END RSA PRIVATE KEY-----\r\n" /* END FILE */ -/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ -#define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ +/* This is generated from server2.key.der. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER server2.key.der */ +#define TEST_SRV_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ } /* END FILE */ -/* - * Test client Certificates - * - * Test client certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - RSA or EC key - * - * Things to add: - * - hash type - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/cli2.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ -#define TEST_CLI_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ - "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ - "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ - "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ - "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ - "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ - "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ - "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ - "a9Vk\r\n" \ +/* This is taken from cli2.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM cli2.crt */ +#define TEST_CLI_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ + "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ + "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ + "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ + "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ + "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ + "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ + "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ + "a9Vk\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ -#define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ +/* This is generated from cli2.crt.der. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER cli2.crt.der */ +#define TEST_CLI_CRT_EC_DER { \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ } /* END FILE */ -/* This is taken from tests/data_files/cli2.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ -#define TEST_CLI_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ - "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ +/* This is taken from cli2.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM cli2.key */ +#define TEST_CLI_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ + "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ "-----END EC PRIVATE KEY-----\r\n" /* END FILE */ -/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ -#define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ +/* This is generated from cli2.key.der. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER cli2.key.der */ +#define TEST_CLI_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ } /* END FILE */ -/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ -#define TEST_CLI_CRT_RSA_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ - "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ - "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ - "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ - "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ - "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ - "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ - "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ - "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ - "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ - "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ - "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ - "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ - "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ - "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ +/* This is taken from cli-rsa-sha256.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM cli-rsa-sha256.crt */ +#define TEST_CLI_CRT_RSA_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ + "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ + "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ + "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ + "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ + "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ + "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ + "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ + "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ + "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ + "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ + "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ + "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ + "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ + "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This was generated from tests/data_files/cli-rsa-sha256.crt.der - using `xxd -i.` */ -/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ -#define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ +/* This is generated from cli-rsa-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER cli-rsa-sha256.crt.der */ +#define TEST_CLI_CRT_RSA_DER { \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ } /* END FILE */ -/* This is taken from tests/data_files/cli-rsa.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ -#define TEST_CLI_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ - "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ - "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ - "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ - "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ - "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ - "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ - "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ - "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ - "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ - "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ - "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ - "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ - "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ - "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ - "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ - "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ - "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ - "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ - "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ - "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ - "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ - "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ - "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ - "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ +/* This is taken from cli-rsa.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM cli-rsa.key */ +#define TEST_CLI_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ + "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ + "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ + "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ + "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ + "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ + "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ + "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ + "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ + "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ + "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ + "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ + "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ + "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ + "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ + "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ + "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ + "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ + "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ + "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ + "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ + "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ + "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ + "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ + "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ -/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ -#define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ +/* This is generated from cli-rsa.key.der. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER cli-rsa.key.der */ +#define TEST_CLI_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ } /* END FILE */ + From c747890bfd1e1179b62c7a5b8b28e5d0ffb6a09b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 19 Jun 2023 17:54:23 +0800 Subject: [PATCH 397/553] Remove workaround code Signed-off-by: Jerry Yu --- src/test_certs.h | 106 +++++++++++++++++++++++------------------------ 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/src/test_certs.h b/src/test_certs.h index bbe7d4ecd0..866d1e0032 100644 --- a/src/test_certs.h +++ b/src/test_certs.h @@ -24,24 +24,24 @@ /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM test-ca2.crt */ #define TEST_CA_CRT_EC_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ + "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ + "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ + "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ + "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from test-ca2.crt.der. */ /* BEGIN FILE binary macro TEST_CA_CRT_EC_DER test-ca2.crt.der */ #define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ @@ -67,24 +67,24 @@ 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ + 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ + 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ + 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ + 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ + 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ + 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ + 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ + 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ + 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ + 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ } /* END FILE */ @@ -473,38 +473,38 @@ /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM server5.crt */ #define TEST_SRV_CRT_EC_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ + "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ + "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from server5.crt.der. */ /* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER server5.crt.der */ #define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ + 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ + 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ @@ -522,21 +522,21 @@ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ + 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ + 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ + 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ + 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ + 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ + 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ + 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ + 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ + 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ } /* END FILE */ From e0f1264bd687ba36589bbfc1c216b942b18d54dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 7 Jun 2023 13:07:21 +0200 Subject: [PATCH 398/553] Create psa_util_internal.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Most functions in psa_util.h are going to end up there (except those that can be static in one file), but I wanted to have separate commits for file creation and moving code around, so for now the new file's pretty empty but that will change in the next few commits. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 6ff235dbb4..753cb4396f 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -29,7 +29,7 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/psa_util.h" +#include "psa_util_internal.h" #endif #if defined(MBEDTLS_MD_LIGHT) From a8d51b0c5948f00632a2e9ce0881ce57ef35d18e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 9 Jun 2023 11:42:11 +0200 Subject: [PATCH 399/553] Remove unnecessary (and harmful) include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Besides being unnecessary, it was causing problem when build SSL test programs, which include this header, then in turn trying to include the internal header from library, which didn't work. Signed-off-by: Manuel Pégourié-Gonnard --- include/test/psa_crypto_helpers.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 753cb4396f..34a42c448e 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -28,10 +28,6 @@ #include #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa_util_internal.h" -#endif - #if defined(MBEDTLS_MD_LIGHT) #include "mbedtls/md.h" #endif From b8f97cd205fb91e18d9f392c3dbece0d38d4f4cb Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 10 Jul 2023 11:09:40 +0800 Subject: [PATCH 400/553] Add test for cache timeout getter Signed-off-by: Pengyu Lv --- src/test_helpers/ssl_helpers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 8e67352662..5f203ab27d 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -93,6 +93,10 @@ void mbedtls_test_init_handshake_options( opts->cache = NULL; ASSERT_ALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); +#if defined(MBEDTLS_HAVE_TIME) + TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), + MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT); +#endif exit: return; #endif From 87eb4169cc978237885d336961b1ef307d03488a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 11:24:00 +0200 Subject: [PATCH 401/553] library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY Signed-off-by: Valerio Setti --- src/drivers/test_driver_key_management.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 0ebce5747a..1996651ff5 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -234,11 +234,11 @@ psa_status_t mbedtls_test_transparent_generate_key( #endif } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_rsa_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); #endif @@ -307,14 +307,14 @@ psa_status_t mbedtls_test_transparent_import_key( #endif } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_rsa_import_key( (const libtestdriver1_psa_key_attributes_t *) attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_import_key( attributes, @@ -426,7 +426,7 @@ psa_status_t mbedtls_test_opaque_import_key( data, data_length, key_buffer_temp, key_buffer_size, key_buffer_length, bits); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_import_key( attributes, @@ -576,13 +576,13 @@ psa_status_t mbedtls_test_transparent_export_public_key( #endif } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) return libtestdriver1_mbedtls_psa_rsa_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key( attributes, @@ -660,7 +660,7 @@ psa_status_t mbedtls_test_opaque_export_public_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer_temp, *data_length, data, data_size, data_length); -#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY) || \ +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) status = mbedtls_psa_rsa_export_public_key( attributes, From 4e9e60a707b7a67685326af7c97b5df385f6a661 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 6 Jul 2023 14:19:49 +0200 Subject: [PATCH 402/553] tests: Fix header inclusion When building tests, the path of the library directory is part of the possible paths for the includes thus no need to construct it manually when including headers. Signed-off-by: Ronald Cron --- src/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/random.c b/src/random.c index 5ca333a675..d20103c351 100644 --- a/src/random.c +++ b/src/random.c @@ -36,7 +36,7 @@ #include #include -#include "../../library/alignment.h" +#include int mbedtls_test_rnd_std_rand(void *rng_state, unsigned char *output, From aaf1143d88fd5f18a908a28a06c1e68e175eb983 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 12 Jul 2023 11:22:59 +0100 Subject: [PATCH 403/553] Move declarations to top in ssl_helpers.c Signed-off-by: Agathiyan Bragadeesh --- src/test_helpers/ssl_helpers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index e8bbc78d1e..756e600d97 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -926,13 +926,14 @@ int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, int *written, const int expected_fragments) { + int ret; /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); } - int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); + ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); if (ret > 0) { *written += ret; } @@ -972,13 +973,14 @@ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, int *read, int *fragments, const int expected_fragments) { + int ret; /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); } - int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); + ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); if (ret > 0) { (*fragments)++; *read += ret; From a11c4da6dd693ab7accab40353ebcbdccb834b9a Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 14 Jul 2023 17:29:43 +0100 Subject: [PATCH 404/553] Add type casts in psa_exercise_key Signed-off-by: Agathiyan Bragadeesh --- src/psa_exercise_key.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 7f93496e7c..d9228f4423 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -692,7 +692,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, end - p); + TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { goto exit; } @@ -722,7 +722,7 @@ int mbedtls_test_psa_exported_key_sanity_check( if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; } - TEST_EQUAL(p - end, 0); + TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); } else @@ -748,14 +748,14 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, end - p); + TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { goto exit; } if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { goto exit; } - TEST_EQUAL(p - end, 0); + TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); TEST_ASSERT(exported_length <= From a40c4f7862e2e7a9bb80a4c6ab47356a671ef87d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 12 Jul 2023 11:21:54 +0100 Subject: [PATCH 405/553] Add enum casts in ssl_helpers.c Signed-off-by: Agathiyan Bragadeesh --- src/test_helpers/ssl_helpers.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index e8bbc78d1e..12218634e7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1020,10 +1020,10 @@ static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = ciphersuite_info->max_tls_version; + conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; } if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = ciphersuite_info->min_tls_version; + conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; } mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); @@ -1140,7 +1140,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, maclen = 0; /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type(cipher_type); + cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); CHK(cipher_info != NULL); CHK(cipher_info->iv_size <= 16); CHK(cipher_info->key_bitlen % 8 == 0); @@ -1198,10 +1198,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, if (cipher_info->mode == MBEDTLS_MODE_CBC || cipher_info->mode == MBEDTLS_MODE_STREAM) { #if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); + mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); CHK(md_info != NULL); #endif - maclen = mbedtls_md_get_size_from_type(hash_id); + maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); CHK(maclen != 0); /* Pick hash keys */ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); From 80d53b3bc2d9bdbc3d7d9d08dd2ab789e4cb2a1c Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 17 Jul 2023 18:27:03 +0100 Subject: [PATCH 406/553] Add cast in test macros.h Signed-off-by: Agathiyan Bragadeesh --- include/test/macros.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/test/macros.h b/include/test/macros.h index ae84ec2363..c61f4fde65 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -73,7 +73,7 @@ #define TEST_EQUAL(expr1, expr2) \ do { \ if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ + (unsigned long long) (expr1), (unsigned long long) (expr2))) \ goto exit; \ } while (0) From c36da3de9a4ff2de933b5b3c82d4c4ee1a215a8d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 14 Jul 2023 17:28:27 +0100 Subject: [PATCH 407/553] Add ASSERT_FALSE macro for tests Signed-off-by: Agathiyan Bragadeesh --- include/test/macros.h | 10 ++++++++++ src/psa_exercise_key.c | 8 ++++---- src/test_helpers/ssl_helpers.c | 4 ++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index ae84ec2363..4d88029098 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -61,6 +61,16 @@ } \ } while (0) +/** This macro asserts fails the test with given output message. + * + * \param MESSAGE The message to be outputed on assertion + */ +#define ASSERT_FALSE(MESSAGE) \ + do { \ + mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ + goto exit; \ + } while (0) \ + /** Evaluate two integer expressions and fail the test case if they have * different values. * diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 7f93496e7c..fb4a2ce145 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -309,7 +309,7 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - TEST_ASSERT(!"No hash algorithm for hash-and-sign testing"); + ASSERT_FALSE("No hash algorithm for hash-and-sign testing"); #endif } @@ -438,7 +438,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); } else { - TEST_ASSERT(!"Key derivation algorithm not supported"); + ASSERT_FALSE("Key derivation algorithm not supported"); } if (capacity != SIZE_MAX) { @@ -798,7 +798,7 @@ int mbedtls_test_psa_exported_key_sanity_check( PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); } else { (void) exported; - TEST_ASSERT(!"Sanity check not implemented for this key type"); + ASSERT_FALSE("Sanity check not implemented for this key type"); } #if defined(MBEDTLS_DES_C) @@ -943,7 +943,7 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { ok = exercise_key_agreement_key(key, usage, alg); } else { - TEST_ASSERT(!"No code to exercise this category of algorithm"); + ASSERT_FALSE("No code to exercise this category of algorithm"); } ok = ok && exercise_export_key(key, usage); diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index e8bbc78d1e..fd13451c17 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1753,8 +1753,8 @@ static int check_ssl_version( break; default: - TEST_ASSERT( - !"Version check not implemented for this protocol version"); + ASSERT_FALSE( + "Version check not implemented for this protocol version"); } return 1; From 6d771ec641a6b6508c8011b8f6b457e60d9c0051 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 18 Jul 2023 11:45:28 +0100 Subject: [PATCH 408/553] Rename ASSERT_FALSE to TEST_FAIL Signed-off-by: Agathiyan Bragadeesh --- include/test/macros.h | 2 +- src/psa_exercise_key.c | 8 ++++---- src/test_helpers/ssl_helpers.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 4d88029098..6ddcb4c850 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -65,7 +65,7 @@ * * \param MESSAGE The message to be outputed on assertion */ -#define ASSERT_FALSE(MESSAGE) \ +#define TEST_FAIL(MESSAGE) \ do { \ mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ goto exit; \ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index fb4a2ce145..c32eca843e 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -309,7 +309,7 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, hash_alg = KNOWN_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else - ASSERT_FALSE("No hash algorithm for hash-and-sign testing"); + TEST_FAIL("No hash algorithm for hash-and-sign testing"); #endif } @@ -438,7 +438,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); } else { - ASSERT_FALSE("Key derivation algorithm not supported"); + TEST_FAIL("Key derivation algorithm not supported"); } if (capacity != SIZE_MAX) { @@ -798,7 +798,7 @@ int mbedtls_test_psa_exported_key_sanity_check( PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); } else { (void) exported; - ASSERT_FALSE("Sanity check not implemented for this key type"); + TEST_FAIL("Sanity check not implemented for this key type"); } #if defined(MBEDTLS_DES_C) @@ -943,7 +943,7 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { ok = exercise_key_agreement_key(key, usage, alg); } else { - ASSERT_FALSE("No code to exercise this category of algorithm"); + TEST_FAIL("No code to exercise this category of algorithm"); } ok = ok && exercise_export_key(key, usage); diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index fd13451c17..f1eb1a02e1 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1753,7 +1753,7 @@ static int check_ssl_version( break; default: - ASSERT_FALSE( + TEST_FAIL( "Version check not implemented for this protocol version"); } From c6a81d3a8b47ea85e35f279fd31b680f1027ca5c Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 20 Jul 2023 16:46:01 +0100 Subject: [PATCH 409/553] For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL() Signed-off-by: Tom Cosgrove --- include/test/macros.h | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index ae84ec2363..f67cfcc1b6 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -166,14 +166,16 @@ * \param size2 Size of the second buffer in bytes. * This expression may be evaluated multiple times. */ -#define ASSERT_COMPARE(p1, size1, p2, size2) \ - do \ - { \ +#define TEST_BUFFERS_EQUAL(p1, size1, p2, size2) \ + do { \ TEST_EQUAL((size1), (size2)); \ - if ((size1) != 0) \ - TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ - } \ - while (0) + if ((size1) != 0) { \ + TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \ + } \ + } while (0) + +/* For backwards compatibility */ +#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_BUFFERS_EQUAL(p1, size1, p2, size2) /** * \brief This macro tests the expression passed to it and skips the From c10bb8d0d3a72a307be99eb2ccdb8ae3f86b85b7 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 20 Jul 2023 16:48:18 +0100 Subject: [PATCH 410/553] For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL() Signed-off-by: Tom Cosgrove --- include/test/macros.h | 22 +++++++++++----------- src/psa_exercise_key.c | 10 +++++----- src/test_helpers/ssl_helpers.c | 8 ++++---- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index f67cfcc1b6..9ed7d2f76c 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -123,18 +123,18 @@ * This expression may be evaluated multiple times. * */ -#define ASSERT_ALLOC(pointer, length) \ - do \ - { \ - TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) \ - { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ +#define TEST_CALLOC_OR_FAIL(pointer, length) \ + do { \ + TEST_ASSERT((pointer) == NULL); \ + if ((length) != 0) { \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ (length)); \ - TEST_ASSERT((pointer) != NULL); \ - } \ - } \ - while (0) + TEST_ASSERT((pointer) != NULL); \ + } \ + } while (0) + +/* For backwards compatibility */ +#define ASSERT_ALLOC(pointer, length) TEST_CALLOC_OR_FAIL(pointer, length) /** Allocate memory dynamically. If the allocation fails, skip the test case. * diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 7f93496e7c..48029b491f 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -506,7 +506,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - ASSERT_ALLOC(public_key, public_key_length); + TEST_CALLOC_OR_FAIL(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -548,7 +548,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - ASSERT_ALLOC(public_key, public_key_length); + TEST_CALLOC_OR_FAIL(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -838,7 +838,7 @@ static int exercise_export_key(mbedtls_svc_key_id_t key, exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { @@ -881,7 +881,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); TEST_EQUAL(psa_export_public_key(key, exported, exported_size, &exported_length), @@ -894,7 +894,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) psa_get_key_type(&attributes)); exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, psa_get_key_bits(&attributes)); - ASSERT_ALLOC(exported, exported_size); + TEST_CALLOC_OR_FAIL(exported, exported_size); PSA_ASSERT(psa_export_public_key(key, exported, exported_size, diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 761d87787b..f70b89a000 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -91,7 +91,7 @@ void mbedtls_test_init_handshake_options( opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) opts->cache = NULL; - ASSERT_ALLOC(opts->cache, 1); + TEST_CALLOC_OR_FAIL(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), @@ -627,9 +627,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, } cert = &(ep->cert); - ASSERT_ALLOC(cert->ca_cert, 1); - ASSERT_ALLOC(cert->cert, 1); - ASSERT_ALLOC(cert->pkey, 1); + TEST_CALLOC_OR_FAIL(cert->ca_cert, 1); + TEST_CALLOC_OR_FAIL(cert->cert, 1); + TEST_CALLOC_OR_FAIL(cert->pkey, 1); mbedtls_x509_crt_init(cert->ca_cert); mbedtls_x509_crt_init(cert->cert); From 1770877713e85e9192643c1abb8fe194cac914c7 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 20 Jul 2023 16:55:14 +0100 Subject: [PATCH 411/553] For tests, rename ASSERT_ALLOC_WEAK() to TEST_CALLOC_OR_SKIP() Signed-off-by: Tom Cosgrove --- include/test/macros.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 9ed7d2f76c..c94dd976d4 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -138,21 +138,21 @@ /** Allocate memory dynamically. If the allocation fails, skip the test case. * - * This macro behaves like #ASSERT_ALLOC, except that if the allocation + * This macro behaves like #TEST_CALLOC_OR_FAIL, except that if the allocation * fails, it marks the test as skipped rather than failed. */ -#define ASSERT_ALLOC_WEAK(pointer, length) \ - do \ - { \ - TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) \ - { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ +#define TEST_CALLOC_OR_SKIP(pointer, length) \ + do { \ + TEST_ASSERT((pointer) == NULL); \ + if ((length) != 0) { \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ (length)); \ - TEST_ASSUME((pointer) != NULL); \ - } \ - } \ - while (0) + TEST_ASSUME((pointer) != NULL); \ + } \ + } while (0) + +/* For backwards compatibility */ +#define ASSERT_ALLOC_WEAK(pointer, length) TEST_CALLOC_OR_SKIP(pointer, length) /** Compare two buffers and fail the test case if they differ. * From 64ecbe1e79ba81434d760a7b0afda77ae49cbba7 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jul 2023 11:31:13 +0100 Subject: [PATCH 412/553] For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC() Signed-off-by: Tom Cosgrove --- include/test/macros.h | 6 +++--- src/psa_exercise_key.c | 10 +++++----- src/test_helpers/ssl_helpers.c | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index c94dd976d4..7c62c7ed7c 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -123,7 +123,7 @@ * This expression may be evaluated multiple times. * */ -#define TEST_CALLOC_OR_FAIL(pointer, length) \ +#define TEST_CALLOC(pointer, length) \ do { \ TEST_ASSERT((pointer) == NULL); \ if ((length) != 0) { \ @@ -134,11 +134,11 @@ } while (0) /* For backwards compatibility */ -#define ASSERT_ALLOC(pointer, length) TEST_CALLOC_OR_FAIL(pointer, length) +#define ASSERT_ALLOC(pointer, length) TEST_CALLOC(pointer, length) /** Allocate memory dynamically. If the allocation fails, skip the test case. * - * This macro behaves like #TEST_CALLOC_OR_FAIL, except that if the allocation + * This macro behaves like #TEST_CALLOC, except that if the allocation * fails, it marks the test as skipped rather than failed. */ #define TEST_CALLOC_OR_SKIP(pointer, length) \ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 48029b491f..ef1d261c85 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -506,7 +506,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC_OR_FAIL(public_key, public_key_length); + TEST_CALLOC(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -548,7 +548,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); - TEST_CALLOC_OR_FAIL(public_key, public_key_length); + TEST_CALLOC(public_key, public_key_length); PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, &public_key_length)); @@ -838,7 +838,7 @@ static int exercise_export_key(mbedtls_svc_key_id_t key, exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(exported, exported_size); if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { @@ -881,7 +881,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(exported, exported_size); TEST_EQUAL(psa_export_public_key(key, exported, exported_size, &exported_length), @@ -894,7 +894,7 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) psa_get_key_type(&attributes)); exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, psa_get_key_bits(&attributes)); - TEST_CALLOC_OR_FAIL(exported, exported_size); + TEST_CALLOC(exported, exported_size); PSA_ASSERT(psa_export_public_key(key, exported, exported_size, diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index f70b89a000..506d949f41 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -91,7 +91,7 @@ void mbedtls_test_init_handshake_options( opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) opts->cache = NULL; - TEST_CALLOC_OR_FAIL(opts->cache, 1); + TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) TEST_EQUAL(mbedtls_ssl_cache_get_timeout(opts->cache), @@ -627,9 +627,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, } cert = &(ep->cert); - TEST_CALLOC_OR_FAIL(cert->ca_cert, 1); - TEST_CALLOC_OR_FAIL(cert->cert, 1); - TEST_CALLOC_OR_FAIL(cert->pkey, 1); + TEST_CALLOC(cert->ca_cert, 1); + TEST_CALLOC(cert->cert, 1); + TEST_CALLOC(cert->pkey, 1); mbedtls_x509_crt_init(cert->ca_cert); mbedtls_x509_crt_init(cert->cert); From ea224510dd2686b35f35fd4c0640e9cb643aae88 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jul 2023 11:34:44 +0100 Subject: [PATCH 413/553] Rename the length argument to TEST_CALLOC() to be the more accurate item_count Signed-off-by: Tom Cosgrove --- include/test/macros.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 7c62c7ed7c..ecf6a17536 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -107,52 +107,52 @@ * The allocated memory will be filled with zeros. * * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free( pointer )` in the test's cleanup code. + * put `mbedtls_free(pointer)` in the test's cleanup code. * - * If \p length is zero, the resulting \p pointer will be \c NULL. + * If \p item_count is zero, the resulting \p pointer will be \c NULL. * This is usually what we want in tests since API functions are * supposed to accept null pointers when a buffer size is zero. * * This macro expands to an instruction, not an expression. * It may jump to the \c exit label. * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param length Number of elements to allocate. - * This expression may be evaluated multiple times. + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param item_count Number of elements to allocate. + * This expression may be evaluated multiple times. * */ -#define TEST_CALLOC(pointer, length) \ +#define TEST_CALLOC(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) { \ + if ((item_count) != 0) { \ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (length)); \ + (item_count)); \ TEST_ASSERT((pointer) != NULL); \ } \ } while (0) /* For backwards compatibility */ -#define ASSERT_ALLOC(pointer, length) TEST_CALLOC(pointer, length) +#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count) /** Allocate memory dynamically. If the allocation fails, skip the test case. * * This macro behaves like #TEST_CALLOC, except that if the allocation * fails, it marks the test as skipped rather than failed. */ -#define TEST_CALLOC_OR_SKIP(pointer, length) \ +#define TEST_CALLOC_OR_SKIP(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ - if ((length) != 0) { \ + if ((item_count) != 0) { \ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (length)); \ + (item_count)); \ TEST_ASSUME((pointer) != NULL); \ } \ } while (0) /* For backwards compatibility */ -#define ASSERT_ALLOC_WEAK(pointer, length) TEST_CALLOC_OR_SKIP(pointer, length) +#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count) /** Compare two buffers and fail the test case if they differ. * From 81144c6ad2e64c9efaad54b417b9bd2e016b4af2 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jul 2023 11:40:20 +0100 Subject: [PATCH 414/553] For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE() Signed-off-by: Tom Cosgrove --- include/test/macros.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index ecf6a17536..2c17745a71 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -166,7 +166,7 @@ * \param size2 Size of the second buffer in bytes. * This expression may be evaluated multiple times. */ -#define TEST_BUFFERS_EQUAL(p1, size1, p2, size2) \ +#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \ do { \ TEST_EQUAL((size1), (size2)); \ if ((size1) != 0) { \ @@ -175,7 +175,7 @@ } while (0) /* For backwards compatibility */ -#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_BUFFERS_EQUAL(p1, size1, p2, size2) +#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2) /** * \brief This macro tests the expression passed to it and skips the From 18cca241b9205cdb19f038aeaee12c6bba0c2ed7 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 21 Jul 2023 17:07:00 +0100 Subject: [PATCH 415/553] Remove trailing backslash Signed-off-by: Agathiyan Bragadeesh --- include/test/macros.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 6ddcb4c850..0928e5b051 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -68,8 +68,8 @@ #define TEST_FAIL(MESSAGE) \ do { \ mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \ - goto exit; \ - } while (0) \ + goto exit; \ + } while (0) /** Evaluate two integer expressions and fail the test case if they have * different values. From d249be4b2f913616a65a635014afc2abb55b5883 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 25 Jul 2023 11:33:00 +0100 Subject: [PATCH 416/553] Remove redundant casts Signed-off-by: Agathiyan Bragadeesh --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index d9228f4423..1ef26221bb 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -692,7 +692,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); + TEST_EQUAL(len, end - p); if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) { goto exit; } @@ -722,7 +722,7 @@ int mbedtls_test_psa_exported_key_sanity_check( if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) { goto exit; } - TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); + TEST_EQUAL(p - end, 0); TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE); } else From e4eaa4e18c35f591b48788935f91ffb7d5e938fe Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 25 Jul 2023 12:28:59 +0100 Subject: [PATCH 417/553] Remove remaining redundant casts Signed-off-by: Agathiyan Bragadeesh --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 1ef26221bb..7f93496e7c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -748,14 +748,14 @@ int mbedtls_test_psa_exported_key_sanity_check( MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(len, (uintptr_t) end - (uintptr_t) p); + TEST_EQUAL(len, end - p); if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) { goto exit; } if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) { goto exit; } - TEST_EQUAL((uintptr_t) p - (uintptr_t) end, 0); + TEST_EQUAL(p - end, 0); TEST_ASSERT(exported_length <= From 58e9d24f7cba9fd27430354309f3be5601656a8b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jul 2023 15:34:41 +0200 Subject: [PATCH 418/553] psa: replace DH_KEY_PAIR_LEGACY with new symbols Signed-off-by: Valerio Setti --- src/drivers/test_driver_key_management.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 1996651ff5..19da47ad67 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -245,7 +245,7 @@ psa_status_t mbedtls_test_transparent_generate_key( } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_ffdh_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, key, key_size, key_length); From 8f68fa9db03da560f6e865f8161298a40be59a3b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 18:22:56 +0100 Subject: [PATCH 419/553] Fix asm Memsan workaround Signed-off-by: Dave Rodgman --- include/test/constant_flow.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index f3d676e285..572835713f 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -32,14 +32,27 @@ * #define TEST_CF_SECRET(ptr, size) * #define TEST_CF_PUBLIC(ptr, size) * + * and + * + * #define TEST_CF_SAVE_SECRET(variable) + * #define TEST_CF_RESTORE_SECRET(variable) + * * that can be used in tests to mark a memory area as secret (no branch or * memory access should depend on it) or public (default, only needs to be * marked explicitly when it was derived from secret data). * + * The SAVE/RESTORE forms mark a variable as public, and subsequently restore its + * previous secret/not-secret state. This is used where library code is generating + * false positives and needs to temporarily disable Memsan checks for a particular + * variable, and then restore it's original state afterwards so it doesn't interfere + * with other checks. + * * Arguments: * - ptr: a pointer to the memory area to be marked * - size: the size in bytes of the memory area * + * - variable: a variable name + * * Implementation: * The basic idea is that of ctgrind : we can * re-use tools that were designed for checking use of uninitialized memory. @@ -63,6 +76,9 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); +#define TEST_CF_SAVE_SECRET(_x) int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; TEST_CF_PUBLIC(&(_x), sizeof(_x)); +#define TEST_CF_RESTORE_SECRET(_x) do { if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); } while(0) + #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include @@ -71,12 +87,18 @@ #define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED // VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) +#define TEST_CF_SAVE_SECRET(_x) +#define TEST_CF_RESTORE_SECRET(_x) + #else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #define TEST_CF_SECRET(ptr, size) #define TEST_CF_PUBLIC(ptr, size) +#define TEST_CF_SAVE_SECRET(_x) +#define TEST_CF_RESTORE_SECRET(_x) + #endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ From 58505932429e8398dc948219c8069b222cff8664 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 18:29:41 +0100 Subject: [PATCH 420/553] code style Signed-off-by: Dave Rodgman --- include/test/constant_flow.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index 572835713f..ff464e617c 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -76,8 +76,11 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); -#define TEST_CF_SAVE_SECRET(_x) int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; TEST_CF_PUBLIC(&(_x), sizeof(_x)); -#define TEST_CF_RESTORE_SECRET(_x) do { if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); } while(0) +#define TEST_CF_SAVE_SECRET(_x) \ + int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; \ + TEST_CF_PUBLIC(&(_x), sizeof(_x)); +#define TEST_CF_RESTORE_SECRET(_x) \ + if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include From 8e0dd5dffed5bb98ff9d99e9abc6e918dd277a18 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 12:38:55 +0100 Subject: [PATCH 421/553] Move constant_flow.h into the main library Signed-off-by: Dave Rodgman --- include/test/constant_flow.h | 108 ----------------------------------- src/helpers.c | 2 +- 2 files changed, 1 insertion(+), 109 deletions(-) delete mode 100644 include/test/constant_flow.h diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h deleted file mode 100644 index ff464e617c..0000000000 --- a/include/test/constant_flow.h +++ /dev/null @@ -1,108 +0,0 @@ -/** - * \file constant_flow.h - * - * \brief This file contains tools to ensure tested code has constant flow. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_CONSTANT_FLOW_H -#define TEST_CONSTANT_FLOW_H - -#include "mbedtls/build_info.h" - -/* - * This file defines the two macros - * - * #define TEST_CF_SECRET(ptr, size) - * #define TEST_CF_PUBLIC(ptr, size) - * - * and - * - * #define TEST_CF_SAVE_SECRET(variable) - * #define TEST_CF_RESTORE_SECRET(variable) - * - * that can be used in tests to mark a memory area as secret (no branch or - * memory access should depend on it) or public (default, only needs to be - * marked explicitly when it was derived from secret data). - * - * The SAVE/RESTORE forms mark a variable as public, and subsequently restore its - * previous secret/not-secret state. This is used where library code is generating - * false positives and needs to temporarily disable Memsan checks for a particular - * variable, and then restore it's original state afterwards so it doesn't interfere - * with other checks. - * - * Arguments: - * - ptr: a pointer to the memory area to be marked - * - size: the size in bytes of the memory area - * - * - variable: a variable name - * - * Implementation: - * The basic idea is that of ctgrind : we can - * re-use tools that were designed for checking use of uninitialized memory. - * This file contains two implementations: one based on MemorySanitizer, the - * other on valgrind's memcheck. If none of them is enabled, dummy macros that - * do nothing are defined for convenience. - * - * \note #TEST_CF_SECRET must be called directly from within a .function file, - * not indirectly via a macro defined under tests/include or a function - * under tests/src. This is because we only run Valgrind for constant - * flow on test suites that have greppable annotations inside them (see - * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). - */ - -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) -#include - -/* Use macros to avoid messing up with origin tracking */ -#define TEST_CF_SECRET __msan_allocated_memory -// void __msan_allocated_memory(const volatile void* data, size_t size); -#define TEST_CF_PUBLIC __msan_unpoison -// void __msan_unpoison(const volatile void *a, size_t size); - -#define TEST_CF_SAVE_SECRET(_x) \ - int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; \ - TEST_CF_PUBLIC(&(_x), sizeof(_x)); -#define TEST_CF_RESTORE_SECRET(_x) \ - if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); - -#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) -#include - -#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED -// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) -#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED -// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) - -#define TEST_CF_SAVE_SECRET(_x) -#define TEST_CF_RESTORE_SECRET(_x) - -#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || - MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#define TEST_CF_SECRET(ptr, size) -#define TEST_CF_PUBLIC(ptr, size) - -#define TEST_CF_SAVE_SECRET(_x) -#define TEST_CF_RESTORE_SECRET(_x) - -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || - MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#endif /* TEST_CONSTANT_FLOW_H */ diff --git a/src/helpers.c b/src/helpers.c index 30fd362c01..1062560f20 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -15,7 +15,7 @@ * limitations under the License. */ -#include +#include "constant_flow.h" #include #include #include From d759527c4e70233b75318ac0ce1382c8e596d94a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 16:34:19 +0100 Subject: [PATCH 422/553] Revert "Move constant_flow.h into the main library" This reverts commit 8e0dd5dffed5bb98ff9d99e9abc6e918dd277a18. Signed-off-by: Dave Rodgman --- include/test/constant_flow.h | 108 +++++++++++++++++++++++++++++++++++ src/helpers.c | 2 +- 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 include/test/constant_flow.h diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h new file mode 100644 index 0000000000..ff464e617c --- /dev/null +++ b/include/test/constant_flow.h @@ -0,0 +1,108 @@ +/** + * \file constant_flow.h + * + * \brief This file contains tools to ensure tested code has constant flow. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_CONSTANT_FLOW_H +#define TEST_CONSTANT_FLOW_H + +#include "mbedtls/build_info.h" + +/* + * This file defines the two macros + * + * #define TEST_CF_SECRET(ptr, size) + * #define TEST_CF_PUBLIC(ptr, size) + * + * and + * + * #define TEST_CF_SAVE_SECRET(variable) + * #define TEST_CF_RESTORE_SECRET(variable) + * + * that can be used in tests to mark a memory area as secret (no branch or + * memory access should depend on it) or public (default, only needs to be + * marked explicitly when it was derived from secret data). + * + * The SAVE/RESTORE forms mark a variable as public, and subsequently restore its + * previous secret/not-secret state. This is used where library code is generating + * false positives and needs to temporarily disable Memsan checks for a particular + * variable, and then restore it's original state afterwards so it doesn't interfere + * with other checks. + * + * Arguments: + * - ptr: a pointer to the memory area to be marked + * - size: the size in bytes of the memory area + * + * - variable: a variable name + * + * Implementation: + * The basic idea is that of ctgrind : we can + * re-use tools that were designed for checking use of uninitialized memory. + * This file contains two implementations: one based on MemorySanitizer, the + * other on valgrind's memcheck. If none of them is enabled, dummy macros that + * do nothing are defined for convenience. + * + * \note #TEST_CF_SECRET must be called directly from within a .function file, + * not indirectly via a macro defined under tests/include or a function + * under tests/src. This is because we only run Valgrind for constant + * flow on test suites that have greppable annotations inside them (see + * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`). + */ + +#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) +#include + +/* Use macros to avoid messing up with origin tracking */ +#define TEST_CF_SECRET __msan_allocated_memory +// void __msan_allocated_memory(const volatile void* data, size_t size); +#define TEST_CF_PUBLIC __msan_unpoison +// void __msan_unpoison(const volatile void *a, size_t size); + +#define TEST_CF_SAVE_SECRET(_x) \ + int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; \ + TEST_CF_PUBLIC(&(_x), sizeof(_x)); +#define TEST_CF_RESTORE_SECRET(_x) \ + if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); + +#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) +#include + +#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED +// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len) +#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED +// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) + +#define TEST_CF_SAVE_SECRET(_x) +#define TEST_CF_RESTORE_SECRET(_x) + +#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || + MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ + +#define TEST_CF_SECRET(ptr, size) +#define TEST_CF_PUBLIC(ptr, size) + +#define TEST_CF_SAVE_SECRET(_x) +#define TEST_CF_RESTORE_SECRET(_x) + +#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || + MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ + +#endif /* TEST_CONSTANT_FLOW_H */ diff --git a/src/helpers.c b/src/helpers.c index 1062560f20..30fd362c01 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -15,7 +15,7 @@ * limitations under the License. */ -#include "constant_flow.h" +#include #include #include #include From 7c381e1a35d3b925ee116a6c3d243dbb8fa54130 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Jul 2023 16:54:00 +0100 Subject: [PATCH 423/553] Revert to not enabling asm under Memsan Signed-off-by: Dave Rodgman --- include/test/constant_flow.h | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index ff464e617c..f3d676e285 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -32,27 +32,14 @@ * #define TEST_CF_SECRET(ptr, size) * #define TEST_CF_PUBLIC(ptr, size) * - * and - * - * #define TEST_CF_SAVE_SECRET(variable) - * #define TEST_CF_RESTORE_SECRET(variable) - * * that can be used in tests to mark a memory area as secret (no branch or * memory access should depend on it) or public (default, only needs to be * marked explicitly when it was derived from secret data). * - * The SAVE/RESTORE forms mark a variable as public, and subsequently restore its - * previous secret/not-secret state. This is used where library code is generating - * false positives and needs to temporarily disable Memsan checks for a particular - * variable, and then restore it's original state afterwards so it doesn't interfere - * with other checks. - * * Arguments: * - ptr: a pointer to the memory area to be marked * - size: the size in bytes of the memory area * - * - variable: a variable name - * * Implementation: * The basic idea is that of ctgrind : we can * re-use tools that were designed for checking use of uninitialized memory. @@ -76,12 +63,6 @@ #define TEST_CF_PUBLIC __msan_unpoison // void __msan_unpoison(const volatile void *a, size_t size); -#define TEST_CF_SAVE_SECRET(_x) \ - int _test_cf_is_public_ ## _x = __msan_test_shadow(&(_x), sizeof(_x)) == -1; \ - TEST_CF_PUBLIC(&(_x), sizeof(_x)); -#define TEST_CF_RESTORE_SECRET(_x) \ - if (!_test_cf_is_public_ ## _x) TEST_CF_SECRET(&(_x), sizeof(_x)); - #elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) #include @@ -90,18 +71,12 @@ #define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED // VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len) -#define TEST_CF_SAVE_SECRET(_x) -#define TEST_CF_RESTORE_SECRET(_x) - #else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ #define TEST_CF_SECRET(ptr, size) #define TEST_CF_PUBLIC(ptr, size) -#define TEST_CF_SAVE_SECRET(_x) -#define TEST_CF_RESTORE_SECRET(_x) - #endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN || MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ From 78759de40682f74ebe510bca0ab756d2b66d4d96 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Aug 2023 12:00:06 +0200 Subject: [PATCH 424/553] Copy test certificates files from development Copy updated test certificates and related data (keys, CSR, etc.) from development. This replaces certificates that will expire on 2023-09-07, causing the unit tests to fail. This also adds new data files that are not used, and moves some files. The replacement data is good until 2023-12-31. The update causes some parsing unit tests to fail because the new certificates have a different expiry date. This will be fixed in a subsequent commit. ``` git checkout dc2d7cce02a273f6ec6a7cd78512dfeaf633a3a5 -- tests/data_files tests/src/test_certs.h tests/src/certs.c ``` Signed-off-by: Gilles Peskine --- src/certs.c | 1294 +--------------------------------------------- src/test_certs.h | 1238 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1257 insertions(+), 1275 deletions(-) create mode 100644 src/test_certs.h diff --git a/src/certs.c b/src/certs.c index bd5c49e646..b834e4aa14 100644 --- a/src/certs.c +++ b/src/certs.c @@ -23,1265 +23,9 @@ #include "mbedtls/build_info.h" -#include "mbedtls/legacy_or_psa.h" - #include "mbedtls/pk.h" -/* - * Test CA Certificates - * - * We define test CA certificates for each choice of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - * - */ - -/* This is taken from tests/data_files/test-ca2.crt */ -/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca2.key.enc */ -/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ -#define TEST_CA_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ - "\r\n" \ - "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ - "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ - "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ - "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_EC_PEM "PolarSSLTest" - -/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ -#define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha256.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ -#define TEST_CA_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ - "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ - "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ - "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ - "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ - "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ - "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/test-ca-sha256.crt.der - * using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ -#define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha1.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ -#define TEST_CA_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ - "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \ - "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \ - "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \ - "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \ - "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \ - "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ -#define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d, \ - 0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52, \ - 0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f, \ - 0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08, \ - 0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7, \ - 0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a, \ - 0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff, \ - 0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f, \ - 0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a, \ - 0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9, \ - 0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15, \ - 0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93, \ - 0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5, \ - 0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a, \ - 0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95, \ - 0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c, \ - 0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf, \ - 0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea, \ - 0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89, \ - 0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12, \ - 0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda, \ - 0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/test-ca.key */ -/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ -#define TEST_CA_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \ - "\r\n" \ - "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \ - "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \ - "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \ - "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \ - "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \ - "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \ - "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \ - "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \ - "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \ - "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \ - "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \ - "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \ - "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \ - "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \ - "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \ - "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \ - "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \ - "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \ - "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \ - "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \ - "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \ - "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \ - "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \ - "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \ - "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" - -/* This was generated from test-ca.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ -#define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ -} -/* END FILE */ - -/* - * Test server Certificates - * - * Test server certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - SHA-1 or SHA-256 hash - * - RSA or EC key - * - * Things to add: - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/server5.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server5.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ -#define TEST_SRV_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ - "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ -#define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2-sha256.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ -#define TEST_SRV_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ - "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ - "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ - "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ - "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ - "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ - "pMZqLmbBm/7WPLc=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/server2-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ -#define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ -#define TEST_SRV_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ - "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ - "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ - "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ - "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ - "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ - "Awgk0+4m0T25cNs=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is taken from tests/data_files/server2.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ -#define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5, \ - 0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0, \ - 0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8, \ - 0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce, \ - 0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85, \ - 0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86, \ - 0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43, \ - 0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc, \ - 0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d, \ - 0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1, \ - 0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02, \ - 0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89, \ - 0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e, \ - 0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2, \ - 0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb, \ - 0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c, \ - 0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35, \ - 0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b, \ - 0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11, \ - 0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60, \ - 0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b, \ - 0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/server2.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ -#define TEST_SRV_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ - "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ - "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ - "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ - "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ - "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ - "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ - "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ - "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ - "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ - "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ - "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ - "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ - "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ - "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ - "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ - "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ - "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ - "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ - "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ - "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ - "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ - "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ - "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ - "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ -#define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ -} -/* END FILE */ - -/* - * Test client Certificates - * - * Test client certificates are defined for each choice - * of the following parameters: - * - PEM or DER encoding - * - RSA or EC key - * - * Things to add: - * - hash type - * - multiple EC curve types - */ - -/* This is taken from tests/data_files/cli2.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ -#define TEST_CLI_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ - "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ - "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ - "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ - "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ - "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ - "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ - "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ - "a9Vk\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ -#define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli2.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ -#define TEST_CLI_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ - "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ -#define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ -#define TEST_CLI_CRT_RSA_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ - "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ - "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ - "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ - "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ - "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ - "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ - "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ - "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ - "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ - "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ - "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ - "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ - "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ - "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This was generated from tests/data_files/cli-rsa-sha256.crt.der - using `xxd -i.` */ -/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ -#define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ -} -/* END FILE */ - -/* This is taken from tests/data_files/cli-rsa.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ -#define TEST_CLI_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ - "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ - "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ - "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ - "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ - "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ - "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ - "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ - "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ - "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ - "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ - "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ - "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ - "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ - "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ - "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ - "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ - "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ - "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ - "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ - "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ - "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ - "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ - "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ - "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ - -/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ -#define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ -} -/* END FILE */ +#include "test_certs.h" /* * @@ -1569,13 +313,13 @@ const size_t mbedtls_test_cli_crt_ec_len = * Dispatch between SHA-1 and SHA-256 */ -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) #define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 #define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 #else #define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 #define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA256 */ const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; @@ -1674,10 +418,10 @@ const size_t mbedtls_test_cli_crt_len = /* List of CAs in PEM or DER, depending on config */ const char *mbedtls_test_cas[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA1) mbedtls_test_ca_crt_rsa_sha1, #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) mbedtls_test_ca_crt_rsa_sha256, #endif #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -1686,10 +430,10 @@ const char *mbedtls_test_cas[] = { NULL }; const size_t mbedtls_test_cas_len[] = { -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA1) sizeof(mbedtls_test_ca_crt_rsa_sha1), #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) sizeof(mbedtls_test_ca_crt_rsa_sha256), #endif #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -1701,12 +445,12 @@ const size_t mbedtls_test_cas_len[] = { /* List of all available CA certificates in DER format */ const unsigned char *mbedtls_test_cas_der[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) mbedtls_test_ca_crt_rsa_sha256_der, -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#endif /* MBEDTLS_MD_CAN_SHA256 */ +#if defined(MBEDTLS_MD_CAN_SHA1) mbedtls_test_ca_crt_rsa_sha1_der, -#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) mbedtls_test_ca_crt_ec_der, @@ -1716,12 +460,12 @@ const unsigned char *mbedtls_test_cas_der[] = { const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) sizeof(mbedtls_test_ca_crt_rsa_sha256_der), -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#endif /* MBEDTLS_MD_CAN_SHA256 */ +#if defined(MBEDTLS_MD_CAN_SHA1) sizeof(mbedtls_test_ca_crt_rsa_sha1_der), -#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) sizeof(mbedtls_test_ca_crt_ec_der), @@ -1733,12 +477,12 @@ const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_PEM_PARSE_C) const char mbedtls_test_cas_pem[] = #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#if defined(MBEDTLS_MD_CAN_SHA256) TEST_CA_CRT_RSA_SHA256_PEM -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) +#endif /* MBEDTLS_MD_CAN_SHA256 */ +#if defined(MBEDTLS_MD_CAN_SHA1) TEST_CA_CRT_RSA_SHA1_PEM -#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) TEST_CA_CRT_EC_PEM diff --git a/src/test_certs.h b/src/test_certs.h new file mode 100644 index 0000000000..866d1e0032 --- /dev/null +++ b/src/test_certs.h @@ -0,0 +1,1238 @@ +/* + * X.509 test certificates + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ +/* *INDENT-OFF* */ + +/* This is taken from test-ca2.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM test-ca2.crt */ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ + "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ + "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ + "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ + "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from test-ca2.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER test-ca2.crt.der */ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ + 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ + 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ + 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ + 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ + 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ + 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ + 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ + 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ + 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ + 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ +} +/* END FILE */ + +/* This is taken from test-ca2.key.enc. */ +/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM test-ca2.key.enc */ +#define TEST_CA_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ + "\r\n" \ + "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ + "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ + "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ + "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_EC_PEM "PolarSSLTest" + +/* This is generated from test-ca2.key.der. */ +/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER test-ca2.key.der */ +#define TEST_CA_KEY_EC_DER { \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ +} +/* END FILE */ + +/* This is taken from test-ca-sha256.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM test-ca-sha256.crt */ +#define TEST_CA_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ + "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ + "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ + "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ + "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ + "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ + "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from test-ca-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER test-ca-sha256.crt.der */ +#define TEST_CA_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ +} +/* END FILE */ + +/* This is taken from test-ca-sha1.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM test-ca-sha1.crt */ +#define TEST_CA_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ + "A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL\r\n" \ + "hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm\r\n" \ + "8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD\r\n" \ + "zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ\r\n" \ + "0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/\r\n" \ + "mtxyUALj2pQxRitopORFQdn7AOY5\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from test-ca-sha1.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER test-ca-sha1.crt.der */ +#define TEST_CA_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0x66, 0x23, 0x51, 0x15, 0xd8, 0x9a, \ + 0xea, 0x4b, 0x24, 0x68, 0xf9, 0xe1, 0xae, 0xa7, 0xa3, 0x21, 0x1a, 0xbc, \ + 0x60, 0xc1, 0x06, 0x01, 0xfd, 0xa8, 0x20, 0xf9, 0xf2, 0x67, 0xbf, 0x31, \ + 0xa3, 0x21, 0x11, 0x81, 0xcd, 0xf9, 0x94, 0x71, 0xb2, 0x32, 0xdb, 0x0b, \ + 0x85, 0x68, 0x9c, 0x36, 0x33, 0xf8, 0x77, 0xf8, 0x52, 0xf4, 0x0b, 0x38, \ + 0x8f, 0x92, 0x80, 0xda, 0x07, 0x4d, 0x1a, 0x2e, 0x44, 0x4c, 0x0d, 0x57, \ + 0xed, 0x2a, 0x30, 0x58, 0xe1, 0xac, 0xaf, 0x28, 0xaf, 0x4a, 0x93, 0x12, \ + 0x1d, 0x5c, 0xb5, 0xf8, 0x77, 0x5f, 0x5a, 0x5b, 0x18, 0x40, 0xec, 0xe6, \ + 0xf2, 0x8f, 0x9f, 0x69, 0x03, 0x54, 0x9b, 0xc5, 0xf3, 0x3d, 0x59, 0xad, \ + 0xb5, 0xf0, 0x15, 0xb2, 0x9c, 0x5e, 0x1d, 0x2c, 0x49, 0x67, 0x7e, 0x8e, \ + 0xa3, 0xe4, 0x16, 0x67, 0x9c, 0x19, 0x94, 0x22, 0x04, 0xca, 0x31, 0x1d, \ + 0x2d, 0x42, 0x1d, 0xf9, 0x39, 0xb8, 0x07, 0x3d, 0xc1, 0xe6, 0x34, 0x43, \ + 0xcd, 0x96, 0xbf, 0x49, 0xaa, 0x83, 0xa2, 0x4a, 0xba, 0xe8, 0xdd, 0xb3, \ + 0xa5, 0xb8, 0x0a, 0x28, 0x09, 0x77, 0x19, 0x4d, 0x8e, 0xfb, 0xe7, 0xc1, \ + 0xa8, 0xfd, 0x9d, 0x4a, 0x47, 0x50, 0xca, 0x49, 0x93, 0xc6, 0x12, 0xcb, \ + 0x59, 0x13, 0x7c, 0x14, 0x9a, 0xa1, 0x60, 0x04, 0xf2, 0x42, 0x7b, 0x59, \ + 0xd1, 0x04, 0xa2, 0xdd, 0x6f, 0x47, 0x7d, 0x26, 0x4f, 0x9c, 0x54, 0xdc, \ + 0x3c, 0x85, 0xde, 0xa2, 0x23, 0xdd, 0xda, 0x92, 0xe5, 0xc6, 0xdd, 0x61, \ + 0x66, 0xef, 0x1d, 0xc2, 0xcd, 0x8b, 0x4d, 0x71, 0x3a, 0xde, 0xe3, 0xfa, \ + 0x30, 0xce, 0x0b, 0x1e, 0xf5, 0xb1, 0x8a, 0xe2, 0x5a, 0x5a, 0x43, 0xff, \ + 0x9a, 0xdc, 0x72, 0x50, 0x02, 0xe3, 0xda, 0x94, 0x31, 0x46, 0x2b, 0x68, \ + 0xa4, 0xe4, 0x45, 0x41, 0xd9, 0xfb, 0x00, 0xe6, 0x39 \ +} +/* END FILE */ + +/* This is taken from test-ca.key. */ +/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM test-ca.key */ +#define TEST_CA_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ + "\r\n" \ + "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ + "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ + "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ + "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ + "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ + "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ + "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ + "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ + "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ + "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ + "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ + "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ + "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ + "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ + "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ + "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ + "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ + "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ + "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ + "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ + "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ + "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ + "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ + "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ + "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" + +/* This is generated from test-ca.key.der. */ +/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER test-ca.key.der */ +#define TEST_CA_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ +} +/* END FILE */ + +/* This is taken from server5.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM server5.crt */ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ + "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ + "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from server5.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER server5.crt.der */ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ + 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ + 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ + 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ + 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ + 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ + 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ + 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ + 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ + 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ + 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ + 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ +} +/* END FILE */ + +/* This is taken from server5.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM server5.key */ +#define TEST_SRV_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from server5.key.der. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER server5.key.der */ +#define TEST_SRV_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ +} +/* END FILE */ + +/* This is taken from server2-sha256.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM server2-sha256.crt */ +#define TEST_SRV_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ + "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ + "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ + "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ + "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ + "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ + "pMZqLmbBm/7WPLc=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from server2-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER server2-sha256.crt.der */ +#define TEST_SRV_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ +} +/* END FILE */ + +/* This is taken from server2.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM server2.crt */ +#define TEST_SRV_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ + "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ + "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ + "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ + "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ + "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ + "Awgk0+4m0T25cNs=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from server2.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER server2.crt.der */ +#define TEST_SRV_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x99, 0x25, 0x83, 0x74, 0x38, \ + 0x70, 0x1e, 0xef, 0xec, 0x1c, 0xec, 0xc4, 0xcf, 0xef, 0x2f, 0x22, 0x9c, \ + 0x70, 0xee, 0xa8, 0xa7, 0x4f, 0xe0, 0x67, 0x33, 0x38, 0x82, 0x1b, 0x8b, \ + 0xab, 0x66, 0x37, 0xda, 0x49, 0x74, 0xb0, 0xce, 0xa4, 0x48, 0xd5, 0x14, \ + 0x99, 0xdb, 0xae, 0xab, 0x7b, 0xbf, 0xf8, 0x69, 0x94, 0x64, 0xdd, 0x80, \ + 0x3b, 0xfe, 0xdc, 0xf8, 0x7c, 0x3b, 0x84, 0x31, 0x44, 0x22, 0xf6, 0x64, \ + 0xf7, 0xc6, 0x81, 0x1a, 0x30, 0x8b, 0xaa, 0x7d, 0xc3, 0x9a, 0x01, 0xc8, \ + 0xbf, 0xc4, 0xe8, 0x43, 0xae, 0xe7, 0x7a, 0x59, 0x50, 0xc7, 0x1d, 0x94, \ + 0x8f, 0x7d, 0x3d, 0x3d, 0xd8, 0x23, 0x36, 0x2f, 0xeb, 0xf4, 0x73, 0x9c, \ + 0x28, 0xd0, 0x18, 0x3d, 0xb0, 0x5c, 0x83, 0xa3, 0x09, 0x19, 0x65, 0xa3, \ + 0xd9, 0x32, 0x3a, 0xbc, 0xd6, 0x9c, 0x7a, 0x2a, 0x2c, 0xfc, 0x38, 0x4e, \ + 0x63, 0x1e, 0x55, 0xd2, 0x3e, 0x67, 0x7e, 0xa4, 0x89, 0xfe, 0x99, 0xd4, \ + 0xd2, 0x0f, 0x48, 0x82, 0x7d, 0x8b, 0x02, 0x18, 0x18, 0xa4, 0x62, 0x44, \ + 0x88, 0x43, 0x3d, 0xc1, 0x6e, 0xe1, 0x10, 0xc9, 0x30, 0x9a, 0x4d, 0x21, \ + 0xfe, 0xca, 0x99, 0xb2, 0xb2, 0x6c, 0x18, 0x7e, 0x58, 0xb0, 0x5f, 0xd5, \ + 0x4e, 0x14, 0xaa, 0xfc, 0x95, 0x4e, 0xd5, 0xed, 0xa6, 0x64, 0x7d, 0xaf, \ + 0xae, 0xec, 0x99, 0x28, 0x95, 0x41, 0xab, 0xef, 0x2d, 0x0c, 0xd6, 0x29, \ + 0x1e, 0x42, 0xba, 0xb5, 0x2c, 0x95, 0x61, 0x08, 0x73, 0x22, 0xdd, 0xd2, \ + 0xb4, 0xc2, 0x56, 0x28, 0xc9, 0x7f, 0xa3, 0x99, 0x36, 0x01, 0x8c, 0xfa, \ + 0xb5, 0x20, 0xb5, 0xeb, 0x8f, 0xb5, 0xa0, 0x6f, 0x8c, 0x2f, 0x72, 0xd6, \ + 0x83, 0xc5, 0xeb, 0x18, 0xa6, 0xbd, 0xd4, 0x7e, 0x14, 0x38, 0xa6, 0xa9, \ + 0x03, 0x08, 0x24, 0xd3, 0xee, 0x26, 0xd1, 0x3d, 0xb9, 0x70, 0xdb \ +} +/* END FILE */ + +/* This is taken from server2.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM server2.key */ +#define TEST_SRV_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ + "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ + "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ + "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ + "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ + "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ + "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ + "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ + "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ + "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ + "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ + "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ + "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ + "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ + "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ + "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ + "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ + "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ + "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ + "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ + "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ + "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ + "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ + "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ + "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from server2.key.der. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER server2.key.der */ +#define TEST_SRV_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ +} +/* END FILE */ + +/* This is taken from cli2.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM cli2.crt */ +#define TEST_CLI_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ + "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ + "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ + "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ + "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ + "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ + "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ + "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ + "a9Vk\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from cli2.crt.der. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER cli2.crt.der */ +#define TEST_CLI_CRT_EC_DER { \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ +} +/* END FILE */ + +/* This is taken from cli2.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM cli2.key */ +#define TEST_CLI_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ + "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from cli2.key.der. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER cli2.key.der */ +#define TEST_CLI_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ +} +/* END FILE */ + +/* This is taken from cli-rsa-sha256.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM cli-rsa-sha256.crt */ +#define TEST_CLI_CRT_RSA_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ + "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ + "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ + "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ + "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ + "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ + "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ + "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ + "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ + "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ + "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ + "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ + "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ + "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ + "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from cli-rsa-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER cli-rsa-sha256.crt.der */ +#define TEST_CLI_CRT_RSA_DER { \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ +} +/* END FILE */ + +/* This is taken from cli-rsa.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM cli-rsa.key */ +#define TEST_CLI_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ + "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ + "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ + "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ + "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ + "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ + "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ + "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ + "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ + "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ + "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ + "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ + "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ + "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ + "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ + "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ + "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ + "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ + "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ + "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ + "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ + "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ + "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ + "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ + "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from cli-rsa.key.der. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER cli-rsa.key.der */ +#define TEST_CLI_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ +} +/* END FILE */ + From 3d1c2fda5d841f130d1b993960b3b097a6912eac Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Aug 2023 12:24:46 +0000 Subject: [PATCH 425/553] Remove new bignum when not needed New bignum modules are only needed when the new ecp_curves module is present. Remove them when they are not needed to save code size. Signed-off-by: Janos Follath --- src/bignum_helpers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index efb2eca1c3..214530df51 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -86,6 +86,7 @@ int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs, return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } +#if defined(MBEDTLS_ECP_WITH_MPI_UINT) int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N, const char *s, mbedtls_mpi_mod_rep_selector int_rep) @@ -122,6 +123,7 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N) mbedtls_free((mbedtls_mpi_uint *) N->p); mbedtls_mpi_mod_modulus_free(N); } +#endif /* MBEDTLS_ECP_WITH_MPI_UINT */ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) { From 642a3c7a8c4f29a64bb2942487751034d8e1ad02 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 18 Aug 2023 13:47:47 +0530 Subject: [PATCH 426/553] Move parse_binary_string function to psa_crypto_helpers Add test code for pbkdf2 in psa_exercise_key Signed-off-by: Kusumit Ghoderao --- include/test/psa_crypto_helpers.h | 4 +++- include/test/psa_exercise_key.h | 1 + src/psa_crypto_helpers.c | 11 +++++++++++ src/psa_exercise_key.c | 12 ++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index c0f76c894a..a280331e3d 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -241,7 +241,9 @@ int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); int mbedtls_test_inject_entropy_restore(void); #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - +/** Parse binary string and convert it to a long integer + */ +uint64_t parse_binary_string(data_t *bin_string); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index b5e3d35426..46f4d08107 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -119,6 +119,7 @@ * The inputs \p input1 and \p input2 are, in order: * - HKDF: salt, info. * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. + * - PBKDF2: input cost, salt. * * \param operation The operation object to use. * It must be in the initialized state. diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index cab96ab967..18eac060f5 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -149,6 +149,17 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) } } +uint64_t parse_binary_string(data_t *bin_string) +{ + uint64_t result = 0; + TEST_LE_U(bin_string->len, 8); + for (size_t i = 0; i < bin_string->len; i++) { + result = result << 8 | bin_string->x[i]; + } +exit: + return result; /* returns 0 if len > 8 */ +} + #if defined(MBEDTLS_PSA_INJECT_ENTROPY) #include diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 9ff408cb05..83359771c1 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -437,6 +437,18 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); + } else if (PSA_ALG_IS_PBKDF2(alg)) { + data_t input_cost = { (unsigned char *) input1, (uint32_t) input1_length }; + PSA_ASSERT(psa_key_derivation_input_integer(operation, + PSA_KEY_DERIVATION_INPUT_COST, + parse_binary_string(&input_cost))); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input2, + input2_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_PASSWORD, + key)); } else { TEST_FAIL("Key derivation algorithm not supported"); } From efe9be13151627b8628c1028b11954be2b085c42 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 May 2023 19:39:11 +0200 Subject: [PATCH 427/553] Remove obsolete header inclusions Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include config_psa.h or check_config.h: build_info.h takes care of that. Signed-off-by: Gilles Peskine --- include/test/drivers/config_test_driver.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 2585fd9f05..81f988339a 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -53,7 +53,4 @@ //#define MBEDTLS_PEM_PARSE_C //#define MBEDTLS_BASE64_C -#include "mbedtls/config_psa.h" -#include "mbedtls/check_config.h" - #endif /* MBEDTLS_CONFIG_H */ From 277d6731eed7057ca200370ffe8338e67430e7d0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 29 Aug 2023 18:17:29 +0100 Subject: [PATCH 428/553] Fix use of mbedtls_psa_safer_memcmp in test code Signed-off-by: Dave Rodgman --- src/drivers/test_driver_aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 8eb5547f47..6dadf5282b 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -25,6 +25,8 @@ #include "test/drivers/aead.h" +#include "mbedtls/constant_time.h" + #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_aead.h" #endif @@ -431,7 +433,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) { if (tag_length != check_tag_length || - mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) + mbedtls_ct_memcmp(tag, check_tag, tag_length) != 0) { mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_INVALID_SIGNATURE; From 4e10c082dd7711c28d7ebd134d76a350d543a3db Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 5 Sep 2023 19:29:47 +0530 Subject: [PATCH 429/553] Rename parse_binary_string function Signed-off-by: Kusumit Ghoderao --- include/test/psa_crypto_helpers.h | 2 +- src/psa_crypto_helpers.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index a280331e3d..9ba7dbcd96 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -243,7 +243,7 @@ int mbedtls_test_inject_entropy_restore(void); /** Parse binary string and convert it to a long integer */ -uint64_t parse_binary_string(data_t *bin_string); +uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 18eac060f5..52ff031862 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -149,7 +149,7 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) } } -uint64_t parse_binary_string(data_t *bin_string) +uint64_t mbedtls_test_parse_binary_string(data_t *bin_string) { uint64_t result = 0; TEST_LE_U(bin_string->len, 8); From 7c3faec75a8bc81c3f991f05bf6a85fc4446737e Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 5 Sep 2023 19:30:22 +0530 Subject: [PATCH 430/553] Set input cost as 1 for psa_key_exercise test Signed-off-by: Kusumit Ghoderao --- src/psa_exercise_key.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 83359771c1..c4488b56f1 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -438,10 +438,9 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); } else if (PSA_ALG_IS_PBKDF2(alg)) { - data_t input_cost = { (unsigned char *) input1, (uint32_t) input1_length }; PSA_ASSERT(psa_key_derivation_input_integer(operation, PSA_KEY_DERIVATION_INPUT_COST, - parse_binary_string(&input_cost))); + 1U)); PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_SALT, input2, From 119870ca6d23ba4b2a632bf5af3b70f9bb40ccd4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 18 Sep 2023 13:11:50 +0200 Subject: [PATCH 431/553] Refactoring: create mbedtls_test_ssl_prepare_record_mac() No semantic change. Signed-off-by: Gilles Peskine --- include/test/ssl_helpers.h | 21 ++++++++++++ src/test_helpers/ssl_helpers.c | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 1f160c7eb0..ddbd6a39e1 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -516,6 +516,27 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t cid0_len, size_t cid1_len); +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +/** + * \param[in,out] record The record to prepare. + * It must contain the data to MAC at offset + * `record->data_offset`, of length + * `record->data_length`. + * On success, write the MAC immediately + * after the data and increment + * `record->data_length` accordingly. + * \param[in,out] transform_out The out transform, typically prepared by + * mbedtls_test_ssl_build_transforms(). + * Its HMAC context may be used. Other than that + * it is treated as an input parameter. + * + * \return 0 on success, an `MBEDTLS_ERR_xxx` error code + * or -1 on error. + */ +int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, + mbedtls_ssl_transform *transform_out); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + /* * Populate a session structure for serialization tests. * Choose dummy values, mostly non-0 to distinguish from the init default. diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 9144d85ba5..5c305cb0a0 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1467,6 +1467,64 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, return ret; } +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) +int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, + mbedtls_ssl_transform *transform_out) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; +#endif + + /* Serialized version of record header for MAC purposes */ + unsigned char add_data[13]; + memcpy(add_data, record->ctr, 8); + add_data[8] = record->type; + add_data[9] = record->ver[0]; + add_data[10] = record->ver[1]; + add_data[11] = (record->data_len >> 8) & 0xff; + add_data[12] = (record->data_len >> 0) & 0xff; + + /* MAC with additional data */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t sign_mac_length = 0; + TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, + transform_out->psa_mac_enc, + transform_out->psa_mac_alg)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, + record->buf + record->data_offset, + record->data_len)); + /* Use a temporary buffer for the MAC, because with the truncated HMAC + * extension, there might not be enough room in the record for the + * full-length MAC. */ + unsigned char mac[PSA_HASH_MAX_SIZE]; + TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, + mac, sizeof(mac), + &sign_mac_length)); +#else + TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); + TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, + record->buf + record->data_offset, + record->data_len)); + /* Use a temporary buffer for the MAC, because with the truncated HMAC + * extension, there might not be enough room in the record for the + * full-length MAC. */ + unsigned char mac[MBEDTLS_MD_MAX_SIZE]; + TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); +#endif + memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); + record->data_len += transform_out->maclen; + + return 0; + +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_mac_abort(&operation); +#endif + return -1; +} +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ + int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) From a688f8030f774654f0f71079957db0bcba6a0785 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Sep 2023 17:34:39 +0100 Subject: [PATCH 432/553] Introduce TEST_CALLOC_NONNULL Signed-off-by: Dave Rodgman --- include/test/macros.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/include/test/macros.h b/include/test/macros.h index 7edc991add..c107ccfca7 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -143,6 +143,32 @@ } \ } while (0) +/** Allocate memory dynamically and fail the test case if this fails. + * The allocated memory will be filled with zeros. + * + * You must set \p pointer to \c NULL before calling this macro and + * put `mbedtls_free(pointer)` in the test's cleanup code. + * + * If \p item_count is zero, the resulting \p pointer will not be \c NULL. + * + * This macro expands to an instruction, not an expression. + * It may jump to the \c exit label. + * + * \param pointer An lvalue where the address of the allocated buffer + * will be stored. + * This expression may be evaluated multiple times. + * \param item_count Number of elements to allocate. + * This expression may be evaluated multiple times. + * + */ +#define TEST_CALLOC_NONNULL(pointer, item_count) \ + do { \ + TEST_ASSERT((pointer) == NULL); \ + (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ + (item_count)); \ + TEST_ASSERT((pointer) != NULL); \ + } while (0) + /* For backwards compatibility */ #define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count) From 2a6200837164b449e2b379885014172c7ebfd66e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 19 Sep 2023 18:30:25 +0100 Subject: [PATCH 433/553] Make TEST_CALLOC_NONNULL more robust Signed-off-by: Dave Rodgman --- include/test/macros.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/test/macros.h b/include/test/macros.h index c107ccfca7..3bfbe3333d 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -160,12 +160,18 @@ * \param item_count Number of elements to allocate. * This expression may be evaluated multiple times. * + * Note: if passing size 0, mbedtls_calloc may return NULL. In this case, + * we reattempt to allocate with the smallest possible buffer to assure a + * non-NULL pointer. */ #define TEST_CALLOC_NONNULL(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ (item_count)); \ + if (((pointer) == NULL) && ((item_count) == 0)) { \ + (pointer) = mbedtls_calloc(1, 1); \ + } \ TEST_ASSERT((pointer) != NULL); \ } while (0) From 9b27b4a89858b14d75e0528e98c50bb53d1131d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 22 Sep 2023 09:46:14 +0200 Subject: [PATCH 434/553] Add SHA-3 support to libtestdriver1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../crypto_config_test_driver_extension.h | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 138327ae87..ef8c88a668 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -152,6 +152,38 @@ #endif #endif +#if defined(PSA_WANT_ALG_SHA3_224) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA3_256) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA3_384) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA3_512) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1 +#endif +#endif + #if defined(PSA_WANT_ALG_XTS) #if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) #undef MBEDTLS_PSA_ACCEL_ALG_XTS From 1bbaeba46da7f0c5b26ba1c730c4c30323f57dcf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Oct 2023 16:24:04 +0200 Subject: [PATCH 435/553] md: remove unnecessary inclusions of mbedtls/md.h Signed-off-by: Valerio Setti --- include/test/psa_crypto_helpers.h | 3 --- src/drivers/test_driver_signature.c | 1 - 2 files changed, 4 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 9ba7dbcd96..959308af9c 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -28,9 +28,6 @@ #include #endif -#if defined(MBEDTLS_MD_LIGHT) -#include "mbedtls/md.h" -#endif #if defined(MBEDTLS_PSA_CRYPTO_C) /** Initialize the PSA Crypto subsystem. */ diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index c312477c8a..7d1f91fdf0 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -33,7 +33,6 @@ #include "test/drivers/signature.h" #include "test/drivers/hash.h" -#include "mbedtls/md.h" #include "mbedtls/ecdsa.h" #include "test/random.h" From 6e31f4cd0614f4e047a09b23f70465e746989471 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:14:56 +0800 Subject: [PATCH 436/553] Add unit test for max_early_data_size of ticket Signed-off-by: Jerry Yu --- src/test_helpers/ssl_helpers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 5c305cb0a0..a55d067010 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1638,6 +1638,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, session->resumption_key_len = 32; memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); +#if defined(MBEDTLS_SSL_EARLY_DATA) + session->max_early_data_size = 0x87654321; +#endif + #if defined(MBEDTLS_HAVE_TIME) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { session->start = mbedtls_time(NULL) - 42; From 9e5eb1367d83638eebd94390dd326d533d23a80d Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 11 Oct 2023 11:57:10 +0800 Subject: [PATCH 437/553] CMAC: accelerate CMAC in accel_cipher Signed-off-by: Yanray Wang --- .../test/drivers/crypto_config_test_driver_extension.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index ef8c88a668..b0bbc44211 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -32,6 +32,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CMAC) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) +#undef MBEDTLS_PSA_ACCEL_ALG_CMAC +#else +#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 +#endif +#endif + #if defined(PSA_WANT_ALG_CTR) #if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) #undef MBEDTLS_PSA_ACCEL_ALG_CTR @@ -395,7 +403,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 From 87cb0e662936a27f1ba1dba6a5beaa624f1414c9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 13:55:38 +0200 Subject: [PATCH 438/553] libtestdriver1: fix acceleration for ALG_STREAM_CIPHER/ALG_ECB_NO_PADDING Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index b0bbc44211..0eedb8b106 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -48,6 +48,22 @@ #endif #endif +#if defined(PSA_WANT_ALG_STREAM_CIPHER) +#if defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER) +#undef MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER +#else +#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_ECB_NO_PADDING) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING) +#undef MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING +#else +#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 +#endif +#endif + #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) #undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA @@ -403,7 +419,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 @@ -411,7 +426,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 -#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \ From 610edbe4bc3ab2bf2a35329b1899d7f1802e8ac9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Oct 2023 11:07:18 +0100 Subject: [PATCH 439/553] test_driver_extension: manage curves' acceleration the same as other PSA_WANT symbols Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 122 +++++++++++++++--- 1 file changed, 104 insertions(+), 18 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 0eedb8b106..d39e9c1587 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -64,6 +64,110 @@ #endif #endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) +#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 +#else +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) +#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 +#else +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) +#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 +#else +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_MONTGOMERY_255) +#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) +#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 +#else +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_MONTGOMERY_448) +#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) +#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 +#else +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_K1_192) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_K1_224) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_K1_256) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_192) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_224) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_256) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_384) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_521) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 +#endif +#endif + #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) #undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA @@ -427,24 +531,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 -#endif - #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 From 52a756635ddd614a5106ea4b6a3c88a30e69b7b3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 11:55:02 +0200 Subject: [PATCH 440/553] ssl_helpers: allow mbedtls_test_ssl_build_transforms to work without CIPHER_C A new internal function is added to get cipher's info (mode, key bits and iv len) without relying on CIPHER_C. This function is basically a lookup table used only for test purposes. Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 157 +++++++++++++++++++++++++++++---- 1 file changed, 140 insertions(+), 17 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 5c305cb0a0..072a1779b4 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1108,6 +1108,123 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */ +static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, + mbedtls_cipher_mode_t *cipher_mode, + size_t *key_bits, size_t *iv_len) +{ + switch (cipher_type) { + case MBEDTLS_CIPHER_AES_128_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 128; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_AES_256_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 256; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_ARIA_128_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 128; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_ARIA_256_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 256; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 128; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 256; + *iv_len = 16; + break; + + case MBEDTLS_CIPHER_AES_128_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_192_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_256_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 256; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_192_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 256; + *iv_len = 12; + break; + + case MBEDTLS_CIPHER_AES_128_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_192_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_256_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 256; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_192_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 256; + *iv_len = 12; + break; + + case MBEDTLS_CIPHER_CHACHA20_POLY1305: + *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; + *key_bits = 256; + *iv_len = 12; + break; + + case MBEDTLS_CIPHER_NULL: + *cipher_mode = MBEDTLS_MODE_STREAM; + *key_bits = 0; + *iv_len = 0; + break; + + default: + *cipher_mode = MBEDTLS_MODE_NONE; + *key_bits = 0; + *iv_len = 0; + } +} + int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, int cipher_type, int hash_id, @@ -1116,18 +1233,22 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t cid0_len, size_t cid1_len) { - mbedtls_cipher_info_t const *cipher_info; + mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; + size_t key_bits = 0; int ret = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; - size_t key_bits; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif - size_t keylen, maclen, ivlen; +#if defined(MBEDTLS_CIPHER_C) + mbedtls_cipher_info_t const *cipher_info; +#endif + + size_t keylen, maclen, ivlen = 0; unsigned char *key0 = NULL, *key1 = NULL; unsigned char *md0 = NULL, *md1 = NULL; unsigned char iv_enc[16], iv_dec[16]; @@ -1144,15 +1265,11 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ maclen = 0; - - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); + mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, + &cipher_mode, &key_bits, &ivlen); /* Pick keys */ - keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; + keylen = key_bits / 8; /* Allocate `keylen + 1` bytes to ensure that we get * a non-NULL pointers from `mbedtls_calloc` even if * `keylen == 0` in the case of the NULL cipher. */ @@ -1161,6 +1278,12 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); +#if defined(MBEDTLS_CIPHER_C) + /* Pick cipher */ + cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); + CHK(cipher_info != NULL); + CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); + CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); #if !defined(MBEDTLS_USE_PSA_CRYPTO) /* Setup cipher contexts */ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); @@ -1169,7 +1292,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); #if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_info->mode == MBEDTLS_MODE_CBC) { + if (cipher_mode == MBEDTLS_MODE_CBC) { CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, MBEDTLS_PADDING_NONE) == 0); CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, @@ -1197,12 +1320,13 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, MBEDTLS_DECRYPT) == 0); -#endif +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_CIPHER_C */ /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (cipher_info->mode == MBEDTLS_MODE_CBC || - cipher_info->mode == MBEDTLS_MODE_STREAM) { + if (cipher_mode == MBEDTLS_MODE_CBC || + cipher_mode == MBEDTLS_MODE_STREAM) { #if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); CHK(md_info != NULL); @@ -1240,7 +1364,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, md1, maclen, &t_out->psa_mac_enc) == PSA_SUCCESS); - if (cipher_info->mode == MBEDTLS_MODE_STREAM || + if (cipher_mode == MBEDTLS_MODE_STREAM || etm == MBEDTLS_SSL_ETM_DISABLED) { /* mbedtls_ct_hmac() requires the key to be exportable */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | @@ -1279,7 +1403,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Pick IV's (regardless of whether they * are being used by the transform). */ - ivlen = mbedtls_cipher_info_get_iv_size(cipher_info); memset(iv_enc, 0x3, sizeof(iv_enc)); memset(iv_dec, 0x4, sizeof(iv_dec)); @@ -1300,7 +1423,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, t_out->ivlen = ivlen; t_in->ivlen = ivlen; - switch (cipher_info->mode) { + switch (cipher_mode) { case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_CCM: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) From 43a0e6d47a9495420475484a4e585f57016d75ce Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Oct 2023 11:56:56 +0100 Subject: [PATCH 441/553] ssl_helpers: remove CIPHER_C guards in mbedtls_test_ssl_build_transforms() Use !USE_PSA_CRYPTO instead. Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 072a1779b4..d6267d18c7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1242,9 +1242,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - -#if defined(MBEDTLS_CIPHER_C) +#else mbedtls_cipher_info_t const *cipher_info; #endif @@ -1278,13 +1276,13 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) /* Pick cipher */ cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); CHK(cipher_info != NULL); CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) + /* Setup cipher contexts */ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); @@ -1321,7 +1319,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, MBEDTLS_DECRYPT) == 0); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_CIPHER_C */ /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) From b8c8f528e7f3234db7217a96d282af0ebb5afad3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 19:47:20 +0000 Subject: [PATCH 442/553] update headers Signed-off-by: Dave Rodgman --- include/alt-dummy/aes_alt.h | 14 +------------- include/alt-dummy/aria_alt.h | 14 +------------- include/alt-dummy/camellia_alt.h | 14 +------------- include/alt-dummy/ccm_alt.h | 14 +------------- include/alt-dummy/chacha20_alt.h | 14 +------------- include/alt-dummy/chachapoly_alt.h | 14 +------------- include/alt-dummy/cmac_alt.h | 14 +------------- include/alt-dummy/des_alt.h | 14 +------------- include/alt-dummy/dhm_alt.h | 14 +------------- include/alt-dummy/ecjpake_alt.h | 14 +------------- include/alt-dummy/ecp_alt.h | 14 +------------- include/alt-dummy/gcm_alt.h | 14 +------------- include/alt-dummy/md5_alt.h | 14 +------------- include/alt-dummy/nist_kw_alt.h | 14 +------------- include/alt-dummy/platform_alt.h | 14 +------------- include/alt-dummy/poly1305_alt.h | 14 +------------- include/alt-dummy/ripemd160_alt.h | 14 +------------- include/alt-dummy/rsa_alt.h | 14 +------------- include/alt-dummy/sha1_alt.h | 14 +------------- include/alt-dummy/sha256_alt.h | 14 +------------- include/alt-dummy/sha512_alt.h | 14 +------------- include/alt-dummy/threading_alt.h | 14 +------------- include/alt-dummy/timing_alt.h | 14 +------------- include/baremetal-override/time.h | 14 +------------- include/spe/crypto_spe.h | 14 +------------- include/test/arguments.h | 14 +------------- include/test/asn1_helpers.h | 14 +------------- include/test/bignum_helpers.h | 14 +------------- include/test/certs.h | 14 +------------- include/test/constant_flow.h | 14 +------------- include/test/drivers/aead.h | 14 +------------- include/test/drivers/asymmetric_encryption.h | 14 +------------- include/test/drivers/cipher.h | 14 +------------- include/test/drivers/config_test_driver.h | 14 +------------- include/test/drivers/hash.h | 14 +------------- include/test/drivers/key_agreement.h | 14 +------------- include/test/drivers/key_management.h | 14 +------------- include/test/drivers/mac.h | 14 +------------- include/test/drivers/pake.h | 14 +------------- include/test/drivers/signature.h | 14 +------------- include/test/drivers/test_driver.h | 14 +------------- include/test/fake_external_rng_for_test.h | 14 +------------- include/test/helpers.h | 14 +------------- include/test/macros.h | 14 +------------- include/test/psa_crypto_helpers.h | 14 +------------- include/test/psa_exercise_key.h | 14 +------------- include/test/psa_helpers.h | 14 +------------- include/test/random.h | 14 +------------- include/test/ssl_helpers.h | 14 +------------- src/asn1_helpers.c | 14 +------------- src/bignum_helpers.c | 14 +------------- src/certs.c | 14 +------------- src/drivers/hash.c | 14 +------------- src/drivers/platform_builtin_keys.c | 14 +------------- src/drivers/test_driver_aead.c | 14 +------------- src/drivers/test_driver_asymmetric_encryption.c | 14 +------------- src/drivers/test_driver_cipher.c | 14 +------------- src/drivers/test_driver_key_agreement.c | 14 +------------- src/drivers/test_driver_key_management.c | 14 +------------- src/drivers/test_driver_mac.c | 14 +------------- src/drivers/test_driver_pake.c | 14 +------------- src/drivers/test_driver_signature.c | 14 +------------- src/fake_external_rng_for_test.c | 14 +------------- src/helpers.c | 14 +------------- src/psa_crypto_helpers.c | 14 +------------- src/psa_exercise_key.c | 14 +------------- src/random.c | 14 +------------- src/test_certs.h | 14 +------------- src/test_helpers/ssl_helpers.c | 14 +------------- src/threading_helpers.c | 14 +------------- 70 files changed, 70 insertions(+), 910 deletions(-) diff --git a/include/alt-dummy/aes_alt.h b/include/alt-dummy/aes_alt.h index 21d85f1ff3..dc47dd16c5 100644 --- a/include/alt-dummy/aes_alt.h +++ b/include/alt-dummy/aes_alt.h @@ -1,19 +1,7 @@ /* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef AES_ALT_H diff --git a/include/alt-dummy/aria_alt.h b/include/alt-dummy/aria_alt.h index aabec9c9f0..94db8c7fb6 100644 --- a/include/alt-dummy/aria_alt.h +++ b/include/alt-dummy/aria_alt.h @@ -1,19 +1,7 @@ /* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ARIA_ALT_H diff --git a/include/alt-dummy/camellia_alt.h b/include/alt-dummy/camellia_alt.h index b42613bc2f..97bc16b78f 100644 --- a/include/alt-dummy/camellia_alt.h +++ b/include/alt-dummy/camellia_alt.h @@ -1,19 +1,7 @@ /* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CAMELLIA_ALT_H diff --git a/include/alt-dummy/ccm_alt.h b/include/alt-dummy/ccm_alt.h index 5ec7d4e48e..c25f42b4a0 100644 --- a/include/alt-dummy/ccm_alt.h +++ b/include/alt-dummy/ccm_alt.h @@ -1,19 +1,7 @@ /* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CCM_ALT_H diff --git a/include/alt-dummy/chacha20_alt.h b/include/alt-dummy/chacha20_alt.h index a53a330023..6fd84d0319 100644 --- a/include/alt-dummy/chacha20_alt.h +++ b/include/alt-dummy/chacha20_alt.h @@ -1,19 +1,7 @@ /* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHA20_ALT_H diff --git a/include/alt-dummy/chachapoly_alt.h b/include/alt-dummy/chachapoly_alt.h index 584a421749..de28ced670 100644 --- a/include/alt-dummy/chachapoly_alt.h +++ b/include/alt-dummy/chachapoly_alt.h @@ -1,19 +1,7 @@ /* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHAPOLY_ALT_H diff --git a/include/alt-dummy/cmac_alt.h b/include/alt-dummy/cmac_alt.h index 13c998d682..68b53d707a 100644 --- a/include/alt-dummy/cmac_alt.h +++ b/include/alt-dummy/cmac_alt.h @@ -1,19 +1,7 @@ /* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CMAC_ALT_H diff --git a/include/alt-dummy/des_alt.h b/include/alt-dummy/des_alt.h index 3b8abe493b..d079861289 100644 --- a/include/alt-dummy/des_alt.h +++ b/include/alt-dummy/des_alt.h @@ -1,19 +1,7 @@ /* des_alt.h with dummy types for MBEDTLS_DES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/include/alt-dummy/dhm_alt.h b/include/alt-dummy/dhm_alt.h index ccb3bd3c32..3cb51d2ed4 100644 --- a/include/alt-dummy/dhm_alt.h +++ b/include/alt-dummy/dhm_alt.h @@ -1,19 +1,7 @@ /* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef DHM_ALT_H diff --git a/include/alt-dummy/ecjpake_alt.h b/include/alt-dummy/ecjpake_alt.h index 90c21da8bd..4d7524860c 100644 --- a/include/alt-dummy/ecjpake_alt.h +++ b/include/alt-dummy/ecjpake_alt.h @@ -1,19 +1,7 @@ /* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECJPAKE_ALT_H diff --git a/include/alt-dummy/ecp_alt.h b/include/alt-dummy/ecp_alt.h index 56c9810950..d204b18d0e 100644 --- a/include/alt-dummy/ecp_alt.h +++ b/include/alt-dummy/ecp_alt.h @@ -1,19 +1,7 @@ /* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECP_ALT_H diff --git a/include/alt-dummy/gcm_alt.h b/include/alt-dummy/gcm_alt.h index 7be5b62f6c..cfa73d2a42 100644 --- a/include/alt-dummy/gcm_alt.h +++ b/include/alt-dummy/gcm_alt.h @@ -1,19 +1,7 @@ /* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef GCM_ALT_H diff --git a/include/alt-dummy/md5_alt.h b/include/alt-dummy/md5_alt.h index 1f3e5ed9bb..e3a15d70f9 100644 --- a/include/alt-dummy/md5_alt.h +++ b/include/alt-dummy/md5_alt.h @@ -1,19 +1,7 @@ /* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MD5_ALT_H diff --git a/include/alt-dummy/nist_kw_alt.h b/include/alt-dummy/nist_kw_alt.h index 8fec116be6..1274d40812 100644 --- a/include/alt-dummy/nist_kw_alt.h +++ b/include/alt-dummy/nist_kw_alt.h @@ -1,19 +1,7 @@ /* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef NIST_KW_ALT_H diff --git a/include/alt-dummy/platform_alt.h b/include/alt-dummy/platform_alt.h index 836f299c83..67573926e1 100644 --- a/include/alt-dummy/platform_alt.h +++ b/include/alt-dummy/platform_alt.h @@ -1,19 +1,7 @@ /* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PLATFORM_ALT_H diff --git a/include/alt-dummy/poly1305_alt.h b/include/alt-dummy/poly1305_alt.h index 5a8295f16f..c8ed1bc060 100644 --- a/include/alt-dummy/poly1305_alt.h +++ b/include/alt-dummy/poly1305_alt.h @@ -1,19 +1,7 @@ /* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef POLY1305_ALT_H diff --git a/include/alt-dummy/ripemd160_alt.h b/include/alt-dummy/ripemd160_alt.h index ca3b338270..72ae47efb9 100644 --- a/include/alt-dummy/ripemd160_alt.h +++ b/include/alt-dummy/ripemd160_alt.h @@ -1,19 +1,7 @@ /* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RIPEMD160_ALT_H diff --git a/include/alt-dummy/rsa_alt.h b/include/alt-dummy/rsa_alt.h index 24f672bb3c..eabc26da10 100644 --- a/include/alt-dummy/rsa_alt.h +++ b/include/alt-dummy/rsa_alt.h @@ -1,19 +1,7 @@ /* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RSA_ALT_H diff --git a/include/alt-dummy/sha1_alt.h b/include/alt-dummy/sha1_alt.h index 36bf71d847..d8ac971913 100644 --- a/include/alt-dummy/sha1_alt.h +++ b/include/alt-dummy/sha1_alt.h @@ -1,19 +1,7 @@ /* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA1_ALT_H diff --git a/include/alt-dummy/sha256_alt.h b/include/alt-dummy/sha256_alt.h index 304734bfc9..b1900adee9 100644 --- a/include/alt-dummy/sha256_alt.h +++ b/include/alt-dummy/sha256_alt.h @@ -1,19 +1,7 @@ /* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA256_ALT_H diff --git a/include/alt-dummy/sha512_alt.h b/include/alt-dummy/sha512_alt.h index 13e58109e1..857bc916aa 100644 --- a/include/alt-dummy/sha512_alt.h +++ b/include/alt-dummy/sha512_alt.h @@ -1,19 +1,7 @@ /* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA512_ALT_H diff --git a/include/alt-dummy/threading_alt.h b/include/alt-dummy/threading_alt.h index 4003506865..07d5da4275 100644 --- a/include/alt-dummy/threading_alt.h +++ b/include/alt-dummy/threading_alt.h @@ -1,19 +1,7 @@ /* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef THREADING_ALT_H diff --git a/include/alt-dummy/timing_alt.h b/include/alt-dummy/timing_alt.h index 9d4e100ea7..69bee60f67 100644 --- a/include/alt-dummy/timing_alt.h +++ b/include/alt-dummy/timing_alt.h @@ -1,19 +1,7 @@ /* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TIMING_ALT_H diff --git a/include/baremetal-override/time.h b/include/baremetal-override/time.h index 40eed2d33e..0a44275e76 100644 --- a/include/baremetal-override/time.h +++ b/include/baremetal-override/time.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h index de842642d4..fdf3a2db5a 100644 --- a/include/spe/crypto_spe.h +++ b/include/spe/crypto_spe.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/include/test/arguments.h b/include/test/arguments.h index 74bbbd5690..6d267b660e 100644 --- a/include/test/arguments.h +++ b/include/test/arguments.h @@ -8,19 +8,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_ARGUMENTS_H diff --git a/include/test/asn1_helpers.h b/include/test/asn1_helpers.h index dee3cbda95..2eb9171282 100644 --- a/include/test/asn1_helpers.h +++ b/include/test/asn1_helpers.h @@ -2,19 +2,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ASN1_HELPERS_H diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index fc97d23ba3..2f6bf89317 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_BIGNUM_HELPERS_H diff --git a/include/test/certs.h b/include/test/certs.h index 65c55829d5..db69536a6f 100644 --- a/include/test/certs.h +++ b/include/test/certs.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index f3d676e285..c5658eb408 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_CONSTANT_FLOW_H diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 037a255ca3..a033e399d0 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -2,19 +2,7 @@ * Test driver for AEAD driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H diff --git a/include/test/drivers/asymmetric_encryption.h b/include/test/drivers/asymmetric_encryption.h index c602d2f223..0ac77087df 100644 --- a/include/test/drivers/asymmetric_encryption.h +++ b/include/test/drivers/asymmetric_encryption.h @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 54c37f748d..950a17440e 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -2,19 +2,7 @@ * Test driver for cipher functions */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 81f988339a..4eb27f024e 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_H diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index f1da8d3e48..ad48c45d52 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -2,19 +2,7 @@ * Test driver for hash driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index aaf74a8c5f..ca82b3ad96 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 43df0d6104..9e2c898853 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -2,19 +2,7 @@ * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index bdc2b705cf..d92eff9038 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -2,19 +2,7 @@ * Test driver for MAC driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 331ee49da7..d292ca0daf 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -2,19 +2,7 @@ * Test driver for PAKE driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 4c56a121cf..8c5703edf9 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -2,19 +2,7 @@ * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 541ee03d0c..74605d6b82 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -2,19 +2,7 @@ * Umbrella include for all of the test driver functionality */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/include/test/fake_external_rng_for_test.h b/include/test/fake_external_rng_for_test.h index 01bfb91a49..e3e331d552 100644 --- a/include/test/fake_external_rng_for_test.h +++ b/include/test/fake_external_rng_for_test.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H diff --git a/include/test/helpers.h b/include/test/helpers.h index dd4a6a2b46..ba117fbdfc 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_HELPERS_H diff --git a/include/test/macros.h b/include/test/macros.h index 3bfbe3333d..8de9c4d952 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_MACROS_H diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 959308af9c..04b90b9231 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 46f4d08107..0f3ee3db63 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_EXERCISE_KEY_H diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h index 2665fac394..b61718939e 100644 --- a/include/test/psa_helpers.h +++ b/include/test/psa_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_HELPERS_H diff --git a/include/test/random.h b/include/test/random.h index c5572088ac..6304e05d7f 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_RANDOM_H diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index ddbd6a39e1..abdef9032d 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SSL_HELPERS_H diff --git a/src/asn1_helpers.c b/src/asn1_helpers.c index aaf7587aa7..c8df1995e3 100644 --- a/src/asn1_helpers.c +++ b/src/asn1_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index 214530df51..c85e2caafa 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/src/certs.c b/src/certs.c index b834e4aa14..879f08882c 100644 --- a/src/certs.c +++ b/src/certs.c @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 8fb1982779..76ec12a22f 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -2,19 +2,7 @@ * Test driver for hash entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 6334a438e5..01fc050bbb 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 6dadf5282b..314ce83a25 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -2,19 +2,7 @@ * Test driver for AEAD entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index cf0e90caef..c906a664a3 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 42e79c4903..678d8d5d6a 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -3,19 +3,7 @@ * Currently only supports multi-part operations using AES-CTR. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 9cf82a37aa..8471959e2a 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 19da47ad67..6442f22316 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -3,19 +3,7 @@ * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 96c1685f59..9f8120bd4a 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 69bd4ffe21..a0b6c1cb0c 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 7d1f91fdf0..00dd3e2673 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -4,19 +4,7 @@ * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/fake_external_rng_for_test.c b/src/fake_external_rng_for_test.c index 89af7d34f5..c0bfde51aa 100644 --- a/src/fake_external_rng_for_test.c +++ b/src/fake_external_rng_for_test.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/helpers.c b/src/helpers.c index 7cac6e0a05..eb28919b8d 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 52ff031862..d59a8f8721 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index c4488b56f1..f8b36e1faa 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -4,19 +4,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/random.c b/src/random.c index d20103c351..d041f36a1f 100644 --- a/src/random.c +++ b/src/random.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/src/test_certs.h b/src/test_certs.h index 866d1e0032..b313ea88de 100644 --- a/src/test_certs.h +++ b/src/test_certs.h @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 5c305cb0a0..52839eb96b 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/threading_helpers.c b/src/threading_helpers.c index ae6e59072a..6f405b00c6 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -2,19 +2,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include From fc46638e2da101284936d6ac4a21dcba75d5a71b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:21:36 +0000 Subject: [PATCH 443/553] Header updates Signed-off-by: Dave Rodgman --- include/alt-dummy/aes_alt.h | 14 +------------- include/alt-dummy/aria_alt.h | 14 +------------- include/alt-dummy/camellia_alt.h | 14 +------------- include/alt-dummy/ccm_alt.h | 14 +------------- include/alt-dummy/chacha20_alt.h | 14 +------------- include/alt-dummy/chachapoly_alt.h | 14 +------------- include/alt-dummy/cmac_alt.h | 14 +------------- include/alt-dummy/des_alt.h | 14 +------------- include/alt-dummy/dhm_alt.h | 14 +------------- include/alt-dummy/ecjpake_alt.h | 14 +------------- include/alt-dummy/ecp_alt.h | 14 +------------- include/alt-dummy/gcm_alt.h | 14 +------------- include/alt-dummy/md5_alt.h | 14 +------------- include/alt-dummy/nist_kw_alt.h | 14 +------------- include/alt-dummy/platform_alt.h | 14 +------------- include/alt-dummy/poly1305_alt.h | 14 +------------- include/alt-dummy/ripemd160_alt.h | 14 +------------- include/alt-dummy/rsa_alt.h | 14 +------------- include/alt-dummy/sha1_alt.h | 14 +------------- include/alt-dummy/sha256_alt.h | 14 +------------- include/alt-dummy/sha512_alt.h | 14 +------------- include/alt-dummy/threading_alt.h | 14 +------------- include/alt-dummy/timing_alt.h | 14 +------------- include/baremetal-override/time.h | 14 +------------- include/spe/crypto_spe.h | 14 +------------- include/test/arguments.h | 14 +------------- include/test/asn1_helpers.h | 14 +------------- include/test/bignum_helpers.h | 14 +------------- include/test/certs.h | 14 +------------- include/test/constant_flow.h | 14 +------------- include/test/drivers/aead.h | 14 +------------- include/test/drivers/asymmetric_encryption.h | 14 +------------- include/test/drivers/cipher.h | 14 +------------- include/test/drivers/config_test_driver.h | 14 +------------- include/test/drivers/hash.h | 14 +------------- include/test/drivers/key_agreement.h | 14 +------------- include/test/drivers/key_management.h | 14 +------------- include/test/drivers/mac.h | 14 +------------- include/test/drivers/pake.h | 14 +------------- include/test/drivers/signature.h | 14 +------------- include/test/drivers/test_driver.h | 14 +------------- include/test/fake_external_rng_for_test.h | 14 +------------- include/test/helpers.h | 14 +------------- include/test/macros.h | 14 +------------- include/test/psa_crypto_helpers.h | 14 +------------- include/test/psa_exercise_key.h | 14 +------------- include/test/psa_helpers.h | 14 +------------- include/test/random.h | 14 +------------- include/test/ssl_helpers.h | 14 +------------- src/asn1_helpers.c | 14 +------------- src/bignum_helpers.c | 14 +------------- src/certs.c | 14 +------------- src/drivers/hash.c | 14 +------------- src/drivers/platform_builtin_keys.c | 14 +------------- src/drivers/test_driver_aead.c | 14 +------------- src/drivers/test_driver_asymmetric_encryption.c | 14 +------------- src/drivers/test_driver_cipher.c | 14 +------------- src/drivers/test_driver_key_agreement.c | 14 +------------- src/drivers/test_driver_key_management.c | 14 +------------- src/drivers/test_driver_mac.c | 14 +------------- src/drivers/test_driver_pake.c | 14 +------------- src/drivers/test_driver_signature.c | 14 +------------- src/fake_external_rng_for_test.c | 14 +------------- src/helpers.c | 14 +------------- src/psa_crypto_helpers.c | 14 +------------- src/psa_exercise_key.c | 14 +------------- src/random.c | 14 +------------- src/test_certs.h | 14 +------------- src/test_helpers/ssl_helpers.c | 14 +------------- src/threading_helpers.c | 14 +------------- 70 files changed, 70 insertions(+), 910 deletions(-) diff --git a/include/alt-dummy/aes_alt.h b/include/alt-dummy/aes_alt.h index 21d85f1ff3..dc47dd16c5 100644 --- a/include/alt-dummy/aes_alt.h +++ b/include/alt-dummy/aes_alt.h @@ -1,19 +1,7 @@ /* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef AES_ALT_H diff --git a/include/alt-dummy/aria_alt.h b/include/alt-dummy/aria_alt.h index aabec9c9f0..94db8c7fb6 100644 --- a/include/alt-dummy/aria_alt.h +++ b/include/alt-dummy/aria_alt.h @@ -1,19 +1,7 @@ /* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ARIA_ALT_H diff --git a/include/alt-dummy/camellia_alt.h b/include/alt-dummy/camellia_alt.h index b42613bc2f..97bc16b78f 100644 --- a/include/alt-dummy/camellia_alt.h +++ b/include/alt-dummy/camellia_alt.h @@ -1,19 +1,7 @@ /* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CAMELLIA_ALT_H diff --git a/include/alt-dummy/ccm_alt.h b/include/alt-dummy/ccm_alt.h index 5ec7d4e48e..c25f42b4a0 100644 --- a/include/alt-dummy/ccm_alt.h +++ b/include/alt-dummy/ccm_alt.h @@ -1,19 +1,7 @@ /* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CCM_ALT_H diff --git a/include/alt-dummy/chacha20_alt.h b/include/alt-dummy/chacha20_alt.h index a53a330023..6fd84d0319 100644 --- a/include/alt-dummy/chacha20_alt.h +++ b/include/alt-dummy/chacha20_alt.h @@ -1,19 +1,7 @@ /* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHA20_ALT_H diff --git a/include/alt-dummy/chachapoly_alt.h b/include/alt-dummy/chachapoly_alt.h index 584a421749..de28ced670 100644 --- a/include/alt-dummy/chachapoly_alt.h +++ b/include/alt-dummy/chachapoly_alt.h @@ -1,19 +1,7 @@ /* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHAPOLY_ALT_H diff --git a/include/alt-dummy/cmac_alt.h b/include/alt-dummy/cmac_alt.h index 13c998d682..68b53d707a 100644 --- a/include/alt-dummy/cmac_alt.h +++ b/include/alt-dummy/cmac_alt.h @@ -1,19 +1,7 @@ /* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CMAC_ALT_H diff --git a/include/alt-dummy/des_alt.h b/include/alt-dummy/des_alt.h index 3b8abe493b..d079861289 100644 --- a/include/alt-dummy/des_alt.h +++ b/include/alt-dummy/des_alt.h @@ -1,19 +1,7 @@ /* des_alt.h with dummy types for MBEDTLS_DES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/include/alt-dummy/dhm_alt.h b/include/alt-dummy/dhm_alt.h index ccb3bd3c32..3cb51d2ed4 100644 --- a/include/alt-dummy/dhm_alt.h +++ b/include/alt-dummy/dhm_alt.h @@ -1,19 +1,7 @@ /* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef DHM_ALT_H diff --git a/include/alt-dummy/ecjpake_alt.h b/include/alt-dummy/ecjpake_alt.h index 90c21da8bd..4d7524860c 100644 --- a/include/alt-dummy/ecjpake_alt.h +++ b/include/alt-dummy/ecjpake_alt.h @@ -1,19 +1,7 @@ /* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECJPAKE_ALT_H diff --git a/include/alt-dummy/ecp_alt.h b/include/alt-dummy/ecp_alt.h index 56c9810950..d204b18d0e 100644 --- a/include/alt-dummy/ecp_alt.h +++ b/include/alt-dummy/ecp_alt.h @@ -1,19 +1,7 @@ /* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECP_ALT_H diff --git a/include/alt-dummy/gcm_alt.h b/include/alt-dummy/gcm_alt.h index 7be5b62f6c..cfa73d2a42 100644 --- a/include/alt-dummy/gcm_alt.h +++ b/include/alt-dummy/gcm_alt.h @@ -1,19 +1,7 @@ /* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef GCM_ALT_H diff --git a/include/alt-dummy/md5_alt.h b/include/alt-dummy/md5_alt.h index 1f3e5ed9bb..e3a15d70f9 100644 --- a/include/alt-dummy/md5_alt.h +++ b/include/alt-dummy/md5_alt.h @@ -1,19 +1,7 @@ /* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MD5_ALT_H diff --git a/include/alt-dummy/nist_kw_alt.h b/include/alt-dummy/nist_kw_alt.h index 8fec116be6..1274d40812 100644 --- a/include/alt-dummy/nist_kw_alt.h +++ b/include/alt-dummy/nist_kw_alt.h @@ -1,19 +1,7 @@ /* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef NIST_KW_ALT_H diff --git a/include/alt-dummy/platform_alt.h b/include/alt-dummy/platform_alt.h index 836f299c83..67573926e1 100644 --- a/include/alt-dummy/platform_alt.h +++ b/include/alt-dummy/platform_alt.h @@ -1,19 +1,7 @@ /* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PLATFORM_ALT_H diff --git a/include/alt-dummy/poly1305_alt.h b/include/alt-dummy/poly1305_alt.h index 5a8295f16f..c8ed1bc060 100644 --- a/include/alt-dummy/poly1305_alt.h +++ b/include/alt-dummy/poly1305_alt.h @@ -1,19 +1,7 @@ /* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef POLY1305_ALT_H diff --git a/include/alt-dummy/ripemd160_alt.h b/include/alt-dummy/ripemd160_alt.h index ca3b338270..72ae47efb9 100644 --- a/include/alt-dummy/ripemd160_alt.h +++ b/include/alt-dummy/ripemd160_alt.h @@ -1,19 +1,7 @@ /* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RIPEMD160_ALT_H diff --git a/include/alt-dummy/rsa_alt.h b/include/alt-dummy/rsa_alt.h index 24f672bb3c..eabc26da10 100644 --- a/include/alt-dummy/rsa_alt.h +++ b/include/alt-dummy/rsa_alt.h @@ -1,19 +1,7 @@ /* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RSA_ALT_H diff --git a/include/alt-dummy/sha1_alt.h b/include/alt-dummy/sha1_alt.h index 36bf71d847..d8ac971913 100644 --- a/include/alt-dummy/sha1_alt.h +++ b/include/alt-dummy/sha1_alt.h @@ -1,19 +1,7 @@ /* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA1_ALT_H diff --git a/include/alt-dummy/sha256_alt.h b/include/alt-dummy/sha256_alt.h index 304734bfc9..b1900adee9 100644 --- a/include/alt-dummy/sha256_alt.h +++ b/include/alt-dummy/sha256_alt.h @@ -1,19 +1,7 @@ /* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA256_ALT_H diff --git a/include/alt-dummy/sha512_alt.h b/include/alt-dummy/sha512_alt.h index 13e58109e1..857bc916aa 100644 --- a/include/alt-dummy/sha512_alt.h +++ b/include/alt-dummy/sha512_alt.h @@ -1,19 +1,7 @@ /* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA512_ALT_H diff --git a/include/alt-dummy/threading_alt.h b/include/alt-dummy/threading_alt.h index 4003506865..07d5da4275 100644 --- a/include/alt-dummy/threading_alt.h +++ b/include/alt-dummy/threading_alt.h @@ -1,19 +1,7 @@ /* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef THREADING_ALT_H diff --git a/include/alt-dummy/timing_alt.h b/include/alt-dummy/timing_alt.h index 9d4e100ea7..69bee60f67 100644 --- a/include/alt-dummy/timing_alt.h +++ b/include/alt-dummy/timing_alt.h @@ -1,19 +1,7 @@ /* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TIMING_ALT_H diff --git a/include/baremetal-override/time.h b/include/baremetal-override/time.h index 40eed2d33e..0a44275e76 100644 --- a/include/baremetal-override/time.h +++ b/include/baremetal-override/time.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h index de842642d4..fdf3a2db5a 100644 --- a/include/spe/crypto_spe.h +++ b/include/spe/crypto_spe.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/include/test/arguments.h b/include/test/arguments.h index 74bbbd5690..6d267b660e 100644 --- a/include/test/arguments.h +++ b/include/test/arguments.h @@ -8,19 +8,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_ARGUMENTS_H diff --git a/include/test/asn1_helpers.h b/include/test/asn1_helpers.h index dee3cbda95..2eb9171282 100644 --- a/include/test/asn1_helpers.h +++ b/include/test/asn1_helpers.h @@ -2,19 +2,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ASN1_HELPERS_H diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index fc97d23ba3..2f6bf89317 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_BIGNUM_HELPERS_H diff --git a/include/test/certs.h b/include/test/certs.h index 65c55829d5..db69536a6f 100644 --- a/include/test/certs.h +++ b/include/test/certs.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index f3d676e285..c5658eb408 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_CONSTANT_FLOW_H diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index 037a255ca3..a033e399d0 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -2,19 +2,7 @@ * Test driver for AEAD driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H diff --git a/include/test/drivers/asymmetric_encryption.h b/include/test/drivers/asymmetric_encryption.h index c602d2f223..0ac77087df 100644 --- a/include/test/drivers/asymmetric_encryption.h +++ b/include/test/drivers/asymmetric_encryption.h @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 54c37f748d..950a17440e 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -2,19 +2,7 @@ * Test driver for cipher functions */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 81f988339a..4eb27f024e 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_H diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index f1da8d3e48..ad48c45d52 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -2,19 +2,7 @@ * Test driver for hash driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index aaf74a8c5f..ca82b3ad96 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 43df0d6104..9e2c898853 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -2,19 +2,7 @@ * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index bdc2b705cf..d92eff9038 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -2,19 +2,7 @@ * Test driver for MAC driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index 331ee49da7..d292ca0daf 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -2,19 +2,7 @@ * Test driver for PAKE driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 4c56a121cf..8c5703edf9 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -2,19 +2,7 @@ * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 541ee03d0c..74605d6b82 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -2,19 +2,7 @@ * Umbrella include for all of the test driver functionality */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/include/test/fake_external_rng_for_test.h b/include/test/fake_external_rng_for_test.h index 01bfb91a49..e3e331d552 100644 --- a/include/test/fake_external_rng_for_test.h +++ b/include/test/fake_external_rng_for_test.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H diff --git a/include/test/helpers.h b/include/test/helpers.h index dd4a6a2b46..ba117fbdfc 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_HELPERS_H diff --git a/include/test/macros.h b/include/test/macros.h index 3bfbe3333d..8de9c4d952 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_MACROS_H diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 9ba7dbcd96..58457320b4 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 46f4d08107..0f3ee3db63 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_EXERCISE_KEY_H diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h index 2665fac394..b61718939e 100644 --- a/include/test/psa_helpers.h +++ b/include/test/psa_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_HELPERS_H diff --git a/include/test/random.h b/include/test/random.h index c5572088ac..6304e05d7f 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_RANDOM_H diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index ddbd6a39e1..abdef9032d 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SSL_HELPERS_H diff --git a/src/asn1_helpers.c b/src/asn1_helpers.c index aaf7587aa7..c8df1995e3 100644 --- a/src/asn1_helpers.c +++ b/src/asn1_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index 214530df51..c85e2caafa 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/src/certs.c b/src/certs.c index b834e4aa14..879f08882c 100644 --- a/src/certs.c +++ b/src/certs.c @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 8fb1982779..76ec12a22f 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -2,19 +2,7 @@ * Test driver for hash entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 6334a438e5..01fc050bbb 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 6dadf5282b..314ce83a25 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -2,19 +2,7 @@ * Test driver for AEAD entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index cf0e90caef..c906a664a3 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 42e79c4903..678d8d5d6a 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -3,19 +3,7 @@ * Currently only supports multi-part operations using AES-CTR. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 9cf82a37aa..8471959e2a 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 19da47ad67..6442f22316 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -3,19 +3,7 @@ * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 96c1685f59..9f8120bd4a 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index 69bd4ffe21..a0b6c1cb0c 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index c312477c8a..bd723b8bd9 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -4,19 +4,7 @@ * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/fake_external_rng_for_test.c b/src/fake_external_rng_for_test.c index 89af7d34f5..c0bfde51aa 100644 --- a/src/fake_external_rng_for_test.c +++ b/src/fake_external_rng_for_test.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/helpers.c b/src/helpers.c index 7cac6e0a05..eb28919b8d 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index 52ff031862..d59a8f8721 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index c4488b56f1..f8b36e1faa 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -4,19 +4,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/random.c b/src/random.c index d20103c351..d041f36a1f 100644 --- a/src/random.c +++ b/src/random.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/src/test_certs.h b/src/test_certs.h index 866d1e0032..b313ea88de 100644 --- a/src/test_certs.h +++ b/src/test_certs.h @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 5c305cb0a0..52839eb96b 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/src/threading_helpers.c b/src/threading_helpers.c index ae6e59072a..6f405b00c6 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -2,19 +2,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include From 9f63e13c4f2355fb1286e5a82741e16bf0eb58f6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 10:30:48 +0800 Subject: [PATCH 444/553] ssl_helper: fix missin initialization of cli_log_obj Signed-off-by: Pengyu Lv --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 4527885fb6..1390b7abf7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -73,7 +73,7 @@ void mbedtls_test_init_handshake_options( opts->renegotiate = 0; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->srv_log_obj = NULL; - opts->srv_log_obj = NULL; + opts->cli_log_obj = NULL; opts->srv_log_fun = NULL; opts->cli_log_fun = NULL; opts->resize_buffers = 1; From e72725ce63110d395549f2b326e2c72d28130dbc Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 12:16:29 +0800 Subject: [PATCH 445/553] ssl: use MBEDTLS_SSL_HAVE_* in tests Done by commands: ``` sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl* sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl* sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl* ``` Signed-off-by: Pengyu Lv --- include/test/ssl_helpers.h | 18 +++++++++--------- src/test_helpers/ssl_helpers.c | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index abdef9032d..d03c62414b 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -38,21 +38,21 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_AES) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 #endif #if defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 #endif -#endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_SSL_HAVE_GCM */ +#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 #endif -#endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_SSL_HAVE_AES */ +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 #endif @@ -485,7 +485,7 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) + defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, @@ -493,8 +493,8 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, size_t ilen, unsigned char *output, size_t *olen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && - MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && + MBEDTLS_SSL_HAVE_AES */ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 1390b7abf7..be2aedec3c 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1045,7 +1045,7 @@ static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) + defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, @@ -1093,8 +1093,8 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, iv, iv_len, input, ilen, output, olen); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && - MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && + MBEDTLS_SSL_HAVE_AES */ static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, mbedtls_cipher_mode_t *cipher_mode, From 081c32ff5f27cd2881ed7aae90e22334bf9e19ea Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 8 Nov 2023 11:37:56 +0000 Subject: [PATCH 446/553] Revert back to v3.5.0 git revert v3.5.0..v3.5.1 git rebase to combine the resulting revert commits Signed-off-by: Dave Rodgman --- include/alt-dummy/aes_alt.h | 14 +++++++++++++- include/alt-dummy/aria_alt.h | 14 +++++++++++++- include/alt-dummy/camellia_alt.h | 14 +++++++++++++- include/alt-dummy/ccm_alt.h | 14 +++++++++++++- include/alt-dummy/chacha20_alt.h | 14 +++++++++++++- include/alt-dummy/chachapoly_alt.h | 14 +++++++++++++- include/alt-dummy/cmac_alt.h | 14 +++++++++++++- include/alt-dummy/des_alt.h | 14 +++++++++++++- include/alt-dummy/dhm_alt.h | 14 +++++++++++++- include/alt-dummy/ecjpake_alt.h | 14 +++++++++++++- include/alt-dummy/ecp_alt.h | 14 +++++++++++++- include/alt-dummy/gcm_alt.h | 14 +++++++++++++- include/alt-dummy/md5_alt.h | 14 +++++++++++++- include/alt-dummy/nist_kw_alt.h | 14 +++++++++++++- include/alt-dummy/platform_alt.h | 14 +++++++++++++- include/alt-dummy/poly1305_alt.h | 14 +++++++++++++- include/alt-dummy/ripemd160_alt.h | 14 +++++++++++++- include/alt-dummy/rsa_alt.h | 14 +++++++++++++- include/alt-dummy/sha1_alt.h | 14 +++++++++++++- include/alt-dummy/sha256_alt.h | 14 +++++++++++++- include/alt-dummy/sha512_alt.h | 14 +++++++++++++- include/alt-dummy/threading_alt.h | 14 +++++++++++++- include/alt-dummy/timing_alt.h | 14 +++++++++++++- include/baremetal-override/time.h | 14 +++++++++++++- include/spe/crypto_spe.h | 14 +++++++++++++- include/test/arguments.h | 14 +++++++++++++- include/test/asn1_helpers.h | 14 +++++++++++++- include/test/bignum_helpers.h | 14 +++++++++++++- include/test/certs.h | 14 +++++++++++++- include/test/constant_flow.h | 14 +++++++++++++- include/test/drivers/aead.h | 14 +++++++++++++- include/test/drivers/asymmetric_encryption.h | 14 +++++++++++++- include/test/drivers/cipher.h | 14 +++++++++++++- include/test/drivers/config_test_driver.h | 14 +++++++++++++- include/test/drivers/hash.h | 14 +++++++++++++- include/test/drivers/key_agreement.h | 14 +++++++++++++- include/test/drivers/key_management.h | 14 +++++++++++++- include/test/drivers/mac.h | 14 +++++++++++++- include/test/drivers/pake.h | 14 +++++++++++++- include/test/drivers/signature.h | 14 +++++++++++++- include/test/drivers/test_driver.h | 14 +++++++++++++- include/test/fake_external_rng_for_test.h | 14 +++++++++++++- include/test/helpers.h | 14 +++++++++++++- include/test/macros.h | 14 +++++++++++++- include/test/psa_crypto_helpers.h | 14 +++++++++++++- include/test/psa_exercise_key.h | 14 +++++++++++++- include/test/psa_helpers.h | 14 +++++++++++++- include/test/random.h | 14 +++++++++++++- include/test/ssl_helpers.h | 14 +++++++++++++- src/asn1_helpers.c | 14 +++++++++++++- src/bignum_helpers.c | 14 +++++++++++++- src/certs.c | 14 +++++++++++++- src/drivers/hash.c | 14 +++++++++++++- src/drivers/platform_builtin_keys.c | 14 +++++++++++++- src/drivers/test_driver_aead.c | 14 +++++++++++++- src/drivers/test_driver_asymmetric_encryption.c | 14 +++++++++++++- src/drivers/test_driver_cipher.c | 14 +++++++++++++- src/drivers/test_driver_key_agreement.c | 14 +++++++++++++- src/drivers/test_driver_key_management.c | 14 +++++++++++++- src/drivers/test_driver_mac.c | 14 +++++++++++++- src/drivers/test_driver_pake.c | 14 +++++++++++++- src/drivers/test_driver_signature.c | 14 +++++++++++++- src/fake_external_rng_for_test.c | 14 +++++++++++++- src/helpers.c | 14 +++++++++++++- src/psa_crypto_helpers.c | 14 +++++++++++++- src/psa_exercise_key.c | 14 +++++++++++++- src/random.c | 14 +++++++++++++- src/test_certs.h | 14 +++++++++++++- src/test_helpers/ssl_helpers.c | 14 +++++++++++++- src/threading_helpers.c | 14 +++++++++++++- 70 files changed, 910 insertions(+), 70 deletions(-) diff --git a/include/alt-dummy/aes_alt.h b/include/alt-dummy/aes_alt.h index dc47dd16c5..21d85f1ff3 100644 --- a/include/alt-dummy/aes_alt.h +++ b/include/alt-dummy/aes_alt.h @@ -1,7 +1,19 @@ /* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef AES_ALT_H diff --git a/include/alt-dummy/aria_alt.h b/include/alt-dummy/aria_alt.h index 94db8c7fb6..aabec9c9f0 100644 --- a/include/alt-dummy/aria_alt.h +++ b/include/alt-dummy/aria_alt.h @@ -1,7 +1,19 @@ /* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ARIA_ALT_H diff --git a/include/alt-dummy/camellia_alt.h b/include/alt-dummy/camellia_alt.h index 97bc16b78f..b42613bc2f 100644 --- a/include/alt-dummy/camellia_alt.h +++ b/include/alt-dummy/camellia_alt.h @@ -1,7 +1,19 @@ /* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CAMELLIA_ALT_H diff --git a/include/alt-dummy/ccm_alt.h b/include/alt-dummy/ccm_alt.h index c25f42b4a0..5ec7d4e48e 100644 --- a/include/alt-dummy/ccm_alt.h +++ b/include/alt-dummy/ccm_alt.h @@ -1,7 +1,19 @@ /* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CCM_ALT_H diff --git a/include/alt-dummy/chacha20_alt.h b/include/alt-dummy/chacha20_alt.h index 6fd84d0319..a53a330023 100644 --- a/include/alt-dummy/chacha20_alt.h +++ b/include/alt-dummy/chacha20_alt.h @@ -1,7 +1,19 @@ /* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CHACHA20_ALT_H diff --git a/include/alt-dummy/chachapoly_alt.h b/include/alt-dummy/chachapoly_alt.h index de28ced670..584a421749 100644 --- a/include/alt-dummy/chachapoly_alt.h +++ b/include/alt-dummy/chachapoly_alt.h @@ -1,7 +1,19 @@ /* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CHACHAPOLY_ALT_H diff --git a/include/alt-dummy/cmac_alt.h b/include/alt-dummy/cmac_alt.h index 68b53d707a..13c998d682 100644 --- a/include/alt-dummy/cmac_alt.h +++ b/include/alt-dummy/cmac_alt.h @@ -1,7 +1,19 @@ /* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CMAC_ALT_H diff --git a/include/alt-dummy/des_alt.h b/include/alt-dummy/des_alt.h index d079861289..3b8abe493b 100644 --- a/include/alt-dummy/des_alt.h +++ b/include/alt-dummy/des_alt.h @@ -1,7 +1,19 @@ /* des_alt.h with dummy types for MBEDTLS_DES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ diff --git a/include/alt-dummy/dhm_alt.h b/include/alt-dummy/dhm_alt.h index 3cb51d2ed4..ccb3bd3c32 100644 --- a/include/alt-dummy/dhm_alt.h +++ b/include/alt-dummy/dhm_alt.h @@ -1,7 +1,19 @@ /* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef DHM_ALT_H diff --git a/include/alt-dummy/ecjpake_alt.h b/include/alt-dummy/ecjpake_alt.h index 4d7524860c..90c21da8bd 100644 --- a/include/alt-dummy/ecjpake_alt.h +++ b/include/alt-dummy/ecjpake_alt.h @@ -1,7 +1,19 @@ /* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ECJPAKE_ALT_H diff --git a/include/alt-dummy/ecp_alt.h b/include/alt-dummy/ecp_alt.h index d204b18d0e..56c9810950 100644 --- a/include/alt-dummy/ecp_alt.h +++ b/include/alt-dummy/ecp_alt.h @@ -1,7 +1,19 @@ /* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ECP_ALT_H diff --git a/include/alt-dummy/gcm_alt.h b/include/alt-dummy/gcm_alt.h index cfa73d2a42..7be5b62f6c 100644 --- a/include/alt-dummy/gcm_alt.h +++ b/include/alt-dummy/gcm_alt.h @@ -1,7 +1,19 @@ /* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef GCM_ALT_H diff --git a/include/alt-dummy/md5_alt.h b/include/alt-dummy/md5_alt.h index e3a15d70f9..1f3e5ed9bb 100644 --- a/include/alt-dummy/md5_alt.h +++ b/include/alt-dummy/md5_alt.h @@ -1,7 +1,19 @@ /* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MD5_ALT_H diff --git a/include/alt-dummy/nist_kw_alt.h b/include/alt-dummy/nist_kw_alt.h index 1274d40812..8fec116be6 100644 --- a/include/alt-dummy/nist_kw_alt.h +++ b/include/alt-dummy/nist_kw_alt.h @@ -1,7 +1,19 @@ /* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef NIST_KW_ALT_H diff --git a/include/alt-dummy/platform_alt.h b/include/alt-dummy/platform_alt.h index 67573926e1..836f299c83 100644 --- a/include/alt-dummy/platform_alt.h +++ b/include/alt-dummy/platform_alt.h @@ -1,7 +1,19 @@ /* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PLATFORM_ALT_H diff --git a/include/alt-dummy/poly1305_alt.h b/include/alt-dummy/poly1305_alt.h index c8ed1bc060..5a8295f16f 100644 --- a/include/alt-dummy/poly1305_alt.h +++ b/include/alt-dummy/poly1305_alt.h @@ -1,7 +1,19 @@ /* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef POLY1305_ALT_H diff --git a/include/alt-dummy/ripemd160_alt.h b/include/alt-dummy/ripemd160_alt.h index 72ae47efb9..ca3b338270 100644 --- a/include/alt-dummy/ripemd160_alt.h +++ b/include/alt-dummy/ripemd160_alt.h @@ -1,7 +1,19 @@ /* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef RIPEMD160_ALT_H diff --git a/include/alt-dummy/rsa_alt.h b/include/alt-dummy/rsa_alt.h index eabc26da10..24f672bb3c 100644 --- a/include/alt-dummy/rsa_alt.h +++ b/include/alt-dummy/rsa_alt.h @@ -1,7 +1,19 @@ /* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef RSA_ALT_H diff --git a/include/alt-dummy/sha1_alt.h b/include/alt-dummy/sha1_alt.h index d8ac971913..36bf71d847 100644 --- a/include/alt-dummy/sha1_alt.h +++ b/include/alt-dummy/sha1_alt.h @@ -1,7 +1,19 @@ /* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SHA1_ALT_H diff --git a/include/alt-dummy/sha256_alt.h b/include/alt-dummy/sha256_alt.h index b1900adee9..304734bfc9 100644 --- a/include/alt-dummy/sha256_alt.h +++ b/include/alt-dummy/sha256_alt.h @@ -1,7 +1,19 @@ /* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SHA256_ALT_H diff --git a/include/alt-dummy/sha512_alt.h b/include/alt-dummy/sha512_alt.h index 857bc916aa..13e58109e1 100644 --- a/include/alt-dummy/sha512_alt.h +++ b/include/alt-dummy/sha512_alt.h @@ -1,7 +1,19 @@ /* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SHA512_ALT_H diff --git a/include/alt-dummy/threading_alt.h b/include/alt-dummy/threading_alt.h index 07d5da4275..4003506865 100644 --- a/include/alt-dummy/threading_alt.h +++ b/include/alt-dummy/threading_alt.h @@ -1,7 +1,19 @@ /* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef THREADING_ALT_H diff --git a/include/alt-dummy/timing_alt.h b/include/alt-dummy/timing_alt.h index 69bee60f67..9d4e100ea7 100644 --- a/include/alt-dummy/timing_alt.h +++ b/include/alt-dummy/timing_alt.h @@ -1,7 +1,19 @@ /* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TIMING_ALT_H diff --git a/include/baremetal-override/time.h b/include/baremetal-override/time.h index 0a44275e76..40eed2d33e 100644 --- a/include/baremetal-override/time.h +++ b/include/baremetal-override/time.h @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/include/spe/crypto_spe.h b/include/spe/crypto_spe.h index fdf3a2db5a..de842642d4 100644 --- a/include/spe/crypto_spe.h +++ b/include/spe/crypto_spe.h @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ diff --git a/include/test/arguments.h b/include/test/arguments.h index 6d267b660e..74bbbd5690 100644 --- a/include/test/arguments.h +++ b/include/test/arguments.h @@ -8,7 +8,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_ARGUMENTS_H diff --git a/include/test/asn1_helpers.h b/include/test/asn1_helpers.h index 2eb9171282..dee3cbda95 100644 --- a/include/test/asn1_helpers.h +++ b/include/test/asn1_helpers.h @@ -2,7 +2,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ASN1_HELPERS_H diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index 2f6bf89317..fc97d23ba3 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_BIGNUM_HELPERS_H diff --git a/include/test/certs.h b/include/test/certs.h index db69536a6f..65c55829d5 100644 --- a/include/test/certs.h +++ b/include/test/certs.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/include/test/constant_flow.h b/include/test/constant_flow.h index c5658eb408..f3d676e285 100644 --- a/include/test/constant_flow.h +++ b/include/test/constant_flow.h @@ -6,7 +6,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_CONSTANT_FLOW_H diff --git a/include/test/drivers/aead.h b/include/test/drivers/aead.h index a033e399d0..037a255ca3 100644 --- a/include/test/drivers/aead.h +++ b/include/test/drivers/aead.h @@ -2,7 +2,19 @@ * Test driver for AEAD driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H diff --git a/include/test/drivers/asymmetric_encryption.h b/include/test/drivers/asymmetric_encryption.h index 0ac77087df..c602d2f223 100644 --- a/include/test/drivers/asymmetric_encryption.h +++ b/include/test/drivers/asymmetric_encryption.h @@ -2,7 +2,19 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 950a17440e..54c37f748d 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -2,7 +2,19 @@ * Test driver for cipher functions */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 4eb27f024e..81f988339a 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_H diff --git a/include/test/drivers/hash.h b/include/test/drivers/hash.h index ad48c45d52..f1da8d3e48 100644 --- a/include/test/drivers/hash.h +++ b/include/test/drivers/hash.h @@ -2,7 +2,19 @@ * Test driver for hash driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H diff --git a/include/test/drivers/key_agreement.h b/include/test/drivers/key_agreement.h index ca82b3ad96..aaf74a8c5f 100644 --- a/include/test/drivers/key_agreement.h +++ b/include/test/drivers/key_agreement.h @@ -2,7 +2,19 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 9e2c898853..43df0d6104 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -2,7 +2,19 @@ * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H diff --git a/include/test/drivers/mac.h b/include/test/drivers/mac.h index d92eff9038..bdc2b705cf 100644 --- a/include/test/drivers/mac.h +++ b/include/test/drivers/mac.h @@ -2,7 +2,19 @@ * Test driver for MAC driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H diff --git a/include/test/drivers/pake.h b/include/test/drivers/pake.h index d292ca0daf..331ee49da7 100644 --- a/include/test/drivers/pake.h +++ b/include/test/drivers/pake.h @@ -2,7 +2,19 @@ * Test driver for PAKE driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H diff --git a/include/test/drivers/signature.h b/include/test/drivers/signature.h index 8c5703edf9..4c56a121cf 100644 --- a/include/test/drivers/signature.h +++ b/include/test/drivers/signature.h @@ -2,7 +2,19 @@ * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/include/test/drivers/test_driver.h b/include/test/drivers/test_driver.h index 74605d6b82..541ee03d0c 100644 --- a/include/test/drivers/test_driver.h +++ b/include/test/drivers/test_driver.h @@ -2,7 +2,19 @@ * Umbrella include for all of the test driver functionality */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/include/test/fake_external_rng_for_test.h b/include/test/fake_external_rng_for_test.h index e3e331d552..01bfb91a49 100644 --- a/include/test/fake_external_rng_for_test.h +++ b/include/test/fake_external_rng_for_test.h @@ -4,7 +4,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H diff --git a/include/test/helpers.h b/include/test/helpers.h index ba117fbdfc..dd4a6a2b46 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_HELPERS_H diff --git a/include/test/macros.h b/include/test/macros.h index 8de9c4d952..3bfbe3333d 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -6,7 +6,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_MACROS_H diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 58457320b4..9ba7dbcd96 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 0f3ee3db63..46f4d08107 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_EXERCISE_KEY_H diff --git a/include/test/psa_helpers.h b/include/test/psa_helpers.h index b61718939e..2665fac394 100644 --- a/include/test/psa_helpers.h +++ b/include/test/psa_helpers.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_HELPERS_H diff --git a/include/test/random.h b/include/test/random.h index 6304e05d7f..c5572088ac 100644 --- a/include/test/random.h +++ b/include/test/random.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_RANDOM_H diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index abdef9032d..ddbd6a39e1 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SSL_HELPERS_H diff --git a/src/asn1_helpers.c b/src/asn1_helpers.c index c8df1995e3..aaf7587aa7 100644 --- a/src/asn1_helpers.c +++ b/src/asn1_helpers.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index c85e2caafa..214530df51 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/src/certs.c b/src/certs.c index 879f08882c..b834e4aa14 100644 --- a/src/certs.c +++ b/src/certs.c @@ -2,7 +2,19 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/src/drivers/hash.c b/src/drivers/hash.c index 76ec12a22f..8fb1982779 100644 --- a/src/drivers/hash.c +++ b/src/drivers/hash.c @@ -2,7 +2,19 @@ * Test driver for hash entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/platform_builtin_keys.c b/src/drivers/platform_builtin_keys.c index 01fc050bbb..6334a438e5 100644 --- a/src/drivers/platform_builtin_keys.c +++ b/src/drivers/platform_builtin_keys.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_aead.c b/src/drivers/test_driver_aead.c index 314ce83a25..6dadf5282b 100644 --- a/src/drivers/test_driver_aead.c +++ b/src/drivers/test_driver_aead.c @@ -2,7 +2,19 @@ * Test driver for AEAD entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index c906a664a3..cf0e90caef 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -2,7 +2,19 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 678d8d5d6a..42e79c4903 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -3,7 +3,19 @@ * Currently only supports multi-part operations using AES-CTR. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_key_agreement.c b/src/drivers/test_driver_key_agreement.c index 8471959e2a..9cf82a37aa 100644 --- a/src/drivers/test_driver_key_agreement.c +++ b/src/drivers/test_driver_key_agreement.c @@ -2,7 +2,19 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 6442f22316..19da47ad67 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -3,7 +3,19 @@ * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_mac.c b/src/drivers/test_driver_mac.c index 9f8120bd4a..96c1685f59 100644 --- a/src/drivers/test_driver_mac.c +++ b/src/drivers/test_driver_mac.c @@ -2,7 +2,19 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_pake.c b/src/drivers/test_driver_pake.c index a0b6c1cb0c..69bd4ffe21 100644 --- a/src/drivers/test_driver_pake.c +++ b/src/drivers/test_driver_pake.c @@ -2,7 +2,19 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index bd723b8bd9..c312477c8a 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -4,7 +4,19 @@ * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/fake_external_rng_for_test.c b/src/fake_external_rng_for_test.c index c0bfde51aa..89af7d34f5 100644 --- a/src/fake_external_rng_for_test.c +++ b/src/fake_external_rng_for_test.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/helpers.c b/src/helpers.c index eb28919b8d..7cac6e0a05 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index d59a8f8721..52ff031862 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index f8b36e1faa..c4488b56f1 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -4,7 +4,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/random.c b/src/random.c index d041f36a1f..d20103c351 100644 --- a/src/random.c +++ b/src/random.c @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/src/test_certs.h b/src/test_certs.h index b313ea88de..866d1e0032 100644 --- a/src/test_certs.h +++ b/src/test_certs.h @@ -2,7 +2,19 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 52839eb96b..5c305cb0a0 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 6f405b00c6..ae6e59072a 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -2,7 +2,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include From 8dcc32bcf1f9344bcc50ad168611e84484e21a59 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 13:11:10 +0100 Subject: [PATCH 447/553] test_driver_extension: use same def/undef pattern for all accelerated symbols Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 95 ++++++++++++++++++- 1 file changed, 92 insertions(+), 3 deletions(-) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index d39e9c1587..5ee949ab89 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -521,17 +521,106 @@ #endif #endif -#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 -#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#if defined(PSA_WANT_ALG_GCM) +#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#undef MBEDTLS_PSA_ACCEL_ALG_GCM +#else #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CCM) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM) +#undef MBEDTLS_PSA_ACCEL_ALG_CCM +#else +#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CBC_MAC) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HMAC) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#undef MBEDTLS_PSA_ACCEL_ALG_HMAC +#else +#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HKDF) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +#undef MBEDTLS_PSA_ACCEL_ALG_HKDF +#else #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) +#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT +#else #define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) +#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND +#else #define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 -#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_OAEP) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP +#else #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT +#else #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 +#endif +#endif +#if defined(PSA_WANT_KEY_TYPE_DERIVE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_HMAC) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DES) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RAW_DATA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 +#endif +#endif From 53d6e56abed8b390063157a22ba13ccb767e0ff9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 11:09:42 +0100 Subject: [PATCH 448/553] test_driver_extension: fix acceleration support for CCM and CCM* Signed-off-by: Valerio Setti --- .../test/drivers/crypto_config_test_driver_extension.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 5ee949ab89..768a9a69f3 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -537,6 +537,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) +#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG +#else +#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1 +#endif +#endif + #if defined(PSA_WANT_ALG_CBC_MAC) #if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) #undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC From 9be008a12babef8703d5e003dceb3d720591f062 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 12:36:02 +0100 Subject: [PATCH 449/553] psa_exercise_key: replace legacy symbols with PSA_WANT ones Signed-off-by: Valerio Setti --- include/test/psa_exercise_key.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 0f3ee3db63..bd523d1262 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -46,11 +46,11 @@ * * For simplicity's sake, stick to block ciphers with 16-byte blocks. */ -#if defined(MBEDTLS_AES_C) +#if defined(PSA_WANT_KEY_TYPE_AES) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES -#elif defined(MBEDTLS_ARIA_C) +#elif defined(PSA_WANT_KEY_TYPE_ARIA) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA -#elif defined(MBEDTLS_CAMELLIA_C) +#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA #undef KNOWN_SUPPORTED_BLOCK_CIPHER #endif @@ -81,13 +81,13 @@ * * This is used in some smoke tests. */ -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR) +#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC) +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB) +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB) +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB #else #undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG From b9b37e149c8550b8ffac5d30aa24d9c585fb9f2f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 11:32:47 +0100 Subject: [PATCH 450/553] psa_exercise_key: add missing #else for KNOWN_SUPPORTED_BLOCK_CIPHER Signed-off-by: Valerio Setti --- include/test/psa_exercise_key.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index bd523d1262..a658d17730 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -52,6 +52,7 @@ #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA #elif defined(PSA_WANT_KEY_TYPE_CAMELLIA) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA +#else #undef KNOWN_SUPPORTED_BLOCK_CIPHER #endif From dce64df653363c26cb24e09322336e871e4ddbb9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Nov 2023 14:05:09 +0000 Subject: [PATCH 451/553] Move handling of mutex->is_valid into threading_helpers.c This is now a field only used for testing. Signed-off-by: Paul Elliott --- src/threading_helpers.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 6f405b00c6..0ea1e98d82 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -64,9 +64,9 @@ enum value_of_mutex_is_valid_field { * compatibility with threading_mutex_init_pthread() and * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero * value. */ - MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread - MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock - MUTEX_LOCKED = 2, //!< Set by our lock + MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free + MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock + MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock }; typedef struct { @@ -101,8 +101,12 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { mutex_functions.init(mutex); - if (mutex->is_valid) { + + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + mutex->state = MUTEX_IDLE; ++live_mutexes; + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } } @@ -123,7 +127,11 @@ static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) mbedtls_test_mutex_usage_error(mutex, "corrupted state"); break; } + + /* Mark mutex as free'd first, because we need to release the mutex. If + * free fails, this could end up with inconsistent state. */ if (mutex->is_valid) { + mutex->is_valid = MUTEX_FREED; --live_mutexes; } mutex_functions.free(mutex); @@ -138,7 +146,7 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) break; case MUTEX_IDLE: if (ret == 0) { - mutex->is_valid = 2; + mutex->is_valid = MUTEX_LOCKED; } break; case MUTEX_LOCKED: From 6d484876cc283924e748f27a0a34ac7445ece852 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 12 Nov 2023 19:05:57 +0000 Subject: [PATCH 452/553] Make threading helpers tests thread safe Signed-off-by: Paul Elliott --- src/threading_helpers.c | 115 ++++++++++++++++++++++------------------ 1 file changed, 64 insertions(+), 51 deletions(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 0ea1e98d82..0ffffbfd54 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -77,6 +77,8 @@ typedef struct { } mutex_functions_t; static mutex_functions_t mutex_functions; +mbedtls_threading_mutex_t mbedtls_test_mutex_mutex; + /** The total number of calls to mbedtls_mutex_init(), minus the total number * of calls to mbedtls_mutex_free(). * @@ -88,6 +90,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, const char *msg) { (void) mutex; + if (mbedtls_test_info.mutex_usage_error == NULL) { mbedtls_test_info.mutex_usage_error = msg; } @@ -112,73 +115,81 @@ static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - switch (mutex->is_valid) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - /* Do nothing. The underlying free function will reset is_valid - * to 0. */ - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - /* Mark mutex as free'd first, because we need to release the mutex. If - * free fails, this could end up with inconsistent state. */ - if (mutex->is_valid) { - mutex->is_valid = MUTEX_FREED; - --live_mutexes; + switch (mutex->is_valid) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); + break; + case MUTEX_IDLE: + mutex->is_valid = MUTEX_FREED; + --live_mutexes; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } mutex_functions.free(mutex); } static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) { + /* Lock the passed in mutex first, so that the only way to change the state + * is to hold the passed in and internal mutex - otherwise we create a race + * condition. */ int ret = mutex_functions.lock(mutex); - switch (mutex->is_valid) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->is_valid = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->is_valid) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "lock without init"); + break; + case MUTEX_IDLE: + if (ret == 0) { + mutex->is_valid = MUTEX_LOCKED; + } + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "double lock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } return ret; } static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) { - int ret = mutex_functions.unlock(mutex); - switch (mutex->is_valid) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - if (ret == 0) { + /* Lock the internal mutex first and change state, so that the only way to + * change the state is to hold the passed in and internal mutex - otherwise + * we create a race condition. */ + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->is_valid) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); + break; + case MUTEX_LOCKED: mutex->is_valid = MUTEX_IDLE; - } - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - return ret; + return mutex_functions.unlock(mutex); } void mbedtls_test_mutex_usage_init(void) @@ -191,6 +202,8 @@ void mbedtls_test_mutex_usage_init(void) mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free; mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock; mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; + + mutex_functions.init(&mbedtls_test_mutex_mutex); } void mbedtls_test_mutex_usage_check(void) From 68ed0dec0fd786abec8f0f7419339b4802a9ea19 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Nov 2023 11:33:32 +0000 Subject: [PATCH 453/553] Rename mutex->is_valid to mutex->state Rename struct member to make it more representative of its current use. Signed-off-by: Paul Elliott --- src/threading_helpers.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 0ffffbfd54..385a079261 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -58,8 +58,8 @@ * indicate the exact location of the problematic call. To locate the error, * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). */ -enum value_of_mutex_is_valid_field { - /* Potential values for the is_valid field of mbedtls_threading_mutex_t. +enum value_of_mutex_state_field { + /* Potential values for the state field of mbedtls_threading_mutex_t. * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for * compatibility with threading_mutex_init_pthread() and * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero @@ -117,12 +117,12 @@ static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->is_valid) { + switch (mutex->state) { case MUTEX_FREED: mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); break; case MUTEX_IDLE: - mutex->is_valid = MUTEX_FREED; + mutex->state = MUTEX_FREED; --live_mutexes; break; case MUTEX_LOCKED: @@ -145,13 +145,13 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) * condition. */ int ret = mutex_functions.lock(mutex); if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->is_valid) { + switch (mutex->state) { case MUTEX_FREED: mbedtls_test_mutex_usage_error(mutex, "lock without init"); break; case MUTEX_IDLE: if (ret == 0) { - mutex->is_valid = MUTEX_LOCKED; + mutex->state = MUTEX_LOCKED; } break; case MUTEX_LOCKED: @@ -173,7 +173,7 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) * change the state is to hold the passed in and internal mutex - otherwise * we create a race condition. */ if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->is_valid) { + switch (mutex->state) { case MUTEX_FREED: mbedtls_test_mutex_usage_error(mutex, "unlock without init"); break; @@ -181,7 +181,7 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); break; case MUTEX_LOCKED: - mutex->is_valid = MUTEX_IDLE; + mutex->state = MUTEX_IDLE; break; default: mbedtls_test_mutex_usage_error(mutex, "corrupted state"); From 611665fa4f4ddcebd85e6b2e72010cbd0e932bd5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 14:42:50 +0800 Subject: [PATCH 454/553] update tests Signed-off-by: Jerry Yu --- src/test_helpers/ssl_helpers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 54b57be813..f7cd1030f2 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1633,6 +1633,7 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) @@ -1729,6 +1730,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, return 0; } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, @@ -1752,14 +1754,14 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->start = mbedtls_time(NULL) - 42; + session->ticket_creation = mbedtls_ms_time() - 42; } #endif #if defined(MBEDTLS_SSL_CLI_C) if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_HAVE_TIME) - session->ticket_received = mbedtls_time(NULL) - 40; + session->ticket_received = mbedtls_ms_time() - 40; #endif session->ticket_lifetime = 0xfedcba98; From 12bd28b7c41279fb93aeb1f77f8ba55b46497b16 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 14:12:20 +0800 Subject: [PATCH 455/553] rename `ticket_creation` to `ticket_creation_time` Signed-off-by: Jerry Yu --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index f7cd1030f2..9acb1997e7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1754,7 +1754,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->ticket_creation = mbedtls_ms_time() - 42; + session->ticket_creation_time = mbedtls_ms_time() - 42; } #endif From 1d12938c4451cdfe743affe10552f50256d4424c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 14:23:39 +0800 Subject: [PATCH 456/553] rename ticket received Signed-off-by: Jerry Yu --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 9acb1997e7..dd06d176ac 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1761,7 +1761,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_CLI_C) if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_HAVE_TIME) - session->ticket_received = mbedtls_ms_time() - 40; + session->ticket_reception_time = mbedtls_ms_time() - 40; #endif session->ticket_lifetime = 0xfedcba98; From 2c7530828b0b169170c7cf113fea46e428c65b2a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Nov 2023 11:25:24 +0800 Subject: [PATCH 457/553] fix build failure Signed-off-by: Jerry Yu --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index dd06d176ac..d02d305394 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1752,7 +1752,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, session->max_early_data_size = 0x87654321; #endif -#if defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { session->ticket_creation_time = mbedtls_ms_time() - 42; } From 638ce23a13a53a8422ad4f92f474d87c9449f06f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Nov 2023 17:55:43 +0100 Subject: [PATCH 458/553] Detect enabled GCC/Clang sanitizers Occasionally we want tests to take advantage of sanitizers, or work around them. Signed-off-by: Gilles Peskine --- include/test/helpers.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index ba117fbdfc..cf791e2b62 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -20,6 +20,21 @@ #include "mbedtls/build_info.h" +#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ +# define MBEDTLS_TEST_HAVE_ASAN +#endif +#if defined(__has_feature) +# if __has_feature(address_sanitizer) /* clang -fsanitize=address */ +# define MBEDTLS_TEST_HAVE_ASAN +# endif +# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */ +# define MBEDTLS_TEST_HAVE_MSAN +# endif +# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */ +# define MBEDTLS_TEST_HAVE_TSAN +# endif +#endif + #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) #define MBEDTLS_TEST_MUTEX_USAGE From 5f7f6e32423813f2789c73c477d835a5f9a5f8ae Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 18:49:43 +0000 Subject: [PATCH 459/553] Ensure mutex test mutex gets free'd Signed-off-by: Paul Elliott --- include/test/helpers.h | 12 ++++++++++-- src/threading_helpers.c | 10 ++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index ba117fbdfc..4708df1632 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -240,10 +240,18 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, #endif #if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** Permanently activate the mutex usage verification framework. See - * threading_helpers.c for information. */ +/** + * Activate the mutex usage verification framework. See threading_helpers.c for + * information. + * */ void mbedtls_test_mutex_usage_init(void); +/** + * Deactivate the mutex usage verification framework. See threading_helpers.c + * for information. + */ +void mbedtls_test_mutex_usage_end(void); + /** Call this function after executing a test case to check for mutex usage * errors. */ void mbedtls_test_mutex_usage_check(void); diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 385a079261..434d124f18 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -228,4 +228,14 @@ void mbedtls_test_mutex_usage_check(void) mbedtls_test_info.mutex_usage_error = NULL; } +void mbedtls_test_mutex_usage_end(void) +{ + mbedtls_mutex_init = mutex_functions.init; + mbedtls_mutex_free = mutex_functions.free; + mbedtls_mutex_lock = mutex_functions.lock; + mbedtls_mutex_unlock = mutex_functions.unlock; + + mutex_functions.free(&mbedtls_test_mutex_mutex); +} + #endif /* MBEDTLS_TEST_MUTEX_USAGE */ From 3805f112dc6de2bb4b3d14a0c3b25f59ad3e563d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Nov 2023 15:48:28 +0000 Subject: [PATCH 460/553] Add better documentation for mbedtls_test_mutex_mutex Signed-off-by: Paul Elliott --- src/threading_helpers.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 434d124f18..5fbf65b2da 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -77,12 +77,30 @@ typedef struct { } mutex_functions_t; static mutex_functions_t mutex_functions; +/** + * The mutex used to guard live_mutexes below and access to the status variable + * in every mbedtls_threading_mutex_t. + * Note that we are not reporting any errors when locking and unlocking this + * mutex. This is for a couple of reasons: + * + * 1. We have no real way of reporting any errors with this mutex - we cannot + * report it back to the caller, as the failure was not that of the mutex + * passed in. We could fail the test, but again this would indicate a problem + * with the test code that did not exist. + * + * 2. Any failure to lock is unlikely to be intermittent, and will thus not + * give false test results - the overall result would be to turn off the + * testing. This is not a situation that is likely to happen with normal + * testing and we still have TSan to fall back on should this happen. + */ mbedtls_threading_mutex_t mbedtls_test_mutex_mutex; -/** The total number of calls to mbedtls_mutex_init(), minus the total number - * of calls to mbedtls_mutex_free(). +/** + * The total number of calls to mbedtls_mutex_init(), minus the total number + * of calls to mbedtls_mutex_free(). * - * Reset to 0 after each test case. + * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset + * to 0 after each test case. */ static int live_mutexes; From a3df575f360061875d1c3cadadc015f63d770765 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 16:39:34 +0800 Subject: [PATCH 461/553] ssl_helpers: make rng_get available for other test cases This is a pre-step to configure random number generator in some TLS tests. Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 4 ++++ src/test_helpers/ssl_helpers.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index d03c62414b..b45e9695f7 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -193,6 +193,10 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int rng_get(void *p_rng, unsigned char *output, size_t output_len); +#endif + /* * This function can be passed to mbedtls to receive output logs from it. In * this case, it will count the instances of a mbedtls_test_ssl_log_pattern diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d02d305394..549a4ffc66 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -14,7 +14,7 @@ #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int rng_seed = 0xBEEF; -static int rng_get(void *p_rng, unsigned char *output, size_t output_len) +int rng_get(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; for (size_t i = 0; i < output_len; i++) { From ea3933d64d7b0424d95534b06f57a8aae68d5da0 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 23:34:27 +0800 Subject: [PATCH 462/553] ssl_helpers: remove guard for rng_get() After adding a check in ssl_conf_check(), we have configured RNG via mbedtls_ssl_conf_rng() for TLS tests in both test_suite_ssl.function and test_suite_debug.function. As a result, rng_get() is not only available when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED enabled. Therefore, we remove the guard for rng_get() to make it accessible for TLS tests which have call for mbedtls_ssl_setup(). Signed-off-by: Yanray Wang --- include/test/ssl_helpers.h | 2 -- src/test_helpers/ssl_helpers.c | 5 ++--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index b45e9695f7..9493b69ca7 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -193,9 +193,7 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) int rng_get(void *p_rng, unsigned char *output, size_t output_len); -#endif /* * This function can be passed to mbedtls to receive output logs from it. In diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 549a4ffc66..de76b09935 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -12,8 +12,6 @@ #include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int rng_seed = 0xBEEF; int rng_get(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; @@ -23,7 +21,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len) return 0; } -#endif void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, @@ -46,6 +43,8 @@ void mbedtls_test_init_handshake_options( mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + int rng_seed = 0xBEEF; + srand(rng_seed); rng_seed += 0xD0; #endif From 84b575e3b9ed1f8ee95d081224755652e7c793cd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:24:32 +0100 Subject: [PATCH 463/553] psa: free RNG implementation before checking for remaining open key slots Signed-off-by: Valerio Setti --- include/test/psa_crypto_helpers.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 04b90b9231..f4c49fb020 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -34,6 +34,7 @@ #define PSA_DONE() \ do \ { \ + mbedtls_psa_random_free(); \ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ mbedtls_test_psa_purge_key_storage(); \ mbedtls_psa_crypto_free(); \ @@ -125,17 +126,21 @@ const char *mbedtls_test_helper_is_psa_leaking(void); /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. + * mbedtls_psa_random_free() is called before any check for remaining open + * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform + * AES-ECB so it holds an open AES key for that since psa_crypto_init(). * * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ #define PSA_SESSION_DONE() \ - do \ - { \ + do \ + { \ + mbedtls_psa_random_free(); \ mbedtls_test_psa_purge_key_cache(); \ ASSERT_PSA_PRISTINE(); \ mbedtls_psa_crypto_free(); \ - } \ + } \ while (0) From 1b8322f364919963eeaa896c16cb7ec54cd4d6e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:27:56 +0100 Subject: [PATCH 464/553] test_suite_[ctr_drbg/random]: initialize/close PSA in tests This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is when PSA is effectively required for CTR_DRBG). Signed-off-by: Valerio Setti --- include/test/psa_crypto_helpers.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index f4c49fb020..cd64dc7adf 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -397,4 +397,27 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MD_OR_USE_PSA_DONE() ((void) 0) #endif +/** \def AES_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if AES_C is not defined, + * so that CTR_DRBG uses PSA implementation to get AES-ECB. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def AES_PSA_DONE + * + * Call this macro at the end of a test case if you called #AES_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #AES_PSA_INIT. + */ +#if defined(MBEDTLS_AES_C) +#define AES_PSA_INIT() ((void) 0) +#define AES_PSA_DONE() ((void) 0) +#else /* MBEDTLS_AES_C */ +#define AES_PSA_INIT() PSA_INIT() +#define AES_PSA_DONE() PSA_DONE() +#endif /* MBEDTLS_AES_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ From aab9a62a2809599063be2f963a65d272279158ca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:32:34 +0100 Subject: [PATCH 465/553] test_suite_psa_crypto_driver_wrappers: improving driver access counters When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This means that, when AES-ECB is accelerated, each random operation goes through driver access as well. This might result in unexpectedly increased counters for driver's access. We add extra counters in test_driver_[cipher/key_management].c to be more specific on which driver functions are accessed and ignore extra accesses due to CTR_DRBG. Signed-off-by: Valerio Setti --- include/test/drivers/cipher.h | 3 ++- include/test/drivers/key_management.h | 4 +++- src/drivers/test_driver_cipher.c | 1 + src/drivers/test_driver_key_management.c | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 950a17440e..2e299da723 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -25,9 +25,10 @@ typedef struct { psa_status_t forced_status; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; + unsigned long cipher_encrypt_hits; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 9e2c898853..24ecbc3c52 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -26,6 +26,8 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Subset of hits which only counts key operations with EC key */ + unsigned long export_public_key_hits; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; @@ -34,7 +36,7 @@ typedef struct { * sense that no PSA specification will assign a meaning to this location * (stated first in version 1.0.1 of the specification) and that it is not * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init(void) { diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 678d8d5d6a..324590c0af 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -41,6 +41,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 6442f22316..f73ae97f67 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -529,6 +529,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.export_public_key_hits; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; From 6df615fc8067a5a5c5b957d8251fbec8fb898f83 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Nov 2023 14:35:02 +0100 Subject: [PATCH 466/553] test_suite_psa_crypto_driver_wrappers: add counter for cipher_update() Signed-off-by: Valerio Setti --- include/test/drivers/cipher.h | 3 ++- src/drivers/test_driver_cipher.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 2e299da723..71682303ce 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -26,9 +26,10 @@ typedef struct { /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; unsigned long cipher_encrypt_hits; + unsigned long cipher_update_hits; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 324590c0af..76ccdcffbe 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -234,6 +234,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.cipher_update_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { From 9097552cae03a8134aa79d43b3736ab4c680eb6a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 08:36:12 +0100 Subject: [PATCH 467/553] test_suite_psa_crypto_slot_management: modify check on open key slots This commit - Reverts changes previously done to psa_crypto_helpers.[c,h] - Implements a new check for open key slots in mbedtls_test_helper_is_psa_leaking(): - when CTR_DRBG does not use AES_C or PSA does not have an external RNG, then we allow 1 key slot (it's the one holding the AES key) - when the above conditions are not met, then we fallback to the usual check for "no open key slots remaining" Signed-off-by: Valerio Setti --- include/test/psa_crypto_helpers.h | 11 +++-------- src/psa_crypto_helpers.c | 11 +++++++++++ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index cd64dc7adf..0b8c221946 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -34,7 +34,6 @@ #define PSA_DONE() \ do \ { \ - mbedtls_psa_random_free(); \ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \ mbedtls_test_psa_purge_key_storage(); \ mbedtls_psa_crypto_free(); \ @@ -126,21 +125,17 @@ const char *mbedtls_test_helper_is_psa_leaking(void); /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive. * Expect a clean shutdown, with no slots in use. - * mbedtls_psa_random_free() is called before any check for remaining open - * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform - * AES-ECB so it holds an open AES key for that since psa_crypto_init(). * * If some key slots are still in use, record the test case as failed and * jump to the `exit` label. */ #define PSA_SESSION_DONE() \ - do \ - { \ - mbedtls_psa_random_free(); \ + do \ + { \ mbedtls_test_psa_purge_key_cache(); \ ASSERT_PSA_PRISTINE(); \ mbedtls_psa_crypto_free(); \ - } \ + } \ while (0) diff --git a/src/psa_crypto_helpers.c b/src/psa_crypto_helpers.c index d59a8f8721..e1ea2b5c81 100644 --- a/src/psa_crypto_helpers.c +++ b/src/psa_crypto_helpers.c @@ -70,9 +70,20 @@ const char *mbedtls_test_helper_is_psa_leaking(void) mbedtls_psa_get_stats(&stats); +#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ + !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + /* When AES_C is not defined and PSA does not have an external RNG, + * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key + * slot is used internally from PSA to hold the AES key and it should + * not be taken into account when evaluating remaining open slots. */ + if (stats.volatile_slots > 1) { + return "A volatile slot has not been closed properly."; + } +#else if (stats.volatile_slots != 0) { return "A volatile slot has not been closed properly."; } +#endif if (stats.persistent_slots != 0) { return "A persistent slot has not been closed properly."; } From 7675a4e83695e2a79d843270f68d5e0169c1bbdd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Nov 2023 12:51:42 +0100 Subject: [PATCH 468/553] test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update() Signed-off-by: Valerio Setti --- include/test/drivers/cipher.h | 2 +- src/drivers/test_driver_cipher.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 71682303ce..67047afaca 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -26,7 +26,7 @@ typedef struct { /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; unsigned long cipher_encrypt_hits; - unsigned long cipher_update_hits; + unsigned long cipher_update_forced_status_hits; } mbedtls_test_driver_cipher_hooks_t; #define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index 76ccdcffbe..b9da5d2442 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -234,7 +234,6 @@ psa_status_t mbedtls_test_transparent_cipher_update( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.cipher_update_hits++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { @@ -250,6 +249,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( } if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { + ++mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits; return mbedtls_test_driver_cipher_hooks.forced_status; } From a76301ad35693be569060e3ca4f3aacfd723c42c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 27 Nov 2023 12:27:46 +0100 Subject: [PATCH 469/553] test_driver_cipher: add forced return status for encrypt and set_iv Signed-off-by: Valerio Setti --- include/test/drivers/cipher.h | 10 +++++++--- src/drivers/test_driver_cipher.c | 10 ++++++++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/include/test/drivers/cipher.h b/include/test/drivers/cipher.h index 67047afaca..2fe47e4d7a 100644 --- a/include/test/drivers/cipher.h +++ b/include/test/drivers/cipher.h @@ -23,13 +23,17 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; + psa_status_t forced_status_encrypt; + psa_status_t forced_status_set_iv; /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; - unsigned long cipher_encrypt_hits; - unsigned long cipher_update_forced_status_hits; + unsigned long hits_encrypt; + unsigned long hits_set_iv; } mbedtls_test_driver_cipher_hooks_t; -#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \ + PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \ + 0, 0, 0 } static inline mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks_init(void) { diff --git a/src/drivers/test_driver_cipher.c b/src/drivers/test_driver_cipher.c index b9da5d2442..2bc751a8a2 100644 --- a/src/drivers/test_driver_cipher.c +++ b/src/drivers/test_driver_cipher.c @@ -41,7 +41,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( size_t *output_length) { mbedtls_test_driver_cipher_hooks.hits++; - mbedtls_test_driver_cipher_hooks.cipher_encrypt_hits++; + mbedtls_test_driver_cipher_hooks.hits_encrypt++; if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) { @@ -59,6 +59,9 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_cipher_hooks.forced_status; } + if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status_encrypt; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -209,10 +212,14 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( size_t iv_length) { mbedtls_test_driver_cipher_hooks.hits++; + mbedtls_test_driver_cipher_hooks.hits_set_iv++; if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_cipher_hooks.forced_status; } + if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) { + return mbedtls_test_driver_cipher_hooks.forced_status_set_iv; + } #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) @@ -249,7 +256,6 @@ psa_status_t mbedtls_test_transparent_cipher_update( } if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) { - ++mbedtls_test_driver_cipher_hooks.cipher_update_forced_status_hits; return mbedtls_test_driver_cipher_hooks.forced_status; } From 0472af369a70d39d66dc112c06634884c052a481 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 10:27:00 +0100 Subject: [PATCH 470/553] test_driver_key_management: rename counter for export_public_key() hits Signed-off-by: Valerio Setti --- include/test/drivers/key_management.h | 2 +- src/drivers/test_driver_key_management.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 24ecbc3c52..526adbb91b 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -27,7 +27,7 @@ typedef struct { * is called. */ unsigned long hits; /* Subset of hits which only counts key operations with EC key */ - unsigned long export_public_key_hits; + unsigned long hits_export_public_key; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index f73ae97f67..d522ebfe8d 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -529,7 +529,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; - ++mbedtls_test_driver_key_management_hooks.export_public_key_hits; + ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; From 693fa6d7777fd210e1ac6900ab139e93ac295c6a Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 6 Dec 2023 16:52:48 +0800 Subject: [PATCH 471/553] Correctly use asymmetric encrypt/decrypt driver Signed-off-by: Pengyu Lv --- src/drivers/test_driver_asymmetric_encryption.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index c906a664a3..ff46387d58 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -46,8 +46,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_encrypt( return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; } -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) return libtestdriver1_mbedtls_psa_asymmetric_encrypt( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, @@ -88,8 +87,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status; } -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) return libtestdriver1_mbedtls_psa_asymmetric_decrypt( (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, From 713031c4fc3b78b67e82cecd92a9b246656bd081 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Dec 2023 11:54:20 +0100 Subject: [PATCH 472/553] tests: add PSA_INIT/PSA_DONE to CCM and GCM test suites Signed-off-by: Valerio Setti --- include/test/psa_crypto_helpers.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/include/test/psa_crypto_helpers.h b/include/test/psa_crypto_helpers.h index 0b8c221946..41d204da93 100644 --- a/include/test/psa_crypto_helpers.h +++ b/include/test/psa_crypto_helpers.h @@ -367,6 +367,30 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MD_PSA_DONE() ((void) 0) #endif /* MBEDTLS_MD_SOME_PSA */ +/** \def BLOCK_CIPHER_PSA_INIT + * + * Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver, + * and do nothing otherwise. + * + * If the initialization fails, mark the test case as failed and jump to the + * \p exit label. + */ +/** \def BLOCK_CIPHER_PSA_DONE + * + * Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT. + * + * This is like #PSA_DONE except it does nothing under the same conditions as + * #BLOCK_CIPHER_PSA_INIT. + */ +#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) +#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() +#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() +#else /* MBEDTLS_MD_SOME_PSA */ +#define BLOCK_CIPHER_PSA_INIT() ((void) 0) +#define BLOCK_CIPHER_PSA_DONE() ((void) 0) +#endif /* MBEDTLS_MD_SOME_PSA */ + + /** \def MD_OR_USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if MD uses a driver, From 1f3d3365f2f991a24a74f8fe2b2e600b39cf2455 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Dec 2023 17:28:31 +0000 Subject: [PATCH 473/553] Refactor record size limit extension handling Signed-off-by: Waleed Elmelegy --- src/test_helpers/ssl_helpers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d02d305394..3d8937da6d 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1776,6 +1776,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + session->record_size_limit = 2048; +#endif + return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 4b055adaaee875af1a723a3e6383e63fd34bc901 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 13:26:40 +0100 Subject: [PATCH 474/553] library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index d02d305394..6233580b95 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -9,7 +9,7 @@ */ #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) From c074b60319f116cc6dda1cb808289ffd31c00e65 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 27 Oct 2023 18:41:02 +0100 Subject: [PATCH 475/553] Add accessor helpers for mbedtls_test_info Step one of being able to control access to mbedtls_test_info with a mutex. Signed-off-by: Paul Elliott --- include/test/helpers.h | 76 ++++++++++++++++++++++++++++++++++++++++- src/helpers.c | 55 +++++++++++++++++++++++++++++ src/threading_helpers.c | 14 +++----- 3 files changed, 135 insertions(+), 10 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 7c962a283b..689a1b5736 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -74,7 +74,81 @@ typedef struct { #endif } mbedtls_test_info_t; -extern mbedtls_test_info_t mbedtls_test_info; + +/** + * \brief Get the current test result status + * + * \return The current test result status + */ +mbedtls_test_result_t mbedtls_test_get_result(void); + +/** + * \brief Get the current test name/description + * + * \return The current test name/description + */ +const char *mbedtls_test_get_test(void); + +/** + * \brief Get the current test filename + * + * \return The current test filename + */ +const char *mbedtls_get_test_filename(void); + +/** + * \brief Get the current test file line number (for failure / skip) + * + * \return The current test file line number (for failure / skip) + */ +int mbedtls_test_get_line_no(void); + +/** + * \brief Increment the current test step. + */ +void mbedtls_test_increment_step(void); + +/** + * \brief Get the current test step + * + * \return The current test step + */ +unsigned long mbedtls_test_get_step(void); + +/** + * \brief Get the current test line buffer 1 + * + * \return The current test line buffer 1 + */ +const char *mbedtls_test_get_line1(void); + +/** + * \brief Get the current test line buffer 2 + * + * \return The current test line buffer 2 + */ +const char *mbedtls_test_get_line2(void); + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * \brief Get the current mutex usage error message + * + * \return The current mutex error message (may be NULL if no error) + */ +const char *mbedtls_test_get_mutex_usage_error(void); + +/** + * \brief Set the current mutex usage error message + * + * \note This will only set the mutex error message if one has not + * already been set, or if we are clearing the message (msg is + * NULL) + * + * \param msg Error message to set (can be NULL to clear) + */ +void mbedtls_test_set_mutex_usage_error(const char *msg); +#endif + int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); diff --git a/src/helpers.c b/src/helpers.c index eb28919b8d..6bfe15dd70 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -22,6 +22,61 @@ static mbedtls_platform_context platform_ctx; mbedtls_test_info_t mbedtls_test_info; +/*----------------------------------------------------------------------------*/ +/* Mbedtls Test Info accessors */ + +mbedtls_test_result_t mbedtls_test_get_result(void) +{ + return mbedtls_test_info.result; +} + +const char *mbedtls_test_get_test(void) +{ + return mbedtls_test_info.test; +} +const char *mbedtls_get_test_filename(void) +{ + return mbedtls_test_info.filename; +} + +int mbedtls_test_get_line_no(void) +{ + return mbedtls_test_info.line_no; +} + +void mbedtls_test_increment_step(void) +{ + ++mbedtls_test_info.step; +} + +unsigned long mbedtls_test_get_step(void) +{ + return mbedtls_test_info.step; +} + +const char *mbedtls_test_get_line1(void) +{ + return mbedtls_test_info.line1; +} +const char *mbedtls_test_get_line2(void) +{ + return mbedtls_test_info.line2; +} + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +const char *mbedtls_test_get_mutex_usage_error(void) +{ + return mbedtls_test_info.mutex_usage_error; +} + +void mbedtls_test_set_mutex_usage_error(const char *msg) +{ + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { + mbedtls_test_info.mutex_usage_error = msg; + } +} +#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) + /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 5fbf65b2da..261d14175f 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -109,9 +109,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, { (void) mutex; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = msg; - } + mbedtls_test_set_mutex_usage_error(msg); mbedtls_fprintf(stdout, "[mutex: %s] ", msg); /* Don't mark the test as failed yet. This way, if the test fails later * for a functional reason, the test framework will report the message @@ -233,17 +231,15 @@ void mbedtls_test_mutex_usage_check(void) * negative number means a missing init somewhere. */ mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); live_mutexes = 0; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = "missing free"; - } + mbedtls_test_set_mutex_usage_error("missing free"); } - if (mbedtls_test_info.mutex_usage_error != NULL && - mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_mutex_usage_error() != NULL && + mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { /* Functionally, the test passed. But there was a mutex usage error, * so mark the test as failed after all. */ mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); } - mbedtls_test_info.mutex_usage_error = NULL; + mbedtls_test_set_mutex_usage_error(NULL); } void mbedtls_test_mutex_usage_end(void) From cac2eb8f1c199e0868f84ed0fd861a1328eb6502 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 31 Oct 2023 16:38:56 +0000 Subject: [PATCH 476/553] Use mbedtls_test_info accessors internally as well Signed-off-by: Paul Elliott --- include/test/helpers.h | 6 ++- src/helpers.c | 94 ++++++++++++++++++++++++++---------------- 2 files changed, 62 insertions(+), 38 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 689a1b5736..564a5539f4 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -61,14 +61,16 @@ typedef enum { MBEDTLS_TEST_RESULT_SKIPPED } mbedtls_test_result_t; +#define MBEDTLS_TEST_LINE_LENGTH 76 + typedef struct { mbedtls_test_result_t result; const char *test; const char *filename; int line_no; unsigned long step; - char line1[76]; - char line2[76]; + char line1[MBEDTLS_TEST_LINE_LENGTH]; + char line2[MBEDTLS_TEST_LINE_LENGTH]; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif diff --git a/src/helpers.c b/src/helpers.c index 6bfe15dd70..52785fc01a 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -30,6 +30,15 @@ mbedtls_test_result_t mbedtls_test_get_result(void) return mbedtls_test_info.result; } +void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, + int line_no, const char *filename) +{ + mbedtls_test_info.result = result; + mbedtls_test_info.test = test; + mbedtls_test_info.line_no = line_no; + mbedtls_test_info.filename = filename; +} + const char *mbedtls_test_get_test(void) { return mbedtls_test_info.test; @@ -54,15 +63,38 @@ unsigned long mbedtls_test_get_step(void) return mbedtls_test_info.step; } +void mbedtls_test_set_step(unsigned long step) { + mbedtls_test_info.step = step; +} + const char *mbedtls_test_get_line1(void) { return mbedtls_test_info.line1; } + +void mbedtls_test_set_line1(const char *line) +{ + if (line == NULL) { + memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + } else { + strncpy(mbedtls_test_info.line1, line, sizeof(mbedtls_test_info.line1)); + } +} + const char *mbedtls_test_get_line2(void) { return mbedtls_test_info.line2; } +void mbedtls_test_set_line2(const char *line) { + if (line == NULL) { + memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + } else { + strncpy(mbedtls_test_info.line2, line, sizeof(mbedtls_test_info.line2)); + } +} + + #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mbedtls_test_get_mutex_usage_error(void) { @@ -126,28 +158,17 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return; } - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } void mbedtls_test_skip(const char *test, int line_no, const char *filename) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; -} - -void mbedtls_test_set_step(unsigned long step) -{ - mbedtls_test_info.step = step; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); } #if defined(MBEDTLS_BIGNUM_C) @@ -156,13 +177,11 @@ unsigned mbedtls_test_case_uses_negative_0 = 0; void mbedtls_test_info_reset(void) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; - mbedtls_test_info.step = (unsigned long) (-1); - mbedtls_test_info.test = 0; - mbedtls_test_info.line_no = 0; - mbedtls_test_info.filename = 0; - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); + mbedtls_test_set_step((unsigned long) (-1)); + mbedtls_test_set_line1(NULL); + mbedtls_test_set_line2(NULL); + #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_case_uses_negative_0 = 0; #endif @@ -178,20 +197,21 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", value1, (long long) value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", value2, (long long) value2); + mbedtls_test_set_line2(buf); return 0; } @@ -205,20 +225,21 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %llu", value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %llu", value2, value2); + mbedtls_test_set_line2(buf); return 0; } @@ -232,20 +253,21 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { /* We've already recorded the test as having failed. Don't * overwrite any previous information about the failure. */ return 0; } + char buf[MBEDTLS_TEST_LINE_LENGTH]; mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), + (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", (unsigned long long) value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", (unsigned long long) value2, value2); + mbedtls_test_set_line2(buf); return 0; } From 8287a7f5728fa8994fbe626ba1fceef3464a83b7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Dec 2023 16:55:03 +0000 Subject: [PATCH 477/553] Migrate to threading_helpers.h Signed-off-by: Paul Elliott --- include/test/helpers.h | 24 +---------------- include/test/threading_helpers.h | 45 ++++++++++++++++++++++++++++++++ src/threading_helpers.c | 1 + 3 files changed, 47 insertions(+), 23 deletions(-) create mode 100644 include/test/threading_helpers.h diff --git a/include/test/helpers.h b/include/test/helpers.h index 7c962a283b..b2b07cfa8b 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -35,11 +35,7 @@ # endif #endif -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ - defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_TEST_MUTEX_USAGE -#endif - +#include "test/threading_helpers.h" #include "mbedtls/platform.h" #include @@ -254,24 +250,6 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, #include "test/fake_external_rng_for_test.h" #endif -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * Activate the mutex usage verification framework. See threading_helpers.c for - * information. - * */ -void mbedtls_test_mutex_usage_init(void); - -/** - * Deactivate the mutex usage verification framework. See threading_helpers.c - * for information. - */ -void mbedtls_test_mutex_usage_end(void); - -/** Call this function after executing a test case to check for mutex usage - * errors. */ -void mbedtls_test_mutex_usage_check(void); -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - #if defined(MBEDTLS_TEST_HOOKS) /** * \brief Check that only a pure high-level error code is being combined with diff --git a/include/test/threading_helpers.h b/include/test/threading_helpers.h new file mode 100644 index 0000000000..3c4d44126a --- /dev/null +++ b/include/test/threading_helpers.h @@ -0,0 +1,45 @@ +/** + * \file threading_helpers.h + * + * \brief This file contains the prototypes of helper functions for the purpose + * of testing threading. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef THREADING_HELPERS_H +#define THREADING_HELPERS_H + +#if defined MBEDTLS_THREADING_C + +#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) +#define MBEDTLS_TEST_MUTEX_USAGE +#endif + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * Activate the mutex usage verification framework. See threading_helpers.c for + * information. + */ +void mbedtls_test_mutex_usage_init(void); + +/** + * Deactivate the mutex usage verification framework. See threading_helpers.c + * for information. + */ +void mbedtls_test_mutex_usage_end(void); + +/** + * Call this function after executing a test case to check for mutex usage + * errors. + */ +void mbedtls_test_mutex_usage_check(void); +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +#endif /* MBEDTLS_THREADING_C */ + +#endif /* THREADING_HELPERS_H */ + diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 5fbf65b2da..38059343d8 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -6,6 +6,7 @@ */ #include +#include #include #if defined(MBEDTLS_TEST_MUTEX_USAGE) From a37895b529d2112935e3b5a234400b9266360776 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 8 Dec 2023 20:49:47 +0000 Subject: [PATCH 478/553] Add test thread create/join abstraction Signed-off-by: Paul Elliott --- include/test/threading_helpers.h | 61 ++++++++++++++++++++++++++++- src/threading_helpers.c | 67 ++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+), 1 deletion(-) diff --git a/include/test/threading_helpers.h b/include/test/threading_helpers.h index 3c4d44126a..9b7ced519b 100644 --- a/include/test/threading_helpers.h +++ b/include/test/threading_helpers.h @@ -15,6 +15,66 @@ #if defined MBEDTLS_THREADING_C +#include "mbedtls/private_access.h" +#include "mbedtls/build_info.h" + +/* Most fields of publicly available structs are private and are wrapped with + * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields + * directly (without using the MBEDTLS_PRIVATE wrapper). */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F + +#if defined(MBEDTLS_THREADING_PTHREAD) +#include + +typedef struct mbedtls_test_thread_t { + pthread_t MBEDTLS_PRIVATE(thread); +} mbedtls_test_thread_t; + +#endif /* MBEDTLS_THREADING_PTHREAD */ + +#if defined(MBEDTLS_THREADING_ALT) +/* You should define the mbedtls_test_thread_t type in your header */ +#include "threading_alt.h" + +/** + * \brief Set your alternate threading implementation + * function pointers fgr test threads. If used, + * this function must be called once in the main thread + * before any other MbedTLS function is called. + * + * \note These functions are part of the testing API only and + * thus not considered part of the public API of + * MbedTLS and thus may change without notice. + * + * \param thread_create The thread create function implementation + * \param thread_join The thread join function implementation + + */ +void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, + void *(*thread_func)( + void *), + void *thread_data), + int (*thread_join)(mbedtls_test_thread_t *thread)); + +#endif /* MBEDTLS_THREADING_ALT*/ + +/** + * \brief The function pointers for thread create and thread + * join. + * + * \note These functions are part of the testing API only and + * thus not considered part of the public API of + * MbedTLS and thus may change without notice. + * + * \note All these functions are expected to work or + * the result will be undefined. + */ +extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, + void *(*thread_func)(void *), void *thread_data); +extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread); + #if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) #define MBEDTLS_TEST_MUTEX_USAGE #endif @@ -42,4 +102,3 @@ void mbedtls_test_mutex_usage_check(void); #endif /* MBEDTLS_THREADING_C */ #endif /* THREADING_HELPERS_H */ - diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 38059343d8..5a871e102d 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -9,6 +9,71 @@ #include #include +#include "mbedtls/threading.h" + +#if defined(MBEDTLS_THREADING_C) + +#if defined(MBEDTLS_THREADING_PTHREAD) + +static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)( + void *), void *thread_data) +{ + if (thread == NULL || thread_func == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + + if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) { + return MBEDTLS_ERR_THREADING_THREAD_ERROR; + } + + return 0; +} + +static int threading_thread_join_pthread(mbedtls_test_thread_t *thread) +{ + if (thread == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + + if (pthread_join(thread->thread, NULL) != 0) { + return MBEDTLS_ERR_THREADING_THREAD_ERROR; + } + + return 0; +} + +int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), + void *thread_data) = threading_thread_create_pthread; +int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread; + +#endif /* MBEDTLS_THREADING_PTHREAD */ + +#if defined(MBEDTLS_THREADING_ALT) + +static int threading_thread_create_fail(mbedtls_test_thread_t *thread, + void *(*thread_func)(void *), + void *thread_data) +{ + (void) thread; + (void) thread_func; + (void) thread_data; + + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; +} + +static int threading_thread_join_fail(mbedtls_test_thread_t *thread) +{ + (void) thread; + + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; +} + +int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), + void *thread_data) = threading_thread_create_fail; +int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail; + +#endif /* MBEDTLS_THREADING_ALT */ + #if defined(MBEDTLS_TEST_MUTEX_USAGE) #include "mbedtls/threading.h" @@ -258,3 +323,5 @@ void mbedtls_test_mutex_usage_end(void) } #endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +#endif /* MBEDTLS_THREADING_C */ From 43b1bb68d23c14c487ca4889f4be71f57ccb00ee Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Nov 2023 18:44:57 +0000 Subject: [PATCH 479/553] Move bignum flag for negative zero into test_info Add accessors ready for protection with test_info mutex. Signed-off-by: Paul Elliott --- include/test/bignum_helpers.h | 28 ++++++++++------------------ include/test/helpers.h | 25 +++++++++++++++++++++++++ src/bignum_helpers.c | 2 +- src/helpers.c | 25 ++++++++++++++++++++----- 4 files changed, 56 insertions(+), 24 deletions(-) diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index 2f6bf89317..cf175a3ac4 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -77,30 +77,22 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * * - This function guarantees that if \p s begins with '-' then the sign * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it - * increments #mbedtls_test_case_uses_negative_0. - * - The size of the result is exactly the minimum number of limbs needed - * to fit the digits in the input. In particular, this function constructs - * a bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. + * When this function encounters such a "negative 0", it calls + * mbedtls_test_increment_case_uses_negative_0(). + * - The size of the result is exactly the minimum number of limbs needed to fit + * the digits in the input. In particular, this function constructs a bignum + * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the + * string has sufficiently many leading 0 digits. This is important so that + * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they + * claim. * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); -/** Nonzero if the current test case had an input parsed with - * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., - * constructing a result with the sign bit set to -1 and the value being - * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). - */ -extern unsigned mbedtls_test_case_uses_negative_0; - #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/include/test/helpers.h b/include/test/helpers.h index 564a5539f4..b672ecca62 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -74,6 +74,9 @@ typedef struct { #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif +#if defined(MBEDTLS_BIGNUM_C) + unsigned case_uses_negative_0; +#endif } mbedtls_test_info_t; @@ -151,6 +154,28 @@ const char *mbedtls_test_get_mutex_usage_error(void); void mbedtls_test_set_mutex_usage_error(const char *msg); #endif +#if defined(MBEDTLS_BIGNUM_C) + +/** + * \brief Get whether the current test is a bignum test that uses + * negative zero. + * + * \return non zero if the current test uses bignum negative zero. + */ +unsigned mbedtls_test_get_case_uses_negative_0(void); + +/** + * \brief Indicate that the current test uses bignum negative zero. + * + * \note This function is called if the current test case had an + * input parsed with mbedtls_test_read_mpi() that is a negative + * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with + * the sign bit set to -1 and the value being all-limbs-0, + * which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). * + */ +void mbedtls_test_increment_case_uses_negative_0(void); +#endif int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); diff --git a/src/bignum_helpers.c b/src/bignum_helpers.c index c85e2caafa..913f5e3870 100644 --- a/src/bignum_helpers.c +++ b/src/bignum_helpers.c @@ -135,7 +135,7 @@ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) } if (negative) { if (mbedtls_mpi_cmp_int(X, 0) == 0) { - ++mbedtls_test_case_uses_negative_0; + mbedtls_test_increment_case_uses_negative_0(); } X->s = -1; } diff --git a/src/helpers.c b/src/helpers.c index 52785fc01a..03a8fa7285 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -109,6 +109,25 @@ void mbedtls_test_set_mutex_usage_error(const char *msg) } #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) +#if defined(MBEDTLS_BIGNUM_C) + +unsigned mbedtls_test_get_case_uses_negative_0(void) +{ + return mbedtls_test_info.case_uses_negative_0; +} + +void mbedtls_test_set_case_uses_negative_0(unsigned uses) +{ + mbedtls_test_info.case_uses_negative_0 = uses; +} + +void mbedtls_test_increment_case_uses_negative_0(void) +{ + ++mbedtls_test_info.case_uses_negative_0; +} + +#endif + /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -171,10 +190,6 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename) mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); } -#if defined(MBEDTLS_BIGNUM_C) -unsigned mbedtls_test_case_uses_negative_0 = 0; -#endif - void mbedtls_test_info_reset(void) { mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); @@ -183,7 +198,7 @@ void mbedtls_test_info_reset(void) mbedtls_test_set_line2(NULL); #if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_case_uses_negative_0 = 0; + mbedtls_test_set_case_uses_negative_0(0); #endif } From 71c38c2d10a0a2cd92ba066b78701ac49cfdd19f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Nov 2023 17:29:05 +0000 Subject: [PATCH 480/553] Protect test info access with mutex Signed-off-by: Paul Elliott --- include/test/helpers.h | 10 +- src/helpers.c | 202 +++++++++++++++++++++++++++++++++++++---- 2 files changed, 192 insertions(+), 20 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index b672ecca62..73459d992f 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -123,16 +123,18 @@ unsigned long mbedtls_test_get_step(void); /** * \brief Get the current test line buffer 1 * - * \return The current test line buffer 1 + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. */ -const char *mbedtls_test_get_line1(void); +void mbedtls_test_get_line1(char *line); /** * \brief Get the current test line buffer 2 * - * \return The current test line buffer 2 + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. */ -const char *mbedtls_test_get_line2(void); +void mbedtls_test_get_line2(char *line); #if defined(MBEDTLS_TEST_MUTEX_USAGE) /** diff --git a/src/helpers.c b/src/helpers.c index 03a8fa7285..1bad819acf 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -13,6 +13,10 @@ #include #endif +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif + /*----------------------------------------------------------------------------*/ /* Static global variables */ @@ -22,76 +26,200 @@ static mbedtls_platform_context platform_ctx; mbedtls_test_info_t mbedtls_test_info; +#ifdef MBEDTLS_THREADING_C +mbedtls_threading_mutex_t mbedtls_test_info_mutex; +#endif /* MBEDTLS_THREADING_C */ + /*----------------------------------------------------------------------------*/ /* Mbedtls Test Info accessors */ mbedtls_test_result_t mbedtls_test_get_result(void) { - return mbedtls_test_info.result; + mbedtls_test_result_t result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + result = mbedtls_test_info.result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return result; } void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.result = result; mbedtls_test_info.test = test; mbedtls_test_info.line_no = line_no; mbedtls_test_info.filename = filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } const char *mbedtls_test_get_test(void) { - return mbedtls_test_info.test; + const char *test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + test = mbedtls_test_info.test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test; } const char *mbedtls_get_test_filename(void) { - return mbedtls_test_info.filename; + const char *filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* It should be ok just to pass back the pointer here, as it is going to + * be a pointer into non changing data. */ + filename = mbedtls_test_info.filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return filename; } int mbedtls_test_get_line_no(void) { - return mbedtls_test_info.line_no; + int line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + line_no = mbedtls_test_info.line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return line_no; } void mbedtls_test_increment_step(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + ++mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } unsigned long mbedtls_test_get_step(void) { - return mbedtls_test_info.step; + unsigned long step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + step = mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return step; } -void mbedtls_test_set_step(unsigned long step) { +void mbedtls_test_set_step(unsigned long step) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -const char *mbedtls_test_get_line1(void) +void mbedtls_test_get_line1(char *line) { - return mbedtls_test_info.line1; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_set_line1(const char *line) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (line == NULL) { - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); + memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); } else { - strncpy(mbedtls_test_info.line1, line, sizeof(mbedtls_test_info.line1)); + memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -const char *mbedtls_test_get_line2(void) +void mbedtls_test_get_line2(char *line) { - return mbedtls_test_info.line2; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -void mbedtls_test_set_line2(const char *line) { +void mbedtls_test_set_line2(const char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (line == NULL) { - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); + memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); } else { - strncpy(mbedtls_test_info.line2, line, sizeof(mbedtls_test_info.line2)); + memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } @@ -103,9 +231,17 @@ const char *mbedtls_test_get_mutex_usage_error(void) void mbedtls_test_set_mutex_usage_error(const char *msg) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { mbedtls_test_info.mutex_usage_error = msg; } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } #endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) @@ -113,17 +249,43 @@ void mbedtls_test_set_mutex_usage_error(const char *msg) unsigned mbedtls_test_get_case_uses_negative_0(void) { - return mbedtls_test_info.case_uses_negative_0; + unsigned test_case_uses_negative_0 = 0; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test_case_uses_negative_0; } void mbedtls_test_set_case_uses_negative_0(unsigned uses) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.case_uses_negative_0 = uses; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_increment_case_uses_negative_0(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + ++mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } #endif @@ -150,11 +312,19 @@ int mbedtls_test_platform_setup(void) ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_init(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return ret; } void mbedtls_test_platform_teardown(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_free(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ From 6d9118bef61de59cb301d1ffd83627784cde8e2c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 9 Jan 2024 17:20:58 +0000 Subject: [PATCH 481/553] Add ability to exclude mutex from tests We need to be able to exclude mbedtls_test_info_mutex() from the normal tests, as this mutex has to be locked to report mutex errors, and also reports as leaked, due to where it is initialised / free'd. Signed-off-by: Paul Elliott --- src/threading_helpers.c | 139 ++++++++++++++++++++++++---------------- 1 file changed, 84 insertions(+), 55 deletions(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 261d14175f..0894700a31 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -117,40 +117,62 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } +extern mbedtls_threading_mutex_t mbedtls_test_info_mutex; + +static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) +{ + /* If we attempt to run tests on this mutex then we are going to run into a + * couple of problems: + * 1. If any test on this mutex fails, we are going to deadlock when + * reporting that failure, as we already hold the mutex at that point. + * 2. Given the 'global' position of the initialization and free of this + * mutex, it will be shown as leaked on the first test run. */ + if (mutex == &mbedtls_test_info_mutex) { + return 0; + } + + return 1; +} + static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { mutex_functions.init(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex->state = MUTEX_IDLE; - ++live_mutexes; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + mutex->state = MUTEX_IDLE; + ++live_mutexes; - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } } static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - mutex->state = MUTEX_FREED; - --live_mutexes; - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); + break; + case MUTEX_IDLE: + mutex->state = MUTEX_FREED; + --live_mutexes; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } + mutex_functions.free(mutex); } @@ -160,26 +182,30 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) * is to hold the passed in and internal mutex - otherwise we create a race * condition. */ int ret = mutex_functions.lock(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->state = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "lock without init"); + break; + case MUTEX_IDLE: + if (ret == 0) { + mutex->state = MUTEX_LOCKED; + } + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "double lock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } + return ret; } @@ -188,23 +214,26 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) /* Lock the internal mutex first and change state, so that the only way to * change the state is to hold the passed in and internal mutex - otherwise * we create a race condition. */ - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - mutex->state = MUTEX_IDLE; - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); + break; + case MUTEX_LOCKED: + mutex->state = MUTEX_IDLE; + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); } + return mutex_functions.unlock(mutex); } From c324dba19376dfdde1929a4802949de853a4598f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 1 Dec 2023 16:41:26 +0530 Subject: [PATCH 482/553] Add hkdf_extract, hkdf_expand and ecjpake_to_pms cases Signed-off-by: Kusumit Ghoderao --- src/psa_exercise_key.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index f8b36e1faa..560b7113d1 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -414,6 +414,21 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_INFO, input2, input2_length)); + } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input1, input1_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) { + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_INFO, + input2, + input2_length)); } else if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { PSA_ASSERT(psa_key_derivation_input_bytes(operation, @@ -436,6 +451,10 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_key(operation, PSA_KEY_DERIVATION_INPUT_PASSWORD, key)); + } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + input1, input1_length)); } else { TEST_FAIL("Key derivation algorithm not supported"); } From 6ab03eb337d459a206febe8b6ce0f753a6bb1291 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Nov 2023 12:31:56 +0100 Subject: [PATCH 483/553] Add endpoint in TLS 1.2 session serialization data Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 1 + src/test_helpers/ssl_helpers.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index d03c62414b..ec00fd54dd 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -531,6 +531,7 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, */ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, + int endpoint_type, const char *crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 3d8937da6d..8f20fa6d44 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1636,12 +1636,15 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, + int endpoint_type, const char *crt_file) { #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; #endif session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? + MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; session->ciphersuite = 0xabcd; session->id_len = sizeof(session->id); memset(session->id, 66, session->id_len); From f5c119d2f805f17ea419d355970bf6a8af8b2861 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 22 Nov 2023 09:50:01 +0100 Subject: [PATCH 484/553] Add ticket creation time to TLS 1.2 session serialization Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 8f20fa6d44..c0c5ca4bb8 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1639,6 +1639,8 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int endpoint_type, const char *crt_file) { + (void) ticket_len; + #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; #endif @@ -1710,7 +1712,8 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ session->verify_result = 0xdeadbeef; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_CLI_C) if (ticket_len != 0) { session->ticket = mbedtls_calloc(1, ticket_len); if (session->ticket == NULL) { @@ -1720,9 +1723,14 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } session->ticket_len = ticket_len; session->ticket_lifetime = 86401; -#else - (void) ticket_len; +#endif /* MBEDTLS_SSL_CLI_C */ + +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + session->ticket_creation_time = mbedtls_ms_time() - 42; + } #endif +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) session->mfl_code = 1; From 93a5db5ea770d4bbbd33006788d310e51a612f63 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:00:52 +0100 Subject: [PATCH 485/553] test_driver_key_management: make opaque [un]wrapping functions public Signed-off-by: Valerio Setti --- include/test/drivers/key_management.h | 8 ++++++++ src/drivers/test_driver_key_management.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 526adbb91b..9a68777ecd 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -67,6 +67,14 @@ void mbedtls_test_transparent_free(void); psa_status_t mbedtls_test_opaque_init(void); void mbedtls_test_opaque_free(void); +psa_status_t mbedtls_test_opaque_wrap_key( + const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, + size_t wrapped_key_buffer_size, size_t *wrapped_key_buffer_length); + +psa_status_t mbedtls_test_opaque_unwrap_key( + const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, + size_t key_buffer_size, size_t *key_buffer_length); + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index d522ebfe8d..4188c25c18 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -125,7 +125,7 @@ static size_t mbedtls_test_opaque_get_base_size() * The argument wrapped_key_buffer_length is filled with the wrapped * key_size on success. * */ -static psa_status_t mbedtls_test_opaque_wrap_key( +psa_status_t mbedtls_test_opaque_wrap_key( const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, @@ -159,7 +159,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key( * The argument key_buffer_length is filled with the unwrapped(clear) * key_size on success. * */ -static psa_status_t mbedtls_test_opaque_unwrap_key( +psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, From aae7db2ad1861fc5deab9288645865cfbceee469 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:03:17 +0100 Subject: [PATCH 486/553] test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions Signed-off-by: Valerio Setti --- .../test_driver_asymmetric_encryption.c | 78 +++++++++++++------ 1 file changed, 55 insertions(+), 23 deletions(-) diff --git a/src/drivers/test_driver_asymmetric_encryption.c b/src/drivers/test_driver_asymmetric_encryption.c index ff46387d58..4fc8c9d34b 100644 --- a/src/drivers/test_driver_asymmetric_encryption.c +++ b/src/drivers/test_driver_asymmetric_encryption.c @@ -13,11 +13,15 @@ #include "psa_crypto_rsa.h" #include "string.h" #include "test/drivers/asymmetric_encryption.h" +#include "test/drivers/key_management.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_rsa.h" #endif +#define PSA_RSA_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) + mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks = MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; @@ -104,7 +108,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( } /* - * opaque versions - TODO + * opaque versions */ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, @@ -112,17 +116,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) salt; - (void) salt_length; - (void) output; - (void) output_size; - (void) output_length; + unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; + size_t unwrapped_key_length; + psa_status_t status; + + status = mbedtls_test_opaque_unwrap_key(key, key_length, + unwrapped_key, sizeof(unwrapped_key), + &unwrapped_key_length); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) + return libtestdriver1_mbedtls_psa_asymmetric_encrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#else + return mbedtls_psa_asymmetric_encrypt( + attributes, unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#endif + return PSA_ERROR_NOT_SUPPORTED; } @@ -132,17 +150,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) salt; - (void) salt_length; - (void) output; - (void) output_size; - (void) output_length; + unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; + size_t unwrapped_key_length; + psa_status_t status; + + status = mbedtls_test_opaque_unwrap_key(key, key_length, + unwrapped_key, sizeof(unwrapped_key), + &unwrapped_key_length); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) + return libtestdriver1_mbedtls_psa_asymmetric_decrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#else + return mbedtls_psa_asymmetric_decrypt( + attributes, unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#endif + return PSA_ERROR_NOT_SUPPORTED; } From 237625777fcc8ee2eb4b0dbe2d6cb6b754cf3b49 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 Jan 2024 15:53:11 +0100 Subject: [PATCH 487/553] crypto_config_test_driver_extension: support accelaration of DH groups Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/include/test/drivers/crypto_config_test_driver_extension.h b/include/test/drivers/crypto_config_test_driver_extension.h index 768a9a69f3..dac07acd33 100644 --- a/include/test/drivers/crypto_config_test_driver_extension.h +++ b/include/test/drivers/crypto_config_test_driver_extension.h @@ -192,6 +192,46 @@ #endif #endif +#if defined(PSA_WANT_DH_RFC7919_2048) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_3072) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_4096) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_6144) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_8192) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 +#endif +#endif + #if defined(PSA_WANT_ALG_FFDH) #if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) #undef MBEDTLS_PSA_ACCEL_ALG_FFDH From 6157ba5aa3a5ff1a2005066e54ad75a89252d640 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Jan 2024 08:44:13 +0100 Subject: [PATCH 488/553] test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private Only mbedtls_test_opaque_unwrap_key() is actually needed by other test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key() can be kept private to test_driver_key_management.c. Signed-off-by: Valerio Setti --- include/test/drivers/key_management.h | 4 ---- src/drivers/test_driver_key_management.c | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/include/test/drivers/key_management.h b/include/test/drivers/key_management.h index 9a68777ecd..7b5c4c7bf1 100644 --- a/include/test/drivers/key_management.h +++ b/include/test/drivers/key_management.h @@ -67,10 +67,6 @@ void mbedtls_test_transparent_free(void); psa_status_t mbedtls_test_opaque_init(void); void mbedtls_test_opaque_free(void); -psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, - size_t wrapped_key_buffer_size, size_t *wrapped_key_buffer_length); - psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index 4188c25c18..a3d532d51a 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -125,7 +125,7 @@ static size_t mbedtls_test_opaque_get_base_size() * The argument wrapped_key_buffer_length is filled with the wrapped * key_size on success. * */ -psa_status_t mbedtls_test_opaque_wrap_key( +static psa_status_t mbedtls_test_opaque_wrap_key( const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, From 78bcb65e722394af9493c38fbf5b31522d51666a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 16:44:23 +0000 Subject: [PATCH 489/553] Fix documentation typos. Signed-off-by: Paul Elliott --- include/test/threading_helpers.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/test/threading_helpers.h b/include/test/threading_helpers.h index 9b7ced519b..ba965c8775 100644 --- a/include/test/threading_helpers.h +++ b/include/test/threading_helpers.h @@ -40,16 +40,16 @@ typedef struct mbedtls_test_thread_t { /** * \brief Set your alternate threading implementation - * function pointers fgr test threads. If used, - * this function must be called once in the main thread + * function pointers for test threads. If used, this + * function must be called once in the main thread * before any other MbedTLS function is called. * * \note These functions are part of the testing API only and * thus not considered part of the public API of * MbedTLS and thus may change without notice. * - * \param thread_create The thread create function implementation - * \param thread_join The thread join function implementation + * \param thread_create The thread create function implementation. + * \param thread_join The thread join function implementation. */ void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, From 17fd81c884f3388e07917ac13b5d1f10d4c2d962 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 20:22:24 +0000 Subject: [PATCH 490/553] Make test data static now it has accessors Signed-off-by: Paul Elliott --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index 1bad819acf..724fb59de6 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -24,7 +24,7 @@ static mbedtls_platform_context platform_ctx; #endif -mbedtls_test_info_t mbedtls_test_info; +static mbedtls_test_info_t mbedtls_test_info; #ifdef MBEDTLS_THREADING_C mbedtls_threading_mutex_t mbedtls_test_info_mutex; From e2ce364c9accb13ba44d5226e9492d28d9388807 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jan 2024 20:42:56 +0000 Subject: [PATCH 491/553] Access the test data mutex via accessor Remove the use of extern and instead use an accessor to get the address of the test info mutex (defined only if MBEDTLS_TEST_MUTEX_USAGE is defined, to hopefully stop more general usage) Signed-off-by: Paul Elliott --- include/test/helpers.h | 16 +++++++++++++++- src/helpers.c | 10 +++++++++- src/threading_helpers.c | 4 +--- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 73459d992f..f2fb62d935 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -37,6 +37,7 @@ #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) +#include "mbedtls/threading.h" #define MBEDTLS_TEST_MUTEX_USAGE #endif @@ -230,8 +231,21 @@ void mbedtls_test_set_step(unsigned long step); */ void mbedtls_test_info_reset(void); +#ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Record the current test case as a failure if two integers + * \brief Get the test info data mutex. + * + * \note This is designed only to be used by threading_helpers to avoid a + * deadlock, not for general access to this mutex. + * + * \return The test info data mutex. + */ +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +/** + * \brief Record the current test case as a failure if two integers * have a different value. * * This function is usually called via the macro diff --git a/src/helpers.c b/src/helpers.c index 724fb59de6..d0c75b08d1 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -288,7 +288,15 @@ void mbedtls_test_increment_case_uses_negative_0(void) #endif /* MBEDTLS_THREADING_C */ } -#endif +#endif /* MBEDTLS_BIGNUM_C */ + +#ifdef MBEDTLS_TEST_MUTEX_USAGE +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void) +{ + return &mbedtls_test_info_mutex; +} + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ /*----------------------------------------------------------------------------*/ /* Helper Functions */ diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 0894700a31..165e3508bc 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -117,8 +117,6 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } -extern mbedtls_threading_mutex_t mbedtls_test_info_mutex; - static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) { /* If we attempt to run tests on this mutex then we are going to run into a @@ -127,7 +125,7 @@ static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) * reporting that failure, as we already hold the mutex at that point. * 2. Given the 'global' position of the initialization and free of this * mutex, it will be shown as leaked on the first test run. */ - if (mutex == &mbedtls_test_info_mutex) { + if (mutex == mbedtls_test_get_info_mutex()) { return 0; } From 138bd9b6a88c16c6ec5022c1e44ff20360efdb6a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Jan 2024 11:17:31 +0100 Subject: [PATCH 492/553] ssl_helpers.c: Add ticket write/parse test functions Add ticket write/parse test functions as defined by mbedtls_ssl_ticket_write/parse_t. They are intended to be used in negative testing involving tickets. Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 10 ++++++++++ src/test_helpers/ssl_helpers.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index d03c62414b..1f41966d66 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -589,6 +589,16 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_test_ticket_write( + void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *ticket_lifetime); + +int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len); +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 2368a7654f..b13d7e38b9 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -2419,4 +2419,34 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( return 0; } #endif /* MBEDTLS_TEST_HOOKS */ + +/* Functions for session ticket tests */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_test_ticket_write( + void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *lifetime) +{ + int ret; + ((void) p_ticket); + + if ((ret = mbedtls_ssl_session_save(session, start, end - start, + tlen)) != 0) { + return ret; + } + + /* Maximum ticket lifetime as defined in RFC 8446 */ + *lifetime = 7 * 24 * 3600; + + return 0; +} + +int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len) +{ + ((void) p_ticket); + + return mbedtls_ssl_session_load(session, buf, len); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_TLS_C */ From cb40166f4ac45266dd8f28b3c075a030f8380991 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Jan 2024 17:50:40 +0100 Subject: [PATCH 493/553] tests: ssl: Move setting of debug callback Move the setting of the debug callback to the endpoint initialization function. That way, no need to repeat it in various testing scenarios. Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 39 ++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index b13d7e38b9..51957463c5 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -841,6 +841,23 @@ int mbedtls_test_ssl_endpoint_init( } #endif +#if defined(MBEDTLS_DEBUG_C) +#if defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && + options->srv_log_fun != NULL) { + mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, + options->srv_log_obj); + } +#endif +#if defined(MBEDTLS_SSL_CLI_C) + if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && + options->cli_log_fun != NULL) { + mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, + options->cli_log_obj); + } +#endif +#endif /* MBEDTLS_DEBUG_C */ + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, options->opaque_alg, options->opaque_alg2, @@ -1977,6 +1994,12 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + } +#endif + /* Client side */ if (options->dtls != 0) { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, @@ -2000,14 +2023,6 @@ void mbedtls_test_ssl_perform_handshake( set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); } -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, - options->cli_log_obj); - } -#endif - /* Server side */ if (options->dtls != 0) { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, @@ -2072,14 +2087,6 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_DEBUG_C) - if (options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, - options->srv_log_obj); - } -#endif - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), BUFFSIZE) == 0); From 6be3981dc2f17f3699e4acb6cf2096e40c476c1c Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 25 Jan 2024 20:48:56 +0000 Subject: [PATCH 494/553] tests: fix `calloc()` argument list (`gcc-14` fix) `gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It detected minor infelicity in `calloc()` API usage in `mbedtls`: In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19, from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11: /build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options': /build/mbedtls/tests/include/test/macros.h:128:46: error: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] 128 | (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ | ^ Signed-off-by: Sergei Trofimovich --- include/test/macros.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/test/macros.h b/include/test/macros.h index 8de9c4d952..a73e06fca8 100644 --- a/include/test/macros.h +++ b/include/test/macros.h @@ -125,8 +125,8 @@ do { \ TEST_ASSERT((pointer) == NULL); \ if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (item_count)); \ + (pointer) = mbedtls_calloc((item_count), \ + sizeof(*(pointer))); \ TEST_ASSERT((pointer) != NULL); \ } \ } while (0) @@ -155,8 +155,8 @@ #define TEST_CALLOC_NONNULL(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (item_count)); \ + (pointer) = mbedtls_calloc((item_count), \ + sizeof(*(pointer))); \ if (((pointer) == NULL) && ((item_count) == 0)) { \ (pointer) = mbedtls_calloc(1, 1); \ } \ @@ -175,8 +175,8 @@ do { \ TEST_ASSERT((pointer) == NULL); \ if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (item_count)); \ + (pointer) = mbedtls_calloc((item_count), \ + sizeof(*(pointer))); \ TEST_ASSUME((pointer) != NULL); \ } \ } while (0) From 034d8721c2c647a45f1d9740b714eb8d5590c516 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 30 Jan 2024 18:00:26 +0000 Subject: [PATCH 495/553] Fix race condition with test comparison functions Make sure we hold the mutex whilst making several changes at the same time, to prevent race condition on writing connected bits of data. Signed-off-by: Paul Elliott --- src/helpers.c | 185 +++++++++++++++++++++++++++++--------------------- 1 file changed, 107 insertions(+), 78 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index d0c75b08d1..85345d8cfd 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -53,18 +53,13 @@ mbedtls_test_result_t mbedtls_test_get_result(void) void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.result = result; mbedtls_test_info.test = test; mbedtls_test_info.line_no = line_no; mbedtls_test_info.filename = filename; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } const char *mbedtls_test_get_test(void) @@ -151,15 +146,10 @@ unsigned long mbedtls_test_get_step(void) void mbedtls_test_set_step(unsigned long step) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.step = step; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line1(char *line) @@ -177,19 +167,14 @@ void mbedtls_test_get_line1(char *line) void mbedtls_test_set_line1(const char *line) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); } else { memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line2(char *line) @@ -207,19 +192,14 @@ void mbedtls_test_get_line2(char *line) void mbedtls_test_set_line2(const char *line) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); } else { memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); } - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } @@ -264,15 +244,10 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) void mbedtls_test_set_case_uses_negative_0(unsigned uses) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ mbedtls_test_info.case_uses_negative_0 = uses; - -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_unlock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_increment_case_uses_negative_0(void) @@ -355,21 +330,41 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we have already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return; + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } - mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_skip(const char *test, int line_no, const char *filename) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_info_reset(void) { +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); mbedtls_test_set_step((unsigned long) (-1)); mbedtls_test_set_line1(NULL); @@ -378,6 +373,10 @@ void mbedtls_test_info_reset(void) #if defined(MBEDTLS_BIGNUM_C) mbedtls_test_set_case_uses_negative_0(0); #endif + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } int mbedtls_test_equal(const char *test, int line_no, const char *filename, @@ -390,21 +389,31 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, as we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + value1, (long long) value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + value2, (long long) value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - value1, (long long) value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - value2, (long long) value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -418,21 +427,31 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %llu", + value1, value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %llu", + value2, value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %llu", - value1, value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %llu", - value2, value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -446,21 +465,31 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + (unsigned long long) value1, value1); + mbedtls_test_set_line1(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + (unsigned long long) value2, value2); + mbedtls_test_set_line2(buf); } - char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(buf, sizeof(buf), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1); - mbedtls_test_set_line1(buf); - (void) mbedtls_snprintf(buf, sizeof(buf), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2); - mbedtls_test_set_line2(buf); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } From 86832d55f392872aa116d32efe3fe78218ba2330 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 31 Jan 2024 14:32:06 +0100 Subject: [PATCH 496/553] Explain purpose of test specific write/parse ticket functions Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 51957463c5..980c192188 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -2427,7 +2427,13 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( } #endif /* MBEDTLS_TEST_HOOKS */ -/* Functions for session ticket tests */ +/* + * Functions for tests based on tickets. Implementations of the + * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. + * Basically same implementations as in ticket.c without the encryption. That + * way we can tweak easily tickets characteristics to simulate misbehaving + * peers. + */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) int mbedtls_test_ticket_write( void *p_ticket, const mbedtls_ssl_session *session, From 9d2397e9deb00ae949a4d6574c9c8076712a1d4d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 31 Jan 2024 15:33:23 +0000 Subject: [PATCH 497/553] Fix code style issues Signed-off-by: Paul Elliott --- src/helpers.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 85345d8cfd..49a7df2989 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -147,7 +147,7 @@ unsigned long mbedtls_test_get_step(void) void mbedtls_test_set_step(unsigned long step) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ mbedtls_test_info.step = step; } @@ -168,7 +168,7 @@ void mbedtls_test_get_line1(char *line) void mbedtls_test_set_line1(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); @@ -193,7 +193,7 @@ void mbedtls_test_get_line2(char *line) void mbedtls_test_set_line2(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ if (line == NULL) { memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); @@ -245,7 +245,7 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) void mbedtls_test_set_case_uses_negative_0(unsigned uses) { /* Internal function only - mbedtls_test_info_mutex should be held prior - * to calling this function. */ + * to calling this function. */ mbedtls_test_info.case_uses_negative_0 = uses; } From b77ec28ba6d4d754735376ddb3330c98599ddb12 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 12:26:23 +0000 Subject: [PATCH 498/553] Refactor to help future other implementations Improve the definition of mbedtls_test_thread_t to assist adding future threading implementations, when they happen. Signed-off-by: Paul Elliott --- include/test/threading_helpers.h | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/include/test/threading_helpers.h b/include/test/threading_helpers.h index ba965c8775..0054358eaa 100644 --- a/include/test/threading_helpers.h +++ b/include/test/threading_helpers.h @@ -27,11 +27,6 @@ #if defined(MBEDTLS_THREADING_PTHREAD) #include - -typedef struct mbedtls_test_thread_t { - pthread_t MBEDTLS_PRIVATE(thread); -} mbedtls_test_thread_t; - #endif /* MBEDTLS_THREADING_PTHREAD */ #if defined(MBEDTLS_THREADING_ALT) @@ -58,17 +53,30 @@ void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thr void *thread_data), int (*thread_join)(mbedtls_test_thread_t *thread)); +#else /* MBEDTLS_THREADING_ALT*/ + +typedef struct mbedtls_test_thread_t { + +#if defined(MBEDTLS_THREADING_PTHREAD) + pthread_t MBEDTLS_PRIVATE(thread); +#else /* MBEDTLS_THREADING_PTHREAD */ + /* Make sure this struct is always non-empty */ + unsigned dummy; +#endif + +} mbedtls_test_thread_t; + #endif /* MBEDTLS_THREADING_ALT*/ /** - * \brief The function pointers for thread create and thread + * \brief The function pointers for thread create and thread * join. * - * \note These functions are part of the testing API only and + * \note These functions are part of the testing API only and * thus not considered part of the public API of * MbedTLS and thus may change without notice. * - * \note All these functions are expected to work or + * \note All these functions are expected to work or * the result will be undefined. */ extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, From 2dff0477accffd2d414d72d840bf4442340c188f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 12:44:01 +0000 Subject: [PATCH 499/553] Fix style issues Signed-off-by: Paul Elliott --- include/test/threading_helpers.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/test/threading_helpers.h b/include/test/threading_helpers.h index 0054358eaa..79bc6c0ded 100644 --- a/include/test/threading_helpers.h +++ b/include/test/threading_helpers.h @@ -69,14 +69,14 @@ typedef struct mbedtls_test_thread_t { #endif /* MBEDTLS_THREADING_ALT*/ /** - * \brief The function pointers for thread create and thread + * \brief The function pointers for thread create and thread * join. * - * \note These functions are part of the testing API only and - * thus not considered part of the public API of + * \note These functions are part of the testing API only + * and thus not considered part of the public API of * MbedTLS and thus may change without notice. * - * \note All these functions are expected to work or + * \note All these functions are expected to work or * the result will be undefined. */ extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, From 04f41d586d8ead26c6b693988b143cbdd492a408 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Feb 2024 13:27:04 +0000 Subject: [PATCH 500/553] Fix accidental copy paste mistake Signed-off-by: Paul Elliott --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index 49a7df2989..936da066fb 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -375,7 +375,7 @@ void mbedtls_test_info_reset(void) #endif #ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); #endif /* MBEDTLS_THREADING_C */ } From be8e24f53e550bd516e912cb33642bbb3ce682c7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Feb 2024 17:53:38 +0000 Subject: [PATCH 501/553] Restore mutex lock for mbedtls_test_set_step() This function is called externally from several tests, so still requires a mutex lock. Add an internal function to reset the step, for use in functions where the mutex is already held. Signed-off-by: Paul Elliott --- src/helpers.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 936da066fb..ee87a61ee5 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -144,12 +144,25 @@ unsigned long mbedtls_test_get_step(void) return step; } -void mbedtls_test_set_step(unsigned long step) +void mbedtls_test_reset_step(void) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ + mbedtls_test_info.step = (unsigned long) (-1); +} + +void mbedtls_test_set_step(unsigned long step) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } void mbedtls_test_get_line1(char *line) @@ -366,7 +379,7 @@ void mbedtls_test_info_reset(void) #endif /* MBEDTLS_THREADING_C */ mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); - mbedtls_test_set_step((unsigned long) (-1)); + mbedtls_test_reset_step(); mbedtls_test_set_line1(NULL); mbedtls_test_set_line2(NULL); From 07581429b2f68fe97f2cdaf6ccf3dbe353755c45 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Feb 2024 17:59:26 +0000 Subject: [PATCH 502/553] Revert accidental formatting change Signed-off-by: Paul Elliott --- include/test/bignum_helpers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/test/bignum_helpers.h b/include/test/bignum_helpers.h index cf175a3ac4..a5e49cbe57 100644 --- a/include/test/bignum_helpers.h +++ b/include/test/bignum_helpers.h @@ -86,8 +86,8 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they * claim. * - * \param[out] X The MPI object to populate. It must be initialized. - * \param[in] s The null-terminated hexadecimal string to read from. + * \param[out] X The MPI object to populate. It must be initialized. + * \param[in] s The null-terminated hexadecimal string to read from. * * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. */ From ab6b278b9afa08b43ff2009105b6659fa9581ac6 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 12:49:45 +0000 Subject: [PATCH 503/553] Fix missed case for removing accessor Signed-off-by: Paul Elliott --- src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index ee87a61ee5..da0b54a00a 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -483,7 +483,7 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, #endif /* MBEDTLS_THREADING_C */ /* Don't use accessor, we already hold mutex. */ - if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ From e458fda1625182864b9ec7517a2cc03d14675969 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 15:10:03 +0000 Subject: [PATCH 504/553] Add comment to set/increment step functions These functions are thread safe, but using them from within multiple threads at the same time may not have the intended effect, given order cannot be guaranteed. Also, standardise header comment formatting. Signed-off-by: Paul Elliott --- include/test/helpers.h | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index f2fb62d935..a939b1c0e0 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -111,6 +111,11 @@ int mbedtls_test_get_line_no(void); /** * \brief Increment the current test step. + * + * \note Calling this function from within multiple threads at the + * same time is not recommended - whilst it is entirely thread + * safe, the order of calls to this function can obviously not + * be ensured, so unexpected results may occur. */ void mbedtls_test_increment_step(void); @@ -215,30 +220,35 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename); void mbedtls_test_skip(const char *test, int line_no, const char *filename); /** - * \brief Set the test step number for failure reports. + * \brief Set the test step number for failure reports. + * + * Call this function to display "step NNN" in addition to the + * line number and file name if a test fails. Typically the + * "step number" is the index of a for loop but it can be + * whatever you want. * - * Call this function to display "step NNN" in addition to the - * line number and file name if a test fails. Typically the "step - * number" is the index of a for loop but it can be whatever you - * want. + * \note Calling this function from a within multiple threads at the + * same time is not recommended - whilst it is entirely thread + * safe, the order of calls to this function can obviously not + * be ensured, so unexpected results may occur. * * \param step The step number to report. */ void mbedtls_test_set_step(unsigned long step); /** - * \brief Reset mbedtls_test_info to a ready/starting state. + * \brief Reset mbedtls_test_info to a ready/starting state. */ void mbedtls_test_info_reset(void); #ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Get the test info data mutex. + * \brief Get the test info data mutex. * - * \note This is designed only to be used by threading_helpers to avoid a - * deadlock, not for general access to this mutex. + * \note This is designed only to be used by threading_helpers to + * avoid a deadlock, not for general access to this mutex. * - * \return The test info data mutex. + * \return The test info data mutex. */ mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); From 444f3938d517e8326b04000e03764f1c5f19056d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 14:55:25 +0100 Subject: [PATCH 505/553] tests: ssl: Move group list to options Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 4 ++-- src/test_helpers/ssl_helpers.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 1f41966d66..44c2fcfea4 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -85,6 +85,7 @@ typedef struct mbedtls_test_ssl_log_pattern { typedef struct mbedtls_test_handshake_test_options { const char *cipher; + uint16_t *group_list; mbedtls_ssl_protocol_version client_min_version; mbedtls_ssl_protocol_version client_max_version; mbedtls_ssl_protocol_version server_min_version; @@ -440,8 +441,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list); + mbedtls_test_ssl_message_queue *output_queue); /* * Deinitializes endpoint represented by \p ep. diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 980c192188..cc96cfed42 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -50,6 +50,7 @@ void mbedtls_test_init_handshake_options( rng_seed += 0xD0; #endif opts->cipher = ""; + opts->group_list = NULL; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; @@ -733,8 +734,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) + mbedtls_test_ssl_message_queue *output_queue) { int ret = -1; uintptr_t user_data_n; @@ -818,8 +818,8 @@ int mbedtls_test_ssl_endpoint_init( } } - if (group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), group_list); + if (options->group_list != NULL) { + mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); @@ -2006,7 +2006,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_IS_CLIENT, options, &client_context, &client_queue, - &server_queue, NULL) == 0); + &server_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, @@ -2016,7 +2016,7 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); } if (strlen(options->cipher) > 0) { @@ -2029,7 +2029,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_IS_SERVER, options, &server_context, &server_queue, - &client_queue, NULL) == 0); + &client_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, @@ -2038,7 +2038,7 @@ void mbedtls_test_ssl_perform_handshake( } else { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, NULL, + options, NULL, NULL, NULL) == 0); } From 17c3145f792ef30e8c97b6a79102de2d74b2168a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 14:57:53 +0100 Subject: [PATCH 506/553] tests: ssl: First reset to all zeroes options in init Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index cc96cfed42..2090f92cdc 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -49,37 +49,25 @@ void mbedtls_test_init_handshake_options( srand(rng_seed); rng_seed += 0xD0; #endif + + memset(opts, 0, sizeof(*opts)); + opts->cipher = ""; - opts->group_list = NULL; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->expected_handshake_result = 0; - opts->expected_ciphersuite = 0; opts->pk_alg = MBEDTLS_PK_RSA; - opts->opaque_alg = 0; - opts->opaque_alg2 = 0; - opts->opaque_usage = 0; - opts->psk_str = NULL; - opts->dtls = 0; opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->serialize = 0; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; opts->expected_cli_fragments = 1; opts->expected_srv_fragments = 1; - opts->renegotiate = 0; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->srv_log_obj = NULL; - opts->cli_log_obj = NULL; - opts->srv_log_fun = NULL; - opts->cli_log_fun = NULL; opts->resize_buffers = 1; #if defined(MBEDTLS_SSL_CACHE_C) - opts->cache = NULL; TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) From 4ad19073a75b3ad21fef3612bba5369ab744fa68 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 15:49:12 +0100 Subject: [PATCH 507/553] tests: ssl: Add early data handshake option Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 1 + src/test_helpers/ssl_helpers.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 44c2fcfea4..0aa53c8681 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -113,6 +113,7 @@ typedef struct mbedtls_test_handshake_test_options { void (*srv_log_fun)(void *, int, const char *, int, const char *); void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; + int early_data; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 2090f92cdc..a9a215949f 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -67,6 +67,7 @@ void mbedtls_test_init_handshake_options( opts->expected_srv_fragments = 1; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->resize_buffers = 1; + opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; #if defined(MBEDTLS_SSL_CACHE_C) TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); @@ -812,6 +813,10 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); +#endif + #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, From 5d95b0b62a0b4bb762f0450509c171e9a58fceb2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jan 2024 16:31:33 +0100 Subject: [PATCH 508/553] tests: ssl: Add helper function to get a TLS 1.3 ticket Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 11 +++++++ src/test_helpers/ssl_helpers.c | 56 ++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 0aa53c8681..3506609ac4 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -600,6 +600,17 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len); #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session); +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index a9a215949f..ad4c070bc2 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -2455,4 +2455,60 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, return mbedtls_ssl_session_load(session, buf, len); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session) +{ + int ret = -1; + unsigned char buf[64]; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); + + TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); + + do { + ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); + } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); + + ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); + TEST_EQUAL(ret, 0); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + + return ret; +} +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 44b8e62096cadb0cc2aee7c22345f3d54a809cf4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 6 Feb 2024 14:57:43 +0000 Subject: [PATCH 509/553] Stop platform test failures with GCC and TSAN Signed-off-by: Paul Elliott --- include/test/helpers.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/test/helpers.h b/include/test/helpers.h index 7c962a283b..47d4dcd452 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -23,6 +23,10 @@ #if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ # define MBEDTLS_TEST_HAVE_ASAN #endif +#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */ +# define MBEDTLS_TEST_HAVE_TSAN +#endif + #if defined(__has_feature) # if __has_feature(address_sanitizer) /* clang -fsanitize=address */ # define MBEDTLS_TEST_HAVE_ASAN From 8eaecd18ea993e86f904bcfa444a6a5187d14aea Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Feb 2024 09:33:09 +0100 Subject: [PATCH 510/553] tests: ssl: Improve test parameter sanity check Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index c0c5ca4bb8..1b6f060c74 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1645,8 +1645,11 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, session->start = mbedtls_time(NULL) - 42; #endif session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? - MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; + + TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || + endpoint_type == MBEDTLS_SSL_IS_SERVER); + + session->endpoint = endpoint_type; session->ciphersuite = 0xabcd; session->id_len = sizeof(session->id); memset(session->id, 66, session->id_len); @@ -1739,6 +1742,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, session->encrypt_then_mac = 1; #endif +exit: return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From 63022a8258f31694c25c6757b49dc5265b22bba9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 9 Feb 2024 14:41:24 +0000 Subject: [PATCH 511/553] Fix typo / improve documentation for test step fns Signed-off-by: Paul Elliott --- include/test/helpers.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/test/helpers.h b/include/test/helpers.h index 4e59e20949..d08100f158 100644 --- a/include/test/helpers.h +++ b/include/test/helpers.h @@ -116,10 +116,10 @@ int mbedtls_test_get_line_no(void); /** * \brief Increment the current test step. * - * \note Calling this function from within multiple threads at the - * same time is not recommended - whilst it is entirely thread - * safe, the order of calls to this function can obviously not - * be ensured, so unexpected results may occur. + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. */ void mbedtls_test_increment_step(void); @@ -231,10 +231,10 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename); * "step number" is the index of a for loop but it can be * whatever you want. * - * \note Calling this function from a within multiple threads at the - * same time is not recommended - whilst it is entirely thread - * safe, the order of calls to this function can obviously not - * be ensured, so unexpected results may occur. + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. * * \param step The step number to report. */ From bc7d47b09f189ac217b1f528e9afa9ed6a980516 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 17:32:45 +0100 Subject: [PATCH 512/553] exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH There was already code to instantiate the wildcard for sign/verify-hash. Make that work with sign/verify-message as well. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 560b7113d1..c594cee9b6 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -283,23 +283,25 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { + /* If the policy allows signing with any hash, just pick one. */ + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH && + usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) { +#if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; +#else + TEST_FAIL("No hash algorithm for hash-and-sign testing"); +#endif + } + if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && PSA_ALG_IS_SIGN_HASH(alg)) { unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; size_t payload_length = 16; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; size_t signature_length = sizeof(signature); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - - /* If the policy allows signing with any hash, just pick one. */ - if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) { - #if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; - #else - TEST_FAIL("No hash algorithm for hash-and-sign testing"); - #endif - } /* Some algorithms require the payload to have the size of * the hash encoded in the algorithm. Use this input size From d011028f327bd6edcc5362a7488fd3bd73692e63 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 19:22:30 +0100 Subject: [PATCH 513/553] exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index c594cee9b6..618b83f318 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -364,8 +364,10 @@ static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - unsigned char plaintext[256] = "Hello, world..."; - unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; + unsigned char plaintext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = + "Hello, world..."; + unsigned char ciphertext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = + "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; From ec47c960829a4df4b2aef570591e3bd2e6468737 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 14:19:24 +0100 Subject: [PATCH 514/553] Don't exercise if the algorithm is not supported Parsing a key and importing it into PSA may result in a policy that specifies an algorithm that is not included in the build. This happens if the key type is supported, but not the algorithm, e.g. in a build with MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C. Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 16 ++++++++++++ src/psa_exercise_key.c | 45 +++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index a658d17730..82ef2ad562 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -221,4 +221,20 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, psa_algorithm_t alg); +/** Whether the specified algorithm can be exercised. + * + * \note This function is solely based on the algorithm and does not + * consider potential issues with the compatibility of a key. + * The idea is that you already have a key, so you know that the + * key type is supported, and you want to exercise the key but + * only if the algorithm given in its policy is enabled in the + * compile-time configuration. + * + * \note This function currently only supports signature algorithms + * (including wildcards). + * TODO: a more general mechanism, which should be automatically + * generated and possibly available as a library function? + */ +int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); + #endif /* PSA_EXERCISE_KEY_H */ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 618b83f318..3fcf77d379 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -1009,4 +1009,49 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, } +int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) +{ + /* Reject algorithms that we know are not supported. Default to + * attempting exercise, so that if an algorithm is missing from this + * function, the result will be a test failure and not silently + * omitting exercise. */ +#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) + if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PSS) + if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) + if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_ECDSA) + if (PSA_ALG_IS_ECDSA(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) + if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_ECDH) + if (PSA_ALG_IS_ECDH(alg)) { + return 0; + } +#endif + (void) alg; + return 1; +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 6a330adb3fd4c8a6ba34b5d8e2202d5c140fe55f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 19:54:53 +0100 Subject: [PATCH 515/553] Prioritize SHA2 over MD5 for KNOWN_SUPPORTED_HASH_ALG This fixes the ability to exercise keys in configurations where MD5 is supported for direct use, but not inside some accelerated algorithms. This is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and some other accelerated-ECC components of `all.sh`, where the driver is built without MD5 support but built-in MD5 remains enabled. This is only a hack, not a theoretically correct fix, but a correct fix is out of scope of my current work. Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 82ef2ad562..7d51a4c536 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -20,15 +20,7 @@ * * This is used in some smoke tests. */ -#if defined(PSA_WANT_ALG_MD5) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#elif defined(PSA_WANT_ALG_SHA_1) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(PSA_WANT_ALG_SHA_256) +#if defined(PSA_WANT_ALG_SHA_256) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 #elif defined(PSA_WANT_ALG_SHA_384) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 @@ -36,6 +28,14 @@ #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 #elif defined(PSA_WANT_ALG_SHA3_256) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 +#elif defined(PSA_WANT_ALG_SHA_1) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(PSA_WANT_ALG_MD5) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ #else #undef KNOWN_SUPPORTED_HASH_ALG #endif From b847664ca49cff3e6e236d305397c9b81f89a8c1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 13 Feb 2024 13:27:06 +0000 Subject: [PATCH 516/553] Fix deadlock with test failures Calling mbedtls_test_fail() attempts to lock the test data mutex. Unfortunately we were calling this from places where we already held this mutex, and this mutex is not recursive, so this deadlocks. Split out mbedtls_test_fail() into mbedtls_test_fail_internal() in order to address this. Signed-off-by: Paul Elliott --- src/helpers.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index da0b54a00a..b9233be956 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -341,11 +341,10 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) return 0; } -void mbedtls_test_fail(const char *test, int line_no, const char *filename) +static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename) { -#ifdef MBEDTLS_THREADING_C - mbedtls_mutex_lock(&mbedtls_test_info_mutex); -#endif /* MBEDTLS_THREADING_C */ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ /* Don't use accessor, we already hold mutex. */ if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { @@ -353,6 +352,15 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename) * overwrite any previous information about the failure. */ mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } +} + +void mbedtls_test_fail(const char *test, int line_no, const char *filename) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_fail_internal(test, line_no, filename); #ifdef MBEDTLS_THREADING_C mbedtls_mutex_unlock(&mbedtls_test_info_mutex); @@ -412,7 +420,7 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, * overwrite any previous information about the failure. */ char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); + mbedtls_test_fail_internal(test, line_no, filename); (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", value1, (long long) value1); @@ -450,7 +458,7 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, * overwrite any previous information about the failure. */ char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); + mbedtls_test_fail_internal(test, line_no, filename); (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %llu", value1, value1); @@ -488,7 +496,7 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, * overwrite any previous information about the failure. */ char buf[MBEDTLS_TEST_LINE_LENGTH]; - mbedtls_test_fail(test, line_no, filename); + mbedtls_test_fail_internal(test, line_no, filename); (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", (unsigned long long) value1, value1); From 337dcd2896e8326dffacb692f7b7f20aa4708040 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 13 Feb 2024 15:33:26 +0000 Subject: [PATCH 517/553] Make internal test info accessor functions static. Signed-off-by: Paul Elliott --- src/helpers.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index b9233be956..b810253e6c 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -50,7 +50,7 @@ mbedtls_test_result_t mbedtls_test_get_result(void) return result; } -void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, +static void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, int line_no, const char *filename) { /* Internal function only - mbedtls_test_info_mutex should be held prior @@ -144,7 +144,7 @@ unsigned long mbedtls_test_get_step(void) return step; } -void mbedtls_test_reset_step(void) +static void mbedtls_test_reset_step(void) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -178,7 +178,7 @@ void mbedtls_test_get_line1(char *line) #endif /* MBEDTLS_THREADING_C */ } -void mbedtls_test_set_line1(const char *line) +static void mbedtls_test_set_line1(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -203,7 +203,7 @@ void mbedtls_test_get_line2(char *line) #endif /* MBEDTLS_THREADING_C */ } -void mbedtls_test_set_line2(const char *line) +static void mbedtls_test_set_line2(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -255,7 +255,7 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) return test_case_uses_negative_0; } -void mbedtls_test_set_case_uses_negative_0(unsigned uses) +static void mbedtls_test_set_case_uses_negative_0(unsigned uses) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ From f0817bec19d5c7cd008bc37f8cc89f6038a5a965 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 13:13:26 +0100 Subject: [PATCH 518/553] Fix encrypt/decrypt confusion The values are the same for all supported mechanisms (RSA-based), so no semantic change. Signed-off-by: Gilles Peskine --- src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 3fcf77d379..80419d1a88 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -364,9 +364,9 @@ static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - unsigned char plaintext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = + unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = "Hello, world..."; - unsigned char ciphertext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = + unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; From 1f37bfb0af8eb84df334dfc1d2f122519442725c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 15 Feb 2024 12:28:56 +0000 Subject: [PATCH 519/553] Rename internal test info data accessors Rename internal test info data accessors by adding _internal to mark them as obviously internal. Add to the intial comment block to further explain the mutex locking policy. Signed-off-by: Paul Elliott --- src/helpers.c | 50 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index b810253e6c..9053aac4b7 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -31,7 +31,17 @@ mbedtls_threading_mutex_t mbedtls_test_info_mutex; #endif /* MBEDTLS_THREADING_C */ /*----------------------------------------------------------------------------*/ -/* Mbedtls Test Info accessors */ +/* Mbedtls Test Info accessors + * + * NOTE - there are two types of accessors here; the _internal functions, which + * are expected to be used from this module *only*. These do not attempt to lock + * the mbedtls_test_info_mutex, as they are designed to be called from within + * public functions which do lock the mutex first (if mutexes are enabled). + * The main reason for this is the need to set some sets of test data + * atomically, without releasing the mutex inbetween to prevent race conditions + * resulting in mixed test info. The other public accessors have prototypes in + * the header and have to lock the mutex for safety as we obviously cannot + * control where they are called from. */ mbedtls_test_result_t mbedtls_test_get_result(void) { @@ -50,8 +60,8 @@ mbedtls_test_result_t mbedtls_test_get_result(void) return result; } -static void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test, - int line_no, const char *filename) +static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test, + int line_no, const char *filename) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -144,7 +154,7 @@ unsigned long mbedtls_test_get_step(void) return step; } -static void mbedtls_test_reset_step(void) +static void mbedtls_test_reset_step_internal(void) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -178,7 +188,7 @@ void mbedtls_test_get_line1(char *line) #endif /* MBEDTLS_THREADING_C */ } -static void mbedtls_test_set_line1(const char *line) +static void mbedtls_test_set_line1_internal(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -203,7 +213,7 @@ void mbedtls_test_get_line2(char *line) #endif /* MBEDTLS_THREADING_C */ } -static void mbedtls_test_set_line2(const char *line) +static void mbedtls_test_set_line2_internal(const char *line) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -255,7 +265,7 @@ unsigned mbedtls_test_get_case_uses_negative_0(void) return test_case_uses_negative_0; } -static void mbedtls_test_set_case_uses_negative_0(unsigned uses) +static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses) { /* Internal function only - mbedtls_test_info_mutex should be held prior * to calling this function. */ @@ -350,7 +360,7 @@ static void mbedtls_test_fail_internal(const char *test, int line_no, const char if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { /* If we have already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); + mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } } @@ -373,7 +383,7 @@ void mbedtls_test_skip(const char *test, int line_no, const char *filename) mbedtls_mutex_lock(&mbedtls_test_info_mutex); #endif /* MBEDTLS_THREADING_C */ - mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); + mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); #ifdef MBEDTLS_THREADING_C mbedtls_mutex_unlock(&mbedtls_test_info_mutex); @@ -386,13 +396,13 @@ void mbedtls_test_info_reset(void) mbedtls_mutex_lock(&mbedtls_test_info_mutex); #endif /* MBEDTLS_THREADING_C */ - mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); - mbedtls_test_reset_step(); - mbedtls_test_set_line1(NULL); - mbedtls_test_set_line2(NULL); + mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); + mbedtls_test_reset_step_internal(); + mbedtls_test_set_line1_internal(NULL); + mbedtls_test_set_line2_internal(NULL); #if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_set_case_uses_negative_0(0); + mbedtls_test_set_case_uses_negative_0_internal(0); #endif #ifdef MBEDTLS_THREADING_C @@ -424,11 +434,11 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", value1, (long long) value1); - mbedtls_test_set_line1(buf); + mbedtls_test_set_line1_internal(buf); (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", value2, (long long) value2); - mbedtls_test_set_line2(buf); + mbedtls_test_set_line2_internal(buf); } #ifdef MBEDTLS_THREADING_C @@ -462,11 +472,11 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %llu", value1, value1); - mbedtls_test_set_line1(buf); + mbedtls_test_set_line1_internal(buf); (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %llu", value2, value2); - mbedtls_test_set_line2(buf); + mbedtls_test_set_line2_internal(buf); } #ifdef MBEDTLS_THREADING_C @@ -500,11 +510,11 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, (void) mbedtls_snprintf(buf, sizeof(buf), "lhs = 0x%016llx = %lld", (unsigned long long) value1, value1); - mbedtls_test_set_line1(buf); + mbedtls_test_set_line1_internal(buf); (void) mbedtls_snprintf(buf, sizeof(buf), "rhs = 0x%016llx = %lld", (unsigned long long) value2, value2); - mbedtls_test_set_line2(buf); + mbedtls_test_set_line2_internal(buf); } #ifdef MBEDTLS_THREADING_C From 963c26e7158c940e0a52dc1d66e60b46c9f19b0e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 13 Feb 2024 15:35:14 +0000 Subject: [PATCH 520/553] Fix missing mutex lock for mutex usage error Although this can only be read in a situation where threads should have already stopped, best to fix this as its public. Signed-off-by: Paul Elliott --- src/helpers.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/helpers.c b/src/helpers.c index 9053aac4b7..8e1d564145 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -229,7 +229,19 @@ static void mbedtls_test_set_line2_internal(const char *line) #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mbedtls_test_get_mutex_usage_error(void) { - return mbedtls_test_info.mutex_usage_error; + const char *usage_error; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + usage_error = mbedtls_test_info.mutex_usage_error; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return usage_error; } void mbedtls_test_set_mutex_usage_error(const char *msg) From fc47457bc25d926e67433092e266d40aff0a6dcc Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 13 Feb 2024 15:36:47 +0000 Subject: [PATCH 521/553] Lock test mutex before doing mutex usage check Although this again should only happen post all threads stopping, guard this just in case things change. Signed-off-by: Paul Elliott --- src/threading_helpers.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/src/threading_helpers.c b/src/threading_helpers.c index ff0c712faf..5eac02909e 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -317,22 +317,26 @@ void mbedtls_test_mutex_usage_init(void) void mbedtls_test_mutex_usage_check(void) { - if (live_mutexes != 0) { - /* A positive number (more init than free) means that a mutex resource - * is leaking (on platforms where a mutex consumes more than the - * mbedtls_threading_mutex_t object itself). The rare case of a - * negative number means a missing init somewhere. */ - mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); - live_mutexes = 0; - mbedtls_test_set_mutex_usage_error("missing free"); - } - if (mbedtls_test_get_mutex_usage_error() != NULL && - mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { - /* Functionally, the test passed. But there was a mutex usage error, - * so mark the test as failed after all. */ - mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + if (live_mutexes != 0) { + /* A positive number (more init than free) means that a mutex resource + * is leaking (on platforms where a mutex consumes more than the + * mbedtls_threading_mutex_t object itself). The rare case of a + * negative number means a missing init somewhere. */ + mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); + live_mutexes = 0; + mbedtls_test_set_mutex_usage_error("missing free"); + } + if (mbedtls_test_get_mutex_usage_error() != NULL && + mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + /* Functionally, the test passed. But there was a mutex usage error, + * so mark the test as failed after all. */ + mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); + } + mbedtls_test_set_mutex_usage_error(NULL); + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - mbedtls_test_set_mutex_usage_error(NULL); } void mbedtls_test_mutex_usage_end(void) From 6cc6a90ced334117fd722448f2bd2611d2e5a8be Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Feb 2024 11:28:05 +0100 Subject: [PATCH 522/553] tls13: Fix/Improve comments Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 3506609ac4..29f3b7cd4f 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -607,9 +607,7 @@ int mbedtls_test_get_tls13_ticket( mbedtls_test_handshake_test_options *client_options, mbedtls_test_handshake_test_options *server_options, mbedtls_ssl_session *session); -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && - MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#endif #define ECJPAKE_TEST_PWD "bla" From 826741d32cb0b244e367c19f2b7270006918a6fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 17:21:17 +0100 Subject: [PATCH 523/553] New test helper: mbedtls_test_key_consistency_psa_pk Test that a PK key and a PSA key are consistent, i.e. that they have the same type (or are a key pair and the corresponding public key) and that they have the same public key. Signed-off-by: Gilles Peskine --- include/test/psa_exercise_key.h | 21 +++++++ src/psa_exercise_key.c | 103 ++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 7d51a4c536..44f5c08aa9 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -14,6 +14,10 @@ #include +#if defined(MBEDTLS_PK_C) +#include +#endif + /** \def KNOWN_SUPPORTED_HASH_ALG * * A hash algorithm that is known to be supported. @@ -237,4 +241,21 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, */ int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); +#if defined(MBEDTLS_PK_C) +/** PK-PSA key consistency test. + * + * This function tests that the pk context and the PSA key are + * consistent. At a minimum: + * + * - The two objects must contain keys of the same type, + * or a key pair and a public key of the matching type. + * - The two objects must have the same public key. + * + * \retval 0 The key failed the consistency tests. + * \retval 1 The key passed the consistency tests. + */ +int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, + const mbedtls_pk_context *pk); +#endif /* MBEDTLS_PK_C */ + #endif /* PSA_EXERCISE_KEY_H */ diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 80419d1a88..7b81052c8c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -20,6 +20,16 @@ #include #include +#if defined(MBEDTLS_PK_C) +#include +#endif +#if defined(MBEDTLS_ECP_C) +#include +#endif +#if defined(MBEDTLS_RSA_C) +#include +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) { @@ -1054,4 +1064,97 @@ int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) return 1; } +#if defined(MBEDTLS_PK_C) +int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, + const mbedtls_pk_context *pk) +{ + psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT; + int ok = 0; + + PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes)); + psa_key_type_t psa_type = psa_get_key_type(&psa_attributes); + mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + + TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) || + PSA_KEY_TYPE_IS_KEY_PAIR(psa_type)); + TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk)); + + uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + const uint8_t *pk_public = NULL; + size_t pk_public_length = 0; + + switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type)); + const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer); + uint8_t *cursor = end; + TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa, + pk_public_buffer, &cursor)); + pk_public = cursor; + pk_public_length = end - pk_public; + break; +#endif + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type)); + TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family); + pk_public = pk->pub_raw; + pk_public_length = pk->pub_raw_len; + break; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes))); + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + TEST_EQUAL(mbedtls_ecp_write_public_key( + ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length, + pk_public_buffer, sizeof(pk_public_buffer)), 0); + pk_public = pk_public_buffer; + break; +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes)); + psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes); + TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type), + PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type)); + PSA_ASSERT(psa_export_public_key(psa_key, + pk_public_buffer, + sizeof(pk_public_buffer), + &pk_public_length)); + pk_public = pk_public_buffer; + break; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + TEST_FAIL("pk type not supported"); + } + + uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + size_t psa_public_length = 0; + PSA_ASSERT(psa_export_public_key(psa_key, + psa_public, sizeof(psa_public), + &psa_public_length)); + TEST_MEMORY_COMPARE(pk_public, pk_public_length, + psa_public, psa_public_length); + + ok = 1; + +exit: + psa_reset_key_attributes(&psa_attributes); + psa_reset_key_attributes(&pk_attributes); + return ok; +} +#endif /* MBEDTLS_PK_C */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 407d4b0e85cb5d90dbd9d16c553b3ac9f1c7401a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sat, 24 Feb 2024 10:57:22 +0000 Subject: [PATCH 524/553] Improve documentation / comments Signed-off-by: Paul Elliott --- src/helpers.c | 17 ++++++++--------- src/threading_helpers.c | 4 ++-- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/helpers.c b/src/helpers.c index 8e1d564145..24334228ff 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -33,15 +33,14 @@ mbedtls_threading_mutex_t mbedtls_test_info_mutex; /*----------------------------------------------------------------------------*/ /* Mbedtls Test Info accessors * - * NOTE - there are two types of accessors here; the _internal functions, which - * are expected to be used from this module *only*. These do not attempt to lock - * the mbedtls_test_info_mutex, as they are designed to be called from within - * public functions which do lock the mutex first (if mutexes are enabled). - * The main reason for this is the need to set some sets of test data - * atomically, without releasing the mutex inbetween to prevent race conditions - * resulting in mixed test info. The other public accessors have prototypes in - * the header and have to lock the mutex for safety as we obviously cannot - * control where they are called from. */ + * NOTE - there are two types of accessors here: public accessors and internal + * accessors. The public accessors have prototypes in helpers.h and lock + * mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors, + * which are expected to be used from this module *only*, do not lock the mutex. + * These are designed to be called from within public functions which already + * hold the mutex. The main reason for this difference is the need to set + * multiple test data values atomically (without releasing the mutex) to prevent + * race conditions. */ mbedtls_test_result_t mbedtls_test_get_result(void) { diff --git a/src/threading_helpers.c b/src/threading_helpers.c index 5eac02909e..c1686c21ad 100644 --- a/src/threading_helpers.c +++ b/src/threading_helpers.c @@ -321,8 +321,8 @@ void mbedtls_test_mutex_usage_check(void) if (live_mutexes != 0) { /* A positive number (more init than free) means that a mutex resource * is leaking (on platforms where a mutex consumes more than the - * mbedtls_threading_mutex_t object itself). The rare case of a - * negative number means a missing init somewhere. */ + * mbedtls_threading_mutex_t object itself). The (hopefully) rare + * case of a negative number means a missing init somewhere. */ mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); live_mutexes = 0; mbedtls_test_set_mutex_usage_error("missing free"); From 684e26b44648bb88436c62ca2642667efcfd71d0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Feb 2024 00:11:09 +0100 Subject: [PATCH 525/553] Ignore domain parameters in RSA key generation Remove the ability to select a custom public exponent via domain parameters in RSA key generation. The only way to select a custom public exponent is now to pass custom production parameters to psa_generate_key_ext(). A subsequent commit will remove domain parameters altogether from the API, thus this commit does not bother to update the documentation. Signed-off-by: Gilles Peskine --- src/drivers/test_driver_key_management.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/drivers/test_driver_key_management.c b/src/drivers/test_driver_key_management.c index a3d532d51a..866b31edee 100644 --- a/src/drivers/test_driver_key_management.c +++ b/src/drivers/test_driver_key_management.c @@ -225,10 +225,13 @@ psa_status_t mbedtls_test_transparent_generate_key( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_rsa_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, + NULL, 0, /* We don't support custom e in the test driver yet */ key, key_size, key_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return mbedtls_psa_rsa_generate_key( - attributes, key, key_size, key_length); + attributes, + NULL, 0, /* We don't support custom e in the test driver yet */ + key, key_size, key_length); #endif } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { From 000fe4868b423296c73a67b578ffc7caf5612f9d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Feb 2024 08:11:25 +0100 Subject: [PATCH 526/553] test: remove usage of mbedtls_pk_wrap_as_opaque() from tests This is replaced with: mbedtls_pk_get_psa_attributes() + mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque(). Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 7a28bd8795..f6645d7dec 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -685,9 +685,24 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, #if defined(MBEDTLS_USE_PSA_CRYPTO) if (opaque_alg != 0) { - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot, - opaque_alg, opaque_usage, - opaque_alg2), 0); + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_VERIFY_HASH, + &key_attr), 0); + /* Then manually set type, usage, alg and alg2 as requested by the test. */ + psa_key_type_t key_type = psa_get_key_type(&key_attr); + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) { + psa_set_key_type(&key_attr, PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(key_type)); + } + psa_set_key_usage_flags(&key_attr, opaque_usage); + psa_set_key_algorithm(&key_attr, opaque_alg); + if (opaque_alg2 != PSA_ALG_NONE) { + psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); + } + TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); + mbedtls_pk_free(cert->pkey); + mbedtls_pk_init(cert->pkey); + TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); } #else (void) opaque_alg; From fe45695fa42a23bcfd31606cec5db88228d3a537 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Feb 2024 13:56:09 +0100 Subject: [PATCH 527/553] ssl_helpers: minor fix in mbedtls_test_ssl_endpoint_certificate_init() Signed-off-by: Valerio Setti --- src/test_helpers/ssl_helpers.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index f6645d7dec..5d4cb1cf0d 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -687,13 +687,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (opaque_alg != 0) { psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_VERIFY_HASH, + TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); - /* Then manually set type, usage, alg and alg2 as requested by the test. */ - psa_key_type_t key_type = psa_get_key_type(&key_attr); - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) { - psa_set_key_type(&key_attr, PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(key_type)); - } + /* Then manually usage, alg and alg2 as requested by the test. */ psa_set_key_usage_flags(&key_attr, opaque_usage); psa_set_key_algorithm(&key_attr, opaque_alg); if (opaque_alg2 != PSA_ALG_NONE) { From 3318f3921b64695cd789c830b3dbc566b4e2dbd3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 Feb 2024 01:26:46 +0100 Subject: [PATCH 528/553] Don't access psa_key_attributes_t.core Access the fields of `psa_key_attributes_t` directly rather than through the `core` field. This makes the `core` field obsolete. This commit is fully automated: ``` git ls-files '*.h' '*.c' '*.function' '*.jinja' | xargs perl -l -i -pe '$core = qr/\b(core\b|MBEDTLS_PRIVATE\(core\))/; s/->$core\./->/g; s/&(\w+)\.$core\./&$1./g; s/(\w+)\.$core/$1/g' ``` Signed-off-by: Gilles Peskine --- src/drivers/test_driver_signature.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/drivers/test_driver_signature.c b/src/drivers/test_driver_signature.c index 00dd3e2673..4fca5d178d 100644 --- a/src/drivers/test_driver_signature.c +++ b/src/drivers/test_driver_signature.c @@ -49,7 +49,7 @@ psa_status_t sign_hash( size_t signature_size, size_t *signature_length) { - if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -71,7 +71,7 @@ psa_status_t sign_hash( } else { return PSA_ERROR_INVALID_ARGUMENT; } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ @@ -116,7 +116,7 @@ psa_status_t verify_hash( const uint8_t *signature, size_t signature_length) { - if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { + if (PSA_KEY_TYPE_IS_RSA(attributes->type)) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -138,7 +138,7 @@ psa_status_t verify_hash( } else { return PSA_ERROR_INVALID_ARGUMENT; } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ From a2c7de5000e27dbdd18e07d808ecba5a5715f943 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 29 Feb 2024 16:14:29 +0100 Subject: [PATCH 529/553] psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT This commit also: - updates changelog - add a stub function to be used in component_test_psa_crypto_client() test Signed-off-by: Valerio Setti --- src/psa_crypto_stubs.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 src/psa_crypto_stubs.c diff --git a/src/psa_crypto_stubs.c b/src/psa_crypto_stubs.c new file mode 100644 index 0000000000..be011213f9 --- /dev/null +++ b/src/psa_crypto_stubs.c @@ -0,0 +1,25 @@ +/** \file psa_crypto_stubs.c + * + * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but + * MBEDTLS_PSA_CRYPTO_C is disabled. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include + +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size) +{ + (void) output; + (void) output_size; + + return PSA_ERROR_COMMUNICATION_FAILURE; +} + +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT !MBEDTLS_PSA_CRYPTO_C */ From 63281a4c3abaf38b1c22c3c2d340f89a2478636c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 23 Feb 2024 07:43:45 +0100 Subject: [PATCH 530/553] tests: ssl: Add max_early_data_size option Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 1 + src/test_helpers/ssl_helpers.c | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 5b071f75aa..71259d66f5 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -114,6 +114,7 @@ typedef struct mbedtls_test_handshake_test_options { void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; int early_data; + int max_early_data_size; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 7a28bd8795..bf29b474a7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -68,6 +68,7 @@ void mbedtls_test_init_handshake_options( opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->resize_buffers = 1; opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + opts->max_early_data_size = -1; #if defined(MBEDTLS_SSL_CACHE_C) TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); @@ -815,6 +816,13 @@ int mbedtls_test_ssl_endpoint_init( #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); +#if defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && + (options->max_early_data_size >= 0)) { + mbedtls_ssl_conf_max_early_data_size(&(ep->conf), + options->max_early_data_size); + } +#endif #endif #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) From 523b1d27836e1fccee474bafc67dc6698aa22a87 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 23 Feb 2024 07:43:45 +0100 Subject: [PATCH 531/553] tests: ssl: Add max_early_data_size option Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 1 + src/test_helpers/ssl_helpers.c | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 5b071f75aa..71259d66f5 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -114,6 +114,7 @@ typedef struct mbedtls_test_handshake_test_options { void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; int early_data; + int max_early_data_size; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 7a28bd8795..bf29b474a7 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -68,6 +68,7 @@ void mbedtls_test_init_handshake_options( opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->resize_buffers = 1; opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + opts->max_early_data_size = -1; #if defined(MBEDTLS_SSL_CACHE_C) TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); @@ -815,6 +816,13 @@ int mbedtls_test_ssl_endpoint_init( #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); +#if defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && + (options->max_early_data_size >= 0)) { + mbedtls_ssl_conf_max_early_data_size(&(ep->conf), + options->max_early_data_size); + } +#endif #endif #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) From dbac76fd000609ffa921e24afa1abe5357a2e16c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 5 Feb 2024 09:38:09 +0100 Subject: [PATCH 532/553] tests: ssl_helpers: Rename rng_get to mbedtls_test_random mbedtls_test_ as the prefix for test APIs _random like in mbedtls_ctr/hmac_drbg_random Signed-off-by: Ronald Cron --- include/test/ssl_helpers.h | 7 ++++++- src/test_helpers/ssl_helpers.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 9493b69ca7..f214ce0246 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -193,7 +193,12 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -int rng_get(void *p_rng, unsigned char *output, size_t output_len); +/* + * Random number generator aimed for TLS unitary tests. Its main purpose is to + * simplify the set-up of a random number generator for TLS + * unitary tests: no need to set up a good entropy source for example. + */ +int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len); /* * This function can be passed to mbedtls to receive output logs from it. In diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index de76b09935..860b0a39f4 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -12,7 +12,7 @@ #include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) -int rng_get(void *p_rng, unsigned char *output, size_t output_len) +int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; for (size_t i = 0; i < output_len; i++) { @@ -754,7 +754,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL); + mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); From 64609f694040b42cf07d597d39ec1f9725a08934 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 1 Mar 2024 18:04:14 +0100 Subject: [PATCH 533/553] psa_crypto_stubs/changelog: fix typos Signed-off-by: Valerio Setti --- src/psa_crypto_stubs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/psa_crypto_stubs.c b/src/psa_crypto_stubs.c index be011213f9..f3ca850747 100644 --- a/src/psa_crypto_stubs.c +++ b/src/psa_crypto_stubs.c @@ -22,4 +22,4 @@ psa_status_t psa_generate_random(uint8_t *output, return PSA_ERROR_COMMUNICATION_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT !MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ From 2b76c6c04b6222b9197e5ac670a2d4b282a63daf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 4 Mar 2024 10:24:27 +0100 Subject: [PATCH 534/553] ssl_helpers: Restore rng_seed incrementation Signed-off-by: Ronald Cron --- src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 860b0a39f4..53003b2232 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -43,7 +43,7 @@ void mbedtls_test_init_handshake_options( mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - int rng_seed = 0xBEEF; + static int rng_seed = 0xBEEF; srand(rng_seed); rng_seed += 0xD0; From 70644d1c09629c1feeb7260dc6dd21137c6636e1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 5 Mar 2024 11:46:32 +0000 Subject: [PATCH 535/553] Ensure drivers have threading enabled if required Signed-off-by: Paul Elliott --- include/test/drivers/config_test_driver.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/test/drivers/config_test_driver.h b/include/test/drivers/config_test_driver.h index 4eb27f024e..ec8bcb6135 100644 --- a/include/test/drivers/config_test_driver.h +++ b/include/test/drivers/config_test_driver.h @@ -40,5 +40,7 @@ //#define MBEDTLS_MD_C //#define MBEDTLS_PEM_PARSE_C //#define MBEDTLS_BASE64_C +//#define MBEDTLS_THREADING_C +//#define MBEDTLS_THREADING_PTHREAD #endif /* MBEDTLS_CONFIG_H */ From 002f8094e83053d4e04b24caa7133f9c7db365c5 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:34:02 +0000 Subject: [PATCH 536/553] Add key_destroyable parameter to mbedtls_test_psa_exercise_key This will allow us to use this smoke test to ensure that key slot content reads are only performed when we are registered to read a full slot. We will destroy the key on another thread while the key is being exercised, and fail the test if an unexpected error code is hit. Future commits will incrementally implement this new parameter. All current usages of this function have this parameter set to 0, in which case the new behaviour must be the same as the old behaviour Signed-off-by: Ryan Everett --- include/test/psa_exercise_key.h | 20 ++++++++++++++------ src/psa_exercise_key.c | 29 +++++++++++++++++------------ 2 files changed, 31 insertions(+), 18 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 44f5c08aa9..fa57d88727 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -209,18 +209,26 @@ int mbedtls_test_psa_exported_key_sanity_check( * ``` * if( ! exercise_key( ... ) ) goto exit; * ``` - * - * \param key The key to exercise. It should be capable of performing - * \p alg. - * \param usage The usage flags to assume. - * \param alg The algorithm to exercise. + * To use this function for multi-threaded tests where the key + * may be destroyed at any point: call this function with key_destroyable set + * to 1, while another thread calls psa_destroy_key on the same key; + * this will test whether destroying the key in use leads to any corruption. + * + * \param key The key to exercise. It should be capable of performing + * \p alg. + * \param usage The usage flags to assume. + * \param alg The algorithm to exercise. + * \param key_destroyable If set to 1, a failure due to the key not existing + * or the key being destroyed mid-operation will only + * be reported if the error code is unexpected. * * \retval 0 The key failed the smoke tests. * \retval 1 The key passed the smoke tests. */ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg); + psa_algorithm_t alg, + int key_destroyable); psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, psa_algorithm_t alg); diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 7b81052c8c..e5cce79392 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -948,38 +948,43 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { int ok = 0; - if (!check_key_attributes_sanity(key)) { + if (!check_key_attributes_sanity(key, key_destroyable)) { return 0; } if (alg == 0) { ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */ } else if (PSA_ALG_IS_MAC(alg)) { - ok = exercise_mac_key(key, usage, alg); + ok = exercise_mac_key(key, usage, alg, key_destroyable); } else if (PSA_ALG_IS_CIPHER(alg)) { - ok = exercise_cipher_key(key, usage, alg); + ok = exercise_cipher_key(key, usage, alg, key_destroyable); } else if (PSA_ALG_IS_AEAD(alg)) { - ok = exercise_aead_key(key, usage, alg); + ok = exercise_aead_key(key, usage, alg, key_destroyable); } else if (PSA_ALG_IS_SIGN(alg)) { - ok = exercise_signature_key(key, usage, alg); + ok = exercise_signature_key(key, usage, alg, key_destroyable); } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) { - ok = exercise_asymmetric_encryption_key(key, usage, alg); + ok = exercise_asymmetric_encryption_key(key, usage, alg, + key_destroyable); } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) { - ok = exercise_key_derivation_key(key, usage, alg); + ok = exercise_key_derivation_key(key, usage, alg, key_destroyable); } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { - ok = exercise_raw_key_agreement_key(key, usage, alg); + ok = exercise_raw_key_agreement_key(key, usage, alg, key_destroyable); } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { - ok = exercise_key_agreement_key(key, usage, alg); + ok = exercise_key_agreement_key(key, usage, alg, key_destroyable); } else { TEST_FAIL("No code to exercise this category of algorithm"); } - ok = ok && exercise_export_key(key, usage); - ok = ok && exercise_export_public_key(key); + ok = ok && exercise_export_key(key, + usage, + key_destroyable); + ok = ok && exercise_export_public_key(key, + key_destroyable); exit: return ok; From 233382e2d9a7020540afb71334945dd49b9374ad Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:00:08 +0000 Subject: [PATCH 537/553] Add key_destroyable parameter to check_key_attributes_sanity This function is currently only used in the exercise_key smoke test. Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index e5cce79392..30f21da90e 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -38,7 +38,8 @@ static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) } #endif -static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) +static int check_key_attributes_sanity(mbedtls_svc_key_id_t key, + int key_destroyable) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -46,8 +47,13 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) mbedtls_svc_key_id_t id; psa_key_type_t type; size_t bits; - - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + psa_status_t status = psa_get_key_attributes(key, &attributes); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + psa_reset_key_attributes(&attributes); + return 1; + } + PSA_ASSERT(status); lifetime = psa_get_key_lifetime(&attributes); id = psa_get_key_id(&attributes); type = psa_get_key_type(&attributes); @@ -66,17 +72,20 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX)); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - /* randomly-generated 64-bit constant, should never appear in test data */ - psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; - psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number); - if (lifetime_is_dynamic_secure_element(lifetime)) { - /* Mbed TLS currently always exposes the slot number to - * applications. This is not mandated by the PSA specification - * and may change in future versions. */ - TEST_EQUAL(status, 0); - TEST_ASSERT(slot_number != 0xec94d4a5058a1a21); - } else { - TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); + /* MBEDTLS_PSA_CRYPTO_SE_C does not support thread safety. */ + if (key_destroyable == 0) { + /* randomly-generated 64-bit constant, should never appear in test data */ + psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; + status = psa_get_key_slot_number(&attributes, &slot_number); + if (lifetime_is_dynamic_secure_element(lifetime)) { + /* Mbed TLS currently always exposes the slot number to + * applications. This is not mandated by the PSA specification + * and may change in future versions. */ + TEST_EQUAL(status, 0); + TEST_ASSERT(slot_number != 0xec94d4a5058a1a21); + } else { + TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); + } } #endif From c13895a304111a822d3c2bcb4ad093f50948e7ac Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:02:23 +0000 Subject: [PATCH 538/553] Add key_destroyable parameter to exercise_mac_key If the key has been destroyed (and the new parameter is 1) then we test that psa_mac_abort succeeds in this scenario. Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 30f21da90e..dc5b2bf007 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -119,20 +119,27 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key, static int exercise_mac_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; const unsigned char input[] = "foo"; unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 }; size_t mac_length = sizeof(mac); - + psa_status_t status = PSA_SUCCESS; /* Convert wildcard algorithm to exercisable algorithm */ if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg)); } if (usage & PSA_KEY_USAGE_SIGN_HASH) { - PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg)); + status = psa_mac_sign_setup(&operation, key, alg); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + PSA_ASSERT(psa_mac_abort(&operation)); + return 1; + } + PSA_ASSERT(status); PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); PSA_ASSERT(psa_mac_sign_finish(&operation, @@ -145,7 +152,13 @@ static int exercise_mac_key(mbedtls_svc_key_id_t key, (usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE); - PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg)); + status = psa_mac_verify_setup(&operation, key, alg); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + PSA_ASSERT(psa_mac_abort(&operation)); + return 1; + } + PSA_ASSERT(status); PSA_ASSERT(psa_mac_update(&operation, input, sizeof(input))); TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length), From 6049968220ad63de377aeac641a48c262c89d591 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:04:45 +0000 Subject: [PATCH 539/553] Add key_destroyable parameter to psa_exercise_cipher_key If the key has been destroyed (and the new parameter is 1), we test that psa_cipher_abort succeeds in this scenario. Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index dc5b2bf007..ff0d1c0a63 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -174,7 +174,8 @@ static int exercise_mac_key(mbedtls_svc_key_id_t key, static int exercise_cipher_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 }; @@ -186,13 +187,20 @@ static int exercise_cipher_key(mbedtls_svc_key_id_t key, size_t ciphertext_length = sizeof(ciphertext); unsigned char decrypted[sizeof(ciphertext)]; size_t part_length; + psa_status_t status = PSA_SUCCESS; PSA_ASSERT(psa_get_key_attributes(key, &attributes)); key_type = psa_get_key_type(&attributes); iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg); if (usage & PSA_KEY_USAGE_ENCRYPT) { - PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg)); + status = psa_cipher_encrypt_setup(&operation, key, alg); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + PSA_ASSERT(psa_cipher_abort(&operation)); + return 1; + } + PSA_ASSERT(status); if (iv_length != 0) { PSA_ASSERT(psa_cipher_generate_iv(&operation, iv, sizeof(iv), @@ -210,12 +218,17 @@ static int exercise_cipher_key(mbedtls_svc_key_id_t key, } if (usage & PSA_KEY_USAGE_DECRYPT) { - psa_status_t status; int maybe_invalid_padding = 0; if (!(usage & PSA_KEY_USAGE_ENCRYPT)) { maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg); } - PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg)); + status = psa_cipher_decrypt_setup(&operation, key, alg); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + PSA_ASSERT(psa_cipher_abort(&operation)); + return 1; + } + PSA_ASSERT(status); if (iv_length != 0) { PSA_ASSERT(psa_cipher_set_iv(&operation, iv, iv_length)); From e0cfa29e206208936097bdeb8de5dbbdc535f4b2 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:09:25 +0000 Subject: [PATCH 540/553] Add key_destroyable parameter to exercise_aead_key Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index ff0d1c0a63..89434bfdcf 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -262,7 +262,8 @@ static int exercise_cipher_key(mbedtls_svc_key_id_t key, static int exercise_aead_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 }; size_t nonce_length; @@ -272,6 +273,7 @@ static int exercise_aead_key(mbedtls_svc_key_id_t key, unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = sizeof(ciphertext); + psa_status_t status = PSA_SUCCESS; /* Convert wildcard algorithm to exercisable algorithm */ if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { @@ -283,12 +285,17 @@ static int exercise_aead_key(mbedtls_svc_key_id_t key, nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg); if (usage & PSA_KEY_USAGE_ENCRYPT) { - PSA_ASSERT(psa_aead_encrypt(key, alg, - nonce, nonce_length, - NULL, 0, - plaintext, sizeof(plaintext), - ciphertext, sizeof(ciphertext), - &ciphertext_length)); + status = psa_aead_encrypt(key, alg, + nonce, nonce_length, + NULL, 0, + plaintext, sizeof(plaintext), + ciphertext, sizeof(ciphertext), + &ciphertext_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); } if (usage & PSA_KEY_USAGE_DECRYPT) { @@ -296,13 +303,17 @@ static int exercise_aead_key(mbedtls_svc_key_id_t key, (usage & PSA_KEY_USAGE_ENCRYPT ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE); - TEST_EQUAL(psa_aead_decrypt(key, alg, - nonce, nonce_length, - NULL, 0, - ciphertext, ciphertext_length, - plaintext, sizeof(plaintext), - &plaintext_length), - verify_status); + status = psa_aead_decrypt(key, alg, + nonce, nonce_length, + NULL, 0, + ciphertext, ciphertext_length, + plaintext, sizeof(plaintext), + &plaintext_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + TEST_ASSERT(status == verify_status); } return 1; From 33fba7c84b7a8c333bb49298c0fdcc9c88ab5cd3 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:11:01 +0000 Subject: [PATCH 541/553] Add key_destroyable parameter to exercise_signature_key Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 54 +++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 89434bfdcf..fde1187e70 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -337,7 +337,8 @@ static int can_sign_or_verify_message(psa_key_usage_t usage, static int exercise_signature_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { /* If the policy allows signing with any hash, just pick one. */ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); @@ -351,6 +352,7 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, TEST_FAIL("No hash algorithm for hash-and-sign testing"); #endif } + psa_status_t status = PSA_SUCCESS; if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && PSA_ALG_IS_SIGN_HASH(alg)) { @@ -367,10 +369,15 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, } if (usage & PSA_KEY_USAGE_SIGN_HASH) { - PSA_ASSERT(psa_sign_hash(key, alg, - payload, payload_length, - signature, sizeof(signature), - &signature_length)); + status = psa_sign_hash(key, alg, + payload, payload_length, + signature, sizeof(signature), + &signature_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); } if (usage & PSA_KEY_USAGE_VERIFY_HASH) { @@ -378,10 +385,14 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, (usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE); - TEST_EQUAL(psa_verify_hash(key, alg, - payload, payload_length, - signature, signature_length), - verify_status); + status = psa_verify_hash(key, alg, + payload, payload_length, + signature, signature_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + TEST_ASSERT(status == verify_status); } } @@ -392,10 +403,15 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, size_t signature_length = sizeof(signature); if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - PSA_ASSERT(psa_sign_message(key, alg, - message, message_length, - signature, sizeof(signature), - &signature_length)); + status = psa_sign_message(key, alg, + message, message_length, + signature, sizeof(signature), + &signature_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); } if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { @@ -403,10 +419,14 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, (usage & PSA_KEY_USAGE_SIGN_MESSAGE ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE); - TEST_EQUAL(psa_verify_message(key, alg, - message, message_length, - signature, signature_length), - verify_status); + status = psa_verify_message(key, alg, + message, message_length, + signature, signature_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + TEST_ASSERT(status == verify_status); } } From 0032477d1d205bf67b01c11529ef94129a024c19 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:12:41 +0000 Subject: [PATCH 542/553] Add key_destroyable parameter to exercise_asymmetric_encryption_key Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index fde1187e70..470073930c 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -438,7 +438,8 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = "Hello, world..."; @@ -446,22 +447,30 @@ static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; - + psa_status_t status = PSA_SUCCESS; if (usage & PSA_KEY_USAGE_ENCRYPT) { - PSA_ASSERT(psa_asymmetric_encrypt(key, alg, - plaintext, plaintext_length, - NULL, 0, - ciphertext, sizeof(ciphertext), - &ciphertext_length)); + status = psa_asymmetric_encrypt(key, alg, + plaintext, plaintext_length, + NULL, 0, + ciphertext, sizeof(ciphertext), + &ciphertext_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); } if (usage & PSA_KEY_USAGE_DECRYPT) { - psa_status_t status = - psa_asymmetric_decrypt(key, alg, - ciphertext, ciphertext_length, - NULL, 0, - plaintext, sizeof(plaintext), - &plaintext_length); + status = psa_asymmetric_decrypt(key, alg, + ciphertext, ciphertext_length, + NULL, 0, + plaintext, sizeof(plaintext), + &plaintext_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } TEST_ASSERT(status == PSA_SUCCESS || ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 && (status == PSA_ERROR_INVALID_ARGUMENT || From 051d2981524e027b77b1355e35abaaf881b92491 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:17:43 +0000 Subject: [PATCH 543/553] Add key_destroyable parameter to key derivation smoke tests All current usages have this parameter set to 0 (in this case the behaviour of the test is unchanged) Signed-off-by: Ryan Everett --- include/test/psa_exercise_key.h | 5 ++- src/psa_exercise_key.c | 77 +++++++++++++++++++++++---------- 2 files changed, 59 insertions(+), 23 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index fa57d88727..713b093103 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -123,6 +123,9 @@ * \param input2 The first input to pass. * \param input2_length The length of \p input2 in bytes. * \param capacity The capacity to set. + * \param key_destroyable If set to 1, a failure due to the key not existing + * or the key being destroyed mid-operation will only + * be reported if the error code is unexpected. * * \return \c 1 on success, \c 0 on failure. */ @@ -132,7 +135,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap( psa_algorithm_t alg, const unsigned char *input1, size_t input1_length, const unsigned char *input2, size_t input2_length, - size_t capacity); + size_t capacity, int key_destroyable); /** Perform a key agreement using the given key pair against its public key * using psa_raw_key_agreement(). diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 470073930c..7260f1a4d0 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -489,16 +489,22 @@ int mbedtls_test_psa_setup_key_derivation_wrap( psa_algorithm_t alg, const unsigned char *input1, size_t input1_length, const unsigned char *input2, size_t input2_length, - size_t capacity) + size_t capacity, int key_destroyable) { PSA_ASSERT(psa_key_derivation_setup(operation, alg)); + psa_status_t status = PSA_SUCCESS; if (PSA_ALG_IS_HKDF(alg)) { PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_SALT, input1, input1_length)); - PSA_ASSERT(psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key)); + status = psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_INFO, input2, @@ -507,13 +513,23 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_SALT, input1, input1_length)); - PSA_ASSERT(psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key)); + status = psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) { - PSA_ASSERT(psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key)); + status = psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_INFO, input2, @@ -523,9 +539,14 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_SEED, input1, input1_length)); - PSA_ASSERT(psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key)); + status = psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); @@ -537,9 +558,14 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_SALT, input2, input2_length)); - PSA_ASSERT(psa_key_derivation_input_key(operation, - PSA_KEY_DERIVATION_INPUT_PASSWORD, - key)); + status = psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_PASSWORD, + key); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + return 1; + } + PSA_ASSERT(status); } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_SECRET, @@ -561,7 +587,8 @@ int mbedtls_test_psa_setup_key_derivation_wrap( static int exercise_key_derivation_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input1[] = "Input 1"; @@ -575,14 +602,20 @@ static int exercise_key_derivation_key(mbedtls_svc_key_id_t key, if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg, input1, input1_length, input2, input2_length, - capacity)) { + capacity, key_destroyable)) { goto exit; } - PSA_ASSERT(psa_key_derivation_output_bytes(&operation, - output, - capacity)); - PSA_ASSERT(psa_key_derivation_abort(&operation)); + psa_status_t status = psa_key_derivation_output_bytes(&operation, + output, + capacity); + if (key_destroyable && status == PSA_ERROR_BAD_STATE) { + /* The key has been destroyed. */ + PSA_ASSERT(psa_key_derivation_abort(&operation)); + } else { + PSA_ASSERT(status); + PSA_ASSERT(psa_key_derivation_abort(&operation)); + } } return 1; From f7ba175dacf7b5ac1398db009f0da41f8f0449d0 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:21:12 +0000 Subject: [PATCH 544/553] Add key_destroyable parameter to raw key agreement smoke tests All current usages have this parameter set to 0 (meaning the behaviour of these tests hasn't changed). We also now return the actual error code, not GENERIC_ERROR Signed-off-by: Ryan Everett --- include/test/psa_exercise_key.h | 5 ++++- src/psa_exercise_key.c | 38 +++++++++++++++++++++++---------- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 713b093103..23349166a7 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -146,12 +146,15 @@ int mbedtls_test_psa_setup_key_derivation_wrap( * * \param alg A key agreement algorithm compatible with \p key. * \param key A key that allows key agreement with \p alg. + * \param key_destroyable If set to 1, a failure due to the key not existing + * or the key being destroyed mid-operation will only + * be reported if the error code is unexpected. * * \return \c 1 on success, \c 0 on failure. */ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_algorithm_t alg, - mbedtls_svc_key_id_t key); + mbedtls_svc_key_id_t key, int key_destroyable); /** Perform a key agreement using the given key pair against its public key * using psa_key_derivation_raw_key(). diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 7260f1a4d0..b62a34b5d7 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -668,7 +668,8 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self( * private key against its own public key. */ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_algorithm_t alg, - mbedtls_svc_key_id_t key) + mbedtls_svc_key_id_t key, + int key_destroyable) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -677,25 +678,38 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( size_t public_key_length; uint8_t output[1024]; size_t output_length; - /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, - * but it's good enough: callers will report it as a failed test anyway. */ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + psa_status_t status = psa_get_key_attributes(key, &attributes); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + psa_reset_key_attributes(&attributes); + return PSA_SUCCESS; + } + PSA_ASSERT(status); + private_key_type = psa_get_key_type(&attributes); key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); TEST_CALLOC(public_key, public_key_length); - PSA_ASSERT(psa_export_public_key(key, - public_key, public_key_length, - &public_key_length)); + status = psa_export_public_key(key, + public_key, public_key_length, + &public_key_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + status = PSA_SUCCESS; + goto exit; + } status = psa_raw_key_agreement(alg, key, public_key, public_key_length, output, sizeof(output), &output_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + status = PSA_SUCCESS; + goto exit; + } if (status == PSA_SUCCESS) { TEST_ASSERT(output_length <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type, @@ -717,14 +731,16 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { int ok = 0; if (usage & PSA_KEY_USAGE_DERIVE) { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key)); + PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key, + key_destroyable)); } ok = 1; From 1290451303567b4383b33e6974e8e0335ff20011 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Mar 2024 13:30:29 +0100 Subject: [PATCH 545/553] psa_crypto_stubs: extend stub functions for the CRYPTO_CLIENT tests Signed-off-by: Valerio Setti --- src/psa_crypto_stubs.c | 50 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/src/psa_crypto_stubs.c b/src/psa_crypto_stubs.c index f3ca850747..81d7f4b328 100644 --- a/src/psa_crypto_stubs.c +++ b/src/psa_crypto_stubs.c @@ -22,4 +22,54 @@ psa_status_t psa_generate_random(uint8_t *output, return PSA_ERROR_COMMUNICATION_FAILURE; } +psa_status_t psa_export_key(mbedtls_svc_key_id_t key, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + (void) key; + (void) data; + (void) data_size; + (void) data_length; + return PSA_ERROR_COMMUNICATION_FAILURE; +} + +psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + (void) key; + (void) data; + (void) data_size; + (void) data_length; + return PSA_ERROR_COMMUNICATION_FAILURE; +} + +psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, + psa_key_attributes_t *attributes) +{ + (void) key; + (void) attributes; + return PSA_ERROR_COMMUNICATION_FAILURE; +} + +psa_status_t psa_hash_abort(psa_hash_operation_t *operation) +{ + (void) operation; + return PSA_ERROR_COMMUNICATION_FAILURE; +} + +psa_status_t psa_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + mbedtls_svc_key_id_t *key) +{ + (void) attributes; + (void) data; + (void) data_length; + (void) key; + return PSA_ERROR_COMMUNICATION_FAILURE; +} + #endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ From f89b216cbc500eab7391ea9fb51eb995d7d841d8 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:29:55 +0000 Subject: [PATCH 546/553] Add key_destroyable parameter to non-raw key agreement smoke tests All current usages have this parameter set to 0 (this means the tests are unchanged). Remove the GENERIC_ERROR return behaviour, in favour of returning the actual status. Signed-off-by: Ryan Everett --- include/test/psa_exercise_key.h | 5 +++- src/psa_exercise_key.c | 43 ++++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index 23349166a7..f656b95f88 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -168,12 +168,15 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( * \p key. * \param key A key pair object that is suitable for a key * agreement with \p operation. + * \param key_destroyable If set to 1, a failure due to the key not existing + * or the key being destroyed mid-operation will only + * be reported if the error code is unexpected. * * \return \c 1 on success, \c 0 on failure. */ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key); + mbedtls_svc_key_id_t key, int key_destroyable); /** Perform sanity checks on the given key representation. * diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index b62a34b5d7..1cf45ac567 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -628,31 +628,45 @@ static int exercise_key_derivation_key(mbedtls_svc_key_id_t key, * private key against its own public key. */ psa_status_t mbedtls_test_psa_key_agreement_with_self( psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t key) + mbedtls_svc_key_id_t key, int key_destroyable) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; size_t key_bits; uint8_t *public_key = NULL; size_t public_key_length; - /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, - * but it's good enough: callers will report it as a failed test anyway. */ - psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + psa_status_t status = psa_get_key_attributes(key, &attributes); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + psa_reset_key_attributes(&attributes); + return PSA_SUCCESS; + } + PSA_ASSERT(status); + private_key_type = psa_get_key_type(&attributes); key_bits = psa_get_key_bits(&attributes); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); TEST_CALLOC(public_key, public_key_length); - PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length, - &public_key_length)); + status = psa_export_public_key(key, public_key, public_key_length, + &public_key_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + status = PSA_SUCCESS; + goto exit; + } + PSA_ASSERT(status); status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, public_key, public_key_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + status = PSA_SUCCESS; + goto exit; + } exit: /* * Key attributes may have been returned by psa_get_key_attributes() @@ -750,7 +764,8 @@ static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key, static int exercise_key_agreement_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, - psa_algorithm_t alg) + psa_algorithm_t alg, + int key_destroyable) { psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input[1] = { 0 }; @@ -781,7 +796,12 @@ static int exercise_key_agreement_key(mbedtls_svc_key_id_t key, hash length. Otherwise test should fail with INVALID_ARGUMENT. */ if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + psa_status_t status = psa_get_key_attributes(key, &attributes); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + ok = 1; + } + PSA_ASSERT(status); size_t key_bits = psa_get_key_bits(&attributes); psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); @@ -790,7 +810,8 @@ static int exercise_key_agreement_key(mbedtls_svc_key_id_t key, } } - TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key), + TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key, + key_destroyable), expected_key_agreement_status); if (expected_key_agreement_status != PSA_SUCCESS) { From 3823662208680b91ceb71f2deca1525a4ead4cf9 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 12 Mar 2024 16:32:29 +0000 Subject: [PATCH 547/553] Add key_destroyable parameter to key export smoke tests These are only called from mbedtls_test_psa_exercise_key Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 62 +++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 19 deletions(-) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 1cf45ac567..5aed683ebc 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -1002,7 +1002,8 @@ int mbedtls_test_psa_exported_key_sanity_check( } static int exercise_export_key(mbedtls_svc_key_id_t key, - psa_key_usage_t usage) + psa_key_usage_t usage, + int key_destroyable) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *exported = NULL; @@ -1010,25 +1011,31 @@ static int exercise_export_key(mbedtls_svc_key_id_t key, size_t exported_length = 0; int ok = 0; - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + psa_status_t status = psa_get_key_attributes(key, &attributes); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + psa_reset_key_attributes(&attributes); + return 1; + } + PSA_ASSERT(status); exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); TEST_CALLOC(exported, exported_size); - if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && - !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { - TEST_EQUAL(psa_export_key(key, exported, - exported_size, &exported_length), - PSA_ERROR_NOT_PERMITTED); + status = psa_export_key(key, exported, exported_size, &exported_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + ok = 1; + goto exit; + } else if ((usage & PSA_KEY_USAGE_EXPORT) == 0 && + !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) { + TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); ok = 1; goto exit; } - - PSA_ASSERT(psa_export_key(key, - exported, exported_size, - &exported_length)); + PSA_ASSERT(status); ok = mbedtls_test_psa_exported_key_sanity_check( psa_get_key_type(&attributes), psa_get_key_bits(&attributes), exported, exported_length); @@ -1044,7 +1051,8 @@ static int exercise_export_key(mbedtls_svc_key_id_t key, return ok; } -static int exercise_export_public_key(mbedtls_svc_key_id_t key) +static int exercise_export_public_key(mbedtls_svc_key_id_t key, + int key_destroyable) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t public_type; @@ -1053,16 +1061,27 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) size_t exported_length = 0; int ok = 0; - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + psa_status_t status = psa_get_key_attributes(key, &attributes); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + psa_reset_key_attributes(&attributes); + return 1; + } + PSA_ASSERT(status); if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) { exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type(&attributes), psa_get_key_bits(&attributes)); TEST_CALLOC(exported, exported_size); - TEST_EQUAL(psa_export_public_key(key, exported, - exported_size, &exported_length), - PSA_ERROR_INVALID_ARGUMENT); + status = psa_export_public_key(key, exported, + exported_size, &exported_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + ok = 1; + goto exit; + } + TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); ok = 1; goto exit; } @@ -1073,9 +1092,14 @@ static int exercise_export_public_key(mbedtls_svc_key_id_t key) psa_get_key_bits(&attributes)); TEST_CALLOC(exported, exported_size); - PSA_ASSERT(psa_export_public_key(key, - exported, exported_size, - &exported_length)); + status = psa_export_public_key(key, exported, + exported_size, &exported_length); + if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) { + /* The key has been destroyed. */ + ok = 1; + goto exit; + } + PSA_ASSERT(status); ok = mbedtls_test_psa_exported_key_sanity_check( public_type, psa_get_key_bits(&attributes), exported, exported_length); From bfdaaf75ed5e7f40f45990280f388f743220e142 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 23 Feb 2024 17:51:47 +0000 Subject: [PATCH 548/553] Add ALPN information in session tickets Signed-off-by: Waleed Elmelegy --- src/test_helpers/ssl_helpers.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 56e03f1090..89c1bbf522 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1793,7 +1793,14 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_EARLY_DATA) session->max_early_data_size = 0x87654321; -#endif +#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) + session->alpn = mbedtls_calloc(strlen("ALPNExample")+1, sizeof(char)); + if (session->alpn == NULL) { + return -1; + } + strcpy(session->alpn, "ALPNExample"); +#endif /* MBEDTLS_SSL_ALPN && MBEDTLS_SSL_SRV_C */ +#endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { From f4bd241ab33bff936dff67f514b4844342fd162c Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 6 Mar 2024 19:09:41 +0000 Subject: [PATCH 549/553] Add mbedtls_ssl_session_set_alpn() function Signed-off-by: Waleed Elmelegy --- src/test_helpers/ssl_helpers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 89c1bbf522..9c1676fc63 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1794,11 +1794,11 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_EARLY_DATA) session->max_early_data_size = 0x87654321; #if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - session->alpn = mbedtls_calloc(strlen("ALPNExample")+1, sizeof(char)); - if (session->alpn == NULL) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + ret = mbedtls_ssl_session_set_alpn(session, "ALPNExample"); + if (ret != 0) { return -1; } - strcpy(session->alpn, "ALPNExample"); #endif /* MBEDTLS_SSL_ALPN && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_EARLY_DATA */ From e98de40b968a02d079ef9db963822f558aef75fd Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 12 Mar 2024 16:25:08 +0000 Subject: [PATCH 550/553] Add code improvments and refactoring in dealing with ALPN Signed-off-by: Waleed Elmelegy --- src/test_helpers/ssl_helpers.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 9c1676fc63..963938f1f8 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -1794,8 +1794,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_EARLY_DATA) session->max_early_data_size = 0x87654321; #if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ssl_session_set_alpn(session, "ALPNExample"); + int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); if (ret != 0) { return -1; } From 8302c74c4fe5132a3c4e9e12608762a9b9c3ab9c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 14 Mar 2024 17:50:39 +0000 Subject: [PATCH 551/553] Add missing PSA_ASSERT in mbedtls_test_psa_raw_key_agreement_with_self Signed-off-by: Ryan Everett --- src/psa_exercise_key.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/psa_exercise_key.c b/src/psa_exercise_key.c index 5aed683ebc..937bd45d22 100644 --- a/src/psa_exercise_key.c +++ b/src/psa_exercise_key.c @@ -715,6 +715,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( status = PSA_SUCCESS; goto exit; } + PSA_ASSERT(status); status = psa_raw_key_agreement(alg, key, public_key, public_key_length, From e519cc6807a8f3eac202018c0d22899ef686b075 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 14 Mar 2024 17:51:09 +0000 Subject: [PATCH 552/553] Document unsupported concurrency scenario in psa_exercise_key Signed-off-by: Ryan Everett --- include/test/psa_exercise_key.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/test/psa_exercise_key.h b/include/test/psa_exercise_key.h index f656b95f88..f6be3073ac 100644 --- a/include/test/psa_exercise_key.h +++ b/include/test/psa_exercise_key.h @@ -223,6 +223,14 @@ int mbedtls_test_psa_exported_key_sanity_check( * to 1, while another thread calls psa_destroy_key on the same key; * this will test whether destroying the key in use leads to any corruption. * + * There cannot be a set of concurrent calls: + * `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique + * persistent key not loaded into any key slot, and i is greater than the + * number of free key slots. + * This is because such scenarios can lead to unsupported + * `PSA_ERROR_INSUFFICIENT_MEMORY` return codes. + * + * * \param key The key to exercise. It should be capable of performing * \p alg. * \param usage The usage flags to assume. From 84523d72c999168133bde79e972598f69b701ca2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 14 Mar 2024 01:48:40 +0000 Subject: [PATCH 553/553] Add ALPN checking when accepting early data Signed-off-by: Waleed Elmelegy --- include/test/ssl_helpers.h | 7 +++++++ src/test_helpers/ssl_helpers.c | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/include/test/ssl_helpers.h b/include/test/ssl_helpers.h index 335386be1c..77f85c4966 100644 --- a/include/test/ssl_helpers.h +++ b/include/test/ssl_helpers.h @@ -78,6 +78,10 @@ enum { #undef MBEDTLS_SSL_TLS1_3_LABEL }; +#if defined(MBEDTLS_SSL_ALPN) +#define MBEDTLS_TEST_MAX_ALPN_LIST_SIZE 10 +#endif + typedef struct mbedtls_test_ssl_log_pattern { const char *pattern; size_t counter; @@ -118,6 +122,9 @@ typedef struct mbedtls_test_handshake_test_options { #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif +#if defined(MBEDTLS_SSL_ALPN) + const char *alpn_list[MBEDTLS_TEST_MAX_ALPN_LIST_SIZE]; +#endif } mbedtls_test_handshake_test_options; /* diff --git a/src/test_helpers/ssl_helpers.c b/src/test_helpers/ssl_helpers.c index 963938f1f8..55201c0b78 100644 --- a/src/test_helpers/ssl_helpers.c +++ b/src/test_helpers/ssl_helpers.c @@ -833,6 +833,12 @@ int mbedtls_test_ssl_endpoint_init( options->max_early_data_size); } #endif +#if defined(MBEDTLS_SSL_ALPN) + /* check that alpn_list contains at least one valid entry */ + if (options->alpn_list[0] != NULL) { + mbedtls_ssl_conf_alpn_protocols(&(ep->conf), options->alpn_list); + } +#endif #endif #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C)