From 6e6967f6a0faa8bb3c7a4688c7222cdd9363d589 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 22 Apr 2022 11:32:18 +0200 Subject: [PATCH] Reorganize PSA INVALID_PADDING handling for test #5 in pk_rsa_verify_ext_test_vec() Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.function | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 13e14d49a3..1ba305561c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -531,19 +531,25 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, digest, hash_result, hash_len, result_str->x, sig_len ); - /* Mbed TLS distinguishes "invalid padding" from "valid padding but - * the rest of the signature is invalid". This has little use in - * practice and PSA doesn't report this distinction. - * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated - * to MBEDTLS_ERR_RSA_VERIFY_FAILED - */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( result == MBEDTLS_ERR_RSA_INVALID_PADDING && - ret == MBEDTLS_ERR_RSA_VERIFY_FAILED ) - TEST_EQUAL( ret, MBEDTLS_ERR_RSA_VERIFY_FAILED); + if( result == MBEDTLS_ERR_RSA_INVALID_PADDING ) + { + /* mbedtls_pk_verify_ext() may return MBEDTLS_ERR_RSA_INVALID_PADDING + * error depending on which path was taken. + * If the PSA path is used, it won't because Mbed TLS + * distinguishes "invalid padding" from "valid padding but + * the rest of the signature is invalid". This has little use in + * practice and PSA doesn't report this distinction. + * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated + * to MBEDTLS_ERR_RSA_VERIFY_FAILED + */ + TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED ); + } else #endif - TEST_EQUAL( ret, result ); + { + TEST_EQUAL( ret, result ); + } exit: mbedtls_pk_free( &pk );