* Remove expected_output_data: since asymmetric encryption is randomized,
it can't be useful.
* The decryption check needs the private exponent, not the public exponent.
* Use PSA macro for the expected ciphertext buffer size.
* Move RSA sanity checks to their own function for clarity.
* For RSAES-PKCS1-v1_5, check that the result of the private key operation
has the form 0x00 0x02 ... 0x00 M where M is the plaintext.
* For OAEP, check that the result of the private key operation starts with
0x00. The rest is the result of masking which it would be possible to
check here, but not worth the trouble of implementing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes#2227.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.
Signed-off-by: Daniel Axtens <dja@axtens.net>
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Make it safe to import the config multiple times without having
multiple definition errors.
(This prevents errors in the fuzzers in a later patch.)
Signed-off-by: Daniel Axtens <dja@axtens.net>
The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.
Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
The pk_rsa_encrypt_test_vec() reference vector is calculated while using
mbedtls_test_rnd_pseudo_rand rng source, but since the RNG souce can't
be controlled when USE_PSA_CRYPTO is enabled we can't get the same
result.
The pk_rsa_encrypt_test_vec() fails when switching to mbedtls_test_rnd_std_rand
as rng source.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This has been the case when building with make since
d3d8a64dfa7c1b006c854b45f47e10261cf0019a. Be consistent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
