We were testing the internal consistency of the resulting key, and that the
resulting key had the right metadata, but we were not testing that the PSA
key had the expected key material. Comparing the public keys fixes that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This fixes the ability to exercise keys in configurations where MD5 is
supported for direct use, but not inside some accelerated algorithms. This
is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and
some other accelerated-ECC components of `all.sh`, where the driver is built
without MD5 support but built-in MD5 remains enabled.
This is only a hack, not a theoretically correct fix, but a correct fix is
out of scope of my current work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:
```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```
This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.
Fix#7290
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.
Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was already code to instantiate the wildcard for sign/verify-hash.
Make that work with sign/verify-message as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.
Note = trying to impose a strict sizing on the raw buffer causes
several failures in test suites. This suggests that it is
quite common to use larger buffer to store raw signatures.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Use PSA_VENDOR_ECC_MAX_CURVE_BITS instead of a specific curve since
what we care about is only bit-size not the curve itself.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These values are not mathematically valid as signature, but as
for what it concerns with ECDSA conversion functions, 0 values
in DER format should be translated to 0 values in raw format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
