All current usages have this parameter set to 0 (this means the tests are unchanged).
Remove the GENERIC_ERROR return behaviour, in favour of returning the actual status.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
All current usages have this parameter set to 0 (meaning the behaviour
of these tests hasn't changed). We also now return the actual error code, not GENERIC_ERROR
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
All current usages have this parameter set to 0 (in this case the behaviour of
the test is unchanged)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If the key has been destroyed (and the new parameter is 1), we test that
psa_cipher_abort succeeds in this scenario.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If the key has been destroyed (and the new parameter is 1) then we test that
psa_mac_abort succeeds in this scenario.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This will allow us to use this smoke test to ensure that key slot content reads are
only performed when we are registered to read a full slot. We will destroy the key
on another thread while the key is being exercised, and fail the test if an unexpected
error code is hit. Future commits will incrementally implement this new parameter.
All current usages of this function have this parameter set to 0, in which case
the new behaviour must be the same as the old behaviour
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was already code to instantiate the wildcard for sign/verify-hash.
Make that work with sign/verify-message as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Don't try to use {sign,verify}_message on algorithms that only support
{sign_verify}_hash. Normally exercise_key() tries all usage that is
supported by policy, however PSA_KEY_USAGE_{SIGN,VERIFY}_MESSAGE is implied
by PSA_KEY_USAGE_{SIGN,VERIFY}_HASH so it's impossible for the test data to
omit the _MESSAGE policies with hash-only algorithms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't re-code the logic to determine a valid nonce length.
This fixes exercise_key() for PSA_ALG_CHACHA20_POLY1305, which was trying to
use a 16-byte nonce.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>