Skipping DTLS 1.2 with old versions was already done, but now properly
test support only once and use the results.
Note that historically, this script's policy was that it's the user's
job to find the right value of -e (EXCLUDE) for their version for
OpenSSL & config. Now it's a weird mix of that and the script doing some
detection and skipping.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We use logical '&&' everywhere, let's be consistent.
(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Use mbedtls_test_key_consistency_psa_pk() to verify that the
generated PK contexts match with the original PSA keys instead
of doing sign/verify and encrypt/decrypt.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
so it was not executed in that component.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The behavior of the functions is kept intact. Changes concern:
- generate the initial PK context using PSA parameters only; this
allows to remove 1 input parameter for the test function.
- add/fix comments.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Try to perform verify_ext() using the opaque context when the
key type is MBEDTLS_PK_RSASSA_PSS. This currently leads to a
crash while running the test suite and this will be fixed by
the next commit.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
