The #ifdef guard in the get_builtin_key() should be
PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for
multiple drivers to be plugged into the wrapper.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Use mbedtls_test_key_consistency_psa_pk() to verify that the
generated PK contexts match with the original PSA keys instead
of doing sign/verify and encrypt/decrypt.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
so it was not executed in that component.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The behavior of the functions is kept intact. Changes concern:
- generate the initial PK context using PSA parameters only; this
allows to remove 1 input parameter for the test function.
- add/fix comments.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Try to perform verify_ext() using the opaque context when the
key type is MBEDTLS_PK_RSASSA_PSS. This currently leads to a
crash while running the test suite and this will be fixed by
the next commit.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add a note that validation of validation was implemented in metatest.c
and explain briefly what that program is for.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The configuration of memory poisoning is now performed via
compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update
the design to take account of this.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since this is just an example, remove specific-sounding references to
mbedtls_psa_core_poison_memory() and replace with more abstract and
generic-sounding memory_poison_hook() and memory_unpoison_hook().
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The actual functions were called mbedtls_test_memory_poison()
and mbedtls_test_memory_unpoison(). Update the design section to
reflect this.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
We were successful in adding transparent memory-poisoning testing, so
simplify to the real design decision we made.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
