"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295
Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When generated by exp_mod, RR has enough limbs to be passed as a
parameter to core functions. If it is received from the caller, it might
be of any length.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Assigning the return value of a function that returns a struct with a
flexible array member does not fill the flexible array member, which leaves
a gap in the initialization that could be surprising to programmers. Also,
this is a borderline case in ABI design which could cause interoperability
problems. So remove this function.
This gets rid of an annoying note from GCC about ABI compatibility on
(at least) x86_64.
```
In file included from include/psa/crypto.h:4820,
from <stdin>:1:
include/psa/crypto_struct.h: In function ‘psa_key_generation_method_init’:
include/psa/crypto_struct.h:244:1: note: the ABI of passing struct with a flexible array member has changed in GCC 4.4
244 | {
| ^
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of
MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors.
This commit also fix related failures in test pkparse and
pem test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Document and test the current behavior, even if it is weird:
* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
We were testing the internal consistency of the resulting key, and that the
resulting key had the right metadata, but we were not testing that the PSA
key had the expected key material. Comparing the public keys fixes that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In TLS 1.3 early data tests, to reduce the risk
of not updating a switch over possible scenarios
when adding a new scenario, add systematically a
default case that fails the test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Although this again should only happen post all threads stopping, guard
this just in case things change.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Although this can only be read in a situation where threads should have
already stopped, best to fix this as its public.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Rename internal test info data accessors by adding _internal to mark
them as obviously internal. Add to the intial comment block to further
explain the mutex locking policy.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Custom-e RSA key generation is not yet supported in the test driver, and we
don't support fallback from the test driver to the built-in
implementation (even though we're testing with MBEDTLS_RSA_C). So for the
time being, only run psa_generate_key_ext test cases for RSA with a custom
public exponent when using the built-in implementation.
Add a test case to validate that psa_generate_key_ext test cases for RSA
with a custom public exponent returns NOT_SUPPORTED (rather than silently
doing the wrong thing) when not using built-in RSA (which is subtly
different from when having accelerated RSA: if both are enabled, which we
currently don't do in all.sh, then this should be supported and this is
validated by the test cases above).
This wart will be resolved when we add support for drivers with a
generate_key_ext entry point.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
