Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If the output buffer is NULL, it either:
* Does not need wiping because it is zero-length.
* Has failed allocation of a copy.
* Has not yet been written to as a copy hasn't been allocated.
In any of these circumstances, we should not try to write the buffer,
so perform a NULL check before wiping it.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add buffer protection to:
* psa_sign_hash_start(), which takes an input buffer for the hash.
* psa_sign_hash_complete(), which takes an output buffer for the
calculated signature.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- removed redundant info from data file (i.e. informations that
can be extrapolated somehow)
- removed unecessary parameters in functions
- added some extra check on the generated PK contexts
- etc...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This bugfix was due in PR #8826, but we didn't catch that.
This commit also add proper testing in test_suite_pk that was not implemented
in #8826.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.
This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Use of volatile is more an internal implementation detail (ensuring
const-time) than part of the contract (the caller doesn't care about
volatile as such).
Signed-off-by: Janos Follath <janos.follath@arm.com>
We need the pointer, A, to be volatile, to ensure the reads happen. bits
does not need to be volatile.
Signed-off-by: Janos Follath <janos.follath@arm.com>
- These functions are used both in pkparse.c for key parsing
as well as pk.c for managing copy_from_psa(). As as consequence
they should belong to pk.c, but that would make that module
messier, so that's why a new separate module is added.
- Their guard can be changed from PKPARSE_C to PK_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
