Assigning the return value of a function that returns a struct with a
flexible array member does not fill the flexible array member, which leaves
a gap in the initialization that could be surprising to programmers. Also,
this is a borderline case in ABI design which could cause interoperability
problems. So remove this function.
This gets rid of an annoying note from GCC about ABI compatibility on
(at least) x86_64.
```
In file included from include/psa/crypto.h:4820,
from <stdin>:1:
include/psa/crypto_struct.h: In function ‘psa_key_generation_method_init’:
include/psa/crypto_struct.h:244:1: note: the ABI of passing struct with a flexible array member has changed in GCC 4.4
244 | {
| ^
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of
MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors.
This commit also fix related failures in test pkparse and
pem test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Document and test the current behavior, even if it is weird:
* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Removing E_core and returning early achieves the same and is simpler
(easier to read and maintain).
Signed-off-by: Janos Follath <janos.follath@arm.com>
memcpy() has the advantage of making the reader stop and arguably signal
that the shallow copy here is intentional. But that hinges on having the
right amount of & and the right size. An assignment is clearer and less
risky.
Signed-off-by: Janos Follath <janos.follath@arm.com>
- We have moved to fixed window exponentiation and the algorithm used is
properly documented and referenced in core already, no need for
duplication.
- A comment on mbedtls_mpi_copy states that mbedtls_mpi_exp_mod relies
on it not to shrink X. This is not the case anymore, however we
should probably still state that some functions might rely on this
property as we don't know it for sure and it is safer to keep it that
way.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Remove exception warnings about PKCS1v1.5, since now both padding
formats are treated properly no matter if USE_PSA_CRYPTO is
defined or not.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which
assumed a Weierstrass key.
This fixes the Montgomery private key parse tests in test_suite_pkparse.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were testing the internal consistency of the resulting key, and that the
resulting key had the right metadata, but we were not testing that the PSA
key had the expected key material. Comparing the public keys fixes that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In TLS 1.3 early data tests, to reduce the risk
of not updating a switch over possible scenarios
when adding a new scenario, add systematically a
default case that fails the test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Although this again should only happen post all threads stopping, guard
this just in case things change.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Although this can only be read in a situation where threads should have
already stopped, best to fix this as its public.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Rename internal test info data accessors by adding _internal to mark
them as obviously internal. Add to the intial comment block to further
explain the mutex locking policy.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
