exercise_key: signature: detect function/algorithm incompatibility
Don't try to use {sign,verify}_message on algorithms that only support
{sign_verify}_hash. Normally exercise_key() tries all usage that is
supported by policy, however PSA_KEY_USAGE_{SIGN,VERIFY}_MESSAGE is implied
by PSA_KEY_USAGE_{SIGN,VERIFY}_HASH so it's impossible for the test data to
omit the _MESSAGE policies with hash-only algorithms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
7acb1980ee
commit
d586b82e12
1 changed files with 12 additions and 1 deletions
|
|
@ -293,6 +293,17 @@ exit:
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int can_sign_or_verify_message( psa_key_usage_t usage,
|
||||||
|
psa_algorithm_t alg )
|
||||||
|
{
|
||||||
|
/* Sign-the-unspecified-hash algorithms can only be used with
|
||||||
|
* {sign,verify}_hash, not with {sign,verify}_message. */
|
||||||
|
if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
|
||||||
|
return( 0 );
|
||||||
|
return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE |
|
||||||
|
PSA_KEY_USAGE_VERIFY_MESSAGE ) );
|
||||||
|
}
|
||||||
|
|
||||||
static int exercise_signature_key( mbedtls_svc_key_id_t key,
|
static int exercise_signature_key( mbedtls_svc_key_id_t key,
|
||||||
psa_key_usage_t usage,
|
psa_key_usage_t usage,
|
||||||
psa_algorithm_t alg )
|
psa_algorithm_t alg )
|
||||||
|
|
@ -343,7 +354,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ) )
|
if( can_sign_or_verify_message( usage, alg ) )
|
||||||
{
|
{
|
||||||
unsigned char message[256] = "Hello, world...";
|
unsigned char message[256] = "Hello, world...";
|
||||||
unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
|
unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue