PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes#6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.
This serves as a non-regression test for #6408 and #6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes#6408.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test functions must now take a char* argument rather than data_t*. This does
not affect existing test data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use mbedtls_test_read_mpi_core() to read the test data. Among other
benefits, X and Y are now allocated to their exact size, so analyzers (Asan,
Valgrind, Coverity, ...) have a chance of complaining if the tested function
overflows the buffer.
Remove TEST_CF_PUBLIC calls which are no longer necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.
In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This comment (which used to be attached to the implementation, and should
not have been moved to the header file) is incorrect: the library function
mbedtls_mpi_read_string preserves leading zeros as desired, but does not
create a zero-limb object for an empty string.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
