Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
USE_PSA_DONE() already checks that there are no used key slots.
The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Otherwise the error status can be PSA_ERROR_INVALID_SIGNATURE instead of the
expected PSA_ERROR_NOT_SUPPORTED in some configurations. For example, the
RSA verification code currently checks the signature size first whenever
PSA_KEY_TYPE_RSA_PUBLIC_KEY is enabled, and only gets into
algorithm-specific code if this passes, so it returns INVALID_SIGNATURE even
if the specific algorithm is not supported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They're redundant with the automatically generated test cases, but it's
useful to have them when debugging issues with the test code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit adds tests data for the encrypt setup function
to cover the case where there is insufficent memory when
trying to undertake the operation.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit adds test data needed to test the case where driver
does not support selected algorithm but the library does.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit adds a test called aead_encrypt_setup()
which tests that the relevant drivers get called the correct
amount of times when running the multipart AEAD encrypt
setup API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>