The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Update the mbedtls_test_psa_exercise_key to handle and use
PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies.
Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE
policies.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Use common funtion for psa_sign_hash and psa_sign_message and one for
psa_verify_hash and psa_verify_message to unify them.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
The reference output data was created with cryptodome for RSA algorithms and
python-ecdsa for ECDSA algorithms.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
The reference session cache implementation may end up storing multiple
sessions associated to the same session ID if the set()-call for the
second session finds an outdated cache entry prior to noticing the entry
with the matching session ID. While this logically overwrites the existing
entry since we always search the cache in order, this is at least a waste
of resources.
This commit fixes this by always checking first whether the given ID is
already present in the cache.
It also restructures the code for easier readability.
Fixes#4509.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove a kludge to avoid a warning in GCC 11 when calling
mbedtls_sha512_finish_ret with a 48-byte output buffer. This is correct
since we're calculating SHA-384. When mbedtls_sha512_finish_ret's output
parameter was declared as a 64-byte array, GCC 11 -Wstringop-overflow
emitted a well-meaning, but inaccurate buffer overflow warning, which we
tried to work around (successfully with beta releases but unsuccessfully
with GCC 11.1.0 as released). Now that the output parameter is declared as a
pointer, no workaround is necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt
and also modify and remove relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.
Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removed a conditional compilation block
relating to MBEDTLS_PKCS1_V15 in
rsa_pkcs1_verify_raw function that was no
longer relevant.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
