Attempting to create a key with an invalid location or with read-only
persistence must be rejected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Hash and sign algorithms require the alignment of the input length with
the hash length at verification as well not just when signing.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The psa_verify_hash() is the pre-hashed version of the API and supposed
to work on hashes generated by the user. There were tests passing that
were getting "hashes" of sizes different from the expected.
Transform these into properly failing tests.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Tests for psa_mac_compute and psa_mac_verify functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reverting some deleted tests and changing the deprecated algo
Deleting deprecated headers from /alt-dummy dir
Corrections to the comments
Removal of deleted functions from compat-2.x.h
Corrections to tests/data_files/Makefile
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
The default curve is now Curve25519, which doesn't support restartable ECC.
So run the restartable ECC tests with a curve that does support it. Use
secp256r1 which is required for these tests anyway for the server's
certificate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was already a test case for 0 but with a non-empty representation
(X->n == 1). Add a test case with X->n == 0 (freshly initialized mpi).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
in file tests/suite/test_suite_aes.function, aes_crypt_xts_size()
did not free the context upon the function exit.
The function now frees the context on exit.
Fixes#4176
Signed-off-by: JoeSubbiani <Joe.Subbiani@arm.com>
It was used to remove the code used when mbedtls_ecp_mul() received a
NULL RNG parameter. This code is no longer relevant (as the RNG may no
longer be NULL) and will be unconditionally removed in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- mbedtls_ecp_check_pub_priv() because it calls ecp_mul()
- mbedtls_pk_check_pair() because it calls the former
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Fix trivial faulty calls in ECP test suite and ECP/ECJPAKE self-tests (by
adding a dummy RNG).
Several tests suites are not passing yet, as a couple of library
function do call ecp_mul() with a NULL RNG. The complexity of the fixes
range from "simple refactoring" to "requires API changes", so these will
be addressed in separate commits.
This makes the option MBEDTLS_ECP_NO_INTERNAL_RNG, as well as the whole
"internal RNG" code, obsolete. This will be addressed in a future
commit, after getting the test suites to pass again.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Commit removes tests from ssl-opt.sh
that were specific to
MBEDTLS_SSL_TRUNCATED_HMAC extention.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
