diff options
author | Gilles Peskine <Gilles.Peskine@arm.com> | 2022-03-19 11:15:41 +0100 |
---|---|---|
committer | Gilles Peskine <Gilles.Peskine@arm.com> | 2022-04-15 11:10:14 +0200 |
commit | d586b82e127843dbf5e269c1e57255daab723150 (patch) | |
tree | 8f31067e12cbf6fbd27ba5ff1cc321f8362942b3 /tests/src | |
parent | 7acb1980eea8f3d2e780a866004b1bc53d402ed2 (diff) | |
download | mbedtls-d586b82e127843dbf5e269c1e57255daab723150.zip mbedtls-d586b82e127843dbf5e269c1e57255daab723150.tar.gz mbedtls-d586b82e127843dbf5e269c1e57255daab723150.tar.bz2 |
exercise_key: signature: detect function/algorithm incompatibility
Don't try to use {sign,verify}_message on algorithms that only support
{sign_verify}_hash. Normally exercise_key() tries all usage that is
supported by policy, however PSA_KEY_USAGE_{SIGN,VERIFY}_MESSAGE is implied
by PSA_KEY_USAGE_{SIGN,VERIFY}_HASH so it's impossible for the test data to
omit the _MESSAGE policies with hash-only algorithms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Diffstat (limited to 'tests/src')
-rw-r--r-- | tests/src/psa_exercise_key.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 8a2207c..db3651d 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -293,6 +293,17 @@ exit: return( 0 ); } +static int can_sign_or_verify_message( psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + /* Sign-the-unspecified-hash algorithms can only be used with + * {sign,verify}_hash, not with {sign,verify}_message. */ + if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) + return( 0 ); + return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_VERIFY_MESSAGE ) ); +} + static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) @@ -343,7 +354,7 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, } } - if( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ) ) + if( can_sign_or_verify_message( usage, alg ) ) { unsigned char message[256] = "Hello, world..."; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; |