-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Driver dispatch for PSA asymmetric encryption + RSA tests #5292
Conversation
ce99bd8
to
089f9f3
Compare
In this PR I also see the problem with windows build (but different than #5139 (comment)):
|
I couldn't find test vectors for all functions/algorithms:
|
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
…encrypt Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
…decrypt Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Tested key types: PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Tested algs: PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
* Remove expected_output_data: since asymmetric encryption is randomized, it can't be useful. * The decryption check needs the private exponent, not the public exponent. * Use PSA macro for the expected ciphertext buffer size. * Move RSA sanity checks to their own function for clarity. * For RSAES-PKCS1-v1_5, check that the result of the private key operation has the form 0x00 0x02 ... 0x00 M where M is the plaintext. * For OAEP, check that the result of the private key operation starts with 0x00. The rest is the result of masking which it would be possible to check here, but not worth the trouble of implementing. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
|
psa_status_t forced_status_encrypt = forced_status_encrypt_arg; | ||
psa_status_t expected_status_encrypt = expected_status_encrypt_arg; | ||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; | ||
(void)expected_output_data; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space missing
mbedtls_mpi_init( &X ); | ||
#endif /* MBEDTLS_BIGNUM_C */ | ||
|
||
int ok = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe ret
instead of ok
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We use the convention ret
for (0 = success, MBEDTLS_ERR_xxx
= error, sometimes >0 = output size). For boolean return values (1 = success, 0 = failure), we use a different variable name. In the test suites it's typically ok
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really minor changes suggested, but not required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing those last changes. Looks good to me!
Please backport the improvements related to testing with signature to 2.28. I'm going to merge this pull request without waiting for a backport to avoid bitrot.
Description
Resolves #5250. Resolves #5249.
Driver dispatch for PSA asymmetric encryption.
Status
READY
Requires Backporting
Yes 2.x?
Migrations
NO
Todos
psa_asymmetric_decrypt