ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.
In this commit:
* Add manually written not-supported test cases for the signature
operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
(https://github.com/Mbed-TLS/mbedtls/issues/9592).
A commit in the framework will take care of automatically generated test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Allow imports of an ECC public key on an unsupported curve to return
INVALID_ARGUMENT rather than NOT_SUPPORTED. This can happen in our library
code in edge cases when only certain curve families are supported, and it's
acceptable.
The new code does not trigger yet, but it will be useful for a future commit
"Do run not-supported test cases on not-implemented mechanisms"
(forward port of 995d7d4c15).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
To start with, test that key creation fails as intended when the key
type is not supported. This commit only covers psa_import_key and
psa_generate_key. A follow-up will cover psa_key_derivation_output_key.
My primary intent in creating this new test suite is to automatically
generate test cases by enumerating the key types and algorithms that
the library supports. But this commit only adds a few manually written
test cases, to get the ball rolling.
Move the relevant test cases of test_suite_psa_crypto.data that only
depend on generic knowledge about the API. Keep test cases that depend
more closely on the implementation, such as tests of non-supported key
sizes, in test_suite_psa_crypto.data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
