Keep MBEDTLS_PK_WRITE_C as guard only for "debug_print_pk" but let
"mbedtls_debug_print_crt" to work also when MBEDTLS_PK_WRITE_C is disabled.
In this case the only public key won't be printed, but the rest of the
certificate will be.
This commit also updates test coverage by duplicating test cases: now there
will be one case for when MBEDTLS_PK_WRITE_C is enabled and another one
for !MBEDTLS_PK_WRITE_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In tf-psa-crypto "mbedtls_pk_write_pubkey_psa()" is only available when
MBEDTLS_PK_WRITE_C is defined. Therefore we need to add this guard also
in mbedtls to "debug_print_pk" (and indirectly to
"mbedtls_debug_print_crt") and the corresponding tests using it.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Adjust dumping format of public keys following recent updates to
mbedtls_debug_print_crt() and debug_print_pk()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This replacement is either:
- "server5-rsa-signed.crt": if a generic secp256r1 EC key is enough, i.e.
any EC key is fine as it's not secp192 since this support is being
removed from TF-PSA-Crypto.
- "server11-rsa-signed.crt": if an EC key which does not belong to "suite-b"
is required. For this case "secp256r1" wouldn't be good, so we use
a "secp256k1" key.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
After some analysis search it was determined that previous test data seem
not to belong to the "framework/data_files" certificate files. Therefore
new test data has been generated from scratch.
The improvement compared to the previous situation is that comments has
been added on top of each test in order to explain how to recreate new test
data.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The support for TLS ciphersuites without
encryption does not rely anymore on the
MBEDTLS_CIPHER_NULL_CIPHER feature of
the cipher module. Introduce a specific
config option to enable these ciphersuites
and use it instead of MBEDTLS_CIPHER_NULL_CIPHER.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Previously these tests used values that will become PSA aliases,
and so the tests will fail once they're changed.
Signed-off-by: Felix Conway <felix.conway@arm.com>
Return a const char* instead of taking a char* as an argument.
This aligns us with the interface used in TF PSA Crypto.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Previously 3 different groups were allowed, but since the removal of
secp192r1 and secp224r1 only secp256r1 was left. This commit adds
other 2 options.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.
Use a more systematic style for initializing the stack object as soon as
it's declared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The previous key was not correct so it could not be imported into PSA
for validation inside the PK module.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
