From b8d5649ab69d2f03e223a8277e0ceb28e56576f0 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 28 Apr 2025 10:14:18 +0200
Subject: [PATCH] tests: test_suite_x509: adapt RSA-PSS tests

Parsing of CRT files with message's hash alg different from the MGF1 was
allowed in the past, but now it fails. So we need to move/adapt tests
relying on this feature, from a "verify" scope to a "parse" one.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_x509parse.data | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 538368ac74..bbdd9f90db 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -903,10 +903,6 @@ X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO
 x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
 
-X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1
-x509_verify:"../framework/data_files/server9-bad-mgfhash.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
-
 X509 CRT verification #70 (v1 trusted CA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1
 x509_verify:"../framework/data_files/server1-v1.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL"
@@ -3151,6 +3147,10 @@ X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's paramet
 depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
 x509parse_crt_file:"../framework/data_files/parse_input/server5.crt":0
 
+X509 File parse (RSASSA-PSS, MGF1 hash alg != message hash alg)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1
+x509parse_crt_file:"../framework/data_files/server9-bad-mgfhash.crt":MBEDTLS_ERR_X509_INVALID_ALG
+
 X509 File parse & read the ca_istrue field (Not Set)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1
 mbedtls_x509_get_ca_istrue:"../framework/data_files/parse_input/server1.crt":0