* Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal()
* Recreate psa_aead_set_nonce() as a wrapper that copies buffers before
calling the internal function.
This is because psa_aead_set_nonce() is currently called by
psa_aead_generate_nonce(). Refactoring this to call the static internal
function avoids an extra set of buffer copies as well as simplifying
future memory poisoning testing.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Resize buffer used to hold the nonce to twice the maximum nonce size.
Some test cases were requesting more than the maximum nonce size
without actually having backing space. This caused a buffer overflow
when PSA buffer-copying code was added.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Note that this is not strictly necessary as this function only copies to
the output buffer at the end. However, it simplifies testing for the
time being.
Future optimisation work could consider removing this copying.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.
Note = trying to impose a strict sizing on the raw buffer causes
several failures in test suites. This suggests that it is
quite common to use larger buffer to store raw signatures.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Remove the keyLength parameter from the AES-256 tests.
Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Add three package config files for mbedtls, mbedcrypto and mbedx509.
Also update various project variables so the generated PC files have the
required data needed without hardcoding it everywhere.
This will help distros package the project following existing
conventsions between a normal and -devel package that includes the
headers and .pc files for pkg-config aware consumers.
Fixes: #228
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
Use PSA_VENDOR_ECC_MAX_CURVE_BITS instead of a specific curve since
what we care about is only bit-size not the curve itself.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These values are not mathematically valid as signature, but as
for what it concerns with ECDSA conversion functions, 0 values
in DER format should be translated to 0 values in raw format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This function is called externally from several tests, so still requires
a mutex lock. Add an internal function to reset the step, for use in
functions where the mutex is already held.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
