Gilles Peskine
Gilles Peskine
Backport of minor bug fixes in tests from https://github.com/Mbed-TLS/mbedtls/pull/8807. Priority: high even though the bugs are not high-priority, because this is a backport of a high-priority PR. ## PR checklist...
The new API function `psa_generate_key_ext` ([API request](https://github.com/ARM-software/psa-api/issues/167), [initial implementation](https://github.com/Mbed-TLS/mbedtls/pull/8815)) does not have a corresponding driver entry point. The goal of this task is to specify, implement and test a `generate_key_ext`...
We should do pair consistency testing on `mbedtls_pk_import_into_psa`, i.e. ensure that the imported key has the expected material. For key pairs, since we also have a pk object, we can...
`mbedtls_ecp_write_key` takes a buffer and size as arguments and fills the whole buffer, padding the key with zeros. Depending on whether the key is on a Weierstrass curve or a...
Domain parameters are an experimental feature which is: * Implemented only for RSA keys, in the following ways: * On key creation (import or generate), set the public exponent (without...
It seems that GCC is pretty bad at optimizing our SHA3 code: it's between 2× and 3× slower than Clang. Here's `programs/test/benchmark sha3_256` built with `gcc-11 -O3` on my Linux/x86_64...
In the default configuration, if you have an `mbedtls_pk_context` of type `MBEDTLS_PK_RSA`, and the underlying RSA context has its padding mode set to `MBEDTLS_RSA_PKCS_V21`, then the functions `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`...
* Test gap: PBKDF2 is missing from `test_suite_psa_crypto_metadata.data`. * This may cause additional test gaps because we use `test_suite_psa_crypto_metadata.data` as one of the ways to detect available mechanisms for systematically...
Extend `mbedtls_pk_setup_opaque` to provide support for `MBEDTLS_PK_OPAQUE` whenever PSA crypto API functions are available, i.e. whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, regardless of the status of `MBEDTLS_USE_PSA_CRYPTO`. For testing, we assume `MBEDTLS_PSA_CRYPTO_C`,...
Add test code for `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_import_into_psa` that validates the handling of lifetime and key identifier attributes. This needs to be tested both for `MBEDTLS_PK_OPAQUE` and for non-opaque cases, since...