Unify PSA & non-PSA Verify ext RSA #5 test, and handle different return in pk_rsa_verify_ext_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 6c4f9e4..13e14d4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -487,6 +487,7 @@
mbedtls_pk_rsassa_pss_options pss_opts;
void *options;
size_t hash_len;
+ int ret;
USE_PSA_INIT( );
mbedtls_pk_init( &pk );
@@ -526,9 +527,23 @@
pss_opts.expected_salt_len = salt_len;
}
- TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
- digest, hash_result, hash_len,
- result_str->x, sig_len ) == result );
+ ret = mbedtls_pk_verify_ext( pk_type, options, &pk,
+ digest, hash_result, hash_len,
+ result_str->x, sig_len );
+
+ /* Mbed TLS distinguishes "invalid padding" from "valid padding but
+ * the rest of the signature is invalid". This has little use in
+ * practice and PSA doesn't report this distinction.
+ * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated
+ * to MBEDTLS_ERR_RSA_VERIFY_FAILED
+ */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( result == MBEDTLS_ERR_RSA_INVALID_PADDING &&
+ ret == MBEDTLS_ERR_RSA_VERIFY_FAILED )
+ TEST_EQUAL( ret, MBEDTLS_ERR_RSA_VERIFY_FAILED);
+ else
+#endif
+ TEST_EQUAL( ret, result );
exit:
mbedtls_pk_free( &pk );