diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index fea292311..642be1a55 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -44,19 +44,6 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t; #define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT -/** Compare two handles. - * - * \param handle1 First handle. - * \param handle2 Second handle. - * - * \return Non-zero if the two handles are equal, zero otherwise. - */ -static inline int psa_key_handle_equal( psa_key_handle_t handle1, - psa_key_handle_t handle2 ) -{ - return( mbedtls_svc_key_id_equal( handle1, handle2 ) ); -} - /** Check wether an handle is null. * * \param handle Handle diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fee0d7e3..9803f9051 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -100,13 +100,13 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* - * Generate a key using PSA and return a handle to that key, + * Generate a key using PSA and return the key identifier of that key, * or 0 if the key generation failed. * The key uses NIST P-256 and is usable for signing with SHA-256. */ -psa_key_handle_t pk_psa_genkey( void ) +mbedtls_svc_key_id_t pk_psa_genkey( void ) { - psa_key_handle_t key; + mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ); @@ -133,7 +133,7 @@ exit: void pk_psa_utils( ) { mbedtls_pk_context pk, pk2; - psa_key_handle_t key; + mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const char * const name = "Opaque"; @@ -151,14 +151,14 @@ void pk_psa_utils( ) TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, PSA_KEY_HANDLE_INIT ) == + TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); mbedtls_pk_free( &pk ); mbedtls_pk_init( &pk ); key = pk_psa_genkey(); - if( psa_key_handle_is_null( key ) ) + if( mbedtls_svc_key_id_is_null( key ) ) goto exit; TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); @@ -1220,7 +1220,7 @@ void pk_psa_sign( int grpid_arg, unsigned char *pkey_legacy_start, *pkey_psa_start; size_t sig_len, klen_legacy, klen_psa; int ret; - psa_key_handle_t handle; + mbedtls_svc_key_id_t key_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg ); size_t expected_bits = expected_bits_arg; @@ -1252,10 +1252,10 @@ void pk_psa_sign( int grpid_arg, pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy; /* Turn PK context into an opaque one. */ - TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle, + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id, PSA_ALG_SHA_256 ) == 0 ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), expected_type ); TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -1280,7 +1280,7 @@ void pk_psa_sign( int grpid_arg, TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 ); mbedtls_pk_free( &pk ); - TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) ); + TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) ); mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 23d827ec4..9b113b48e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -229,7 +229,7 @@ static int construct_fake_rsa_key( unsigned char *buffer, return( len ); } -int check_key_attributes_sanity( psa_key_handle_t key ) +int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -305,31 +305,29 @@ int exercise_mac_setup( psa_key_type_t key_type, psa_mac_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, - &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); - *status = psa_mac_sign_setup( operation, handle, alg ); + *status = psa_mac_sign_setup( operation, key, alg ); /* Whether setup succeeded or failed, abort must succeed. */ PSA_ASSERT( psa_mac_abort( operation ) ); /* If setup failed, reproduce the failure, so that the caller can * test the resulting state of the operation object. */ if( *status != PSA_SUCCESS ) { - TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ), - *status ); + TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status ); } - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 1 ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 0 ); } @@ -340,35 +338,34 @@ int exercise_cipher_setup( psa_key_type_t key_type, psa_cipher_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, - &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); - *status = psa_cipher_encrypt_setup( operation, handle, alg ); + *status = psa_cipher_encrypt_setup( operation, key, alg ); /* Whether setup succeeded or failed, abort must succeed. */ PSA_ASSERT( psa_cipher_abort( operation ) ); /* If setup failed, reproduce the failure, so that the caller can * test the resulting state of the operation object. */ if( *status != PSA_SUCCESS ) { - TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ), + TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ), *status ); } - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 1 ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 0 ); } -static int exercise_mac_key( psa_key_handle_t handle, +static int exercise_mac_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -379,8 +376,7 @@ static int exercise_mac_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_SIGN_HASH ) { - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, @@ -394,8 +390,7 @@ static int exercise_mac_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), @@ -409,7 +404,7 @@ exit: return( 0 ); } -static int exercise_cipher_key( psa_key_handle_t handle, +static int exercise_cipher_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -424,8 +419,7 @@ static int exercise_cipher_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), &iv_length ) ); @@ -447,15 +441,14 @@ static int exercise_cipher_key( psa_key_handle_t handle, if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't * have this macro yet. */ iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( psa_get_key_type( &attributes ) ); maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); } - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, iv_length ) ); PSA_ASSERT( psa_cipher_update( &operation, @@ -483,7 +476,7 @@ exit: return( 0 ); } -static int exercise_aead_key( psa_key_handle_t handle, +static int exercise_aead_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -496,7 +489,7 @@ static int exercise_aead_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_aead_encrypt( handle, alg, + PSA_ASSERT( psa_aead_encrypt( key, alg, nonce, nonce_length, NULL, 0, plaintext, sizeof( plaintext ), @@ -510,7 +503,7 @@ static int exercise_aead_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_ENCRYPT ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce, nonce_length, NULL, 0, ciphertext, ciphertext_length, @@ -525,7 +518,7 @@ exit: return( 0 ); } -static int exercise_signature_key( psa_key_handle_t handle, +static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -554,7 +547,7 @@ static int exercise_signature_key( psa_key_handle_t handle, * even for algorithms that allow other input sizes. */ if( hash_alg != 0 ) payload_length = PSA_HASH_SIZE( hash_alg ); - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, payload, payload_length, signature, sizeof( signature ), &signature_length ) ); @@ -566,7 +559,7 @@ static int exercise_signature_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( handle, alg, + TEST_EQUAL( psa_verify_hash( key, alg, payload, payload_length, signature, signature_length ), verify_status ); @@ -578,7 +571,7 @@ exit: return( 0 ); } -static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, +static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -589,7 +582,7 @@ static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_asymmetric_encrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, plaintext, plaintext_length, NULL, 0, ciphertext, sizeof( ciphertext ), @@ -599,7 +592,7 @@ static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DECRYPT ) { psa_status_t status = - psa_asymmetric_decrypt( handle, alg, + psa_asymmetric_decrypt( key, alg, ciphertext, ciphertext_length, NULL, 0, plaintext, sizeof( plaintext ), @@ -617,7 +610,7 @@ exit: } static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, unsigned char* input1, size_t input1_length, unsigned char* input2, size_t input2_length, @@ -631,7 +624,7 @@ static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, input1, input1_length ) ); PSA_ASSERT( psa_key_derivation_input_key( operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( operation, PSA_KEY_DERIVATION_INPUT_INFO, input2, @@ -645,7 +638,7 @@ static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, input1, input1_length ) ); PSA_ASSERT( psa_key_derivation_input_key( operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length ) ); @@ -665,7 +658,7 @@ exit: } -static int exercise_key_derivation_key( psa_key_handle_t handle, +static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -679,7 +672,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DERIVE ) { - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1, input1_length, input2, input2_length, capacity ) ) goto exit; @@ -700,7 +693,7 @@ exit: * private key against its own public key. */ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -713,18 +706,17 @@ static psa_status_t key_agreement_with_self( psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( handle, - public_key, public_key_length, + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); status = psa_key_derivation_key_agreement( - operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, + operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, public_key, public_key_length ); exit: mbedtls_free( public_key ); @@ -735,7 +727,7 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -750,17 +742,17 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); - status = psa_raw_key_agreement( alg, handle, + status = psa_raw_key_agreement( alg, key, public_key, public_key_length, output, sizeof( output ), &output_length ); exit: @@ -769,7 +761,7 @@ exit: return( status ); } -static int exercise_raw_key_agreement_key( psa_key_handle_t handle, +static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -779,7 +771,7 @@ static int exercise_raw_key_agreement_key( psa_key_handle_t handle, { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) ); + PSA_ASSERT( raw_key_agreement_with_self( alg, key ) ); } ok = 1; @@ -787,7 +779,7 @@ exit: return( ok ); } -static int exercise_key_agreement_key( psa_key_handle_t handle, +static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -800,7 +792,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( key_agreement_with_self( &operation, handle ) ); + PSA_ASSERT( key_agreement_with_self( &operation, key ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); @@ -1011,7 +1003,7 @@ exit: return( 0 ); } -static int exercise_export_key( psa_key_handle_t handle, +static int exercise_export_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1020,12 +1012,12 @@ static int exercise_export_key( psa_key_handle_t handle, size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) { - TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ), + TEST_EQUAL( psa_export_key( key, NULL, 0, &exported_length ), PSA_ERROR_NOT_PERMITTED ); ok = 1; goto exit; @@ -1035,7 +1027,7 @@ static int exercise_export_key( psa_key_handle_t handle, psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, exported, exported_size, &exported_length ) ); ok = exported_key_sanity_check( psa_get_key_type( &attributes ), @@ -1048,7 +1040,7 @@ exit: return( ok ); } -static int exercise_export_public_key( psa_key_handle_t handle ) +static int exercise_export_public_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t public_type; @@ -1057,10 +1049,10 @@ static int exercise_export_public_key( psa_key_handle_t handle ) size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) { - TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ), + TEST_EQUAL( psa_export_public_key( key, NULL, 0, &exported_length ), PSA_ERROR_INVALID_ARGUMENT ); return( 1 ); } @@ -1071,7 +1063,7 @@ static int exercise_export_public_key( psa_key_handle_t handle ) psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); ok = exported_key_sanity_check( public_type, @@ -1103,7 +1095,7 @@ exit: * if( ! exercise_key( ... ) ) goto exit; * ``` * - * \param handle The key to exercise. It should be capable of performing + * \param key The key to exercise. It should be capable of performing * \p alg. * \param usage The usage flags to assume. * \param alg The algorithm to exercise. @@ -1111,33 +1103,33 @@ exit: * \retval 0 The key failed the smoke tests. * \retval 1 The key passed the smoke tests. */ -static int exercise_key( psa_key_handle_t handle, +static int exercise_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { int ok; - if( ! check_key_attributes_sanity( handle ) ) + if( ! check_key_attributes_sanity( key ) ) return( 0 ); if( alg == 0 ) ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ else if( PSA_ALG_IS_MAC( alg ) ) - ok = exercise_mac_key( handle, usage, alg ); + ok = exercise_mac_key( key, usage, alg ); else if( PSA_ALG_IS_CIPHER( alg ) ) - ok = exercise_cipher_key( handle, usage, alg ); + ok = exercise_cipher_key( key, usage, alg ); else if( PSA_ALG_IS_AEAD( alg ) ) - ok = exercise_aead_key( handle, usage, alg ); + ok = exercise_aead_key( key, usage, alg ); else if( PSA_ALG_IS_SIGN( alg ) ) - ok = exercise_signature_key( handle, usage, alg ); + ok = exercise_signature_key( key, usage, alg ); else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - ok = exercise_asymmetric_encryption_key( handle, usage, alg ); + ok = exercise_asymmetric_encryption_key( key, usage, alg ); else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) - ok = exercise_key_derivation_key( handle, usage, alg ); + ok = exercise_key_derivation_key( key, usage, alg ); else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) - ok = exercise_raw_key_agreement_key( handle, usage, alg ); + ok = exercise_raw_key_agreement_key( key, usage, alg ); else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - ok = exercise_key_agreement_key( handle, usage, alg ); + ok = exercise_key_agreement_key( key, usage, alg ); else { char message[40]; @@ -1148,8 +1140,8 @@ static int exercise_key( psa_key_handle_t handle, ok = 0; } - ok = ok && exercise_export_key( handle, usage ); - ok = ok && exercise_export_public_key( handle ); + ok = ok && exercise_export_key( key, usage ); + ok = ok && exercise_export_public_key( key ); return( ok ); } @@ -1182,7 +1174,7 @@ static psa_key_usage_t usage_to_exercise( psa_key_type_t type, } -static int test_operations_on_invalid_handle( psa_key_handle_t handle ) +static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 ); @@ -1194,7 +1186,7 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle ) psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), + TEST_EQUAL( psa_get_key_attributes( key, &attributes ), PSA_ERROR_DOES_NOT_EXIST ); TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); @@ -1206,10 +1198,9 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle ) TEST_EQUAL( psa_get_key_type( &attributes ), 0 ); TEST_EQUAL( psa_get_key_bits( &attributes ), 0 ); - TEST_EQUAL( psa_export_key( handle, - buffer, sizeof( buffer ), &length ), + TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( psa_export_public_key( handle, + TEST_EQUAL( psa_export_public_key( key, buffer, sizeof( buffer ), &length ), PSA_ERROR_DOES_NOT_EXIST ); @@ -1459,7 +1450,7 @@ void import_with_policy( int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; psa_algorithm_t alg = alg_arg; @@ -1475,22 +1466,22 @@ void import_with_policy( int type_arg, status = psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ); + &key ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) goto exit; - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } @@ -1503,7 +1494,7 @@ void import_with_data( data_t *data, int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t attr_bits = attr_bits_arg; psa_status_t expected_status = expected_status_arg; @@ -1514,22 +1505,22 @@ void import_with_data( data_t *data, int type_arg, psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, attr_bits ); - status = psa_import_key( &attributes, data->x, data->len, &handle ); + status = psa_import_key( &attributes, data->x, data->len, &key ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) goto exit; - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); if( attr_bits != 0 ) TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } @@ -1543,7 +1534,7 @@ void import_large_key( int type_arg, int byte_size_arg, size_t byte_size = byte_size_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; uint8_t *buffer = NULL; size_t buffer_size = byte_size + 1; @@ -1559,18 +1550,18 @@ void import_large_key( int type_arg, int byte_size_arg, /* Try importing the key */ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_type( &attributes, type ); - status = psa_import_key( &attributes, buffer, byte_size, &handle ); + status = psa_import_key( &attributes, buffer, byte_size, &key ); TEST_EQUAL( status, expected_status ); if( status == PSA_SUCCESS ) { - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_bits( &attributes ), PSA_BYTES_TO_BITS( byte_size ) ); ASSERT_NO_SLOT_NUMBER( &attributes ); memset( buffer, 0, byte_size + 1 ); - PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) ); + PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) ); for( n = 0; n < byte_size; n++ ) TEST_EQUAL( buffer[n], 'K' ); for( n = byte_size; n < buffer_size; n++ ) @@ -1578,7 +1569,7 @@ void import_large_key( int type_arg, int byte_size_arg, } exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( buffer ); } @@ -1587,7 +1578,7 @@ exit: /* BEGIN_CASE */ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; size_t bits = bits_arg; psa_status_t expected_status = expected_status_arg; psa_status_t status; @@ -1610,11 +1601,11 @@ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) /* Try importing the key */ psa_set_key_type( &attributes, type ); - status = psa_import_key( &attributes, p, length, &handle ); + status = psa_import_key( &attributes, p, length, &key ); TEST_EQUAL( status, expected_status ); if( status == PSA_SUCCESS ) - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: mbedtls_free( buffer ); @@ -1631,7 +1622,7 @@ void import_export( data_t *data, int expected_export_status_arg, int canonical_input ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1655,18 +1646,16 @@ void import_export( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); /* Export the key */ - status = psa_export_key( handle, - exported, export_size, - &exported_length ); + status = psa_export_key( key, exported, export_size, &exported_length ); TEST_EQUAL( status, expected_export_status ); /* The exported length must be set by psa_export_key() to a value between 0 @@ -1683,30 +1672,30 @@ void import_export( data_t *data, goto destroy; } - if( ! exercise_export_key( handle, usage_arg ) ) + if( ! exercise_export_key( key, usage_arg ) ) goto exit; if( canonical_input ) ASSERT_COMPARE( data->x, data->len, exported, exported_length ); else { - psa_key_handle_t handle2; + mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT( psa_import_key( &attributes, exported, exported_length, - &handle2 ) ); - PSA_ASSERT( psa_export_key( handle2, + &key2 ) ); + PSA_ASSERT( psa_export_key( key2, reexported, export_size, &reexported_length ) ); ASSERT_COMPARE( exported, exported_length, reexported, reexported_length ); - PSA_ASSERT( psa_close_key( handle2 ) ); + PSA_ASSERT( psa_destroy_key( key2 ) ); } TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) ); destroy: /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: mbedtls_free( exported ); @@ -1724,7 +1713,7 @@ void import_export_public_key( data_t *data, int expected_export_status_arg, data_t *expected_public_key ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1741,11 +1730,11 @@ void import_export_public_key( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Export the public key */ ASSERT_ALLOC( exported, export_size ); - status = psa_export_public_key( handle, + status = psa_export_public_key( key, exported, export_size, &exported_length ); TEST_EQUAL( status, expected_export_status ); @@ -1753,7 +1742,7 @@ void import_export_public_key( data_t *data, { psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ); size_t bits; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); bits = psa_get_key_bits( &attributes ); TEST_ASSERT( expected_public_key->len <= PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) ); @@ -1763,7 +1752,7 @@ void import_export_public_key( data_t *data, exit: mbedtls_free( exported ); - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &attributes ); PSA_DONE( ); } @@ -1775,7 +1764,7 @@ void import_and_exercise_key( data_t *data, int bits_arg, int alg_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; @@ -1790,22 +1779,22 @@ void import_and_exercise_key( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } @@ -1817,7 +1806,7 @@ void effective_key_attributes( int type_arg, int expected_type_arg, int usage_arg, int expected_usage_arg, int alg_arg, int expected_alg_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = type_arg; psa_key_type_t expected_key_type = expected_type_arg; size_t bits = bits_arg; @@ -1835,17 +1824,17 @@ void effective_key_attributes( int type_arg, int expected_type_arg, psa_set_key_type( &attributes, key_type ); psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type ); TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &attributes ); PSA_DONE( ); } @@ -1903,7 +1892,7 @@ void mac_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status; @@ -1916,9 +1905,9 @@ void mac_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_mac_sign_setup( &operation, handle, exercise_alg ); + status = psa_mac_sign_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) PSA_ASSERT( status ); @@ -1927,7 +1916,7 @@ void mac_key_policy( int policy_usage, psa_mac_abort( &operation ); memset( mac, 0, sizeof( mac ) ); - status = psa_mac_verify_setup( &operation, handle, exercise_alg ); + status = psa_mac_verify_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) PSA_ASSERT( status ); @@ -1936,7 +1925,7 @@ void mac_key_policy( int policy_usage, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1948,7 +1937,7 @@ void cipher_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_status_t status; @@ -1960,9 +1949,9 @@ void cipher_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); + status = psa_cipher_encrypt_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) PSA_ASSERT( status ); @@ -1970,7 +1959,7 @@ void cipher_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); psa_cipher_abort( &operation ); - status = psa_cipher_decrypt_setup( &operation, handle, exercise_alg ); + status = psa_cipher_decrypt_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) PSA_ASSERT( status ); @@ -1979,7 +1968,7 @@ void cipher_key_policy( int policy_usage, exit: psa_cipher_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1993,7 +1982,7 @@ void aead_key_policy( int policy_usage, int tag_length_arg, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char nonce[16] = {0}; @@ -2012,9 +2001,9 @@ void aead_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_aead_encrypt( handle, exercise_alg, + status = psa_aead_encrypt( key, exercise_alg, nonce, nonce_length, NULL, 0, NULL, 0, @@ -2027,7 +2016,7 @@ void aead_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( tag, 0, sizeof( tag ) ); - status = psa_aead_decrypt( handle, exercise_alg, + status = psa_aead_decrypt( key, exercise_alg, nonce, nonce_length, NULL, 0, tag, tag_length, @@ -2040,7 +2029,7 @@ void aead_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2052,7 +2041,7 @@ void asymmetric_encryption_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; size_t key_bits; @@ -2067,15 +2056,15 @@ void asymmetric_encryption_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, exercise_alg ); ASSERT_ALLOC( buffer, buffer_length ); - status = psa_asymmetric_encrypt( handle, exercise_alg, + status = psa_asymmetric_encrypt( key, exercise_alg, NULL, 0, NULL, 0, buffer, buffer_length, @@ -2088,7 +2077,7 @@ void asymmetric_encryption_key_policy( int policy_usage, if( buffer_length != 0 ) memset( buffer, 0, buffer_length ); - status = psa_asymmetric_decrypt( handle, exercise_alg, + status = psa_asymmetric_decrypt( key, exercise_alg, buffer, buffer_length, NULL, 0, buffer, buffer_length, @@ -2100,7 +2089,7 @@ void asymmetric_encryption_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &attributes ); PSA_DONE( ); mbedtls_free( buffer ); @@ -2115,7 +2104,7 @@ void asymmetric_signature_key_policy( int policy_usage, int exercise_alg, int payload_length_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; @@ -2135,9 +2124,9 @@ void asymmetric_signature_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_sign_hash( handle, exercise_alg, + status = psa_sign_hash( key, exercise_alg, payload, payload_length, signature, sizeof( signature ), &signature_length ); @@ -2147,7 +2136,7 @@ void asymmetric_signature_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( signature, 0, sizeof( signature ) ); - status = psa_verify_hash( handle, exercise_alg, + status = psa_verify_hash( key, exercise_alg, payload, payload_length, signature, sizeof( signature ) ); if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) @@ -2156,7 +2145,7 @@ void asymmetric_signature_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2168,7 +2157,7 @@ void derive_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; @@ -2180,7 +2169,7 @@ void derive_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); @@ -2195,7 +2184,7 @@ void derive_key_policy( int policy_usage, status = psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ); + key ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) @@ -2205,7 +2194,7 @@ void derive_key_policy( int policy_usage, exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2218,7 +2207,7 @@ void agreement_key_policy( int policy_usage, int exercise_alg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -2232,16 +2221,16 @@ void agreement_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); - status = key_agreement_with_self( &operation, handle ); + status = key_agreement_with_self( &operation, key ); TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2250,7 +2239,7 @@ exit: void key_policy_alg2( int key_type_arg, data_t *key_data, int usage_arg, int alg_arg, int alg2_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2265,20 +2254,20 @@ void key_policy_alg2( int key_type_arg, data_t *key_data, psa_set_key_enrollment_algorithm( &attributes, alg2 ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 ); - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; - if( ! exercise_key( handle, usage, alg2 ) ) + if( ! exercise_key( key, usage, alg2 ) ) goto exit; exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2291,7 +2280,7 @@ void raw_agreement_key_policy( int policy_usage, int exercise_alg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -2305,15 +2294,15 @@ void raw_agreement_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = raw_key_agreement_with_self( exercise_alg, handle ); + status = raw_key_agreement_with_self( exercise_alg, key ); TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2333,8 +2322,8 @@ void copy_success( int source_usage_arg, psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; PSA_ASSERT( psa_crypto_init( ) ); @@ -2346,8 +2335,8 @@ void copy_success( int source_usage_arg, psa_set_key_type( &source_attributes, type_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); - PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); + &source_key ) ); + PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) ); /* Prepare the target attributes. */ if( copy_attributes ) @@ -2360,14 +2349,14 @@ void copy_success( int source_usage_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Copy the key. */ - PSA_ASSERT( psa_copy_key( source_handle, - &target_attributes, &target_handle ) ); + PSA_ASSERT( psa_copy_key( source_key, + &target_attributes, &target_key ) ); /* Destroy the source to ensure that this doesn't affect the target. */ - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( source_key ) ); /* Test that the target slot has the expected content and policy. */ - PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) ); TEST_EQUAL( psa_get_key_type( &source_attributes ), psa_get_key_type( &target_attributes ) ); TEST_EQUAL( psa_get_key_bits( &source_attributes ), @@ -2380,17 +2369,17 @@ void copy_success( int source_usage_arg, { size_t length; ASSERT_ALLOC( export_buffer, material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( target_key, export_buffer, material->len, &length ) ); ASSERT_COMPARE( material->x, material->len, export_buffer, length ); } - if( ! exercise_key( target_handle, expected_usage, expected_alg ) ) + if( ! exercise_key( target_key, expected_usage, expected_alg ) ) goto exit; - if( ! exercise_key( target_handle, expected_usage, expected_alg2 ) ) + if( ! exercise_key( target_key, expected_usage, expected_alg2 ) ) goto exit; - PSA_ASSERT( psa_close_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( target_key ) ); exit: psa_reset_key_attributes( &source_attributes ); @@ -2411,8 +2400,8 @@ void copy_fail( int source_usage_arg, { psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -2423,7 +2412,7 @@ void copy_fail( int source_usage_arg, psa_set_key_type( &source_attributes, type_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); + &source_key ) ); /* Prepare the target attributes. */ psa_set_key_type( &target_attributes, target_type_arg ); @@ -2433,11 +2422,11 @@ void copy_fail( int source_usage_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Try to copy the key. */ - TEST_EQUAL( psa_copy_key( source_handle, - &target_attributes, &target_handle ), + TEST_EQUAL( psa_copy_key( source_key, + &target_attributes, &target_key ), expected_status_arg ); - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( source_key ) ); exit: psa_reset_key_attributes( &source_attributes ); @@ -2916,10 +2905,10 @@ exit: /* BEGIN_CASE */ void mac_bad_order( ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); - const uint8_t key[] = { + const uint8_t key_data[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; @@ -2938,7 +2927,8 @@ void mac_bad_order( ) psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), + &key ) ); /* Call update without calling setup beforehand. */ TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), @@ -2958,16 +2948,13 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call setup twice in a row. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); - TEST_EQUAL( psa_mac_sign_setup( &operation, - handle, alg ), + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call update after sign finish. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -2977,8 +2964,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call update after verify finish. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2987,8 +2973,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call sign finish twice in a row. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -3000,8 +2985,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call verify finish twice in a row. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -3011,8 +2995,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Setup sign but try verify. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ), @@ -3020,8 +3003,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Setup verify but try sign. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -3029,7 +3011,7 @@ void mac_bad_order( ) PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_mac_abort( &operation ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: PSA_DONE( ); @@ -3038,19 +3020,19 @@ exit: /* BEGIN_CASE */ void mac_sign( int key_type_arg, - data_t *key, + data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_mac = NULL; size_t mac_buffer_size = - PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg ); + PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg ); size_t mac_length = 0; const size_t output_sizes_to_test[] = { 0, @@ -3070,7 +3052,8 @@ void mac_sign( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ ) { @@ -3083,8 +3066,7 @@ void mac_sign( int key_type_arg, ASSERT_ALLOC( actual_mac, output_size ); /* Calculate the MAC. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, @@ -3104,7 +3086,7 @@ void mac_sign( int key_type_arg, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( actual_mac ); } @@ -3112,12 +3094,12 @@ exit: /* BEGIN_CASE */ void mac_verify( int key_type_arg, - data_t *key, + data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; @@ -3132,11 +3114,11 @@ void mac_verify( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); /* Test the correct MAC. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, @@ -3144,8 +3126,7 @@ void mac_verify( int key_type_arg, expected_mac->len ) ); /* Test a MAC that's too short. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, @@ -3156,8 +3137,7 @@ void mac_verify( int key_type_arg, /* Test a MAC that's too long. */ ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 ); memcpy( perturbed_mac, expected_mac->x, expected_mac->len ); - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, @@ -3170,8 +3150,7 @@ void mac_verify( int key_type_arg, { test_set_step( i ); perturbed_mac[i] ^= 1; - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, @@ -3183,7 +3162,7 @@ void mac_verify( int key_type_arg, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( perturbed_mac ); } @@ -3271,13 +3250,13 @@ exit: /* BEGIN_CASE */ void cipher_bad_order( ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_AES; psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 }; - const uint8_t key[] = { + const uint8_t key_data[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; const uint8_t text[] = { @@ -3290,18 +3269,18 @@ void cipher_bad_order( ) psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); - + PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), + &key ) ); /* Call encrypt setup twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ), + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call decrypt setup twice in a row. */ - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ), + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); @@ -3313,7 +3292,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Generate an IV twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); @@ -3324,7 +3303,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Generate an IV after it's already set. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); TEST_EQUAL( psa_cipher_generate_iv( &operation, @@ -3340,7 +3319,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Set an IV after it's already set. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); TEST_EQUAL( psa_cipher_set_iv( &operation, @@ -3349,7 +3328,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Set an IV after it's already generated. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); @@ -3375,7 +3354,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call update after finish. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); PSA_ASSERT( psa_cipher_finish( &operation, @@ -3394,7 +3373,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call finish without an IV where an IV is required. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); /* Not calling update means we are encrypting an empty buffer, which is OK * for cipher modes with padding. */ TEST_EQUAL( psa_cipher_finish( &operation, @@ -3403,7 +3382,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call finish twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); PSA_ASSERT( psa_cipher_finish( &operation, @@ -3413,7 +3392,7 @@ void cipher_bad_order( ) PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: psa_cipher_abort( &operation ); @@ -3423,11 +3402,11 @@ exit: /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3445,10 +3424,10 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3481,20 +3460,20 @@ void cipher_encrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3513,10 +3492,10 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3554,20 +3533,20 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3586,10 +3565,10 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3628,18 +3607,18 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3657,10 +3636,10 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3693,17 +3672,17 @@ void cipher_decrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_verify_output( int alg_arg, int key_type_arg, - data_t *key, + data_t *key_data, data_t *input ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; @@ -3726,12 +3705,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, - handle, alg ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { @@ -3784,7 +3762,7 @@ exit: psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -3792,11 +3770,11 @@ exit: /* BEGIN_CASE */ void cipher_verify_output_multipart( int alg_arg, int key_type_arg, - data_t *key, + data_t *key_data, data_t *input, int first_part_size_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3820,12 +3798,11 @@ void cipher_verify_output_multipart( int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, - handle, alg ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { @@ -3896,7 +3873,7 @@ exit: psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -3909,7 +3886,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, data_t *input_data, int expected_result_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -3936,9 +3913,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - TEST_EQUAL( psa_aead_encrypt( handle, alg, + TEST_EQUAL( psa_aead_encrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3956,7 +3933,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, TEST_EQUAL( input_data->len, PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3970,7 +3947,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, } exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); mbedtls_free( output_data2 ); PSA_DONE( ); @@ -3985,7 +3962,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, data_t *input_data, data_t *expected_result ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -4008,9 +3985,9 @@ void aead_encrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_aead_encrypt( handle, alg, + PSA_ASSERT( psa_aead_encrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, @@ -4021,7 +3998,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, output_data, output_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); PSA_DONE( ); } @@ -4036,7 +4013,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, data_t *expected_data, int expected_result_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -4061,9 +4038,9 @@ void aead_decrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -4077,7 +4054,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, output_data, output_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); PSA_DONE( ); } @@ -4109,7 +4086,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *output_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4125,8 +4102,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); /* Allocate a buffer which has the size advertized by the @@ -4138,7 +4115,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4149,7 +4126,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_TEST_DEPRECATED) memset( signature, 0, signature_size ); signature_length = INVALID_EXPORT_LENGTH; - PSA_ASSERT( psa_asymmetric_sign( handle, alg, + PSA_ASSERT( psa_asymmetric_sign( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4159,7 +4136,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4170,7 +4147,7 @@ void sign_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t signature_size = signature_size_arg; @@ -4189,9 +4166,9 @@ void sign_fail( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_sign_hash( handle, alg, + actual_status = psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ); @@ -4204,7 +4181,7 @@ void sign_fail( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_TEST_DEPRECATED) signature_length = INVALID_EXPORT_LENGTH; - TEST_EQUAL( psa_asymmetric_sign( handle, alg, + TEST_EQUAL( psa_asymmetric_sign( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ), @@ -4214,7 +4191,7 @@ void sign_fail( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4224,7 +4201,7 @@ exit: void sign_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4240,8 +4217,8 @@ void sign_verify( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); /* Allocate a buffer which has the size advertized by the @@ -4253,7 +4230,7 @@ void sign_verify( int key_type_arg, data_t *key_data, ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4262,7 +4239,7 @@ void sign_verify( int key_type_arg, data_t *key_data, TEST_ASSERT( signature_length > 0 ); /* Use the library to verify that the signature is correct. */ - PSA_ASSERT( psa_verify_hash( handle, alg, + PSA_ASSERT( psa_verify_hash( key, alg, input_data->x, input_data->len, signature, signature_length ) ); @@ -4272,7 +4249,7 @@ void sign_verify( int key_type_arg, data_t *key_data, * detected as invalid. Flip a bit at the beginning, not at the end, * because ECDSA may ignore the last few bits of the input. */ input_data->x[0] ^= 1; - TEST_EQUAL( psa_verify_hash( handle, alg, + TEST_EQUAL( psa_verify_hash( key, alg, input_data->x, input_data->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); @@ -4280,7 +4257,7 @@ void sign_verify( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4291,7 +4268,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4305,14 +4282,14 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_verify_hash( handle, alg, + PSA_ASSERT( psa_verify_hash( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); #if defined(MBEDTLS_TEST_DEPRECATED) - PSA_ASSERT( psa_asymmetric_verify( handle, alg, + PSA_ASSERT( psa_asymmetric_verify( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); @@ -4321,7 +4298,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4332,7 +4309,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, data_t *signature_data, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t actual_status; @@ -4346,15 +4323,15 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_verify_hash( handle, alg, + actual_status = psa_verify_hash( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ); TEST_EQUAL( actual_status, expected_status ); #if defined(MBEDTLS_TEST_DEPRECATED) - TEST_EQUAL( psa_asymmetric_verify( handle, alg, + TEST_EQUAL( psa_asymmetric_verify( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ), expected_status ); @@ -4362,7 +4339,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4376,7 +4353,7 @@ void asymmetric_encrypt( int key_type_arg, int expected_output_length_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t expected_output_length = expected_output_length_arg; @@ -4395,16 +4372,16 @@ void asymmetric_encrypt( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); /* Determine the maximum output length */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); ASSERT_ALLOC( output, output_size ); /* Encrypt the input */ - actual_status = psa_asymmetric_encrypt( handle, alg, + actual_status = psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4419,7 +4396,7 @@ void asymmetric_encrypt( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - actual_status = psa_asymmetric_encrypt( handle, alg, + actual_status = psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, output_size, @@ -4430,7 +4407,7 @@ void asymmetric_encrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4443,7 +4420,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *input_data, data_t *label ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4462,10 +4439,10 @@ void asymmetric_encrypt_decrypt( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); /* Determine the maximum ciphertext length */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); ASSERT_ALLOC( output, output_size ); @@ -4475,7 +4452,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random * part of encryption process which prevents using fixed vectors. */ - PSA_ASSERT( psa_asymmetric_encrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4484,7 +4461,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, * it looks sensible. */ TEST_ASSERT( output_length <= output_size ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, output, output_length, label->x, label->len, output2, output2_size, @@ -4494,7 +4471,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); mbedtls_free( output2 ); PSA_DONE( ); @@ -4509,7 +4486,7 @@ void asymmetric_decrypt( int key_type_arg, data_t *label, data_t *expected_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4527,9 +4504,9 @@ void asymmetric_decrypt( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, @@ -4545,7 +4522,7 @@ void asymmetric_decrypt( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, @@ -4557,7 +4534,7 @@ void asymmetric_decrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4572,7 +4549,7 @@ void asymmetric_decrypt_fail( int key_type_arg, int output_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4591,9 +4568,9 @@ void asymmetric_decrypt_fail( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_asymmetric_decrypt( handle, alg, + actual_status = psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4608,7 +4585,7 @@ void asymmetric_decrypt_fail( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - actual_status = psa_asymmetric_decrypt( handle, alg, + actual_status = psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, output_size, @@ -4619,7 +4596,7 @@ void asymmetric_decrypt_fail( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4711,14 +4688,14 @@ void derive_input( int alg_arg, expected_status_arg2, expected_status_arg3}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT}; + mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT }; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t i; psa_key_type_t output_key_type = output_key_type_arg; - psa_key_handle_t output_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t expected_output_status = expected_output_status_arg; psa_status_t actual_output_status; @@ -4736,19 +4713,19 @@ void derive_input( int alg_arg, psa_set_key_type( &attributes, key_types[i] ); PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, - &handles[i] ) ); + &keys[i] ) ); if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) && steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET ) { // When taking a private key as secret input, use key agreement // to add the shared secret to the derivation - TEST_EQUAL( key_agreement_with_self( &operation, handles[i] ), + TEST_EQUAL( key_agreement_with_self( &operation, keys[i] ), expected_statuses[i] ); } else { TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], - handles[i] ), + keys[i] ), expected_statuses[i] ); } } @@ -4768,7 +4745,7 @@ void derive_input( int alg_arg, psa_set_key_bits( &attributes, 8 ); actual_output_status = psa_key_derivation_output_key( &attributes, &operation, - &output_handle ); + &output_key ); } else { @@ -4781,9 +4758,9 @@ void derive_input( int alg_arg, exit: psa_key_derivation_abort( &operation ); - for( i = 0; i < ARRAY_LENGTH( handles ); i++ ) - psa_destroy_key( handles[i] ); - psa_destroy_key( output_handle ); + for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) + psa_destroy_key( keys[i] ); + psa_destroy_key( output_key ); PSA_DONE( ); } /* END_CASE */ @@ -4792,7 +4769,7 @@ exit: void test_derive_invalid_key_derivation_state( int alg_arg ) { psa_algorithm_t alg = alg_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; size_t key_type = PSA_KEY_TYPE_DERIVE; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input1[] = "Input 1"; @@ -4814,10 +4791,10 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), - &handle ) ); + &key ) ); /* valid key derivation */ - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1, input1_length, input2, input2_length, capacity ) ) @@ -4834,7 +4811,7 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4880,9 +4857,9 @@ void derive_output( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT}; + mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT }; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *expected_outputs[2] = @@ -4924,10 +4901,9 @@ void derive_output( int alg_arg, case PSA_KEY_DERIVATION_INPUT_SECRET: PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, - &handles[i] ) ); + &keys[i] ) ); PSA_ASSERT( psa_key_derivation_input_key( - &operation, steps[i], - handles[i] ) ); + &operation, steps[i], keys[i] ) ); break; default: PSA_ASSERT( psa_key_derivation_input_bytes( @@ -4979,8 +4955,8 @@ void derive_output( int alg_arg, exit: mbedtls_free( output_buffer ); psa_key_derivation_abort( &operation ); - for( i = 0; i < ARRAY_LENGTH( handles ); i++ ) - psa_destroy_key( handles[i] ); + for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) + psa_destroy_key( keys[i] ); PSA_DONE( ); } /* END_CASE */ @@ -4992,7 +4968,7 @@ void derive_full( int alg_arg, data_t *input2, int requested_capacity_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5008,9 +4984,9 @@ void derive_full( int alg_arg, psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1->x, input1->len, input2->x, input2->len, requested_capacity ) ) @@ -5043,7 +5019,7 @@ void derive_full( int alg_arg, exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -5058,8 +5034,8 @@ void derive_key_exercise( int alg_arg, int derived_usage_arg, int derived_alg_arg ) { - psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t derived_type = derived_type_arg; size_t derived_bits = derived_bits_arg; @@ -5076,10 +5052,10 @@ void derive_key_exercise( int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); /* Derive a key. */ - if ( setup_key_derivation_wrap( &operation, base_handle, alg, + if ( setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5089,22 +5065,22 @@ void derive_key_exercise( int alg_arg, psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &derived_handle ) ); + &derived_key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits ); /* Exercise the derived key. */ - if( ! exercise_key( derived_handle, derived_usage, derived_alg ) ) + if( ! exercise_key( derived_key, derived_usage, derived_alg ) ) goto exit; exit: psa_key_derivation_abort( &operation ); psa_reset_key_attributes( &got_attributes ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5117,8 +5093,8 @@ void derive_key_export( int alg_arg, int bytes1_arg, int bytes2_arg ) { - psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; size_t bytes1 = bytes1_arg; size_t bytes2 = bytes2_arg; @@ -5138,10 +5114,10 @@ void derive_key_export( int alg_arg, psa_set_key_algorithm( &base_attributes, alg ); psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); /* Derive some material and output it. */ - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5152,7 +5128,7 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5162,16 +5138,16 @@ void derive_key_export( int alg_arg, psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); - PSA_ASSERT( psa_export_key( derived_handle, + &derived_key ) ); + PSA_ASSERT( psa_export_key( derived_key, export_buffer, bytes1, &length ) ); TEST_EQUAL( length, bytes1 ); - PSA_ASSERT( psa_destroy_key( derived_handle ) ); + PSA_ASSERT( psa_destroy_key( derived_key ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); - PSA_ASSERT( psa_export_key( derived_handle, + &derived_key ) ); + PSA_ASSERT( psa_export_key( derived_key, export_buffer + bytes1, bytes2, &length ) ); TEST_EQUAL( length, bytes2 ); @@ -5184,8 +5160,8 @@ exit: mbedtls_free( output_buffer ); mbedtls_free( export_buffer ); psa_key_derivation_abort( &operation ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5196,8 +5172,8 @@ void derive_key( int alg_arg, int type_arg, int bits_arg, int expected_status_arg ) { - psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t type = type_arg; size_t bits = bits_arg; @@ -5212,9 +5188,9 @@ void derive_key( int alg_arg, psa_set_key_algorithm( &base_attributes, alg ); psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, SIZE_MAX ) ) goto exit; @@ -5224,13 +5200,13 @@ void derive_key( int alg_arg, psa_set_key_type( &derived_attributes, type ); psa_set_key_bits( &derived_attributes, bits ); TEST_EQUAL( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ), + &derived_key ), expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5241,7 +5217,7 @@ void key_agreement_setup( int alg_arg, data_t *our_key_data, data_t *peer_key_data, int expected_status_arg ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_algorithm_t our_key_alg = our_key_alg_arg; psa_key_type_t our_key_type = our_key_type_arg; @@ -5290,7 +5266,7 @@ void raw_key_agreement( int alg_arg, data_t *peer_key_data, data_t *expected_output ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5327,7 +5303,7 @@ void key_agreement_capacity( int alg_arg, data_t *peer_key_data, int expected_capacity_arg ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5387,7 +5363,7 @@ void key_agreement_output( int alg_arg, data_t *peer_key_data, data_t *expected_output1, data_t *expected_output2 ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5501,7 +5477,7 @@ void generate_key( int type_arg, int alg_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; size_t bits = bits_arg; @@ -5518,22 +5494,22 @@ void generate_key( int type_arg, psa_set_key_bits( &attributes, bits ); /* Generate a key */ - TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status ); + TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); if( expected_status != PSA_SUCCESS ) goto exit; /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; exit: psa_reset_key_attributes( &got_attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -5543,7 +5519,7 @@ void generate_key_rsa( int bits_arg, data_t *e_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; size_t bits = bits_arg; psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; @@ -5578,12 +5554,12 @@ void generate_key_rsa( int bits_arg, psa_set_key_bits( &attributes, bits ); /* Generate a key */ - TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status ); + TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); if( expected_status != PSA_SUCCESS ) goto exit; /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); PSA_ASSERT( psa_get_key_domain_parameters( &attributes, @@ -5595,11 +5571,11 @@ void generate_key_rsa( int bits_arg, ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; /* Export the key and check the public exponent. */ - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); { @@ -5634,7 +5610,7 @@ void generate_key_rsa( int bits_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( e_read_buffer ); mbedtls_free( exported ); @@ -5649,8 +5625,8 @@ void persistent_key_load_key_from_storage( data_t *data, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t base_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_key_usage_t usage_flags = usage_flags_arg; @@ -5681,12 +5657,12 @@ void persistent_key_load_key_from_storage( data_t *data, case IMPORT_KEY: /* Import the key */ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, - &handle ) ); + &key ) ); break; case GENERATE_KEY: /* Generate a key */ - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); break; case DERIVE_KEY: @@ -5711,10 +5687,10 @@ void persistent_key_load_key_from_storage( data_t *data, NULL, 0 ) ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); - base_key = PSA_KEY_HANDLE_INIT; + base_key = MBEDTLS_SVC_KEY_ID_INIT; } break; } @@ -5723,7 +5699,7 @@ void persistent_key_load_key_from_storage( data_t *data, /* Export the key if permitted by the key policy. */ if( usage_flags & PSA_KEY_USAGE_EXPORT ) { - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, first_export, export_size, &first_exported_length ) ); if( generation_method == IMPORT_KEY ) @@ -5732,13 +5708,12 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Shutdown and restart */ - PSA_ASSERT( psa_close_key( handle ) ); + PSA_ASSERT( psa_purge_key( key ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); /* Check key slot still contains key data */ - PSA_ASSERT( psa_open_key( key_id, &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -5751,7 +5726,7 @@ void persistent_key_load_key_from_storage( data_t *data, /* Export the key again if permitted by the key policy. */ if( usage_flags & PSA_KEY_USAGE_EXPORT ) { - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, second_export, export_size, &second_exported_length ) ); ASSERT_COMPARE( first_export, first_exported_length, @@ -5759,7 +5734,7 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage_flags, alg ) ) + if( ! exercise_key( key, usage_flags, alg ) ) goto exit; exit: @@ -5768,14 +5743,7 @@ exit: mbedtls_free( second_export ); psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); - if( psa_key_handle_is_null( handle ) ) - { - /* In case there was a test failure after creating the persistent key - * but while it was not open, try to re-open the persistent key - * to delete it. */ - (void) psa_open_key( key_id, &handle ); - } - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 53df781e0..415418854 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -19,7 +19,7 @@ void ecdsa_sign( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); uint8_t signature[64]; @@ -34,7 +34,7 @@ void ecdsa_sign( int force_status_arg, psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, key_input->x, key_input->len, - &handle ); + &key ); test_driver_signature_sign_hooks.forced_status = force_status; if( fake_output == 1 ) @@ -43,7 +43,7 @@ void ecdsa_sign( int force_status_arg, test_driver_signature_sign_hooks.forced_output_length = expected_output->len; } - actual_status = psa_sign_hash( handle, alg, + actual_status = psa_sign_hash( key, alg, data_input->x, data_input->len, signature, sizeof( signature ), &signature_length ); @@ -57,7 +57,7 @@ void ecdsa_sign( int force_status_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); } @@ -73,7 +73,7 @@ void ecdsa_verify( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); psa_status_t actual_status; @@ -88,7 +88,7 @@ void ecdsa_verify( int force_status_arg, psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, key_input->x, key_input->len, - &handle ); + &key ); } else { @@ -98,12 +98,12 @@ void ecdsa_verify( int force_status_arg, psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, key_input->x, key_input->len, - &handle ); + &key ); } test_driver_signature_verify_hooks.forced_status = force_status; - actual_status = psa_verify_hash( handle, alg, + actual_status = psa_verify_hash( key, alg, data_input->x, data_input->len, signature_input->x, signature_input->len ); TEST_EQUAL( actual_status, expected_status ); @@ -111,7 +111,7 @@ void ecdsa_verify( int force_status_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); } @@ -124,7 +124,7 @@ void generate_key( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); const uint8_t *expected_output = NULL; @@ -152,13 +152,13 @@ void generate_key( int force_status_arg, PSA_ASSERT( psa_crypto_init( ) ); - actual_status = psa_generate_key( &attributes, &handle ); + actual_status = psa_generate_key( &attributes, &key ); TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); if( actual_status == PSA_SUCCESS ) { - psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + psa_export_key( key, actual_output, sizeof(actual_output), &actual_output_length ); if( fake_output->len > 0 ) { @@ -178,7 +178,7 @@ void generate_key( int force_status_arg, } exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } @@ -193,7 +193,7 @@ void validate_key( int force_status_arg, psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_key_type_t key_type = key_type_arg; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t actual_status; test_driver_key_management_hooks = test_driver_key_management_hooks_init(); @@ -207,12 +207,12 @@ void validate_key( int force_status_arg, PSA_ASSERT( psa_crypto_init( ) ); - actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &handle ); + actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } @@ -220,13 +220,13 @@ exit: /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -247,10 +247,10 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -305,7 +305,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -313,13 +313,13 @@ exit: /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -339,10 +339,10 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -390,7 +390,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -398,13 +398,13 @@ exit: /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -424,10 +424,10 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -477,7 +477,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -485,13 +485,13 @@ exit: /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -512,10 +512,10 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -569,7 +569,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -577,10 +577,10 @@ exit: /* BEGIN_CASE */ void cipher_entry_points( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -600,12 +600,12 @@ void cipher_entry_points( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); /* Test setup call, encrypt */ test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); /* When setup fails, it shouldn't call any further entry points */ TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); @@ -615,8 +615,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); /* Test setup call failure, decrypt */ - status = psa_cipher_decrypt_setup( &operation, - handle, alg ); + status = psa_cipher_decrypt_setup( &operation, key, alg ); /* When setup fails, it shouldn't call any further entry points */ TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); @@ -627,8 +626,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test IV setting failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -650,8 +648,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test IV generation failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -673,8 +670,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test update failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -704,8 +700,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test finish failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -744,7 +739,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index d587886dc..62ef6e2d7 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -185,7 +185,7 @@ void validate_module_init_key_based( int count ) psa_status_t status; uint8_t data[10] = { 0 }; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); + mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0xdead, 0xdead ); int i; for( i = 0; i < count; i++ ) @@ -195,9 +195,9 @@ void validate_module_init_key_based( int count ) PSA_DONE( ); } psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - status = psa_import_key( &attributes, data, sizeof( data ), &handle ); + status = psa_import_key( &attributes, data, sizeof( data ), &key ); TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); - TEST_ASSERT( psa_key_handle_is_null( handle ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( key ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 34b88a70b..ed30848ad 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -117,7 +117,6 @@ exit: void save_large_persistent_key( int data_length_arg, int expected_status ) { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; uint8_t *data = NULL; size_t data_length = data_length_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -129,11 +128,11 @@ void save_large_persistent_key( int data_length_arg, int expected_status ) psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ), + TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ), expected_status ); if( expected_status == PSA_SUCCESS ) - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: mbedtls_free( data ); @@ -149,7 +148,7 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -160,24 +159,21 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, psa_set_key_type( &attributes, first_type ); PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len, - &handle ) ); + &returned_key_id ) ); if( restart ) { - psa_close_key( handle ); + psa_close_key( key_id ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); - TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_ASSERT( psa_key_handle_is_null( handle ) ); /* Shutdown and restart */ PSA_DONE(); @@ -187,9 +183,9 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, second_type ); PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len, - &handle ) ); + &returned_key_id ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: PSA_DONE(); @@ -203,42 +199,44 @@ void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); + mbedtls_svc_key_id_t returned_key_id; psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init() ); psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, type ); - TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ), + TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ), expected_status ); if( expected_status != PSA_SUCCESS ) { + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); goto exit; } + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) ); + if( restart ) { - psa_close_key( handle ); + PSA_ASSERT( psa_purge_key( key_id ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_ASSERT( mbedtls_svc_key_id_equal( - psa_get_key_id( &attributes ), key_id ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), + key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: psa_reset_key_attributes( &attributes ); @@ -254,7 +252,7 @@ void import_export_persistent_key( data_t *data, int type_arg, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; unsigned char *exported = NULL; size_t export_size = data->len; size_t exported_length; @@ -269,20 +267,20 @@ void import_export_persistent_key( data_t *data, int type_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, + &returned_key_id ) ); if( restart ) { - psa_close_key( handle ); + PSA_ASSERT( psa_purge_key( key_id ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } /* Test the key information */ psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -299,13 +297,13 @@ void import_export_persistent_key( data_t *data, int type_arg, psa_destroy_persistent_key( key_id ); } /* Export the key */ - PSA_ASSERT( psa_export_key( handle, exported, export_size, + PSA_ASSERT( psa_export_key( key_id, exported, export_size, &exported_length ) ); ASSERT_COMPARE( data->x, data->len, exported, exported_length ); /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); exit: diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index f22e6b7ec..e5f87e08b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -367,7 +367,7 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context, size_t *data_length ) { psa_status_t status; - psa_key_handle_t handle; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; (void) context; @@ -379,11 +379,11 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context, status = psa_import_key( &attributes, ram_slots[slot_number].content, PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ), - &handle ); + &key ); if( status != PSA_SUCCESS ) return( status ); - status = psa_export_public_key( handle, data, data_size, data_length ); - psa_destroy_key( handle ); + status = psa_export_public_key( key, data, data_size, data_length ); + psa_destroy_key( key ); return( PSA_SUCCESS ); } @@ -450,7 +450,7 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -463,13 +463,13 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), - &handle ) == PSA_SUCCESS ); - status = psa_sign_hash( handle, alg, + &key ) == PSA_SUCCESS ); + status = psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( status ); } @@ -483,7 +483,7 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -496,20 +496,18 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), - &handle ) == + &key ) == PSA_SUCCESS ); - status = psa_verify_hash( handle, alg, + status = psa_verify_hash( key, alg, hash, hash_length, signature, signature_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( status ); } - - /****************************************************************/ /* Other test helper functions */ /****************************************************************/ @@ -524,13 +522,13 @@ typedef enum /* Check that the attributes of a key reported by psa_get_key_attributes() * are consistent with the attributes used when creating the key. */ static int check_key_attributes( - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, const psa_key_attributes_t *reference_attributes ) { int ok = 0; psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &actual_attributes ), @@ -654,7 +652,7 @@ static int is_status_smoke_free( psa_status_t status ) * mostly bogus parameters: the goal is to ensure that there is no memory * corruption or crash. This test function is most useful when run under * an environment with sanity checks such as ASan or MSan. */ -static int smoke_test_key( psa_key_handle_t handle ) +static int smoke_test_key( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -664,54 +662,54 @@ static int smoke_test_key( psa_key_handle_t handle ) PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t buffer[80]; /* large enough for a public key for ECDH */ size_t length; - psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; - SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) ); - SMOKE_ASSERT( psa_export_key( handle, + SMOKE_ASSERT( psa_export_key( key, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_export_public_key( handle, + SMOKE_ASSERT( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) ); - if( ! psa_key_handle_is_null( handle2 ) ) - PSA_ASSERT( psa_close_key( handle2 ) ); + SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) ); + if( ! mbedtls_svc_key_id_is_null( key2 ) ) + PSA_ASSERT( psa_destroy_key( key2 ) ); - SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) ); + SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) ); PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, handle, + SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key, PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) ); PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, handle, + SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key, PSA_ALG_CTR ) ); PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, handle, + SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key, PSA_ALG_CTR ) ); PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_aead_encrypt( handle, PSA_ALG_CCM, + SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_aead_decrypt( handle, PSA_ALG_CCM, + SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_sign_hash( handle, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY, buffer, 32, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_verify_hash( handle, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY, buffer, 32, buffer, sizeof( buffer ) ) ); - SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, + SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, 10, NULL, 0, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_asymmetric_decrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, + SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer ), &length ) ); @@ -724,12 +722,12 @@ static int smoke_test_key( psa_key_handle_t handle ) NULL, 0 ) ); SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); /* If the key is asymmetric, try it in a key agreement, both as * part of a derivation operation and standalone. */ - if( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ) == + if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) == PSA_SUCCESS ) { psa_algorithm_t alg = @@ -742,11 +740,11 @@ static int smoke_test_key( psa_key_handle_t handle ) SMOKE_ASSERT( psa_key_derivation_key_agreement( &derivation_operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle, buffer, length ) ); + key, buffer, length ) ); PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); SMOKE_ASSERT( psa_raw_key_agreement( - alg, handle, buffer, length, + alg, key, buffer, length, buffer, sizeof( buffer ), &length ) ); } #endif /* MBEDTLS_SHA256_C */ @@ -880,7 +878,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -909,7 +908,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) @@ -940,7 +939,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { /* Check that the PSA core has no knowledge of the volatile key */ - TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST ); + TEST_ASSERT( psa_open_key( returned_id, &handle ) == + PSA_ERROR_DOES_NOT_EXIST ); /* Drop data from our mockup driver */ ram_slots_reset(); @@ -948,20 +948,16 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) /* Re-import key */ PSA_ASSERT( psa_import_key( &attributes, - key_material, sizeof( key_material ), - &handle ) ); + key_material, sizeof( key_material ), + &returned_id ) ); } else { - - /* Check we can re-open the persistent key */ + /* Check the persistent key file */ if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - - /* Check that the PSA core still knows about the key */ - PSA_ASSERT( psa_open_key( id, &handle ) ); } } @@ -972,24 +968,23 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); psa_set_key_slot_number( &attributes, min_slot ); - psa_set_key_id( &attributes, handle ); - if( ! check_key_attributes( handle, &attributes ) ) + psa_set_key_id( &attributes, returned_id ); + if( ! check_key_attributes( returned_id, &attributes ) ) goto exit; /* Test the key data. */ - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( returned_id, exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( key_material, sizeof( key_material ), exported, exported_length ); - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( returned_id ) ); if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), + TEST_EQUAL( psa_open_key( returned_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); /* Test that the key has been erased from the designated slot. */ @@ -1015,7 +1010,8 @@ void key_creation_in_chosen_slot( int slot_arg, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -1042,7 +1038,7 @@ void key_creation_in_chosen_slot( int slot_arg, psa_set_key_slot_number( &attributes, wanted_slot ); status = psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ); + &returned_id ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) @@ -1062,7 +1058,6 @@ void key_creation_in_chosen_slot( int slot_arg, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); } /* Test that the key was created in the expected slot. */ @@ -1070,16 +1065,14 @@ void key_creation_in_chosen_slot( int slot_arg, /* Test that the key is reported with the correct attributes, * including the expected slot. */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1099,7 +1092,8 @@ void import_key_smoke( int type_arg, int alg_arg, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1127,13 +1121,13 @@ void import_key_smoke( int type_arg, int alg_arg, psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_material->x, key_material->len, - &handle ) ); + &returned_id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; /* Do stuff with the key. */ - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* Restart and try again. */ @@ -1143,18 +1137,15 @@ void import_key_smoke( int type_arg, int alg_arg, if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* We're done. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1173,7 +1164,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1193,7 +1184,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - TEST_EQUAL( psa_generate_key( &attributes, &handle ), + TEST_EQUAL( psa_generate_key( &attributes, &returned_id ), PSA_ERROR_NOT_SUPPORTED ); exit: @@ -1214,7 +1205,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1241,13 +1233,13 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; /* Do stuff with the key. */ - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* Restart and try again. */ @@ -1257,18 +1249,15 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* We're done. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1296,8 +1285,8 @@ void sign_verify( int flow, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t drv_handle = PSA_KEY_HANDLE_INIT; /* key managed by the driver */ - psa_key_handle_t sw_handle = PSA_KEY_HANDLE_INIT; /* transparent key */ + mbedtls_svc_key_id_t returned_id; + mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t drv_attributes; uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; @@ -1352,11 +1341,11 @@ void sign_verify( int flow, if( generating ) { psa_set_key_bits( &drv_attributes, bits ); - PSA_ASSERT( psa_generate_key( &drv_attributes, &drv_handle ) ); + PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) ); /* Since we called a generate method that does not actually * generate material, store the desired result of generation in * the mock secure element storage. */ - PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) ); TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) ); memcpy( ram_slots[ram_min_slot].content, key_material->x, key_material->len ); @@ -1365,7 +1354,7 @@ void sign_verify( int flow, { PSA_ASSERT( psa_import_key( &drv_attributes, key_material->x, key_material->len, - &drv_handle ) ); + &returned_id ) ); } /* Either import the same key in software, or export the driver's @@ -1376,20 +1365,20 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: PSA_ASSERT( psa_import_key( &sw_attributes, key_material->x, key_material->len, - &sw_handle ) ); + &sw_key ) ); break; case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: { uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )]; size_t public_key_length; - PSA_ASSERT( psa_export_public_key( drv_handle, + PSA_ASSERT( psa_export_public_key( id, public_key, sizeof( public_key ), &public_key_length ) ); psa_set_key_type( &sw_attributes, PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) ); PSA_ASSERT( psa_import_key( &sw_attributes, public_key, public_key_length, - &sw_handle ) ); + &sw_key ) ); break; } } @@ -1400,16 +1389,14 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: PSA_ASSERT_VIA_DRIVER( - psa_sign_hash( drv_handle, - alg, + psa_sign_hash( id, alg, input->x, input->len, signature, sizeof( signature ), &signature_length ), PSA_SUCCESS ); break; case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: - PSA_ASSERT( psa_sign_hash( sw_handle, - alg, + PSA_ASSERT( psa_sign_hash( sw_key, alg, input->x, input->len, signature, sizeof( signature ), &signature_length ) ); @@ -1417,30 +1404,30 @@ void sign_verify( int flow, } /* Verify with both keys. */ - PSA_ASSERT( psa_verify_hash( sw_handle, alg, + PSA_ASSERT( psa_verify_hash( sw_key, alg, input->x, input->len, signature, signature_length ) ); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( drv_handle, alg, + psa_verify_hash( id, alg, input->x, input->len, signature, signature_length ), PSA_SUCCESS ); /* Change the signature and verify again. */ signature[0] ^= 1; - TEST_EQUAL( psa_verify_hash( sw_handle, alg, + TEST_EQUAL( psa_verify_hash( sw_key, alg, input->x, input->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( drv_handle, alg, + psa_verify_hash( id, alg, input->x, input->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); exit: - psa_destroy_key( drv_handle ); - psa_destroy_key( sw_handle ); + psa_destroy_key( id ); + psa_destroy_key( sw_key ); PSA_DONE( ); ram_slots_reset( ); psa_purge_storage( ); @@ -1461,9 +1448,9 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); + psa_key_handle_t handle; size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; TEST_USES_KEY_ID( id ); @@ -1499,10 +1486,8 @@ void register_key_smoke_test( int lifetime_arg, goto exit; /* Test that the key exists and has the expected attributes. */ - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! check_key_attributes( handle, &attributes ) ) + if( ! check_key_attributes( id, &attributes ) ) goto exit; - PSA_ASSERT( psa_close_key( handle ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_svc_key_id_t invalid_id = @@ -1510,22 +1495,21 @@ void register_key_smoke_test( int lifetime_arg, TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); #endif + PSA_ASSERT( psa_purge_key( id ) ); + /* Restart and try again. */ PSA_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! check_key_attributes( handle, &attributes ) ) + if( ! check_key_attributes( id, &attributes ) ) goto exit; /* This time, destroy the key. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + PSA_ASSERT( psa_destroy_key( id ) ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( id ); PSA_DONE( ); psa_purge_storage( ); memset( &validate_slot_number_directions, 0, diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 0e2e203c8..629c924ed 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -333,7 +333,7 @@ void mock_import( int mock_alloc_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -357,7 +357,7 @@ void mock_import( int mock_alloc_return_value, psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) == expected_result ); + &returned_id ) == expected_result ); TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_import_data.called == @@ -385,7 +385,7 @@ void mock_import( int mock_alloc_return_value, if( expected_result == PSA_SUCCESS ) { - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); } exit: @@ -402,7 +402,7 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -428,15 +428,15 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_export_key( handle, - exported, sizeof( exported ), - &exported_length ) == expected_result ); + TEST_ASSERT( psa_export_key( id, + exported, sizeof( exported ), + &exported_length ) == expected_result ); TEST_ASSERT( mock_export_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); @@ -456,7 +456,7 @@ void mock_generate( int mock_alloc_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mock_allocate_data.return_value = mock_alloc_return_value; @@ -477,7 +477,7 @@ void mock_generate( int mock_alloc_return_value, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &attributes, 8 ); - TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result ); + TEST_ASSERT( psa_generate_key( &attributes, &returned_id) == expected_result ); TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_generate_data.called == ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) ); @@ -504,7 +504,7 @@ void mock_generate( int mock_alloc_return_value, if( expected_result == PSA_SUCCESS ) { - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); } @@ -523,7 +523,7 @@ void mock_export_public( int mock_export_public_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -549,13 +549,13 @@ void mock_export_public( int mock_export_public_return_value, PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_export_public_key( handle, exported, sizeof(exported), + TEST_ASSERT( psa_export_public_key( id, exported, sizeof(exported), &exported_length ) == expected_result ); TEST_ASSERT( mock_export_public_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: @@ -573,7 +573,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -607,16 +607,16 @@ void mock_sign( int mock_sign_return_value, int expected_result ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_sign_hash( handle, algorithm, + TEST_ASSERT( psa_sign_hash( id, algorithm, hash, sizeof( hash ), signature, sizeof( signature ), &signature_length) == expected_result ); TEST_ASSERT( mock_sign_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: @@ -634,7 +634,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -667,15 +667,15 @@ void mock_verify( int mock_verify_return_value, int expected_result ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_verify_hash( handle, algorithm, + TEST_ASSERT( psa_verify_hash( id, algorithm, hash, sizeof( hash ), signature, sizeof( signature ) ) == expected_result ); TEST_ASSERT( mock_verify_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 2b3087ff9..4e959b6d2 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -164,5 +164,5 @@ invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT invalid handle: huge invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE -Open many transient handles -many_transient_handles:42 +Open many transient keys +many_transient_keys:42 diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 12cf3eac9..2f9d01b37 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -7,11 +7,11 @@ typedef enum { - CLOSE_BY_CLOSE, /**< Close the handle(s). */ - CLOSE_BY_DESTROY, /**< Destroy the handle(s). */ - CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */ - CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */ - CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */ + CLOSE_BY_CLOSE, /**< Close key(s). */ + CLOSE_BY_DESTROY, /**< Destroy key(s) */ + CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing keys. */ + CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close key(s) then deinit/reinit. */ + CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy key(s) then deinit/reinit. */ } close_method_t; typedef enum @@ -74,21 +74,22 @@ static void psa_purge_key_storage( void ) #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -/** Apply \p close_method to invalidate the specified handles: +/** Apply \p close_method to invalidate the specified key: * close it, destroy it, or do nothing; */ -static int invalidate_handle( close_method_t close_method, - psa_key_handle_t handle ) +static int invalidate_key( close_method_t close_method, + mbedtls_svc_key_id_t key ) { switch( close_method ) { + /* Closing the key invalidate only volatile keys, not permanent ones. */ case CLOSE_BY_CLOSE: case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - PSA_ASSERT( psa_close_key( handle ) ); + PSA_ASSERT( psa_close_key( key ) ); break; case CLOSE_BY_DESTROY: case CLOSE_BY_DESTROY_WITH_SHUTDOWN: - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); break; case CLOSE_BY_SHUTDOWN: break; @@ -142,7 +143,7 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; close_method_t close_method = close_method_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -152,21 +153,21 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Do something that invalidates the handle. */ - if( ! invalidate_handle( close_method, handle ) ) + /* Do something that invalidates the key. */ + if( ! invalidate_key( close_method, key ) ) goto exit; if( ! invalidate_psa( close_method ) ) goto exit; - /* Test that the handle is now invalid. */ - TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), + /* Test that the key is now invalid. */ + TEST_EQUAL( psa_get_key_attributes( key, &attributes ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -186,6 +187,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; close_method_t close_method = close_method_arg; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -195,14 +197,13 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_svc_key_id_t wrong_owner_id = mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); - psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t invalid_svc_key_id = MBEDTLS_SVC_KEY_ID_INIT; #endif TEST_USES_KEY_ID( id ); PSA_ASSERT( psa_crypto_init( ) ); - /* Get a handle and import a key. */ psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, type ); @@ -210,15 +211,15 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_enrollment_algorithm( &attributes, alg2 ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); + &returned_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ), PSA_ERROR_DOES_NOT_EXIST ); #endif - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), id ) ); @@ -227,15 +228,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Close the key and reopen it. */ - PSA_ASSERT( psa_close_key( handle ) ); + /* Close the key and then open it. */ + PSA_ASSERT( psa_close_key( id ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ), PSA_ERROR_DOES_NOT_EXIST ); #endif PSA_ASSERT( psa_open_key( id, &handle ) ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_ASSERT( mbedtls_svc_key_id_equal( @@ -245,13 +247,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Do something that invalidates the handle. */ - if( ! invalidate_handle( close_method, handle ) ) + /* + * Do something that wipes key data in volatile memory or destroy the + * key. + */ + if( ! invalidate_key( close_method, id ) ) goto exit; if( ! invalidate_psa( close_method ) ) goto exit; - /* Try to reopen the key. If we destroyed it, check that it doesn't + /* Try to reaccess the key. If we destroyed it, check that it doesn't * exist. Otherwise check that it still exists and has the expected * content. */ switch( close_method ) @@ -260,7 +265,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, case CLOSE_BY_CLOSE_WITH_SHUTDOWN: case CLOSE_BY_SHUTDOWN: PSA_ASSERT( psa_open_key( id, &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), psa_get_key_lifetime( &read_attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( @@ -278,17 +283,14 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, if( usage_flags & PSA_KEY_USAGE_EXPORT ) { ASSERT_ALLOC( reexported, key_data->len ); - PSA_ASSERT( psa_export_key( handle, - reexported, key_data->len, + PSA_ASSERT( psa_export_key( id, reexported, key_data->len, &reexported_length ) ); ASSERT_COMPARE( key_data->x, key_data->len, reexported, reexported_length ); } else { - TEST_EQUAL( psa_export_key( handle, - NULL, 0, - &reexported_length ), + TEST_EQUAL( psa_export_key( id, NULL, 0, &reexported_length ), PSA_ERROR_NOT_PERMITTED ); } PSA_ASSERT( psa_close_key( handle ) ); @@ -296,7 +298,14 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, case CLOSE_BY_DESTROY: case CLOSE_BY_DESTROY_WITH_SHUTDOWN: - TEST_EQUAL( psa_open_key( id, &handle ), + /* + * Test that the key handle and identifier are now not refering to an + * existing key. + */ + TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ), PSA_ERROR_DOES_NOT_EXIST ); break; } @@ -314,8 +323,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, { psa_key_lifetime_t lifetime = lifetime_arg; mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); - psa_key_handle_t handle1 = PSA_KEY_HANDLE_INIT; - psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; const uint8_t material1[5] = "a key"; @@ -336,26 +344,24 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, 0 ); PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ), - &handle1 ) ); - TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) ); + &returned_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) ); if( reopen_policy == CLOSE_BEFORE ) - PSA_ASSERT( psa_close_key( handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); /* Attempt to create a new key in the same slot. */ TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ), - &handle2 ), + &returned_id ), PSA_ERROR_ALREADY_EXISTS ); - TEST_ASSERT( psa_key_handle_is_null( handle2 ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) ); if( reopen_policy == CLOSE_AFTER ) - PSA_ASSERT( psa_close_key( handle1 ) ); - if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER ) - PSA_ASSERT( psa_open_key( id, &handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); /* Check that the original key hasn't changed. */ psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); @@ -364,13 +370,13 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); - PSA_ASSERT( psa_export_key( handle1, + PSA_ASSERT( psa_export_key( id, reexported, sizeof( reexported ), &reexported_length ) ); ASSERT_COMPARE( material1, sizeof( material1 ), reexported, reexported_length ); - PSA_ASSERT( psa_close_key( handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); exit: PSA_DONE( ); @@ -404,7 +410,8 @@ void create_fail( int lifetime_arg, int id_arg, mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); + mbedtls_svc_key_id_t returned_id = + mbedtls_svc_key_id_make( 0xdead, 0xdead ); uint8_t material[1] = {'k'}; TEST_USES_KEY_ID( id ); @@ -415,9 +422,9 @@ void create_fail( int lifetime_arg, int id_arg, psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ), - &handle ), + &returned_id ), expected_status ); - TEST_ASSERT( psa_key_handle_is_null( handle ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) ); exit: PSA_DONE( ); @@ -443,16 +450,17 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t source_type = type_arg; + mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t target_id = mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; @@ -473,9 +481,10 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); + &returned_source_id ) ); /* Update the attributes with the bit size. */ - PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( returned_source_id, + &source_attributes ) ); /* Prepare the target slot. */ psa_set_key_id( &target_attributes, target_id ); @@ -486,11 +495,11 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Copy the key. */ - PSA_ASSERT( psa_copy_key( source_handle, - &target_attributes, &target_handle ) ); + PSA_ASSERT( psa_copy_key( returned_source_id, + &target_attributes, &returned_target_id ) ); /* Destroy the source to ensure that this doesn't affect the target. */ - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_source_id ) ); /* If the target key is persistent, restart the system to make * sure that the material is still alive. */ @@ -503,7 +512,8 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, /* Test that the target slot has the expected content. */ psa_reset_key_attributes( &target_attributes ); - PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( returned_target_id, + &target_attributes ) ); if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) { @@ -513,10 +523,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, else { #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ), + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( returned_target_id ), target_owner_id_arg ); #endif - TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 ); } TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) ); @@ -531,7 +540,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, { size_t length; ASSERT_ALLOC( export_buffer, material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( returned_target_id, export_buffer, material->len, &length ) ); ASSERT_COMPARE( material->x, material->len, export_buffer, length ); @@ -540,12 +549,12 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, { size_t length; /* Check that the key is actually non-exportable. */ - TEST_EQUAL( psa_export_key( target_handle, export_buffer, + TEST_EQUAL( psa_export_key( returned_target_id, export_buffer, material->len, &length ), PSA_ERROR_NOT_PERMITTED ); } - PSA_ASSERT( psa_destroy_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: PSA_DONE( ); @@ -569,16 +578,16 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, mbedtls_svc_key_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t source_type = source_type_arg; + mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t target_id = mbedtls_svc_key_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t target_type = target_type_arg; - psa_key_handle_t new_handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); + mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t new_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT; @@ -600,12 +609,12 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_set_key_algorithm( &attributes, source_alg ); PSA_ASSERT( psa_import_key( &attributes, source_material->x, source_material->len, - &source_handle ) ); + &returned_source_id ) ); /* Populate the target slot. */ if( mbedtls_svc_key_id_equal( target_id, source_id ) ) { - target_handle = source_handle; + returned_target_id = returned_source_id; } else { @@ -616,20 +625,21 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_set_key_algorithm( &attributes1, target_alg ); PSA_ASSERT( psa_import_key( &attributes1, target_material->x, target_material->len, - &target_handle ) ); + &returned_target_id ) ); } - PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) ); + + PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes1 ) ); /* Make a copy attempt. */ psa_set_key_id( &attributes, target_id ); psa_set_key_lifetime( &attributes, target_lifetime ); - TEST_EQUAL( psa_copy_key( source_handle, - &attributes, &new_handle ), + TEST_EQUAL( psa_copy_key( returned_source_id, + &attributes, &new_key ), PSA_ERROR_ALREADY_EXISTS ); - TEST_ASSERT( psa_key_handle_is_null( new_handle ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( new_key ) ); /* Test that the target slot is unaffected. */ - PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) ); + PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes2 ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes1 ), psa_get_key_id( &attributes2 ) ) ); @@ -647,15 +657,15 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, { size_t length; ASSERT_ALLOC( export_buffer, target_material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( returned_target_id, export_buffer, target_material->len, &length ) ); ASSERT_COMPARE( target_material->x, target_material->len, export_buffer, length ); } - PSA_ASSERT( psa_destroy_key( source_handle ) ); - if( ! psa_key_handle_equal( target_handle, source_handle ) ) - PSA_ASSERT( psa_destroy_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_source_id ) ); + if( ! mbedtls_svc_key_id_equal( target_id, source_id ) ) + PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: PSA_DONE( ); @@ -750,51 +760,51 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void many_transient_handles( int max_handles_arg ) +void many_transient_keys( int max_keys_arg ) { - psa_key_handle_t *handles = NULL; - size_t max_handles = max_handles_arg; + mbedtls_svc_key_id_t *keys = NULL; + size_t max_keys = max_keys_arg; size_t i, j; psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t exported[sizeof( size_t )]; size_t exported_length; - ASSERT_ALLOC( handles, max_handles ); + ASSERT_ALLOC( keys, max_keys ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, 0 ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - for( i = 0; i < max_handles; i++ ) + for( i = 0; i < max_keys; i++ ) { status = psa_import_key( &attributes, (uint8_t *) &i, sizeof( i ), - &handles[i] ); + &keys[i] ); if( status == PSA_ERROR_INSUFFICIENT_MEMORY ) break; PSA_ASSERT( status ); - TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_is_null( keys[i] ) ); for( j = 0; j < i; j++ ) - TEST_ASSERT( ! psa_key_handle_equal( handles[i], handles[j] ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_equal( keys[i], keys[j] ) ); } - max_handles = i; + max_keys = i; - for( i = 1; i < max_handles; i++ ) + for( i = 1; i < max_keys; i++ ) { - PSA_ASSERT( psa_close_key( handles[i - 1] ) ); - PSA_ASSERT( psa_export_key( handles[i], + PSA_ASSERT( psa_close_key( keys[i - 1] ) ); + PSA_ASSERT( psa_export_key( keys[i], exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) ); } - PSA_ASSERT( psa_close_key( handles[i - 1] ) ); + PSA_ASSERT( psa_close_key( keys[i - 1] ) ); exit: PSA_DONE( ); - mbedtls_free( handles ); + mbedtls_free( keys ); } /* END_CASE */ diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 1dd264264..9f2007d0b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -161,7 +161,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int cert_type ) { mbedtls_pk_context key; - psa_key_handle_t slot = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t md_alg_psa; mbedtls_x509write_csr req; unsigned char buf[4096]; @@ -178,7 +178,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); - TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 ); + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 ); mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_set_md_alg( &req, md_type ); @@ -202,7 +202,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); - psa_destroy_key( slot ); + psa_destroy_key( key_id ); PSA_DONE( ); } /* END_CASE */