mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 03:25:46 +01:00
tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used anymore. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
adc2ff28b0
commit
5425a21fd2
@ -44,19 +44,6 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t;
|
||||
|
||||
#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT
|
||||
|
||||
/** Compare two handles.
|
||||
*
|
||||
* \param handle1 First handle.
|
||||
* \param handle2 Second handle.
|
||||
*
|
||||
* \return Non-zero if the two handles are equal, zero otherwise.
|
||||
*/
|
||||
static inline int psa_key_handle_equal( psa_key_handle_t handle1,
|
||||
psa_key_handle_t handle2 )
|
||||
{
|
||||
return( mbedtls_svc_key_id_equal( handle1, handle2 ) );
|
||||
}
|
||||
|
||||
/** Check wether an handle is null.
|
||||
*
|
||||
* \param handle Handle
|
||||
|
@ -100,13 +100,13 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
/*
|
||||
* Generate a key using PSA and return a handle to that key,
|
||||
* Generate a key using PSA and return the key identifier of that key,
|
||||
* or 0 if the key generation failed.
|
||||
* The key uses NIST P-256 and is usable for signing with SHA-256.
|
||||
*/
|
||||
psa_key_handle_t pk_psa_genkey( void )
|
||||
mbedtls_svc_key_id_t pk_psa_genkey( void )
|
||||
{
|
||||
psa_key_handle_t key;
|
||||
mbedtls_svc_key_id_t key;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const psa_key_type_t type =
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 );
|
||||
@ -133,7 +133,7 @@ exit:
|
||||
void pk_psa_utils( )
|
||||
{
|
||||
mbedtls_pk_context pk, pk2;
|
||||
psa_key_handle_t key;
|
||||
mbedtls_svc_key_id_t key;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
const char * const name = "Opaque";
|
||||
@ -151,14 +151,14 @@ void pk_psa_utils( )
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, PSA_KEY_HANDLE_INIT ) ==
|
||||
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) ==
|
||||
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_pk_free( &pk );
|
||||
mbedtls_pk_init( &pk );
|
||||
|
||||
key = pk_psa_genkey();
|
||||
if( psa_key_handle_is_null( key ) )
|
||||
if( mbedtls_svc_key_id_is_null( key ) )
|
||||
goto exit;
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
|
||||
@ -1220,7 +1220,7 @@ void pk_psa_sign( int grpid_arg,
|
||||
unsigned char *pkey_legacy_start, *pkey_psa_start;
|
||||
size_t sig_len, klen_legacy, klen_psa;
|
||||
int ret;
|
||||
psa_key_handle_t handle;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg );
|
||||
size_t expected_bits = expected_bits_arg;
|
||||
@ -1252,10 +1252,10 @@ void pk_psa_sign( int grpid_arg,
|
||||
pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
|
||||
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id,
|
||||
PSA_ALG_SHA_256 ) == 0 );
|
||||
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), expected_type );
|
||||
TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||
@ -1280,7 +1280,7 @@ void pk_psa_sign( int grpid_arg,
|
||||
TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
|
||||
|
||||
mbedtls_pk_free( &pk );
|
||||
TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) );
|
||||
TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) );
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@ void ecdsa_sign( int force_status_arg,
|
||||
{
|
||||
psa_status_t force_status = force_status_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
|
||||
uint8_t signature[64];
|
||||
@ -34,7 +34,7 @@ void ecdsa_sign( int force_status_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_import_key( &attributes,
|
||||
key_input->x, key_input->len,
|
||||
&handle );
|
||||
&key );
|
||||
|
||||
test_driver_signature_sign_hooks.forced_status = force_status;
|
||||
if( fake_output == 1 )
|
||||
@ -43,7 +43,7 @@ void ecdsa_sign( int force_status_arg,
|
||||
test_driver_signature_sign_hooks.forced_output_length = expected_output->len;
|
||||
}
|
||||
|
||||
actual_status = psa_sign_hash( handle, alg,
|
||||
actual_status = psa_sign_hash( key, alg,
|
||||
data_input->x, data_input->len,
|
||||
signature, sizeof( signature ),
|
||||
&signature_length );
|
||||
@ -57,7 +57,7 @@ void ecdsa_sign( int force_status_arg,
|
||||
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_signature_sign_hooks = test_driver_signature_hooks_init();
|
||||
}
|
||||
@ -73,7 +73,7 @@ void ecdsa_verify( int force_status_arg,
|
||||
{
|
||||
psa_status_t force_status = force_status_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
|
||||
psa_status_t actual_status;
|
||||
@ -88,7 +88,7 @@ void ecdsa_verify( int force_status_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_import_key( &attributes,
|
||||
key_input->x, key_input->len,
|
||||
&handle );
|
||||
&key );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -98,12 +98,12 @@ void ecdsa_verify( int force_status_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_import_key( &attributes,
|
||||
key_input->x, key_input->len,
|
||||
&handle );
|
||||
&key );
|
||||
}
|
||||
|
||||
test_driver_signature_verify_hooks.forced_status = force_status;
|
||||
|
||||
actual_status = psa_verify_hash( handle, alg,
|
||||
actual_status = psa_verify_hash( key, alg,
|
||||
data_input->x, data_input->len,
|
||||
signature_input->x, signature_input->len );
|
||||
TEST_EQUAL( actual_status, expected_status );
|
||||
@ -111,7 +111,7 @@ void ecdsa_verify( int force_status_arg,
|
||||
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_signature_verify_hooks = test_driver_signature_hooks_init();
|
||||
}
|
||||
@ -124,7 +124,7 @@ void generate_key( int force_status_arg,
|
||||
{
|
||||
psa_status_t force_status = force_status_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
|
||||
const uint8_t *expected_output = NULL;
|
||||
@ -152,13 +152,13 @@ void generate_key( int force_status_arg,
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
actual_status = psa_generate_key( &attributes, &handle );
|
||||
actual_status = psa_generate_key( &attributes, &key );
|
||||
TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
|
||||
TEST_EQUAL( actual_status, expected_status );
|
||||
|
||||
if( actual_status == PSA_SUCCESS )
|
||||
{
|
||||
psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
|
||||
psa_export_key( key, actual_output, sizeof(actual_output), &actual_output_length );
|
||||
|
||||
if( fake_output->len > 0 )
|
||||
{
|
||||
@ -178,7 +178,7 @@ void generate_key( int force_status_arg,
|
||||
}
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_key_management_hooks = test_driver_key_management_hooks_init();
|
||||
}
|
||||
@ -193,7 +193,7 @@ void validate_key( int force_status_arg,
|
||||
psa_status_t force_status = force_status_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_key_handle_t handle = 0;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_status_t actual_status;
|
||||
test_driver_key_management_hooks = test_driver_key_management_hooks_init();
|
||||
@ -207,12 +207,12 @@ void validate_key( int force_status_arg,
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &handle );
|
||||
actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key );
|
||||
TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
|
||||
TEST_EQUAL( actual_status, expected_status );
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_key_management_hooks = test_driver_key_management_hooks_init();
|
||||
}
|
||||
@ -220,13 +220,13 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||
data_t *key, data_t *iv,
|
||||
data_t *key_data, data_t *iv,
|
||||
data_t *input, data_t *expected_output,
|
||||
int mock_output_arg,
|
||||
int force_status_arg,
|
||||
int expected_status_arg )
|
||||
{
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_status_t status;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
@ -247,10 +247,10 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg ) );
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
@ -305,7 +305,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||
exit:
|
||||
psa_cipher_abort( &operation );
|
||||
mbedtls_free( output );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
|
||||
}
|
||||
@ -313,13 +313,13 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||
data_t *key, data_t *iv,
|
||||
data_t *key_data, data_t *iv,
|
||||
data_t *input,
|
||||
int first_part_size_arg,
|
||||
int output1_length_arg, int output2_length_arg,
|
||||
data_t *expected_output )
|
||||
{
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
size_t first_part_size = first_part_size_arg;
|
||||
@ -339,10 +339,10 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg ) );
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
@ -390,7 +390,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||
exit:
|
||||
psa_cipher_abort( &operation );
|
||||
mbedtls_free( output );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
|
||||
}
|
||||
@ -398,13 +398,13 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||
data_t *key, data_t *iv,
|
||||
data_t *key_data, data_t *iv,
|
||||
data_t *input,
|
||||
int first_part_size_arg,
|
||||
int output1_length_arg, int output2_length_arg,
|
||||
data_t *expected_output )
|
||||
{
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
size_t first_part_size = first_part_size_arg;
|
||||
@ -424,10 +424,10 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
|
||||
handle, alg ) );
|
||||
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
@ -477,7 +477,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||
exit:
|
||||
psa_cipher_abort( &operation );
|
||||
mbedtls_free( output );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
|
||||
}
|
||||
@ -485,13 +485,13 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||
data_t *key, data_t *iv,
|
||||
data_t *key_data, data_t *iv,
|
||||
data_t *input, data_t *expected_output,
|
||||
int mock_output_arg,
|
||||
int force_status_arg,
|
||||
int expected_status_arg )
|
||||
{
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_status_t status;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
@ -512,10 +512,10 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
|
||||
handle, alg ) );
|
||||
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
@ -569,7 +569,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||
exit:
|
||||
psa_cipher_abort( &operation );
|
||||
mbedtls_free( output );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
|
||||
}
|
||||
@ -577,10 +577,10 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
data_t *key, data_t *iv,
|
||||
data_t *key_data, data_t *iv,
|
||||
data_t *input )
|
||||
{
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_status_t status;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
@ -600,12 +600,12 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
/* Test setup call, encrypt */
|
||||
test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
|
||||
status = psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg );
|
||||
status = psa_cipher_encrypt_setup( &operation, key, alg );
|
||||
/* When setup fails, it shouldn't call any further entry points */
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
|
||||
@ -615,8 +615,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
|
||||
|
||||
/* Test setup call failure, decrypt */
|
||||
status = psa_cipher_decrypt_setup( &operation,
|
||||
handle, alg );
|
||||
status = psa_cipher_decrypt_setup( &operation, key, alg );
|
||||
/* When setup fails, it shouldn't call any further entry points */
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
|
||||
@ -627,8 +626,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
|
||||
/* Test IV setting failure */
|
||||
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
|
||||
status = psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg );
|
||||
status = psa_cipher_encrypt_setup( &operation, key, alg );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
@ -650,8 +648,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
|
||||
/* Test IV generation failure */
|
||||
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
|
||||
status = psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg );
|
||||
status = psa_cipher_encrypt_setup( &operation, key, alg );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
@ -673,8 +670,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
|
||||
/* Test update failure */
|
||||
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
|
||||
status = psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg );
|
||||
status = psa_cipher_encrypt_setup( &operation, key, alg );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
@ -704,8 +700,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
|
||||
/* Test finish failure */
|
||||
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
|
||||
status = psa_cipher_encrypt_setup( &operation,
|
||||
handle, alg );
|
||||
status = psa_cipher_encrypt_setup( &operation, key, alg );
|
||||
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
|
||||
test_driver_cipher_hooks.hits = 0;
|
||||
@ -744,7 +739,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
exit:
|
||||
psa_cipher_abort( &operation );
|
||||
mbedtls_free( output );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
PSA_DONE( );
|
||||
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
|
||||
}
|
||||
|
@ -185,7 +185,7 @@ void validate_module_init_key_based( int count )
|
||||
psa_status_t status;
|
||||
uint8_t data[10] = { 0 };
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
||||
mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
||||
int i;
|
||||
|
||||
for( i = 0; i < count; i++ )
|
||||
@ -195,9 +195,9 @@ void validate_module_init_key_based( int count )
|
||||
PSA_DONE( );
|
||||
}
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
status = psa_import_key( &attributes, data, sizeof( data ), &handle );
|
||||
status = psa_import_key( &attributes, data, sizeof( data ), &key );
|
||||
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
|
||||
TEST_ASSERT( psa_key_handle_is_null( handle ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_is_null( key ) );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -117,7 +117,6 @@ exit:
|
||||
void save_large_persistent_key( int data_length_arg, int expected_status )
|
||||
{
|
||||
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
uint8_t *data = NULL;
|
||||
size_t data_length = data_length_arg;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
@ -129,11 +128,11 @@ void save_large_persistent_key( int data_length_arg, int expected_status )
|
||||
psa_set_key_id( &attributes, key_id );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
|
||||
TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ),
|
||||
TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ),
|
||||
expected_status );
|
||||
|
||||
if( expected_status == PSA_SUCCESS )
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( key_id ) );
|
||||
|
||||
exit:
|
||||
mbedtls_free( data );
|
||||
@ -149,7 +148,7 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart,
|
||||
{
|
||||
mbedtls_svc_key_id_t key_id =
|
||||
mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
|
||||
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
@ -160,24 +159,21 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart,
|
||||
psa_set_key_type( &attributes, first_type );
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len,
|
||||
&handle ) );
|
||||
&returned_key_id ) );
|
||||
|
||||
if( restart )
|
||||
{
|
||||
psa_close_key( handle );
|
||||
psa_close_key( key_id );
|
||||
PSA_DONE();
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
PSA_ASSERT( psa_open_key( key_id, &handle ) );
|
||||
}
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
|
||||
|
||||
/* Destroy the key */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( key_id ) );
|
||||
|
||||
/* Check key slot storage is removed */
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
|
||||
TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_ASSERT( psa_key_handle_is_null( handle ) );
|
||||
|
||||
/* Shutdown and restart */
|
||||
PSA_DONE();
|
||||
@ -187,9 +183,9 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart,
|
||||
psa_set_key_id( &attributes, key_id );
|
||||
psa_set_key_type( &attributes, second_type );
|
||||
PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len,
|
||||
&handle ) );
|
||||
&returned_key_id ) );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( key_id ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE();
|
||||
@ -203,42 +199,44 @@ void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg,
|
||||
{
|
||||
mbedtls_svc_key_id_t key_id =
|
||||
mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
|
||||
mbedtls_svc_key_id_t returned_key_id;
|
||||
psa_key_type_t type = (psa_key_type_t) type_arg;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
|
||||
psa_set_key_id( &attributes, key_id );
|
||||
psa_set_key_type( &attributes, type );
|
||||
TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ),
|
||||
TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ),
|
||||
expected_status );
|
||||
|
||||
if( expected_status != PSA_SUCCESS )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) );
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) );
|
||||
|
||||
if( restart )
|
||||
{
|
||||
psa_close_key( handle );
|
||||
PSA_ASSERT( psa_purge_key( key_id ) );
|
||||
PSA_DONE();
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
PSA_ASSERT( psa_open_key( key_id, &handle ) );
|
||||
}
|
||||
|
||||
psa_reset_key_attributes( &attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
psa_get_key_id( &attributes ), key_id ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ),
|
||||
key_id ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||
PSA_KEY_LIFETIME_PERSISTENT );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
|
||||
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( key_id ) );
|
||||
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
@ -254,7 +252,7 @@ void import_export_persistent_key( data_t *data, int type_arg,
|
||||
{
|
||||
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
|
||||
psa_key_type_t type = (psa_key_type_t) type_arg;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
unsigned char *exported = NULL;
|
||||
size_t export_size = data->len;
|
||||
size_t exported_length;
|
||||
@ -269,20 +267,20 @@ void import_export_persistent_key( data_t *data, int type_arg,
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
|
||||
/* Import the key */
|
||||
PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
|
||||
PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
|
||||
&returned_key_id ) );
|
||||
|
||||
|
||||
if( restart )
|
||||
{
|
||||
psa_close_key( handle );
|
||||
PSA_ASSERT( psa_purge_key( key_id ) );
|
||||
PSA_DONE();
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
PSA_ASSERT( psa_open_key( key_id, &handle ) );
|
||||
}
|
||||
|
||||
/* Test the key information */
|
||||
psa_reset_key_attributes( &attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
psa_get_key_id( &attributes ), key_id ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||
@ -299,13 +297,13 @@ void import_export_persistent_key( data_t *data, int type_arg,
|
||||
psa_destroy_persistent_key( key_id );
|
||||
}
|
||||
/* Export the key */
|
||||
PSA_ASSERT( psa_export_key( handle, exported, export_size,
|
||||
PSA_ASSERT( psa_export_key( key_id, exported, export_size,
|
||||
&exported_length ) );
|
||||
|
||||
ASSERT_COMPARE( data->x, data->len, exported, exported_length );
|
||||
|
||||
/* Destroy the key */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( key_id ) );
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
|
||||
|
||||
exit:
|
||||
|
@ -367,7 +367,7 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context,
|
||||
size_t *data_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_handle_t handle;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
(void) context;
|
||||
@ -379,11 +379,11 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context,
|
||||
status = psa_import_key( &attributes,
|
||||
ram_slots[slot_number].content,
|
||||
PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ),
|
||||
&handle );
|
||||
&key );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_export_public_key( handle, data, data_size, data_length );
|
||||
psa_destroy_key( handle );
|
||||
status = psa_export_public_key( key, data, data_size, data_length );
|
||||
psa_destroy_key( key );
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
@ -450,7 +450,7 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context,
|
||||
{
|
||||
ram_slot_t *slot;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||
|
||||
(void) context;
|
||||
@ -463,13 +463,13 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context,
|
||||
DRIVER_ASSERT( psa_import_key( &attributes,
|
||||
slot->content,
|
||||
PSA_BITS_TO_BYTES( slot->bits ),
|
||||
&handle ) == PSA_SUCCESS );
|
||||
status = psa_sign_hash( handle, alg,
|
||||
&key ) == PSA_SUCCESS );
|
||||
status = psa_sign_hash( key, alg,
|
||||
hash, hash_length,
|
||||
signature, signature_size, signature_length );
|
||||
|
||||
exit:
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
return( status );
|
||||
}
|
||||
|
||||
@ -483,7 +483,7 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context,
|
||||
{
|
||||
ram_slot_t *slot;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||
|
||||
(void) context;
|
||||
@ -496,20 +496,18 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context,
|
||||
DRIVER_ASSERT( psa_import_key( &attributes,
|
||||
slot->content,
|
||||
PSA_BITS_TO_BYTES( slot->bits ),
|
||||
&handle ) ==
|
||||
&key ) ==
|
||||
PSA_SUCCESS );
|
||||
status = psa_verify_hash( handle, alg,
|
||||
status = psa_verify_hash( key, alg,
|
||||
hash, hash_length,
|
||||
signature, signature_length );
|
||||
|
||||
exit:
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( key );
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Other test helper functions */
|
||||
/****************************************************************/
|
||||
@ -524,13 +522,13 @@ typedef enum
|
||||
/* Check that the attributes of a key reported by psa_get_key_attributes()
|
||||
* are consistent with the attributes used when creating the key. */
|
||||
static int check_key_attributes(
|
||||
psa_key_handle_t handle,
|
||||
mbedtls_svc_key_id_t key,
|
||||
const psa_key_attributes_t *reference_attributes )
|
||||
{
|
||||
int ok = 0;
|
||||
psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
psa_get_key_id( &actual_attributes ),
|
||||
@ -654,7 +652,7 @@ static int is_status_smoke_free( psa_status_t status )
|
||||
* mostly bogus parameters: the goal is to ensure that there is no memory
|
||||
* corruption or crash. This test function is most useful when run under
|
||||
* an environment with sanity checks such as ASan or MSan. */
|
||||
static int smoke_test_key( psa_key_handle_t handle )
|
||||
static int smoke_test_key( mbedtls_svc_key_id_t key )
|
||||
{
|
||||
int ok = 0;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
@ -664,54 +662,54 @@ static int smoke_test_key( psa_key_handle_t handle )
|
||||
PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||
uint8_t buffer[80]; /* large enough for a public key for ECDH */
|
||||
size_t length;
|
||||
psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
|
||||
SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||
|
||||
SMOKE_ASSERT( psa_export_key( handle,
|
||||
SMOKE_ASSERT( psa_export_key( key,
|
||||
buffer, sizeof( buffer ), &length ) );
|
||||
SMOKE_ASSERT( psa_export_public_key( handle,
|
||||
SMOKE_ASSERT( psa_export_public_key( key,
|
||||
buffer, sizeof( buffer ), &length ) );
|
||||
|
||||
SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) );
|
||||
if( ! psa_key_handle_is_null( handle2 ) )
|
||||
PSA_ASSERT( psa_close_key( handle2 ) );
|
||||
SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) );
|
||||
if( ! mbedtls_svc_key_id_is_null( key2 ) )
|
||||
PSA_ASSERT( psa_destroy_key( key2 ) );
|
||||
|
||||
SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) );
|
||||
SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) );
|
||||
PSA_ASSERT( psa_mac_abort( &mac_operation ) );
|
||||
SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, handle,
|
||||
SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key,
|
||||
PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) );
|
||||
PSA_ASSERT( psa_mac_abort( &mac_operation ) );
|
||||
|
||||
SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, handle,
|
||||
SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key,
|
||||
PSA_ALG_CTR ) );
|
||||
PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
|
||||
SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, handle,
|
||||
SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key,
|
||||
PSA_ALG_CTR ) );
|
||||
PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
|
||||
|
||||
SMOKE_ASSERT( psa_aead_encrypt( handle, PSA_ALG_CCM,
|
||||
SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM,
|
||||
buffer, sizeof( buffer ),
|
||||
NULL, 0,
|
||||
buffer, sizeof( buffer),
|
||||
buffer, sizeof( buffer), &length ) );
|
||||
SMOKE_ASSERT( psa_aead_decrypt( handle, PSA_ALG_CCM,
|
||||
SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM,
|
||||
buffer, sizeof( buffer ),
|
||||
NULL, 0,
|
||||
buffer, sizeof( buffer),
|
||||
buffer, sizeof( buffer), &length ) );
|
||||
|
||||
SMOKE_ASSERT( psa_sign_hash( handle, PSA_ALG_ECDSA_ANY,
|
||||
SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY,
|
||||
buffer, 32,
|
||||
buffer, sizeof( buffer ), &length ) );
|
||||
SMOKE_ASSERT( psa_verify_hash( handle, PSA_ALG_ECDSA_ANY,
|
||||
SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY,
|
||||
buffer, 32,
|
||||
buffer, sizeof( buffer ) ) );
|
||||
|
||||
SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
buffer, 10, NULL, 0,
|
||||
buffer, sizeof( buffer ), &length ) );
|
||||
SMOKE_ASSERT( psa_asymmetric_decrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
buffer, sizeof( buffer ), NULL, 0,
|
||||
buffer, sizeof( buffer ), &length ) );
|
||||
|
||||
@ -724,12 +722,12 @@ static int smoke_test_key( psa_key_handle_t handle )
|
||||
NULL, 0 ) );
|
||||
SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation,
|
||||
PSA_KEY_DERIVATION_INPUT_SECRET,
|
||||
handle ) );
|
||||
key ) );
|
||||
PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
|
||||
|
||||
/* If the key is asymmetric, try it in a key agreement, both as
|
||||
* part of a derivation operation and standalone. */
|
||||
if( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ) ==
|
||||
if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) ==
|
||||
PSA_SUCCESS )
|
||||
{
|
||||
psa_algorithm_t alg =
|
||||
@ -742,11 +740,11 @@ static int smoke_test_key( psa_key_handle_t handle )
|
||||
SMOKE_ASSERT( psa_key_derivation_key_agreement(
|
||||
&derivation_operation,
|
||||
PSA_KEY_DERIVATION_INPUT_SECRET,
|
||||
handle, buffer, length ) );
|
||||
key, buffer, length ) );
|
||||
PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
|
||||
|
||||
SMOKE_ASSERT( psa_raw_key_agreement(
|
||||
alg, handle, buffer, length,
|
||||
alg, key, buffer, length,
|
||||
buffer, sizeof( buffer ), &length ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
@ -880,7 +878,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
|
||||
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_handle_t handle;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
uint8_t exported[sizeof( key_material )];
|
||||
@ -909,7 +908,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
&returned_id ) );
|
||||
|
||||
|
||||
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
|
||||
@ -940,7 +939,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
|
||||
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
|
||||
{
|
||||
/* Check that the PSA core has no knowledge of the volatile key */
|
||||
TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_ASSERT( psa_open_key( returned_id, &handle ) ==
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
/* Drop data from our mockup driver */
|
||||
ram_slots_reset();
|
||||
@ -948,20 +948,16 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
|
||||
|
||||
/* Re-import key */
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
key_material, sizeof( key_material ),
|
||||
&returned_id ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
/* Check we can re-open the persistent key */
|
||||
/* Check the persistent key file */
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
|
||||
/* Check that the PSA core still knows about the key */
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -972,24 +968,23 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
|
||||
psa_set_key_bits( &attributes,
|
||||
PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
|
||||
psa_set_key_slot_number( &attributes, min_slot );
|
||||
psa_set_key_id( &attributes, handle );
|
||||
if( ! check_key_attributes( handle, &attributes ) )
|
||||
psa_set_key_id( &attributes, returned_id );
|
||||
if( ! check_key_attributes( returned_id, &attributes ) )
|
||||
goto exit;
|
||||
|
||||
/* Test the key data. */
|
||||
PSA_ASSERT( psa_export_key( handle,
|
||||
PSA_ASSERT( psa_export_key( returned_id,
|
||||
exported, sizeof( exported ),
|
||||
&exported_length ) );
|
||||
ASSERT_COMPARE( key_material, sizeof( key_material ),
|
||||
exported, exported_length );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
handle = PSA_KEY_HANDLE_INIT;
|
||||
PSA_ASSERT( psa_destroy_key( returned_id ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
TEST_EQUAL( psa_open_key( id, &handle ),
|
||||
TEST_EQUAL( psa_open_key( returned_id, &handle ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
/* Test that the key has been erased from the designated slot. */
|
||||
@ -1015,7 +1010,8 @@ void key_creation_in_chosen_slot( int slot_arg,
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_handle_t handle;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
|
||||
@ -1042,7 +1038,7 @@ void key_creation_in_chosen_slot( int slot_arg,
|
||||
psa_set_key_slot_number( &attributes, wanted_slot );
|
||||
status = psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle );
|
||||
&returned_id );
|
||||
TEST_EQUAL( status, expected_status );
|
||||
|
||||
if( status != PSA_SUCCESS )
|
||||
@ -1062,7 +1058,6 @@ void key_creation_in_chosen_slot( int slot_arg,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
}
|
||||
|
||||
/* Test that the key was created in the expected slot. */
|
||||
@ -1070,16 +1065,14 @@ void key_creation_in_chosen_slot( int slot_arg,
|
||||
|
||||
/* Test that the key is reported with the correct attributes,
|
||||
* including the expected slot. */
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
handle = PSA_KEY_HANDLE_INIT;
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
TEST_EQUAL( psa_open_key( id, &handle ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -1099,7 +1092,8 @@ void import_key_smoke( int type_arg, int alg_arg,
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_handle_t handle;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
TEST_USES_KEY_ID( id );
|
||||
@ -1127,13 +1121,13 @@ void import_key_smoke( int type_arg, int alg_arg,
|
||||
psa_set_key_type( &attributes, type );
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material->x, key_material->len,
|
||||
&handle ) );
|
||||
&returned_id ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&shadow_counter, sizeof( shadow_counter ) ) )
|
||||
goto exit;
|
||||
|
||||
/* Do stuff with the key. */
|
||||
if( ! smoke_test_key( handle ) )
|
||||
if( ! smoke_test_key( id ) )
|
||||
goto exit;
|
||||
|
||||
/* Restart and try again. */
|
||||
@ -1143,18 +1137,15 @@ void import_key_smoke( int type_arg, int alg_arg,
|
||||
if( ! check_persistent_data( location,
|
||||
&shadow_counter, sizeof( shadow_counter ) ) )
|
||||
goto exit;
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
if( ! smoke_test_key( handle ) )
|
||||
if( ! smoke_test_key( id ) )
|
||||
goto exit;
|
||||
|
||||
/* We're done. */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
handle = PSA_KEY_HANDLE_INIT;
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&shadow_counter, sizeof( shadow_counter ) ) )
|
||||
goto exit;
|
||||
TEST_EQUAL( psa_open_key( id, &handle ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -1173,7 +1164,7 @@ void generate_key_not_supported( int type_arg, int bits_arg )
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
TEST_USES_KEY_ID( id );
|
||||
@ -1193,7 +1184,7 @@ void generate_key_not_supported( int type_arg, int bits_arg )
|
||||
psa_set_key_lifetime( &attributes, lifetime );
|
||||
psa_set_key_type( &attributes, type );
|
||||
psa_set_key_bits( &attributes, bits );
|
||||
TEST_EQUAL( psa_generate_key( &attributes, &handle ),
|
||||
TEST_EQUAL( psa_generate_key( &attributes, &returned_id ),
|
||||
PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
exit:
|
||||
@ -1214,7 +1205,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_handle_t handle;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
TEST_USES_KEY_ID( id );
|
||||
@ -1241,13 +1233,13 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, type );
|
||||
psa_set_key_bits( &attributes, bits );
|
||||
PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
|
||||
PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&shadow_counter, sizeof( shadow_counter ) ) )
|
||||
goto exit;
|
||||
|
||||
/* Do stuff with the key. */
|
||||
if( ! smoke_test_key( handle ) )
|
||||
if( ! smoke_test_key( id ) )
|
||||
goto exit;
|
||||
|
||||
/* Restart and try again. */
|
||||
@ -1257,18 +1249,15 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
|
||||
if( ! check_persistent_data( location,
|
||||
&shadow_counter, sizeof( shadow_counter ) ) )
|
||||
goto exit;
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
if( ! smoke_test_key( handle ) )
|
||||
if( ! smoke_test_key( id ) )
|
||||
goto exit;
|
||||
|
||||
/* We're done. */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
handle = PSA_KEY_HANDLE_INIT;
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&shadow_counter, sizeof( shadow_counter ) ) )
|
||||
goto exit;
|
||||
TEST_EQUAL( psa_open_key( id, &handle ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -1296,8 +1285,8 @@ void sign_verify( int flow,
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t drv_handle = PSA_KEY_HANDLE_INIT; /* key managed by the driver */
|
||||
psa_key_handle_t sw_handle = PSA_KEY_HANDLE_INIT; /* transparent key */
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t drv_attributes;
|
||||
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
|
||||
@ -1352,11 +1341,11 @@ void sign_verify( int flow,
|
||||
if( generating )
|
||||
{
|
||||
psa_set_key_bits( &drv_attributes, bits );
|
||||
PSA_ASSERT( psa_generate_key( &drv_attributes, &drv_handle ) );
|
||||
PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) );
|
||||
/* Since we called a generate method that does not actually
|
||||
* generate material, store the desired result of generation in
|
||||
* the mock secure element storage. */
|
||||
PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) );
|
||||
TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) );
|
||||
memcpy( ram_slots[ram_min_slot].content, key_material->x,
|
||||
key_material->len );
|
||||
@ -1365,7 +1354,7 @@ void sign_verify( int flow,
|
||||
{
|
||||
PSA_ASSERT( psa_import_key( &drv_attributes,
|
||||
key_material->x, key_material->len,
|
||||
&drv_handle ) );
|
||||
&returned_id ) );
|
||||
}
|
||||
|
||||
/* Either import the same key in software, or export the driver's
|
||||
@ -1376,20 +1365,20 @@ void sign_verify( int flow,
|
||||
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
|
||||
PSA_ASSERT( psa_import_key( &sw_attributes,
|
||||
key_material->x, key_material->len,
|
||||
&sw_handle ) );
|
||||
&sw_key ) );
|
||||
break;
|
||||
case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
|
||||
{
|
||||
uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )];
|
||||
size_t public_key_length;
|
||||
PSA_ASSERT( psa_export_public_key( drv_handle,
|
||||
PSA_ASSERT( psa_export_public_key( id,
|
||||
public_key, sizeof( public_key ),
|
||||
&public_key_length ) );
|
||||
psa_set_key_type( &sw_attributes,
|
||||
PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) );
|
||||
PSA_ASSERT( psa_import_key( &sw_attributes,
|
||||
public_key, public_key_length,
|
||||
&sw_handle ) );
|
||||
&sw_key ) );
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -1400,16 +1389,14 @@ void sign_verify( int flow,
|
||||
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
|
||||
case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
|
||||
PSA_ASSERT_VIA_DRIVER(
|
||||
psa_sign_hash( drv_handle,
|
||||
alg,
|
||||
psa_sign_hash( id, alg,
|
||||
input->x, input->len,
|
||||
signature, sizeof( signature ),
|
||||
&signature_length ),
|
||||
PSA_SUCCESS );
|
||||
break;
|
||||
case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
|
||||
PSA_ASSERT( psa_sign_hash( sw_handle,
|
||||
alg,
|
||||
PSA_ASSERT( psa_sign_hash( sw_key, alg,
|
||||
input->x, input->len,
|
||||
signature, sizeof( signature ),
|
||||
&signature_length ) );
|
||||
@ -1417,30 +1404,30 @@ void sign_verify( int flow,
|
||||
}
|
||||
|
||||
/* Verify with both keys. */
|
||||
PSA_ASSERT( psa_verify_hash( sw_handle, alg,
|
||||
PSA_ASSERT( psa_verify_hash( sw_key, alg,
|
||||
input->x, input->len,
|
||||
signature, signature_length ) );
|
||||
PSA_ASSERT_VIA_DRIVER(
|
||||
psa_verify_hash( drv_handle, alg,
|
||||
psa_verify_hash( id, alg,
|
||||
input->x, input->len,
|
||||
signature, signature_length ),
|
||||
PSA_SUCCESS );
|
||||
|
||||
/* Change the signature and verify again. */
|
||||
signature[0] ^= 1;
|
||||
TEST_EQUAL( psa_verify_hash( sw_handle, alg,
|
||||
TEST_EQUAL( psa_verify_hash( sw_key, alg,
|
||||
input->x, input->len,
|
||||
signature, signature_length ),
|
||||
PSA_ERROR_INVALID_SIGNATURE );
|
||||
PSA_ASSERT_VIA_DRIVER(
|
||||
psa_verify_hash( drv_handle, alg,
|
||||
psa_verify_hash( id, alg,
|
||||
input->x, input->len,
|
||||
signature, signature_length ),
|
||||
PSA_ERROR_INVALID_SIGNATURE );
|
||||
|
||||
exit:
|
||||
psa_destroy_key( drv_handle );
|
||||
psa_destroy_key( sw_handle );
|
||||
psa_destroy_key( id );
|
||||
psa_destroy_key( sw_key );
|
||||
PSA_DONE( );
|
||||
ram_slots_reset( );
|
||||
psa_purge_storage( );
|
||||
@ -1461,9 +1448,9 @@ void register_key_smoke_test( int lifetime_arg,
|
||||
psa_drv_se_key_management_t key_management;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
|
||||
psa_key_handle_t handle;
|
||||
size_t bit_size = 48;
|
||||
psa_key_slot_number_t wanted_slot = 0x123456789;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_status_t status;
|
||||
|
||||
TEST_USES_KEY_ID( id );
|
||||
@ -1499,10 +1486,8 @@ void register_key_smoke_test( int lifetime_arg,
|
||||
goto exit;
|
||||
|
||||
/* Test that the key exists and has the expected attributes. */
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
if( ! check_key_attributes( handle, &attributes ) )
|
||||
if( ! check_key_attributes( id, &attributes ) )
|
||||
goto exit;
|
||||
PSA_ASSERT( psa_close_key( handle ) );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
||||
mbedtls_svc_key_id_t invalid_id =
|
||||
@ -1510,22 +1495,21 @@ void register_key_smoke_test( int lifetime_arg,
|
||||
TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
#endif
|
||||
|
||||
PSA_ASSERT( psa_purge_key( id ) );
|
||||
|
||||
/* Restart and try again. */
|
||||
PSA_DONE( );
|
||||
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
if( ! check_key_attributes( handle, &attributes ) )
|
||||
if( ! check_key_attributes( id, &attributes ) )
|
||||
goto exit;
|
||||
/* This time, destroy the key. */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
handle = PSA_KEY_HANDLE_INIT;
|
||||
TEST_EQUAL( psa_open_key( id, &handle ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_destroy_key( handle );
|
||||
psa_destroy_key( id );
|
||||
PSA_DONE( );
|
||||
psa_purge_storage( );
|
||||
memset( &validate_slot_number_directions, 0,
|
||||
|
@ -333,7 +333,7 @@ void mock_import( int mock_alloc_return_value,
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
|
||||
@ -357,7 +357,7 @@ void mock_import( int mock_alloc_return_value,
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
TEST_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) == expected_result );
|
||||
&returned_id ) == expected_result );
|
||||
|
||||
TEST_ASSERT( mock_allocate_data.called == 1 );
|
||||
TEST_ASSERT( mock_import_data.called ==
|
||||
@ -385,7 +385,7 @@ void mock_import( int mock_alloc_return_value,
|
||||
|
||||
if( expected_result == PSA_SUCCESS )
|
||||
{
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
TEST_ASSERT( mock_destroy_data.called == 1 );
|
||||
}
|
||||
exit:
|
||||
@ -402,7 +402,7 @@ void mock_export( int mock_export_return_value, int expected_result )
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
uint8_t exported[sizeof( key_material )];
|
||||
@ -428,15 +428,15 @@ void mock_export( int mock_export_return_value, int expected_result )
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
&returned_id ) );
|
||||
|
||||
TEST_ASSERT( psa_export_key( handle,
|
||||
exported, sizeof( exported ),
|
||||
&exported_length ) == expected_result );
|
||||
TEST_ASSERT( psa_export_key( id,
|
||||
exported, sizeof( exported ),
|
||||
&exported_length ) == expected_result );
|
||||
|
||||
TEST_ASSERT( mock_export_data.called == 1 );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
|
||||
TEST_ASSERT( mock_destroy_data.called == 1 );
|
||||
|
||||
@ -456,7 +456,7 @@ void mock_generate( int mock_alloc_return_value,
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
mock_allocate_data.return_value = mock_alloc_return_value;
|
||||
@ -477,7 +477,7 @@ void mock_generate( int mock_alloc_return_value,
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
psa_set_key_bits( &attributes, 8 );
|
||||
TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result );
|
||||
TEST_ASSERT( psa_generate_key( &attributes, &returned_id) == expected_result );
|
||||
TEST_ASSERT( mock_allocate_data.called == 1 );
|
||||
TEST_ASSERT( mock_generate_data.called ==
|
||||
( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
|
||||
@ -504,7 +504,7 @@ void mock_generate( int mock_alloc_return_value,
|
||||
|
||||
if( expected_result == PSA_SUCCESS )
|
||||
{
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
TEST_ASSERT( mock_destroy_data.called == 1 );
|
||||
}
|
||||
|
||||
@ -523,7 +523,7 @@ void mock_export_public( int mock_export_public_return_value,
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
uint8_t exported[sizeof( key_material )];
|
||||
@ -549,13 +549,13 @@ void mock_export_public( int mock_export_public_return_value,
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
&returned_id ) );
|
||||
|
||||
TEST_ASSERT( psa_export_public_key( handle, exported, sizeof(exported),
|
||||
TEST_ASSERT( psa_export_public_key( id, exported, sizeof(exported),
|
||||
&exported_length ) == expected_result );
|
||||
TEST_ASSERT( mock_export_public_data.called == 1 );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
TEST_ASSERT( mock_destroy_data.called == 1 );
|
||||
|
||||
exit:
|
||||
@ -573,7 +573,7 @@ void mock_sign( int mock_sign_return_value, int expected_result )
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
|
||||
@ -607,16 +607,16 @@ void mock_sign( int mock_sign_return_value, int expected_result )
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
&returned_id ) );
|
||||
|
||||
TEST_ASSERT( psa_sign_hash( handle, algorithm,
|
||||
TEST_ASSERT( psa_sign_hash( id, algorithm,
|
||||
hash, sizeof( hash ),
|
||||
signature, sizeof( signature ),
|
||||
&signature_length)
|
||||
== expected_result );
|
||||
TEST_ASSERT( mock_sign_data.called == 1 );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
TEST_ASSERT( mock_destroy_data.called == 1 );
|
||||
|
||||
exit:
|
||||
@ -634,7 +634,7 @@ void mock_verify( int mock_verify_return_value, int expected_result )
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
|
||||
@ -667,15 +667,15 @@ void mock_verify( int mock_verify_return_value, int expected_result )
|
||||
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
&returned_id ) );
|
||||
|
||||
TEST_ASSERT( psa_verify_hash( handle, algorithm,
|
||||
TEST_ASSERT( psa_verify_hash( id, algorithm,
|
||||
hash, sizeof( hash ),
|
||||
signature, sizeof( signature ) )
|
||||
== expected_result );
|
||||
TEST_ASSERT( mock_verify_data.called == 1 );
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( id ) );
|
||||
TEST_ASSERT( mock_destroy_data.called == 1 );
|
||||
|
||||
exit:
|
||||
|
@ -164,5 +164,5 @@ invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT
|
||||
invalid handle: huge
|
||||
invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE
|
||||
|
||||
Open many transient handles
|
||||
many_transient_handles:42
|
||||
Open many transient keys
|
||||
many_transient_keys:42
|
||||
|
@ -7,11 +7,11 @@
|
||||
|
||||
typedef enum
|
||||
{
|
||||
CLOSE_BY_CLOSE, /**< Close the handle(s). */
|
||||
CLOSE_BY_DESTROY, /**< Destroy the handle(s). */
|
||||
CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */
|
||||
CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */
|
||||
CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */
|
||||
CLOSE_BY_CLOSE, /**< Close key(s). */
|
||||
CLOSE_BY_DESTROY, /**< Destroy key(s) */
|
||||
CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing keys. */
|
||||
CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close key(s) then deinit/reinit. */
|
||||
CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy key(s) then deinit/reinit. */
|
||||
} close_method_t;
|
||||
|
||||
typedef enum
|
||||
@ -74,21 +74,22 @@ static void psa_purge_key_storage( void )
|
||||
#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
|
||||
/** Apply \p close_method to invalidate the specified handles:
|
||||
/** Apply \p close_method to invalidate the specified key:
|
||||
* close it, destroy it, or do nothing;
|
||||
*/
|
||||
static int invalidate_handle( close_method_t close_method,
|
||||
psa_key_handle_t handle )
|
||||
static int invalidate_key( close_method_t close_method,
|
||||
mbedtls_svc_key_id_t key )
|
||||
{
|
||||
switch( close_method )
|
||||
{
|
||||
/* Closing the key invalidate only volatile keys, not permanent ones. */
|
||||
case CLOSE_BY_CLOSE:
|
||||
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
|
||||
PSA_ASSERT( psa_close_key( handle ) );
|
||||
PSA_ASSERT( psa_close_key( key ) );
|
||||
break;
|
||||
case CLOSE_BY_DESTROY:
|
||||
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( key ) );
|
||||
break;
|
||||
case CLOSE_BY_SHUTDOWN:
|
||||
break;
|
||||
@ -142,7 +143,7 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg,
|
||||
psa_key_usage_t usage_flags = usage_arg;
|
||||
psa_key_type_t type = type_arg;
|
||||
close_method_t close_method = close_method_arg;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
@ -152,21 +153,21 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, type );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&handle ) );
|
||||
TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
&key ) );
|
||||
TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
|
||||
/* Do something that invalidates the handle. */
|
||||
if( ! invalidate_handle( close_method, handle ) )
|
||||
/* Do something that invalidates the key. */
|
||||
if( ! invalidate_key( close_method, key ) )
|
||||
goto exit;
|
||||
if( ! invalidate_psa( close_method ) )
|
||||
goto exit;
|
||||
|
||||
/* Test that the handle is now invalid. */
|
||||
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
|
||||
/* Test that the key is now invalid. */
|
||||
TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -186,6 +187,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
psa_key_usage_t usage_flags = usage_arg;
|
||||
psa_key_type_t type = type_arg;
|
||||
close_method_t close_method = close_method_arg;
|
||||
mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
@ -195,14 +197,13 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
||||
mbedtls_svc_key_id_t wrong_owner_id =
|
||||
mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
|
||||
psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t invalid_svc_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif
|
||||
|
||||
TEST_USES_KEY_ID( id );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Get a handle and import a key. */
|
||||
psa_set_key_id( &attributes, id );
|
||||
psa_set_key_lifetime( &attributes, lifetime );
|
||||
psa_set_key_type( &attributes, type );
|
||||
@ -210,15 +211,15 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_enrollment_algorithm( &attributes, alg2 );
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&handle ) );
|
||||
TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
|
||||
&returned_id ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
||||
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
|
||||
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
#endif
|
||||
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
psa_get_key_id( &attributes ), id ) );
|
||||
@ -227,15 +228,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
|
||||
/* Close the key and reopen it. */
|
||||
PSA_ASSERT( psa_close_key( handle ) );
|
||||
/* Close the key and then open it. */
|
||||
PSA_ASSERT( psa_close_key( id ) );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
||||
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
|
||||
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
#endif
|
||||
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
@ -245,13 +247,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
|
||||
/* Do something that invalidates the handle. */
|
||||
if( ! invalidate_handle( close_method, handle ) )
|
||||
/*
|
||||
* Do something that wipes key data in volatile memory or destroy the
|
||||
* key.
|
||||
*/
|
||||
if( ! invalidate_key( close_method, id ) )
|
||||
goto exit;
|
||||
if( ! invalidate_psa( close_method ) )
|
||||
goto exit;
|
||||
|
||||
/* Try to reopen the key. If we destroyed it, check that it doesn't
|
||||
/* Try to reaccess the key. If we destroyed it, check that it doesn't
|
||||
* exist. Otherwise check that it still exists and has the expected
|
||||
* content. */
|
||||
switch( close_method )
|
||||
@ -260,7 +265,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
|
||||
case CLOSE_BY_SHUTDOWN:
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||
psa_get_key_lifetime( &read_attributes ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
@ -278,17 +283,14 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
if( usage_flags & PSA_KEY_USAGE_EXPORT )
|
||||
{
|
||||
ASSERT_ALLOC( reexported, key_data->len );
|
||||
PSA_ASSERT( psa_export_key( handle,
|
||||
reexported, key_data->len,
|
||||
PSA_ASSERT( psa_export_key( id, reexported, key_data->len,
|
||||
&reexported_length ) );
|
||||
ASSERT_COMPARE( key_data->x, key_data->len,
|
||||
reexported, reexported_length );
|
||||
}
|
||||
else
|
||||
{
|
||||
TEST_EQUAL( psa_export_key( handle,
|
||||
NULL, 0,
|
||||
&reexported_length ),
|
||||
TEST_EQUAL( psa_export_key( id, NULL, 0, &reexported_length ),
|
||||
PSA_ERROR_NOT_PERMITTED );
|
||||
}
|
||||
PSA_ASSERT( psa_close_key( handle ) );
|
||||
@ -296,7 +298,14 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
|
||||
case CLOSE_BY_DESTROY:
|
||||
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
|
||||
TEST_EQUAL( psa_open_key( id, &handle ),
|
||||
/*
|
||||
* Test that the key handle and identifier are now not refering to an
|
||||
* existing key.
|
||||
*/
|
||||
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST );
|
||||
TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
break;
|
||||
}
|
||||
@ -314,8 +323,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
{
|
||||
psa_key_lifetime_t lifetime = lifetime_arg;
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
|
||||
psa_key_handle_t handle1 = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
|
||||
const uint8_t material1[5] = "a key";
|
||||
@ -336,26 +344,24 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, 0 );
|
||||
PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
|
||||
&handle1 ) );
|
||||
TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) );
|
||||
&returned_id ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) );
|
||||
|
||||
if( reopen_policy == CLOSE_BEFORE )
|
||||
PSA_ASSERT( psa_close_key( handle1 ) );
|
||||
PSA_ASSERT( psa_close_key( id ) );
|
||||
|
||||
/* Attempt to create a new key in the same slot. */
|
||||
TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
|
||||
&handle2 ),
|
||||
&returned_id ),
|
||||
PSA_ERROR_ALREADY_EXISTS );
|
||||
TEST_ASSERT( psa_key_handle_is_null( handle2 ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) );
|
||||
|
||||
if( reopen_policy == CLOSE_AFTER )
|
||||
PSA_ASSERT( psa_close_key( handle1 ) );
|
||||
if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
|
||||
PSA_ASSERT( psa_open_key( id, &handle1 ) );
|
||||
PSA_ASSERT( psa_close_key( id ) );
|
||||
|
||||
/* Check that the original key hasn't changed. */
|
||||
psa_reset_key_attributes( &attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
psa_get_key_id( &attributes ), id ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
||||
@ -364,13 +370,13 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg,
|
||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
|
||||
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||
|
||||
PSA_ASSERT( psa_export_key( handle1,
|
||||
PSA_ASSERT( psa_export_key( id,
|
||||
reexported, sizeof( reexported ),
|
||||
&reexported_length ) );
|
||||
ASSERT_COMPARE( material1, sizeof( material1 ),
|
||||
reexported, reexported_length );
|
||||
|
||||
PSA_ASSERT( psa_close_key( handle1 ) );
|
||||
PSA_ASSERT( psa_close_key( id ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -404,7 +410,8 @@ void create_fail( int lifetime_arg, int id_arg,
|
||||
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
||||
mbedtls_svc_key_id_t returned_id =
|
||||
mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
||||
uint8_t material[1] = {'k'};
|
||||
|
||||
TEST_USES_KEY_ID( id );
|
||||
@ -415,9 +422,9 @@ void create_fail( int lifetime_arg, int id_arg,
|
||||
psa_set_key_lifetime( &attributes, lifetime );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
|
||||
&handle ),
|
||||
&returned_id ),
|
||||
expected_status );
|
||||
TEST_ASSERT( psa_key_handle_is_null( handle ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -443,16 +450,17 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg );
|
||||
psa_key_usage_t source_usage = source_usage_arg;
|
||||
psa_algorithm_t source_alg = source_alg_arg;
|
||||
psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t source_type = type_arg;
|
||||
mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
||||
mbedtls_svc_key_id_t target_id =
|
||||
mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg );
|
||||
psa_key_usage_t target_usage = target_usage_arg;
|
||||
psa_algorithm_t target_alg = target_alg_arg;
|
||||
psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_usage_t expected_usage = expected_usage_arg;
|
||||
psa_algorithm_t expected_alg = expected_alg_arg;
|
||||
psa_algorithm_t expected_alg2 = expected_alg2_arg;
|
||||
@ -473,9 +481,10 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
|
||||
PSA_ASSERT( psa_import_key( &source_attributes,
|
||||
material->x, material->len,
|
||||
&source_handle ) );
|
||||
&returned_source_id ) );
|
||||
/* Update the attributes with the bit size. */
|
||||
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( returned_source_id,
|
||||
&source_attributes ) );
|
||||
|
||||
/* Prepare the target slot. */
|
||||
psa_set_key_id( &target_attributes, target_id );
|
||||
@ -486,11 +495,11 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
|
||||
|
||||
/* Copy the key. */
|
||||
PSA_ASSERT( psa_copy_key( source_handle,
|
||||
&target_attributes, &target_handle ) );
|
||||
PSA_ASSERT( psa_copy_key( returned_source_id,
|
||||
&target_attributes, &returned_target_id ) );
|
||||
|
||||
/* Destroy the source to ensure that this doesn't affect the target. */
|
||||
PSA_ASSERT( psa_destroy_key( source_handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( returned_source_id ) );
|
||||
|
||||
/* If the target key is persistent, restart the system to make
|
||||
* sure that the material is still alive. */
|
||||
@ -503,7 +512,8 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
|
||||
/* Test that the target slot has the expected content. */
|
||||
psa_reset_key_attributes( &target_attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( returned_target_id,
|
||||
&target_attributes ) );
|
||||
|
||||
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
||||
{
|
||||
@ -513,10 +523,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
else
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
||||
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ),
|
||||
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( returned_target_id ),
|
||||
target_owner_id_arg );
|
||||
#endif
|
||||
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 );
|
||||
}
|
||||
|
||||
TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
|
||||
@ -531,7 +540,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
{
|
||||
size_t length;
|
||||
ASSERT_ALLOC( export_buffer, material->len );
|
||||
PSA_ASSERT( psa_export_key( target_handle, export_buffer,
|
||||
PSA_ASSERT( psa_export_key( returned_target_id, export_buffer,
|
||||
material->len, &length ) );
|
||||
ASSERT_COMPARE( material->x, material->len,
|
||||
export_buffer, length );
|
||||
@ -540,12 +549,12 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
||||
{
|
||||
size_t length;
|
||||
/* Check that the key is actually non-exportable. */
|
||||
TEST_EQUAL( psa_export_key( target_handle, export_buffer,
|
||||
TEST_EQUAL( psa_export_key( returned_target_id, export_buffer,
|
||||
material->len, &length ),
|
||||
PSA_ERROR_NOT_PERMITTED );
|
||||
}
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( target_handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( returned_target_id ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -569,16 +578,16 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
mbedtls_svc_key_id_make( 1, source_id_arg );
|
||||
psa_key_usage_t source_usage = source_usage_arg;
|
||||
psa_algorithm_t source_alg = source_alg_arg;
|
||||
psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_type_t source_type = source_type_arg;
|
||||
mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
||||
mbedtls_svc_key_id_t target_id =
|
||||
mbedtls_svc_key_id_make( 1, target_id_arg );
|
||||
psa_key_usage_t target_usage = target_usage_arg;
|
||||
psa_algorithm_t target_alg = target_alg_arg;
|
||||
psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
|
||||
psa_key_type_t target_type = target_type_arg;
|
||||
psa_key_handle_t new_handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
||||
mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
mbedtls_svc_key_id_t new_key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
uint8_t *export_buffer = NULL;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
|
||||
@ -600,12 +609,12 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
psa_set_key_algorithm( &attributes, source_alg );
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
source_material->x, source_material->len,
|
||||
&source_handle ) );
|
||||
&returned_source_id ) );
|
||||
|
||||
/* Populate the target slot. */
|
||||
if( mbedtls_svc_key_id_equal( target_id, source_id ) )
|
||||
{
|
||||
target_handle = source_handle;
|
||||
returned_target_id = returned_source_id;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -616,20 +625,21 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
psa_set_key_algorithm( &attributes1, target_alg );
|
||||
PSA_ASSERT( psa_import_key( &attributes1,
|
||||
target_material->x, target_material->len,
|
||||
&target_handle ) );
|
||||
&returned_target_id ) );
|
||||
}
|
||||
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
|
||||
|
||||
PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes1 ) );
|
||||
|
||||
/* Make a copy attempt. */
|
||||
psa_set_key_id( &attributes, target_id );
|
||||
psa_set_key_lifetime( &attributes, target_lifetime );
|
||||
TEST_EQUAL( psa_copy_key( source_handle,
|
||||
&attributes, &new_handle ),
|
||||
TEST_EQUAL( psa_copy_key( returned_source_id,
|
||||
&attributes, &new_key ),
|
||||
PSA_ERROR_ALREADY_EXISTS );
|
||||
TEST_ASSERT( psa_key_handle_is_null( new_handle ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_is_null( new_key ) );
|
||||
|
||||
/* Test that the target slot is unaffected. */
|
||||
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes2 ) );
|
||||
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
||||
psa_get_key_id( &attributes1 ),
|
||||
psa_get_key_id( &attributes2 ) ) );
|
||||
@ -647,15 +657,15 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
{
|
||||
size_t length;
|
||||
ASSERT_ALLOC( export_buffer, target_material->len );
|
||||
PSA_ASSERT( psa_export_key( target_handle, export_buffer,
|
||||
PSA_ASSERT( psa_export_key( returned_target_id, export_buffer,
|
||||
target_material->len, &length ) );
|
||||
ASSERT_COMPARE( target_material->x, target_material->len,
|
||||
export_buffer, length );
|
||||
}
|
||||
|
||||
PSA_ASSERT( psa_destroy_key( source_handle ) );
|
||||
if( ! psa_key_handle_equal( target_handle, source_handle ) )
|
||||
PSA_ASSERT( psa_destroy_key( target_handle ) );
|
||||
PSA_ASSERT( psa_destroy_key( returned_source_id ) );
|
||||
if( ! mbedtls_svc_key_id_equal( target_id, source_id ) )
|
||||
PSA_ASSERT( psa_destroy_key( returned_target_id ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
@ -750,51 +760,51 @@ exit:
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void many_transient_handles( int max_handles_arg )
|
||||
void many_transient_keys( int max_keys_arg )
|
||||
{
|
||||
psa_key_handle_t *handles = NULL;
|
||||
size_t max_handles = max_handles_arg;
|
||||
mbedtls_svc_key_id_t *keys = NULL;
|
||||
size_t max_keys = max_keys_arg;
|
||||
size_t i, j;
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
uint8_t exported[sizeof( size_t )];
|
||||
size_t exported_length;
|
||||
|
||||
ASSERT_ALLOC( handles, max_handles );
|
||||
ASSERT_ALLOC( keys, max_keys );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, 0 );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
|
||||
for( i = 0; i < max_handles; i++ )
|
||||
for( i = 0; i < max_keys; i++ )
|
||||
{
|
||||
status = psa_import_key( &attributes,
|
||||
(uint8_t *) &i, sizeof( i ),
|
||||
&handles[i] );
|
||||
&keys[i] );
|
||||
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
|
||||
break;
|
||||
PSA_ASSERT( status );
|
||||
TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) );
|
||||
TEST_ASSERT( ! mbedtls_svc_key_id_is_null( keys[i] ) );
|
||||
for( j = 0; j < i; j++ )
|
||||
TEST_ASSERT( ! psa_key_handle_equal( handles[i], handles[j] ) );
|
||||
TEST_ASSERT( ! mbedtls_svc_key_id_equal( keys[i], keys[j] ) );
|
||||
}
|
||||
max_handles = i;
|
||||
max_keys = i;
|
||||
|
||||
for( i = 1; i < max_handles; i++ )
|
||||
for( i = 1; i < max_keys; i++ )
|
||||
{
|
||||
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
|
||||
PSA_ASSERT( psa_export_key( handles[i],
|
||||
PSA_ASSERT( psa_close_key( keys[i - 1] ) );
|
||||
PSA_ASSERT( psa_export_key( keys[i],
|
||||
exported, sizeof( exported ),
|
||||
&exported_length ) );
|
||||
ASSERT_COMPARE( exported, exported_length,
|
||||
(uint8_t *) &i, sizeof( i ) );
|
||||
}
|
||||
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
|
||||
PSA_ASSERT( psa_close_key( keys[i - 1] ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
mbedtls_free( handles );
|
||||
mbedtls_free( keys );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -161,7 +161,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
|
||||
int cert_type )
|
||||
{
|
||||
mbedtls_pk_context key;
|
||||
psa_key_handle_t slot = PSA_KEY_HANDLE_INIT;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_algorithm_t md_alg_psa;
|
||||
mbedtls_x509write_csr req;
|
||||
unsigned char buf[4096];
|
||||
@ -178,7 +178,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
|
||||
|
||||
mbedtls_pk_init( &key );
|
||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
|
||||
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
|
||||
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
|
||||
|
||||
mbedtls_x509write_csr_init( &req );
|
||||
mbedtls_x509write_csr_set_md_alg( &req, md_type );
|
||||
@ -202,7 +202,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
|
||||
exit:
|
||||
mbedtls_x509write_csr_free( &req );
|
||||
mbedtls_pk_free( &key );
|
||||
psa_destroy_key( slot );
|
||||
psa_destroy_key( key_id );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
Loading…
Reference in New Issue
Block a user