mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 13:25:43 +01:00
Merge pull request #263 from ARMmbed/psa-key_attributes-prototype
PSA key creation with attributes
This commit is contained in:
Gilles Peskine
GitHub
commit
971bd69696
@ -510,7 +510,7 @@ Generate a piece of random 128-bit AES data:
|
||||
psa_set_key_policy(slot, &policy);
|
||||
|
||||
/* Generate a key */
|
||||
psa_generate_key(slot, PSA_KEY_TYPE_AES, bits, NULL, 0);
|
||||
psa_generate_key(slot, PSA_KEY_TYPE_AES, bits);
|
||||
|
||||
psa_export_key(slot, exported, exported_size, &exported_length)
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -202,6 +202,247 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
|
||||
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
|
||||
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
|
||||
|
||||
/** \defgroup policy Key policies
|
||||
* @{
|
||||
*
|
||||
* The functions in this section are legacy interfaces where the properties
|
||||
* of a key object are set after allocating a handle, in constrast with the
|
||||
* preferred interface where key objects are created atomically from
|
||||
* a structure that represents the properties.
|
||||
*/
|
||||
|
||||
/** \def PSA_KEY_POLICY_INIT
|
||||
*
|
||||
* This macro returns a suitable initializer for a key policy object of type
|
||||
* #psa_key_policy_t.
|
||||
*/
|
||||
#ifdef __DOXYGEN_ONLY__
|
||||
/* This is an example definition for documentation purposes.
|
||||
* Implementations should define a suitable value in `crypto_struct.h`.
|
||||
*/
|
||||
#define PSA_KEY_POLICY_INIT {0}
|
||||
#endif
|
||||
|
||||
/** Return an initial value for a key policy that forbids all usage of the key.
|
||||
*/
|
||||
static psa_key_policy_t psa_key_policy_init(void);
|
||||
|
||||
/** \brief Set the standard fields of a policy structure.
|
||||
*
|
||||
* Note that this function does not make any consistency check of the
|
||||
* parameters. The values are only checked when applying the policy to
|
||||
* a key slot with psa_set_key_policy().
|
||||
*
|
||||
* \param[in,out] policy The key policy to modify. It must have been
|
||||
* initialized as per the documentation for
|
||||
* #psa_key_policy_t.
|
||||
* \param usage The permitted uses for the key.
|
||||
* \param alg The algorithm that the key may be used for.
|
||||
*/
|
||||
void psa_key_policy_set_usage(psa_key_policy_t *policy,
|
||||
psa_key_usage_t usage,
|
||||
psa_algorithm_t alg);
|
||||
|
||||
/** \brief Retrieve the usage field of a policy structure.
|
||||
*
|
||||
* \param[in] policy The policy object to query.
|
||||
*
|
||||
* \return The permitted uses for a key with this policy.
|
||||
*/
|
||||
psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
|
||||
|
||||
/** \brief Retrieve the algorithm field of a policy structure.
|
||||
*
|
||||
* \param[in] policy The policy object to query.
|
||||
*
|
||||
* \return The permitted algorithm for a key with this policy.
|
||||
*/
|
||||
psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
|
||||
|
||||
/** \brief Set the usage policy on a key slot.
|
||||
*
|
||||
* This function must be called on an empty key slot, before importing,
|
||||
* generating or creating a key in the slot. Changing the policy of an
|
||||
* existing key is not permitted.
|
||||
*
|
||||
* Implementations may set restrictions on supported key policies
|
||||
* depending on the key type and the key slot.
|
||||
*
|
||||
* \param handle Handle to the key whose policy is to be changed.
|
||||
* \param[in] policy The policy object to query.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* If the key is persistent, it is implementation-defined whether
|
||||
* the policy has been saved to persistent storage. Implementations
|
||||
* may defer saving the policy until the key material is created.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_ALREADY_EXISTS
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_set_key_policy(psa_key_handle_t handle,
|
||||
const psa_key_policy_t *policy);
|
||||
|
||||
/** \brief Get the usage policy for a key slot.
|
||||
*
|
||||
* \param handle Handle to the key slot whose policy is being queried.
|
||||
* \param[out] policy On success, the key's policy.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_get_key_policy(psa_key_handle_t handle,
|
||||
psa_key_policy_t *policy);
|
||||
|
||||
/**@}*/
|
||||
|
||||
/** \defgroup to_handle Key creation to allocated handle
|
||||
* @{
|
||||
*
|
||||
* The functions in this section are legacy interfaces where the properties
|
||||
* of a key object are set after allocating a handle, in constrast with the
|
||||
* preferred interface where key objects are created atomically from
|
||||
* a structure that represents the properties.
|
||||
*/
|
||||
|
||||
/** Create a new persistent key slot.
|
||||
*
|
||||
* Create a new persistent key slot and return a handle to it. The handle
|
||||
* remains valid until the application calls psa_close_key() or terminates.
|
||||
* The application can open the key again with psa_open_key() until it
|
||||
* removes the key by calling psa_destroy_key().
|
||||
*
|
||||
* \param lifetime The lifetime of the key. This designates a storage
|
||||
* area where the key material is stored. This must not
|
||||
* be #PSA_KEY_LIFETIME_VOLATILE.
|
||||
* \param id The persistent identifier of the key.
|
||||
* \param[out] handle On success, a handle to the newly created key slot.
|
||||
* When key material is later created in this key slot,
|
||||
* it will be saved to the specified persistent location.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success. The application can now use the value of `*handle`
|
||||
* to access the newly allocated key slot.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
* \retval #PSA_ERROR_ALREADY_EXISTS
|
||||
* There is already a key with the identifier \p id in the storage
|
||||
* area designated by \p lifetime.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p id is invalid for the specified lifetime.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p lifetime is not supported.
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \p lifetime is valid, but the application does not have the
|
||||
* permission to create a key there.
|
||||
*/
|
||||
psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
|
||||
psa_key_id_t id,
|
||||
psa_key_handle_t *handle);
|
||||
|
||||
/** Allocate a key slot for a transient key, i.e. a key which is only stored
|
||||
* in volatile memory.
|
||||
*
|
||||
* The allocated key slot and its handle remain valid until the
|
||||
* application calls psa_close_key() or psa_destroy_key() or until the
|
||||
* application terminates.
|
||||
*
|
||||
* \param[out] handle On success, a handle to a volatile key slot.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success. The application can now use the value of `*handle`
|
||||
* to access the newly allocated key slot.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* There was not enough memory, or the maximum number of key slots
|
||||
* has been reached.
|
||||
*/
|
||||
psa_status_t psa_allocate_key(psa_key_handle_t *handle);
|
||||
|
||||
/**
|
||||
* \brief Get basic metadata about a key.
|
||||
*
|
||||
* \param handle Handle to the key slot to query.
|
||||
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX value).
|
||||
* This may be a null pointer, in which case the key type
|
||||
* is not written.
|
||||
* \param[out] bits On success, the key size in bits.
|
||||
* This may be a null pointer, in which case the key size
|
||||
* is not written.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_DOES_NOT_EXIST
|
||||
* The handle is to a key slot which does not contain key material yet.
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_get_key_information(psa_key_handle_t handle,
|
||||
psa_key_type_t *type,
|
||||
size_t *bits);
|
||||
|
||||
/** \brief Retrieve the lifetime of an open key.
|
||||
*
|
||||
* \param handle Handle to query.
|
||||
* \param[out] lifetime On success, the lifetime value.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_get_key_lifetime_from_handle(psa_key_handle_t handle,
|
||||
psa_key_lifetime_t *lifetime);
|
||||
|
||||
psa_status_t psa_import_key_to_handle(psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
const uint8_t *data,
|
||||
size_t data_length);
|
||||
|
||||
psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
|
||||
psa_key_handle_t target_handle,
|
||||
const psa_key_policy_t *constraint);
|
||||
|
||||
psa_status_t psa_generator_import_key_to_handle(psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
psa_crypto_generator_t *generator);
|
||||
|
||||
psa_status_t psa_generate_key_to_handle(psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
const void *extra,
|
||||
size_t extra_size);
|
||||
|
||||
/**@}*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -598,4 +598,36 @@
|
||||
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
0)
|
||||
|
||||
/** Safe output buffer size for psa_get_key_domain_parameters().
|
||||
*
|
||||
* This macro returns a compile-time constant if its arguments are
|
||||
* compile-time constants.
|
||||
*
|
||||
* \warning This function may call its arguments multiple times or
|
||||
* zero times, so you should not pass arguments that contain
|
||||
* side effects.
|
||||
*
|
||||
* \param key_type A supported key type.
|
||||
* \param key_bits The size of the key in bits.
|
||||
*
|
||||
* \return If the parameters are valid and supported, return
|
||||
* a buffer size in bytes that guarantees that
|
||||
* psa_get_key_domain_parameters() will not fail with
|
||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||
* If the parameters are a valid combination that is not supported
|
||||
* by the implementation, this macro either shall return either a
|
||||
* sensible size or 0.
|
||||
* If the parameters are not valid, the
|
||||
* return value is unspecified.
|
||||
*/
|
||||
#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
|
||||
(PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
|
||||
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
|
||||
0)
|
||||
#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
|
||||
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
|
||||
#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
|
||||
(4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
|
||||
|
||||
#endif /* PSA_CRYPTO_SIZES_H */
|
||||
|
||||
@ -252,6 +252,7 @@ struct psa_key_policy_s
|
||||
psa_key_usage_t usage;
|
||||
psa_algorithm_t alg;
|
||||
};
|
||||
typedef struct psa_key_policy_s psa_key_policy_t;
|
||||
|
||||
#define PSA_KEY_POLICY_INIT {0, 0}
|
||||
static inline struct psa_key_policy_s psa_key_policy_init( void )
|
||||
@ -260,4 +261,102 @@ static inline struct psa_key_policy_s psa_key_policy_init( void )
|
||||
return( v );
|
||||
}
|
||||
|
||||
struct psa_key_attributes_s
|
||||
{
|
||||
psa_key_id_t id;
|
||||
psa_key_lifetime_t lifetime;
|
||||
psa_key_policy_t policy;
|
||||
psa_key_type_t type;
|
||||
size_t bits;
|
||||
void *domain_parameters;
|
||||
size_t domain_parameters_size;
|
||||
};
|
||||
|
||||
#define PSA_KEY_ATTRIBUTES_INIT {0, 0, {0, 0}, 0, 0, NULL, 0}
|
||||
static inline struct psa_key_attributes_s psa_key_attributes_init( void )
|
||||
{
|
||||
const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
|
||||
return( v );
|
||||
}
|
||||
|
||||
static inline void psa_make_key_persistent(psa_key_attributes_t *attributes,
|
||||
psa_key_id_t id,
|
||||
psa_key_lifetime_t lifetime)
|
||||
{
|
||||
attributes->id = id;
|
||||
attributes->lifetime = lifetime;
|
||||
}
|
||||
|
||||
static inline psa_key_id_t psa_get_key_id(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return( attributes->id );
|
||||
}
|
||||
|
||||
static inline psa_key_lifetime_t psa_get_key_lifetime(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return( attributes->lifetime );
|
||||
}
|
||||
|
||||
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
|
||||
psa_key_usage_t usage_flags)
|
||||
{
|
||||
attributes->policy.usage = usage_flags;
|
||||
}
|
||||
|
||||
static inline psa_key_usage_t psa_get_key_usage_flags(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return( attributes->policy.usage );
|
||||
}
|
||||
|
||||
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg)
|
||||
{
|
||||
attributes->policy.alg = alg;
|
||||
}
|
||||
|
||||
static inline psa_algorithm_t psa_get_key_algorithm(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return( attributes->policy.alg );
|
||||
}
|
||||
|
||||
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
|
||||
psa_key_type_t type)
|
||||
{
|
||||
if( attributes->domain_parameters == NULL )
|
||||
{
|
||||
/* Common case: quick path */
|
||||
attributes->type = type;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Call the bigger function to free the old domain paramteres.
|
||||
* Ignore any errors which may arise due to type requiring
|
||||
* non-default domain parameters, since this function can't
|
||||
* report errors. */
|
||||
(void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
|
||||
}
|
||||
}
|
||||
|
||||
static inline psa_key_type_t psa_get_key_type(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return( attributes->type );
|
||||
}
|
||||
|
||||
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
|
||||
size_t bits)
|
||||
{
|
||||
attributes->bits = bits;
|
||||
}
|
||||
|
||||
static inline size_t psa_get_key_bits(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return( attributes->bits );
|
||||
}
|
||||
|
||||
#endif /* PSA_CRYPTO_STRUCT_H */
|
||||
|
||||
@ -338,7 +338,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
|
||||
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
|
||||
|
||||
/* Populate new key slot. */
|
||||
status = psa_import_key( cipher_psa->slot,
|
||||
status = psa_import_key_to_handle( cipher_psa->slot,
|
||||
key_type, key, key_bytelen );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
|
||||
|
||||
@ -629,7 +629,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
|
||||
/* import private key in slot */
|
||||
if( PSA_SUCCESS != psa_import_key( key, key_type, d, d_len ) )
|
||||
if( PSA_SUCCESS != psa_import_key_to_handle( key, key_type, d, d_len ) )
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
|
||||
/* remember slot number to be destroyed later by caller */
|
||||
|
||||
@ -589,7 +589,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if( psa_import_key( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
|
||||
if( psa_import_key_to_handle( key_slot, psa_type, buf + sizeof( buf ) - key_len, key_len )
|
||||
!= PSA_SUCCESS )
|
||||
{
|
||||
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||
|
||||
@ -903,7 +903,7 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_import_key( psa_key_handle_t handle,
|
||||
psa_status_t psa_import_key_to_handle( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
@ -965,7 +965,7 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle )
|
||||
}
|
||||
|
||||
/* Return the size of the key in the given slot, in bits. */
|
||||
static size_t psa_get_key_bits( const psa_key_slot_t *slot )
|
||||
static size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
|
||||
{
|
||||
if( key_type_is_raw_bytes( slot->type ) )
|
||||
return( slot->data.raw.bytes * 8 );
|
||||
@ -981,6 +981,133 @@ static size_t psa_get_key_bits( const psa_key_slot_t *slot )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void psa_reset_key_attributes( psa_key_attributes_t *attributes )
|
||||
{
|
||||
mbedtls_free( attributes->domain_parameters );
|
||||
memset( attributes, 0, sizeof( *attributes ) );
|
||||
}
|
||||
|
||||
psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
|
||||
psa_key_type_t type,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
uint8_t *copy = NULL;
|
||||
|
||||
if( data_length != 0 )
|
||||
{
|
||||
copy = mbedtls_calloc( 1, data_length );
|
||||
if( copy == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
memcpy( copy, data, data_length );
|
||||
}
|
||||
/* After this point, this function is guaranteed to succeed, so it
|
||||
* can start modifying `*attributes`. */
|
||||
|
||||
if( attributes->domain_parameters != NULL )
|
||||
{
|
||||
mbedtls_free( attributes->domain_parameters );
|
||||
attributes->domain_parameters = NULL;
|
||||
attributes->domain_parameters_size = 0;
|
||||
}
|
||||
|
||||
attributes->domain_parameters = copy;
|
||||
attributes->domain_parameters_size = data_length;
|
||||
attributes->type = type;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_get_key_domain_parameters(
|
||||
const psa_key_attributes_t *attributes,
|
||||
uint8_t *data, size_t data_size, size_t *data_length )
|
||||
{
|
||||
if( attributes->domain_parameters_size > data_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
*data_length = attributes->domain_parameters_size;
|
||||
if( attributes->domain_parameters_size != 0 )
|
||||
memcpy( data, attributes->domain_parameters,
|
||||
attributes->domain_parameters_size );
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
static psa_status_t psa_get_rsa_public_exponent(
|
||||
const mbedtls_rsa_context *rsa,
|
||||
psa_key_attributes_t *attributes )
|
||||
{
|
||||
mbedtls_mpi mpi;
|
||||
int ret;
|
||||
uint8_t *buffer = NULL;
|
||||
size_t buflen;
|
||||
mbedtls_mpi_init( &mpi );
|
||||
|
||||
ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 )
|
||||
{
|
||||
/* It's the default value, which is reported as an empty string,
|
||||
* so there's nothing to do. */
|
||||
goto exit;
|
||||
}
|
||||
|
||||
buflen = mbedtls_mpi_size( &mpi );
|
||||
buffer = mbedtls_calloc( 1, buflen );
|
||||
if( buffer == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
attributes->domain_parameters = buffer;
|
||||
attributes->domain_parameters_size = buflen;
|
||||
|
||||
exit:
|
||||
mbedtls_mpi_free( &mpi );
|
||||
if( ret != 0 )
|
||||
mbedtls_free( buffer );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
|
||||
psa_key_attributes_t *attributes )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
psa_reset_key_attributes( attributes );
|
||||
|
||||
status = psa_get_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
attributes->id = slot->persistent_storage_id;
|
||||
attributes->lifetime = slot->lifetime;
|
||||
attributes->policy = slot->policy;
|
||||
attributes->type = slot->type;
|
||||
attributes->bits = psa_get_key_slot_bits( slot );
|
||||
|
||||
switch( slot->type )
|
||||
{
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
case PSA_KEY_TYPE_RSA_KEYPAIR:
|
||||
case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
|
||||
status = psa_get_rsa_public_exponent( slot->data.rsa, attributes );
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
/* Nothing else to do. */
|
||||
break;
|
||||
}
|
||||
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_reset_key_attributes( attributes );
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_get_key_information( psa_key_handle_t handle,
|
||||
psa_key_type_t *type,
|
||||
size_t *bits )
|
||||
@ -1001,7 +1128,7 @@ psa_status_t psa_get_key_information( psa_key_handle_t handle,
|
||||
if( type != NULL )
|
||||
*type = slot->type;
|
||||
if( bits != NULL )
|
||||
*bits = psa_get_key_bits( slot );
|
||||
*bits = psa_get_key_slot_bits( slot );
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
@ -1050,7 +1177,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
||||
{
|
||||
psa_status_t status;
|
||||
|
||||
size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( slot ) );
|
||||
size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_slot_bits( slot ) );
|
||||
if( bytes > data_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
status = mbedtls_to_psa_error(
|
||||
@ -1212,8 +1339,171 @@ exit:
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
static psa_status_t psa_set_key_policy_internal(
|
||||
psa_key_slot_t *slot,
|
||||
const psa_key_policy_t *policy )
|
||||
{
|
||||
if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
|
||||
PSA_KEY_USAGE_ENCRYPT |
|
||||
PSA_KEY_USAGE_DECRYPT |
|
||||
PSA_KEY_USAGE_SIGN |
|
||||
PSA_KEY_USAGE_VERIFY |
|
||||
PSA_KEY_USAGE_DERIVE ) ) != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
slot->policy = *policy;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/** Prepare a key slot to receive key material.
|
||||
*
|
||||
* This function allocates a key slot and sets its metadata.
|
||||
*
|
||||
* If this function fails, call psa_fail_key_creation().
|
||||
*
|
||||
* This function is intended to be used as follows:
|
||||
* -# Call psa_start_key_creation() to allocate a key slot, prepare
|
||||
* it with the specified attributes, and assign it a handle.
|
||||
* -# Populate the slot with the key material.
|
||||
* -# Call psa_finish_key_creation() to finalize the creation of the slot.
|
||||
* In case of failure at any step, stop the sequence and call
|
||||
* psa_fail_key_creation().
|
||||
*
|
||||
* \param attributes Key attributes for the new key.
|
||||
* \param handle On success, a handle for the allocated slot.
|
||||
* \param p_slot On success, a pointer to the prepared slot.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* The key slot is ready to receive key material.
|
||||
* \return If this function fails, the key slot is an invalid state.
|
||||
* You must call psa_fail_key_creation() to wipe and free the slot.
|
||||
*/
|
||||
static psa_status_t psa_start_key_creation(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_key_handle_t *handle,
|
||||
psa_key_slot_t **p_slot )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
status = psa_allocate_key( handle );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_get_key_slot( *handle, p_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
slot = *p_slot;
|
||||
|
||||
status = psa_set_key_policy_internal( slot, &attributes->policy );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
slot->lifetime = attributes->lifetime;
|
||||
if( attributes->lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
||||
{
|
||||
status = psa_validate_persistent_key_parameters( attributes->lifetime,
|
||||
attributes->id );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
slot->persistent_storage_id = attributes->id;
|
||||
}
|
||||
slot->type = attributes->type;
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
/** Finalize the creation of a key once its key material has been set.
|
||||
*
|
||||
* This entails writing the key to persistent storage.
|
||||
*
|
||||
* If this function fails, call psa_fail_key_creation().
|
||||
* See the documentation of psa_start_key_creation() for the intended use
|
||||
* of this function.
|
||||
*
|
||||
* \param slot Pointer to the slot with key material.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* The key was successfully created. The handle is now valid.
|
||||
* \return If this function fails, the key slot is an invalid state.
|
||||
* You must call psa_fail_key_creation() to wipe and free the slot.
|
||||
*/
|
||||
static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
(void) slot;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
|
||||
{
|
||||
uint8_t *buffer = NULL;
|
||||
size_t buffer_size = 0;
|
||||
size_t length;
|
||||
|
||||
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( slot->type,
|
||||
psa_get_key_slot_bits( slot ) );
|
||||
buffer = mbedtls_calloc( 1, buffer_size );
|
||||
if( buffer == NULL && buffer_size != 0 )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
status = psa_internal_export_key( slot,
|
||||
buffer, buffer_size, &length,
|
||||
0 );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
status = psa_save_persistent_key( slot->persistent_storage_id,
|
||||
slot->type, &slot->policy,
|
||||
buffer, length );
|
||||
}
|
||||
|
||||
if( buffer_size != 0 )
|
||||
mbedtls_platform_zeroize( buffer, buffer_size );
|
||||
mbedtls_free( buffer );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
/** Abort the creation of a key.
|
||||
*
|
||||
* You may call this function after calling psa_start_key_creation(),
|
||||
* or after psa_finish_key_creation() fails. In other circumstances, this
|
||||
* function may not clean up persistent storage.
|
||||
* See the documentation of psa_start_key_creation() for the intended use
|
||||
* of this function.
|
||||
*
|
||||
* \param slot Pointer to the slot with key material.
|
||||
*/
|
||||
static void psa_fail_key_creation( psa_key_slot_t *slot )
|
||||
{
|
||||
if( slot == NULL )
|
||||
return;
|
||||
psa_wipe_key_slot( slot );
|
||||
}
|
||||
|
||||
psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
||||
psa_key_handle_t *handle,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
status = psa_start_key_creation( attributes, handle, &slot );
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
status = psa_import_key_into_slot( slot, data, data_length );
|
||||
}
|
||||
if( status == PSA_SUCCESS )
|
||||
status = psa_finish_key_creation( slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_fail_key_creation( slot );
|
||||
*handle = 0;
|
||||
}
|
||||
return( status );
|
||||
}
|
||||
|
||||
static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
|
||||
psa_key_handle_t target )
|
||||
psa_key_slot_t *target )
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t *buffer = NULL;
|
||||
@ -1221,14 +1511,15 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
|
||||
size_t length;
|
||||
|
||||
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->type,
|
||||
psa_get_key_bits( source ) );
|
||||
psa_get_key_slot_bits( source ) );
|
||||
buffer = mbedtls_calloc( 1, buffer_size );
|
||||
if( buffer == NULL && buffer_size != 0 )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
status = psa_import_key( target, source->type, buffer, length );
|
||||
target->type = source->type;
|
||||
status = psa_import_key_into_slot( target, buffer, length );
|
||||
|
||||
exit:
|
||||
if( buffer_size != 0 )
|
||||
@ -1237,7 +1528,7 @@ exit:
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
|
||||
psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
|
||||
psa_key_handle_t target_handle,
|
||||
const psa_key_policy_t *constraint)
|
||||
{
|
||||
@ -1263,7 +1554,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle,
|
||||
return( status );
|
||||
}
|
||||
|
||||
status = psa_copy_key_material( source_slot, target_handle );
|
||||
status = psa_copy_key_material( source_slot, target_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
@ -1271,6 +1562,42 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle,
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_copy_key( psa_key_handle_t source_handle,
|
||||
const psa_key_attributes_t *specified_attributes,
|
||||
psa_key_handle_t *target_handle )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *source_slot = NULL;
|
||||
psa_key_slot_t *target_slot = NULL;
|
||||
psa_key_attributes_t actual_attributes = *specified_attributes;
|
||||
|
||||
status = psa_get_key_from_slot( source_handle, &source_slot, 0, 0 );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_restrict_key_policy( &actual_attributes.policy,
|
||||
&source_slot->policy );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_start_key_creation( &actual_attributes,
|
||||
target_handle, &target_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_copy_key_material( source_slot, target_slot );
|
||||
|
||||
exit:
|
||||
if( status == PSA_SUCCESS )
|
||||
status = psa_finish_key_creation( target_slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_fail_key_creation( target_slot );
|
||||
*target_handle = 0;
|
||||
}
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
@ -2015,7 +2342,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
|
||||
status = psa_get_key_from_slot( handle, &slot, usage, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
key_bits = psa_get_key_bits( slot );
|
||||
key_bits = psa_get_key_slot_bits( slot );
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
if( full_length_alg == PSA_ALG_CMAC )
|
||||
@ -2926,7 +3253,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
||||
status = psa_get_key_from_slot( handle, &slot, usage, alg);
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
key_bits = psa_get_key_bits( slot );
|
||||
key_bits = psa_get_key_slot_bits( slot );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg, slot->type, key_bits, NULL );
|
||||
if( cipher_info == NULL )
|
||||
@ -3240,17 +3567,7 @@ psa_status_t psa_set_key_policy( psa_key_handle_t handle,
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
|
||||
PSA_KEY_USAGE_ENCRYPT |
|
||||
PSA_KEY_USAGE_DECRYPT |
|
||||
PSA_KEY_USAGE_SIGN |
|
||||
PSA_KEY_USAGE_VERIFY |
|
||||
PSA_KEY_USAGE_DERIVE ) ) != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
slot->policy = *policy;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
return( psa_set_key_policy_internal( slot, policy ) );
|
||||
}
|
||||
|
||||
psa_status_t psa_get_key_policy( psa_key_handle_t handle,
|
||||
@ -3277,7 +3594,7 @@ psa_status_t psa_get_key_policy( psa_key_handle_t handle,
|
||||
/* Key Lifetime */
|
||||
/****************************************************************/
|
||||
|
||||
psa_status_t psa_get_key_lifetime( psa_key_handle_t handle,
|
||||
psa_status_t psa_get_key_lifetime_from_handle( psa_key_handle_t handle,
|
||||
psa_key_lifetime_t *lifetime )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
@ -3346,7 +3663,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation,
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
key_bits = psa_get_key_bits( operation->slot );
|
||||
key_bits = psa_get_key_slot_bits( operation->slot );
|
||||
|
||||
operation->cipher_info =
|
||||
mbedtls_cipher_info_from_psa( alg, operation->slot->type, key_bits,
|
||||
@ -3996,7 +4313,61 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
|
||||
}
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
|
||||
psa_status_t psa_generator_import_key( psa_key_handle_t handle,
|
||||
static psa_status_t psa_generator_import_key_internal(
|
||||
psa_key_slot_t *slot,
|
||||
size_t bits,
|
||||
psa_crypto_generator_t *generator )
|
||||
{
|
||||
uint8_t *data = NULL;
|
||||
size_t bytes = PSA_BITS_TO_BYTES( bits );
|
||||
psa_status_t status;
|
||||
|
||||
if( ! key_type_is_raw_bytes( slot->type ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
if( bits % 8 != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
data = mbedtls_calloc( 1, bytes );
|
||||
if( data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
status = psa_generator_read( generator, data, bytes );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( slot->type == PSA_KEY_TYPE_DES )
|
||||
psa_des_set_key_parity( data, bytes );
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
status = psa_import_key_into_slot( slot, data, bytes );
|
||||
|
||||
exit:
|
||||
mbedtls_free( data );
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_generator_import_key( const psa_key_attributes_t *attributes,
|
||||
psa_key_handle_t *handle,
|
||||
psa_crypto_generator_t *generator )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
status = psa_start_key_creation( attributes, handle, &slot );
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
status = psa_generator_import_key_internal( slot,
|
||||
attributes->bits,
|
||||
generator );
|
||||
}
|
||||
if( status == PSA_SUCCESS )
|
||||
status = psa_finish_key_creation( slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_fail_key_creation( slot );
|
||||
*handle = 0;
|
||||
}
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_generator_import_key_to_handle( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
psa_crypto_generator_t *generator )
|
||||
@ -4020,7 +4391,7 @@ psa_status_t psa_generator_import_key( psa_key_handle_t handle,
|
||||
if( type == PSA_KEY_TYPE_DES )
|
||||
psa_des_set_key_parity( data, bytes );
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
status = psa_import_key( handle, type, data, bytes );
|
||||
status = psa_import_key_to_handle( handle, type, data, bytes );
|
||||
|
||||
exit:
|
||||
mbedtls_free( data );
|
||||
@ -4749,24 +5120,46 @@ psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
|
||||
|
||||
psa_status_t psa_generate_key( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
const void *extra,
|
||||
size_t extra_size )
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
||||
static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
|
||||
size_t domain_parameters_size,
|
||||
int *exponent )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
size_t i;
|
||||
uint32_t acc = 0;
|
||||
|
||||
if( extra == NULL && extra_size != 0 )
|
||||
if( domain_parameters_size == 0 )
|
||||
{
|
||||
*exponent = 65537;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/* Mbed TLS encodes the public exponent as an int. For simplicity, only
|
||||
* support values that fit in a 32-bit integer, which is larger than
|
||||
* int on just about every platform anyway. */
|
||||
if( domain_parameters_size > sizeof( acc ) )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
for( i = 0; i < domain_parameters_size; i++ )
|
||||
acc = ( acc << 8 ) | domain_parameters[i];
|
||||
if( acc > INT_MAX )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
*exponent = acc;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
|
||||
|
||||
static psa_status_t psa_generate_key_internal(
|
||||
psa_key_slot_t *slot, size_t bits,
|
||||
const uint8_t *domain_parameters, size_t domain_parameters_size )
|
||||
{
|
||||
psa_key_type_t type = slot->type;
|
||||
|
||||
if( domain_parameters == NULL && domain_parameters_size != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_get_empty_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( key_type_is_raw_bytes( type ) )
|
||||
{
|
||||
psa_status_t status;
|
||||
status = prepare_raw_data_slot( type, bits, &slot->data.raw );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
@ -4790,26 +5183,19 @@ psa_status_t psa_generate_key( psa_key_handle_t handle,
|
||||
{
|
||||
mbedtls_rsa_context *rsa;
|
||||
int ret;
|
||||
int exponent = 65537;
|
||||
int exponent;
|
||||
psa_status_t status;
|
||||
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
/* Accept only byte-aligned keys, for the same reasons as
|
||||
* in psa_import_rsa_key(). */
|
||||
if( bits % 8 != 0 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
if( extra != NULL )
|
||||
{
|
||||
const psa_generate_key_extra_rsa *p = extra;
|
||||
if( extra_size != sizeof( *p ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
#if INT_MAX < 0xffffffff
|
||||
/* Check that the uint32_t value passed by the caller fits
|
||||
* in the range supported by this implementation. */
|
||||
if( p->e > INT_MAX )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif
|
||||
exponent = p->e;
|
||||
}
|
||||
status = psa_read_rsa_exponent( domain_parameters,
|
||||
domain_parameters_size,
|
||||
&exponent );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
rsa = mbedtls_calloc( 1, sizeof( *rsa ) );
|
||||
if( rsa == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
@ -4839,7 +5225,7 @@ psa_status_t psa_generate_key( psa_key_handle_t handle,
|
||||
mbedtls_ecp_curve_info_from_grp_id( grp_id );
|
||||
mbedtls_ecp_keypair *ecp;
|
||||
int ret;
|
||||
if( extra != NULL )
|
||||
if( domain_parameters_size != 0 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
@ -4865,7 +5251,32 @@ psa_status_t psa_generate_key( psa_key_handle_t handle,
|
||||
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key_to_handle( psa_key_handle_t handle,
|
||||
psa_key_type_t type,
|
||||
size_t bits,
|
||||
const void *extra,
|
||||
size_t extra_size )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
||||
/* The old public exponent encoding is no longer supported. */
|
||||
if( extra_size != 0 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif
|
||||
|
||||
status = psa_get_empty_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
slot->type = type;
|
||||
status = psa_generate_key_internal( slot, bits, extra, extra_size );
|
||||
if( status != PSA_SUCCESS )
|
||||
slot->type = 0;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
if( slot->lifetime == PSA_KEY_LIFETIME_PERSISTENT )
|
||||
@ -4877,6 +5288,29 @@ psa_status_t psa_generate_key( psa_key_handle_t handle,
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
|
||||
psa_key_handle_t *handle )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
status = psa_start_key_creation( attributes, handle, &slot );
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
status = psa_generate_key_internal(
|
||||
slot, attributes->bits,
|
||||
attributes->domain_parameters, attributes->domain_parameters_size );
|
||||
}
|
||||
if( status == PSA_SUCCESS )
|
||||
status = psa_finish_key_creation( slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_fail_key_creation( slot );
|
||||
*handle = 0;
|
||||
}
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Module setup */
|
||||
|
||||
@ -192,7 +192,6 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id )
|
||||
return( 0 );
|
||||
return( 1 );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
/** Declare a slot as persistent and load it from storage.
|
||||
*
|
||||
@ -215,13 +214,9 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id )
|
||||
static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
|
||||
psa_key_file_id_t id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
if( ! psa_is_key_id_valid( id ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_get_key_slot( handle, &slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
@ -231,9 +226,22 @@ static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle,
|
||||
status = psa_load_persistent_key_into_slot( slot );
|
||||
|
||||
return( status );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
psa_status_t psa_validate_persistent_key_parameters(
|
||||
psa_key_lifetime_t lifetime,
|
||||
psa_key_file_id_t id )
|
||||
{
|
||||
if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
if( ! psa_is_key_id_valid( id ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
return( PSA_SUCCESS );
|
||||
|
||||
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
(void) handle;
|
||||
(void) id;
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
@ -248,9 +256,11 @@ static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
|
||||
|
||||
*handle = 0;
|
||||
|
||||
if( lifetime != PSA_KEY_LIFETIME_PERSISTENT )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
status = psa_validate_persistent_key_parameters( lifetime, id );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
status = psa_internal_allocate_key_slot( handle );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
@ -262,6 +272,10 @@ static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime,
|
||||
*handle = 0;
|
||||
}
|
||||
return( status );
|
||||
#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
(void) wanted_load_status;
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
}
|
||||
|
||||
psa_status_t psa_open_key( psa_key_lifetime_t lifetime,
|
||||
|
||||
@ -55,4 +55,26 @@ psa_status_t psa_initialize_key_slots( void );
|
||||
* This does not affect persistent storage. */
|
||||
void psa_wipe_all_key_slots( void );
|
||||
|
||||
/** Test whether the given parameters are acceptable for a persistent key.
|
||||
*
|
||||
* This function does not access the storage in any way. It only tests
|
||||
* whether the parameters are meaningful and permitted by general policy.
|
||||
* It does not test whether the a file by the given id exists or could be
|
||||
* created.
|
||||
*
|
||||
* \param lifetime The lifetime to test.
|
||||
* \param id The key id to test.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* The given parameters are valid.
|
||||
* \retval PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p lifetime is volatile or is invalid.
|
||||
* \retval PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p id is invalid.
|
||||
*/
|
||||
psa_status_t psa_validate_persistent_key_parameters(
|
||||
psa_key_lifetime_t lifetime,
|
||||
psa_key_file_id_t id );
|
||||
|
||||
|
||||
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
|
||||
|
||||
@ -309,16 +309,22 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
|
||||
*key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
|
||||
return( PSA_ERROR_STORAGE_FAILURE );
|
||||
|
||||
*key_data = mbedtls_calloc( 1, *key_data_length );
|
||||
if( *key_data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
if( *key_data_length == 0 )
|
||||
{
|
||||
*key_data = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
*key_data = mbedtls_calloc( 1, *key_data_length );
|
||||
if( *key_data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
memcpy( *key_data, storage_format->key_data, *key_data_length );
|
||||
}
|
||||
|
||||
GET_UINT32_LE(*type, storage_format->type, 0);
|
||||
GET_UINT32_LE(policy->usage, storage_format->policy, 0);
|
||||
GET_UINT32_LE(policy->alg, storage_format->policy, sizeof( uint32_t ));
|
||||
|
||||
memcpy( *key_data, storage_format->key_data, *key_data_length );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
||||
@ -3148,7 +3148,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
|
||||
/* Generate ECDH private key. */
|
||||
status = psa_generate_key( handshake->ecdh_psa_privkey,
|
||||
status = psa_generate_key_to_handle( handshake->ecdh_psa_privkey,
|
||||
PSA_KEY_TYPE_ECC_KEYPAIR( handshake->ecdh_psa_curve ),
|
||||
MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( handshake->ecdh_psa_curve ),
|
||||
NULL, 0 );
|
||||
|
||||
@ -544,7 +544,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
|
||||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
|
||||
status = psa_import_key( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen );
|
||||
status = psa_import_key_to_handle( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
|
||||
|
||||
@ -39,20 +39,6 @@ int main( void )
|
||||
}
|
||||
#else
|
||||
|
||||
static psa_status_t set_key_policy( psa_key_handle_t key_handle,
|
||||
psa_key_usage_t key_usage,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
|
||||
psa_key_policy_set_usage( &policy, key_usage, alg );
|
||||
status = psa_set_key_policy( key_handle, &policy );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
exit:
|
||||
return( status );
|
||||
}
|
||||
|
||||
static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
|
||||
const uint8_t * input,
|
||||
size_t input_size,
|
||||
@ -161,6 +147,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
|
||||
const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
|
||||
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
size_t output_len = 0;
|
||||
uint8_t iv[block_size];
|
||||
@ -171,16 +158,13 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
|
||||
status = psa_generate_random( input, sizeof( input ) );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = psa_allocate_key( &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
psa_set_key_bits( &attributes, key_bits );
|
||||
|
||||
status = set_key_policy( key_handle,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
|
||||
NULL, 0 );
|
||||
status = psa_generate_key( &attributes, &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
|
||||
@ -213,6 +197,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
|
||||
const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
|
||||
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
size_t output_len = 0;
|
||||
uint8_t iv[block_size], input[input_size],
|
||||
@ -224,13 +209,13 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
|
||||
status = psa_allocate_key( &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = set_key_policy( key_handle,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
psa_set_key_bits( &attributes, key_bits );
|
||||
|
||||
status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
|
||||
NULL, 0 );
|
||||
status = psa_generate_key( &attributes, &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
|
||||
@ -262,6 +247,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
|
||||
const psa_algorithm_t alg = PSA_ALG_CTR;
|
||||
|
||||
psa_status_t status;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
size_t output_len = 0;
|
||||
uint8_t iv[block_size], input[input_size], encrypt[input_size],
|
||||
@ -270,15 +256,13 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
|
||||
status = psa_generate_random( input, sizeof( input ) );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = psa_allocate_key( &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
status = set_key_policy( key_handle,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
psa_set_key_bits( &attributes, key_bits );
|
||||
|
||||
status = psa_generate_key( key_handle, PSA_KEY_TYPE_AES, key_bits,
|
||||
NULL, 0 );
|
||||
status = psa_generate_key( &attributes, &key_handle );
|
||||
ASSERT_STATUS( status, PSA_SUCCESS );
|
||||
|
||||
status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ),
|
||||
|
||||
@ -200,18 +200,15 @@ static psa_status_t generate( const char *key_file_name )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_handle_t key_handle = 0;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_CHECK( psa_allocate_key( &key_handle ) );
|
||||
psa_key_policy_set_usage( &policy,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
|
||||
KDF_ALG );
|
||||
PSA_CHECK( psa_set_key_policy( key_handle, &policy ) );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, KDF_ALG );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
|
||||
|
||||
PSA_CHECK( psa_generate_key( key_handle,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
|
||||
NULL, 0 ) );
|
||||
PSA_CHECK( psa_generate_key( &attributes, &key_handle ) );
|
||||
|
||||
PSA_CHECK( save_key( key_handle, key_file_name ) );
|
||||
|
||||
@ -231,7 +228,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
|
||||
psa_key_handle_t *master_key_handle )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
uint8_t key_data[KEY_SIZE_BYTES];
|
||||
size_t key_size;
|
||||
FILE *key_file = NULL;
|
||||
@ -252,11 +249,10 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
|
||||
SYS_CHECK( fclose( key_file ) == 0 );
|
||||
key_file = NULL;
|
||||
|
||||
PSA_CHECK( psa_allocate_key( master_key_handle ) );
|
||||
psa_key_policy_set_usage( &policy, usage, alg );
|
||||
PSA_CHECK( psa_set_key_policy( *master_key_handle, &policy ) );
|
||||
PSA_CHECK( psa_import_key( *master_key_handle,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
psa_set_key_usage_flags( &attributes, usage );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
PSA_CHECK( psa_import_key( &attributes, master_key_handle,
|
||||
key_data, key_size ) );
|
||||
exit:
|
||||
if( key_file != NULL )
|
||||
@ -282,12 +278,15 @@ static psa_status_t derive_key_ladder( const char *ladder[],
|
||||
psa_key_handle_t *key_handle )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||
size_t i;
|
||||
psa_key_policy_set_usage( &policy,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
|
||||
KDF_ALG );
|
||||
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, KDF_ALG );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
|
||||
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
|
||||
|
||||
/* For each label in turn, ... */
|
||||
for( i = 0; i < ladder_depth; i++ )
|
||||
@ -305,15 +304,10 @@ static psa_status_t derive_key_ladder( const char *ladder[],
|
||||
* since it is no longer needed. */
|
||||
PSA_CHECK( psa_close_key( *key_handle ) );
|
||||
*key_handle = 0;
|
||||
PSA_CHECK( psa_allocate_key( key_handle ) );
|
||||
PSA_CHECK( psa_set_key_policy( *key_handle, &policy ) );
|
||||
/* Use the generator obtained from the parent key to create
|
||||
* the next intermediate key. */
|
||||
PSA_CHECK( psa_generator_import_key(
|
||||
*key_handle,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
|
||||
&generator ) );
|
||||
PSA_CHECK( psa_generator_import_key( &attributes, key_handle,
|
||||
&generator ) );
|
||||
PSA_CHECK( psa_generator_abort( &generator ) );
|
||||
}
|
||||
|
||||
@ -333,13 +327,14 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
|
||||
psa_key_handle_t *wrapping_key_handle )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||
|
||||
*wrapping_key_handle = 0;
|
||||
PSA_CHECK( psa_allocate_key( wrapping_key_handle ) );
|
||||
psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
|
||||
PSA_CHECK( psa_set_key_policy( *wrapping_key_handle, &policy ) );
|
||||
psa_set_key_usage_flags( &attributes, usage );
|
||||
psa_set_key_algorithm( &attributes, WRAPPING_ALG );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
|
||||
psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
|
||||
|
||||
PSA_CHECK( psa_key_derivation(
|
||||
&generator,
|
||||
@ -348,11 +343,8 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
|
||||
WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
|
||||
NULL, 0,
|
||||
PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
|
||||
PSA_CHECK( psa_generator_import_key(
|
||||
*wrapping_key_handle,
|
||||
PSA_KEY_TYPE_AES,
|
||||
WRAPPING_KEY_BITS,
|
||||
&generator ) );
|
||||
PSA_CHECK( psa_generator_import_key( &attributes, wrapping_key_handle,
|
||||
&generator ) );
|
||||
|
||||
exit:
|
||||
psa_generator_abort( &generator );
|
||||
|
||||
@ -97,7 +97,7 @@ psa_key_handle_t pk_psa_genkey( void )
|
||||
return( PK_PSA_INVALID_SLOT );
|
||||
|
||||
/* generate key */
|
||||
if( PSA_SUCCESS != psa_generate_key( key, type, bits, NULL, 0 ) )
|
||||
if( PSA_SUCCESS != psa_generate_key_to_handle( key, type, bits, NULL, 0 ) )
|
||||
return( PK_PSA_INVALID_SLOT );
|
||||
|
||||
return( key );
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
PSA compile-time sanity checks
|
||||
static_checks:
|
||||
|
||||
PSA key attributes structure
|
||||
attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128
|
||||
|
||||
PSA import/export raw: 0 bytes
|
||||
import_export:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_SUCCESS:1
|
||||
|
||||
@ -25,52 +28,14 @@ PSA import/export AES-256
|
||||
depends_on:MBEDTLS_AES_C
|
||||
import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1
|
||||
|
||||
PSA import to non empty key slot
|
||||
depends_on:MBEDTLS_AES_C
|
||||
import_key_nonempty_slot
|
||||
PSA invalid handle (0)
|
||||
invalid_handle:0
|
||||
|
||||
PSA export invalid handle (0)
|
||||
export_invalid_handle:0:PSA_ERROR_INVALID_HANDLE
|
||||
PSA invalid handle (smallest plausible handle)
|
||||
invalid_handle:1
|
||||
|
||||
PSA export invalid handle (smallest plausible handle)
|
||||
export_invalid_handle:1:PSA_ERROR_INVALID_HANDLE
|
||||
|
||||
PSA export invalid handle (largest plausible handle)
|
||||
export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE
|
||||
|
||||
PSA export a slot where there was some activity but no key material creation
|
||||
export_with_no_key_activity
|
||||
|
||||
PSA setup cipher where there was some activity on key but no key material creation
|
||||
cipher_with_no_key_activity
|
||||
|
||||
PSA export a slot after a failed import of a AES key
|
||||
depends_on:MBEDTLS_AES_C
|
||||
export_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA export a slot after a failed import of a RSA key
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_PARSE_C
|
||||
export_after_import_failure:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA export a slot after a failed import of an EC keypair
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
export_after_import_failure:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA setup cipher after a failed import of a AES key
|
||||
depends_on:MBEDTLS_AES_C
|
||||
cipher_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA export RSA public key from a slot where there was an import followed by destroy.
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
export_after_destroy_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
|
||||
PSA export AES key from a slot where there was an import followed by destroy.
|
||||
depends_on:MBEDTLS_AES_C
|
||||
export_after_destroy_key:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES
|
||||
|
||||
PSA export EC key from a slot where there was an import followed by destroy.
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
export_after_destroy_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1)
|
||||
PSA invalid handle (largest plausible handle)
|
||||
invalid_handle:-1
|
||||
|
||||
PSA import AES: bad key size
|
||||
depends_on:MBEDTLS_AES_C
|
||||
@ -310,10 +275,6 @@ PSA import EC keypair: valid key but RSA
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C
|
||||
import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import failure preserves policy
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
import_twice:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_SUCCESS
|
||||
|
||||
PSA import RSA key pair: maximum size exceeded
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED
|
||||
@ -325,8 +286,8 @@ import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED
|
||||
PSA key policy set and get
|
||||
key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING
|
||||
|
||||
Key policy initializers zero properly
|
||||
key_policy_init:
|
||||
Key attributes initializers zero properly
|
||||
key_attributes_init:
|
||||
|
||||
PSA key policy: MAC, sign | verify
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
@ -517,115 +478,79 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE
|
||||
raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
|
||||
|
||||
Copy key: raw, 0 bytes
|
||||
copy_key_policy:0:0:PSA_KEY_TYPE_RAW_DATA:"":0:0:-1:-1:0:0
|
||||
copy_key:0:0:PSA_KEY_TYPE_RAW_DATA:"":1:-1:-1:PSA_SUCCESS:0:0
|
||||
|
||||
Copy key: AES, copy attributes
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":1:-1:-1:PSA_SUCCESS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, same usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
|
||||
copy_key:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_SUCCESS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, fewer usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
copy_key:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, 1 more usage flag
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
copy_key:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, 2 more usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
copy_key:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_SUCCESS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, intersect usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:-1:-1:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, source=target, constraint with same usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, source=target, constraint with fewer usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, source=target, constraint with 1 more usage flag
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, source=target, constraint with 2 more usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, source=target, constraint with different usage flags
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: AES, permissive target, restrictive constraint
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
copy_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
copy_key:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
Copy key: RSA key pair, same usage flags
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
|
||||
Copy key: RSA key pair, fewer usage flags
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
|
||||
Copy key: RSA key pair, more usage flags
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
|
||||
Copy key: RSA key pair, intersect usage flags
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
|
||||
Copy key: RSA key pair, wildcard algorithm in source
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
|
||||
Copy key: RSA key pair, wildcard algorithm in target
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_SUCCESS:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
|
||||
Copy key: RSA key pair, wildcard algorithm in source and target
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):-1:-1:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
|
||||
|
||||
Copy key: RSA key pair, wildcard in constraint
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
|
||||
|
||||
Copy key: RSA key pair, wildcard, restrictive constraint
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
copy_key_policy:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
|
||||
copy_key:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_SUCCESS:PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
|
||||
|
||||
Copy fail: AES, incompatible target policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:-1:-1:PSA_ERROR_INVALID_ARGUMENT
|
||||
copy_key:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT:-1:-1
|
||||
|
||||
Copy fail: RSA, incompatible target policy (source wildcard)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):-1:-1:PSA_ERROR_INVALID_ARGUMENT
|
||||
copy_key:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT:-1:-1
|
||||
|
||||
Copy fail: RSA, incompatible target policy (target wildcard)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):-1:-1:PSA_ERROR_INVALID_ARGUMENT
|
||||
copy_key:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT:-1:-1
|
||||
|
||||
Copy fail: RSA, incompatible target policy (source and target wildcard)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):-1:-1:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy fail: RSA, incompatible constraint (wildcard on different base)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy fail: RSA, incompatible constraint
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT
|
||||
copy_key:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ERROR_INVALID_ARGUMENT:-1:-1
|
||||
|
||||
Copy fail: RSA, ANY_HASH is not meaningful with OAEP
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
copy_fail:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):-1:-1:PSA_ERROR_INVALID_ARGUMENT
|
||||
copy_key:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT:-1:-1
|
||||
|
||||
Hash operation object initializers zero properly
|
||||
hash_operation_init:
|
||||
@ -2111,34 +2036,60 @@ PSA generate key: ECC, SECP256R1, incorrect bit size
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
persistent key can be accessed after in-memory deletion: AES, 128 bits, CTR
|
||||
PSA generate key: RSA, default e
|
||||
generate_key_rsa:512:"":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=3
|
||||
generate_key_rsa:512:"03":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=65537
|
||||
generate_key_rsa:512:"010001":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=513
|
||||
generate_key_rsa:512:"0201":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=1
|
||||
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: RSA, e=2
|
||||
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import persistent key: raw data, 0 bits
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY:PSA_SUCCESS
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
|
||||
|
||||
PSA generate persistent key: raw data, 8 bits
|
||||
PSA import persistent key: AES, 128 bits, exportable
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY
|
||||
|
||||
PSA import persistent key: AES, 128 bits, non-exportable
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY
|
||||
|
||||
PSA generate persistent key: raw data, 8 bits, exportable
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY:PSA_SUCCESS
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: AES, 128 bits, CTR
|
||||
PSA generate persistent key: AES, 128 bits, exportable
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_SUCCESS
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: DES, 64 bits, CBC-nopad
|
||||
PSA generate persistent key: AES, 128 bits, non-exportable
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: DES, 64 bits, exportable
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY:PSA_SUCCESS
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: RSA, 1024 bits, good, sign (PSS SHA-256)
|
||||
PSA generate persistent key: RSA, 1024 bits, exportable
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY:PSA_SUCCESS
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: ECC, SECP256R1, good
|
||||
PSA generate persistent key: ECC, SECP256R1, exportable
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY:PSA_SUCCESS
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY
|
||||
|
||||
PSA derive persistent key: HKDF SHA-256
|
||||
PSA derive persistent key: HKDF SHA-256, exportable
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY:PSA_SUCCESS
|
||||
|
||||
PSA generate persistent key: AES, 128 bits, CTR
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_ERROR_NOT_PERMITTED
|
||||
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -182,15 +182,20 @@ void validate_module_init_key_based( int count )
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t data[10] = { 0 };
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_handle_t handle = 0xdead;
|
||||
int i;
|
||||
|
||||
for( i = 0; i < count; i++ )
|
||||
{
|
||||
status = psa_crypto_init( );
|
||||
PSA_ASSERT( status );
|
||||
mbedtls_psa_crypto_free( );
|
||||
}
|
||||
status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
status = psa_import_key( &attributes, &handle, data, sizeof( data ) );
|
||||
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
|
||||
TEST_EQUAL( handle, 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
||||
@ -26,45 +26,78 @@ save_large_persistent_key:1:PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
|
||||
Persistent key destroy
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
|
||||
|
||||
Persistent key destroy after restart
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
|
||||
|
||||
Persistent key destroy missing key
|
||||
Persistent key import (RSA)
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
|
||||
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS
|
||||
|
||||
Persistent key import
|
||||
Persistent key import with restart (RSA)
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_SUCCESS
|
||||
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS
|
||||
|
||||
Persistent key import garbage data, should fail
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"11111111":PSA_ERROR_INVALID_ARGUMENT
|
||||
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
import/export persistent raw key: 0 byte
|
||||
import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0
|
||||
import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0:0
|
||||
|
||||
import/export persistent raw key: 1 byte
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0
|
||||
|
||||
import/export persistent key RSA public key: good, 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0
|
||||
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0
|
||||
|
||||
import/export persistent key RSA keypair: good, 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:0
|
||||
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:0:0
|
||||
|
||||
import/export persistent raw key file not exist: 1 byte
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:1
|
||||
|
||||
import/export persistent key RSA public key file not exist: 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1
|
||||
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1
|
||||
|
||||
import/export persistent key RSA keypair file not exist: 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:1
|
||||
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:0:1
|
||||
|
||||
PSA import/export-persistent symmetric key: 16 bytes
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0
|
||||
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0
|
||||
|
||||
import/export persistent raw key with restart: 0 byte
|
||||
import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:1:0
|
||||
|
||||
import/export persistent raw key with restart: 1 byte
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0
|
||||
|
||||
import/export persistent key RSA public key with restart: good, 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0
|
||||
|
||||
import/export persistent key RSA keypair with restart: good, 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:1:0
|
||||
|
||||
import/export persistent raw key file not exist with restart: 1 byte
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:1
|
||||
|
||||
import/export persistent key RSA public key file not exist with restart: 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1
|
||||
|
||||
import/export persistent key RSA keypair file not exist with restart: 1024-bit
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:1024:1:1
|
||||
|
||||
PSA import/export-persistent symmetric key: 16 bytes
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0
|
||||
|
||||
@ -87,6 +87,7 @@ void save_large_persistent_key( int data_too_large, int expected_status )
|
||||
psa_key_handle_t handle = 0;
|
||||
uint8_t *data = NULL;
|
||||
size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
if( data_too_large )
|
||||
data_length += 1;
|
||||
@ -95,10 +96,10 @@ void save_large_persistent_key( int data_too_large, int expected_status )
|
||||
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
|
||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
|
||||
TEST_EQUAL( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
|
||||
TEST_EQUAL( psa_import_key( &attributes, &handle,
|
||||
data, data_length ),
|
||||
expected_status );
|
||||
|
||||
@ -110,7 +111,7 @@ exit:
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void persistent_key_destroy( int key_id_arg, int should_store,
|
||||
void persistent_key_destroy( int key_id_arg, int restart,
|
||||
int first_type_arg, data_t *first_data,
|
||||
int second_type_arg, data_t *second_data )
|
||||
{
|
||||
@ -118,18 +119,25 @@ void persistent_key_destroy( int key_id_arg, int should_store,
|
||||
psa_key_handle_t handle = 0;
|
||||
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
|
||||
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
|
||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
psa_set_key_type( &attributes, first_type );
|
||||
|
||||
if( should_store == 1 )
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||
first_data->x, first_data->len ) );
|
||||
|
||||
if( restart )
|
||||
{
|
||||
PSA_ASSERT( psa_import_key(
|
||||
handle, first_type,
|
||||
first_data->x, first_data->len ) );
|
||||
psa_close_key( handle );
|
||||
mbedtls_psa_crypto_free();
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
}
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
|
||||
|
||||
/* Destroy the key */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
@ -145,11 +153,10 @@ void persistent_key_destroy( int key_id_arg, int should_store,
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
|
||||
/* Create another key in the same slot */
|
||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
PSA_ASSERT( psa_import_key(
|
||||
handle, second_type,
|
||||
second_data->x, second_data->len ) );
|
||||
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
psa_set_key_type( &attributes, second_type );
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||
second_data->x, second_data->len ) );
|
||||
|
||||
exit:
|
||||
mbedtls_psa_crypto_free();
|
||||
@ -159,18 +166,18 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
|
||||
int expected_status )
|
||||
int restart, int expected_status )
|
||||
{
|
||||
psa_key_lifetime_t lifetime;
|
||||
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
|
||||
psa_key_type_t type = (psa_key_type_t) type_arg;
|
||||
psa_key_handle_t handle = 0;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
|
||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
TEST_EQUAL( psa_import_key( handle, type, data->x, data->len ),
|
||||
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
psa_set_key_type( &attributes, type );
|
||||
TEST_EQUAL( psa_import_key( &attributes, &handle, data->x, data->len ),
|
||||
expected_status );
|
||||
|
||||
if( expected_status != PSA_SUCCESS )
|
||||
@ -179,10 +186,26 @@ void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime ) );
|
||||
TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
if( restart )
|
||||
{
|
||||
psa_close_key( handle );
|
||||
mbedtls_psa_crypto_free();
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
}
|
||||
|
||||
psa_reset_key_attributes( &attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||
PSA_KEY_LIFETIME_PERSISTENT );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
|
||||
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_destroy_persistent_key( key_id );
|
||||
mbedtls_psa_crypto_free();
|
||||
}
|
||||
@ -190,7 +213,8 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void import_export_persistent_key( data_t *data, int type_arg,
|
||||
int expected_bits, int key_not_exist )
|
||||
int expected_bits,
|
||||
int restart, int key_not_exist )
|
||||
{
|
||||
psa_key_id_t key_id = 42;
|
||||
psa_key_type_t type = (psa_key_type_t) type_arg;
|
||||
@ -198,34 +222,40 @@ void import_export_persistent_key( data_t *data, int type_arg,
|
||||
unsigned char *exported = NULL;
|
||||
size_t export_size = data->len;
|
||||
size_t exported_length;
|
||||
psa_key_type_t got_type;
|
||||
size_t got_bits;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_lifetime_t lifetime_get;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
ASSERT_ALLOC( exported, export_size );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
|
||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
|
||||
PSA_ALG_VENDOR_FLAG );
|
||||
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
|
||||
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
psa_set_key_type( &attributes, type );
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
|
||||
/* Import the key */
|
||||
PSA_ASSERT( psa_import_key( handle, type,
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||
data->x, data->len ) );
|
||||
|
||||
PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) );
|
||||
TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
|
||||
|
||||
if( restart )
|
||||
{
|
||||
psa_close_key( handle );
|
||||
mbedtls_psa_crypto_free();
|
||||
PSA_ASSERT( psa_crypto_init() );
|
||||
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||
&handle ) );
|
||||
}
|
||||
|
||||
/* Test the key information */
|
||||
PSA_ASSERT( psa_get_key_information(
|
||||
handle, &got_type, &got_bits ) );
|
||||
TEST_EQUAL( got_type, type );
|
||||
TEST_EQUAL( got_bits, (size_t) expected_bits );
|
||||
psa_reset_key_attributes( &attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||
PSA_KEY_LIFETIME_PERSISTENT );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits );
|
||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
|
||||
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
|
||||
|
||||
@ -244,6 +274,7 @@ void import_export_persistent_key( data_t *data, int type_arg,
|
||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
|
||||
|
||||
exit:
|
||||
psa_reset_key_attributes( &attributes );
|
||||
mbedtls_free( exported );
|
||||
mbedtls_psa_crypto_free( );
|
||||
psa_destroy_persistent_key( key_id );
|
||||
|
||||
@ -43,9 +43,6 @@ open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
|
||||
Open failure: invalid lifetime
|
||||
open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Create failure: volatile lifetime
|
||||
create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Create failure: invalid lifetime
|
||||
create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
@ -80,42 +77,17 @@ Copy persistent to persistent
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
|
||||
|
||||
Copy empty volatile to volatile
|
||||
copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
|
||||
|
||||
Copy empty volatile to persistent
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0
|
||||
|
||||
Copy empty persistent to volatile
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
|
||||
|
||||
Copy empty persistent to persistent
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0
|
||||
|
||||
Copy volatile to occupied volatile
|
||||
copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
|
||||
|
||||
Copy volatile to occupied persistent
|
||||
Copy volatile to occupied
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
|
||||
|
||||
Copy persistent to occupied volatile
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
|
||||
|
||||
Copy persistent to occupied persistent
|
||||
Copy persistent to occupied
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
|
||||
|
||||
Copy volatile to itself
|
||||
copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
|
||||
|
||||
Copy persistent to itself
|
||||
Copy persistent to same
|
||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
|
||||
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
|
||||
|
||||
Close/destroy invalid handle
|
||||
invalid_handle:
|
||||
|
||||
@ -50,13 +50,6 @@ void psa_purge_key_storage( void )
|
||||
#define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) )
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
|
||||
static int psa_key_policy_equal( psa_key_policy_t *p1,
|
||||
psa_key_policy_t *p2 )
|
||||
{
|
||||
return( psa_key_policy_get_usage( p1 ) == psa_key_policy_get_usage( p2 ) &&
|
||||
psa_key_policy_get_algorithm( p1 ) == psa_key_policy_get_algorithm( p2 ) );
|
||||
}
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
@ -73,20 +66,20 @@ void transient_slot_lifecycle( int alg_arg, int usage_arg,
|
||||
psa_key_usage_t usage_flags = usage_arg;
|
||||
psa_key_type_t type = type_arg;
|
||||
close_method_t close_method = close_method_arg;
|
||||
psa_key_type_t read_type;
|
||||
psa_key_handle_t handle = 0;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Get a handle and import a key. */
|
||||
PSA_ASSERT( psa_allocate_key( &handle ) );
|
||||
/* Import a key. */
|
||||
psa_set_key_usage_flags( &attributes, usage_flags );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, type );
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||
key_data->x, key_data->len ) );
|
||||
TEST_ASSERT( handle != 0 );
|
||||
psa_key_policy_set_usage( &policy, usage_flags, alg );
|
||||
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
|
||||
PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
|
||||
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
|
||||
TEST_EQUAL( read_type, type );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||
|
||||
/* Do something that invalidates the handle. */
|
||||
switch( close_method )
|
||||
@ -102,8 +95,9 @@ void transient_slot_lifecycle( int alg_arg, int usage_arg,
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
break;
|
||||
}
|
||||
|
||||
/* Test that the handle is now invalid. */
|
||||
TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
|
||||
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
|
||||
PSA_ERROR_INVALID_HANDLE );
|
||||
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
|
||||
|
||||
@ -126,18 +120,20 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
|
||||
close_method_t close_method = close_method_arg;
|
||||
psa_key_type_t read_type;
|
||||
psa_key_handle_t handle = 0;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
TEST_MAX_KEY_ID( id );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Get a handle and import a key. */
|
||||
PSA_ASSERT( psa_create_key( lifetime, id, &handle ) );
|
||||
psa_make_key_persistent( &attributes, id, lifetime );
|
||||
psa_set_key_type( &attributes, type );
|
||||
psa_set_key_usage_flags( &attributes, usage_flags );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||
key_data->x, key_data->len ) );
|
||||
TEST_ASSERT( handle != 0 );
|
||||
psa_key_policy_set_usage( &policy, usage_flags, alg );
|
||||
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
|
||||
PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
|
||||
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
|
||||
TEST_EQUAL( read_type, type );
|
||||
|
||||
@ -195,13 +191,11 @@ void create_existent( int lifetime_arg, int id_arg,
|
||||
psa_key_lifetime_t lifetime = lifetime_arg;
|
||||
psa_key_id_t id = id_arg;
|
||||
psa_key_handle_t handle1 = 0, handle2 = 0;
|
||||
psa_key_policy_t policy1 = PSA_KEY_POLICY_INIT;
|
||||
psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
|
||||
psa_key_type_t read_type;
|
||||
const uint8_t material1[16] = "test material #1";
|
||||
const uint8_t material1[5] = "a key";
|
||||
const uint8_t material2[5] = "b key";
|
||||
size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
|
||||
size_t read_bits;
|
||||
uint8_t reexported[sizeof( material1 )];
|
||||
size_t reexported_length;
|
||||
reopen_policy_t reopen_policy = reopen_policy_arg;
|
||||
@ -211,18 +205,20 @@ void create_existent( int lifetime_arg, int id_arg,
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Create a key. */
|
||||
PSA_ASSERT( psa_create_key( lifetime, id, &handle1 ) );
|
||||
TEST_ASSERT( handle1 != 0 );
|
||||
psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 );
|
||||
PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) );
|
||||
PSA_ASSERT( psa_import_key( handle1, type1,
|
||||
psa_make_key_persistent( &attributes, id, lifetime );
|
||||
psa_set_key_type( &attributes, type1 );
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, 0 );
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle1,
|
||||
material1, sizeof( material1 ) ) );
|
||||
TEST_ASSERT( handle1 != 0 );
|
||||
|
||||
if( reopen_policy == CLOSE_BEFORE )
|
||||
PSA_ASSERT( psa_close_key( handle1 ) );
|
||||
|
||||
/* Attempt to create a new key in the same slot. */
|
||||
TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ),
|
||||
TEST_EQUAL( psa_import_key( &attributes, &handle2,
|
||||
material2, sizeof( material2 ) ),
|
||||
PSA_ERROR_ALREADY_EXISTS );
|
||||
TEST_EQUAL( handle2, 0 );
|
||||
|
||||
@ -232,11 +228,15 @@ void create_existent( int lifetime_arg, int id_arg,
|
||||
PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) );
|
||||
|
||||
/* Check that the original key hasn't changed. */
|
||||
PSA_ASSERT( psa_get_key_policy( handle1, &read_policy ) );
|
||||
TEST_ASSERT( psa_key_policy_equal( &read_policy, &policy1 ) );
|
||||
PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
|
||||
TEST_EQUAL( read_type, type1 );
|
||||
TEST_EQUAL( read_bits, bits1 );
|
||||
psa_reset_key_attributes( &attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
|
||||
TEST_EQUAL( psa_get_key_id( &attributes ), id );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
|
||||
TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
|
||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
|
||||
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||
|
||||
PSA_ASSERT( psa_export_key( handle1,
|
||||
reexported, sizeof( reexported ),
|
||||
&reexported_length ) );
|
||||
@ -274,14 +274,19 @@ void create_fail( int lifetime_arg, int id_arg,
|
||||
{
|
||||
psa_key_lifetime_t lifetime = lifetime_arg;
|
||||
psa_key_id_t id = id_arg;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_handle_t handle = 0xdead;
|
||||
uint8_t material[1] = {'k'};
|
||||
|
||||
TEST_MAX_KEY_ID( id );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
TEST_EQUAL( psa_create_key( lifetime, id, &handle ),
|
||||
psa_make_key_persistent( &attributes, id, lifetime );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
TEST_EQUAL( psa_import_key( &attributes, &handle,
|
||||
material, sizeof( material ) ),
|
||||
expected_status );
|
||||
TEST_EQUAL( handle, 0 );
|
||||
|
||||
@ -306,17 +311,14 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
|
||||
psa_key_usage_t source_usage = source_usage_arg;
|
||||
psa_algorithm_t source_alg = source_alg_arg;
|
||||
psa_key_handle_t source_handle = 0;
|
||||
psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t source_type = type_arg;
|
||||
size_t source_bits;
|
||||
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
||||
psa_key_id_t target_id = target_id_arg;
|
||||
psa_key_usage_t target_usage = target_usage_arg;
|
||||
psa_algorithm_t target_alg = target_alg_arg;
|
||||
psa_key_handle_t target_handle = 0;
|
||||
psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_type_t target_type;
|
||||
size_t target_bits;
|
||||
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_usage_t expected_usage = expected_usage_arg;
|
||||
psa_algorithm_t expected_alg = expected_alg_arg;
|
||||
uint8_t *export_buffer = NULL;
|
||||
@ -327,29 +329,27 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Populate the source slot. */
|
||||
if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &source_handle ) );
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( source_lifetime, source_id,
|
||||
&source_handle ) );
|
||||
psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
|
||||
PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
|
||||
PSA_ASSERT( psa_import_key( source_handle, source_type,
|
||||
if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
||||
psa_make_key_persistent( &source_attributes,
|
||||
source_id, source_lifetime );
|
||||
psa_set_key_type( &source_attributes, source_type );
|
||||
psa_set_key_usage_flags( &source_attributes, source_usage );
|
||||
psa_set_key_algorithm( &source_attributes, source_alg );
|
||||
PSA_ASSERT( psa_import_key( &source_attributes, &source_handle,
|
||||
material->x, material->len ) );
|
||||
PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
|
||||
/* Update the attributes with the bit size. */
|
||||
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
|
||||
|
||||
/* Prepare the target slot. */
|
||||
if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &target_handle ) );
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( target_lifetime, target_id,
|
||||
&target_handle ) );
|
||||
psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
|
||||
PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
|
||||
target_policy = psa_key_policy_init();
|
||||
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
||||
psa_make_key_persistent( &target_attributes,
|
||||
target_id, target_lifetime );
|
||||
psa_set_key_usage_flags( &target_attributes, target_usage );
|
||||
psa_set_key_algorithm( &target_attributes, target_alg );
|
||||
|
||||
/* Copy the key. */
|
||||
PSA_ASSERT( psa_copy_key( source_handle, target_handle, NULL ) );
|
||||
PSA_ASSERT( psa_copy_key( source_handle,
|
||||
&target_attributes, &target_handle ) );
|
||||
|
||||
/* Destroy the source to ensure that this doesn't affect the target. */
|
||||
PSA_ASSERT( psa_destroy_key( source_handle ) );
|
||||
@ -365,13 +365,15 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
|
||||
}
|
||||
|
||||
/* Test that the target slot has the expected content. */
|
||||
PSA_ASSERT( psa_get_key_information( target_handle,
|
||||
&target_type, &target_bits ) );
|
||||
TEST_EQUAL( source_type, target_type );
|
||||
TEST_EQUAL( source_bits, target_bits );
|
||||
PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) );
|
||||
TEST_EQUAL( expected_usage, psa_key_policy_get_usage( &target_policy ) );
|
||||
TEST_EQUAL( expected_alg, psa_key_policy_get_algorithm( &target_policy ) );
|
||||
psa_reset_key_attributes( &target_attributes );
|
||||
PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
|
||||
TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) );
|
||||
TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
|
||||
TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
|
||||
TEST_EQUAL( psa_get_key_bits( &source_attributes ),
|
||||
psa_get_key_bits( &target_attributes ) );
|
||||
TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
|
||||
TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
|
||||
if( expected_usage & PSA_KEY_USAGE_EXPORT )
|
||||
{
|
||||
size_t length;
|
||||
@ -381,6 +383,14 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
|
||||
ASSERT_COMPARE( material->x, material->len,
|
||||
export_buffer, length );
|
||||
}
|
||||
else
|
||||
{
|
||||
size_t length;
|
||||
/* Check that the key is actually non-exportable. */
|
||||
TEST_EQUAL( psa_export_key( target_handle, export_buffer,
|
||||
material->len, &length ),
|
||||
PSA_ERROR_NOT_PERMITTED );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_psa_crypto_free( );
|
||||
@ -391,69 +401,6 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void copy_from_empty( int source_lifetime_arg, int source_id_arg,
|
||||
int source_usage_arg, int source_alg_arg,
|
||||
int target_lifetime_arg, int target_id_arg,
|
||||
int target_usage_arg, int target_alg_arg )
|
||||
{
|
||||
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
|
||||
psa_key_id_t source_id = source_id_arg;
|
||||
psa_key_usage_t source_usage = source_usage_arg;
|
||||
psa_algorithm_t source_alg = source_alg_arg;
|
||||
psa_key_handle_t source_handle = 0;
|
||||
psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
||||
psa_key_id_t target_id = target_id_arg;
|
||||
psa_key_usage_t target_usage = target_usage_arg;
|
||||
psa_algorithm_t target_alg = target_alg_arg;
|
||||
psa_key_handle_t target_handle = 0;
|
||||
psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_policy_t got_policy;
|
||||
|
||||
TEST_MAX_KEY_ID( source_id );
|
||||
TEST_MAX_KEY_ID( target_id );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Prepare the source slot. */
|
||||
if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &source_handle ) );
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( source_lifetime, source_id,
|
||||
&source_handle ) );
|
||||
psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
|
||||
PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
|
||||
|
||||
/* Prepare the target slot. */
|
||||
if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &target_handle ) );
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( target_lifetime, target_id,
|
||||
&target_handle ) );
|
||||
psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
|
||||
PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
|
||||
|
||||
/* Copy the key. */
|
||||
TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
|
||||
PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
/* Test that the slots are unaffected. */
|
||||
PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
|
||||
TEST_EQUAL( source_usage, psa_key_policy_get_usage( &got_policy ) );
|
||||
TEST_EQUAL( source_alg, psa_key_policy_get_algorithm( &got_policy ) );
|
||||
PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
|
||||
TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
|
||||
TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
|
||||
|
||||
exit:
|
||||
mbedtls_psa_crypto_free( );
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
psa_purge_key_storage( );
|
||||
#endif
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
int source_usage_arg, int source_alg_arg,
|
||||
@ -467,21 +414,18 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
psa_key_usage_t source_usage = source_usage_arg;
|
||||
psa_algorithm_t source_alg = source_alg_arg;
|
||||
psa_key_handle_t source_handle = 0;
|
||||
psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_type_t source_type = source_type_arg;
|
||||
size_t source_bits;
|
||||
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
||||
psa_key_id_t target_id = target_id_arg;
|
||||
psa_key_usage_t target_usage = target_usage_arg;
|
||||
psa_algorithm_t target_alg = target_alg_arg;
|
||||
psa_key_handle_t target_handle = 0;
|
||||
psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_type_t target_type = target_type_arg;
|
||||
size_t target_bits;
|
||||
psa_key_policy_t got_policy;
|
||||
psa_key_type_t got_type;
|
||||
size_t got_bits;
|
||||
psa_key_handle_t new_handle = 0xdead;
|
||||
uint8_t *export_buffer = NULL;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
TEST_MAX_KEY_ID( source_id );
|
||||
TEST_MAX_KEY_ID( target_id );
|
||||
@ -489,41 +433,52 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Populate the source slot. */
|
||||
if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &source_handle ) );
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( source_lifetime, source_id,
|
||||
&source_handle ) );
|
||||
psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
|
||||
PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
|
||||
PSA_ASSERT( psa_import_key( source_handle, source_type,
|
||||
if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
||||
psa_make_key_persistent( &attributes,
|
||||
source_id, source_lifetime );
|
||||
psa_set_key_type( &attributes, source_type );
|
||||
psa_set_key_usage_flags( &attributes, source_usage );
|
||||
psa_set_key_algorithm( &attributes, source_alg );
|
||||
PSA_ASSERT( psa_import_key( &attributes, &source_handle,
|
||||
source_material->x, source_material->len ) );
|
||||
PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
|
||||
|
||||
/* Populate the target slot. */
|
||||
if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &target_handle ) );
|
||||
if( target_id == source_id )
|
||||
{
|
||||
target_handle = source_handle;
|
||||
}
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( target_lifetime, target_id,
|
||||
&target_handle ) );
|
||||
psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
|
||||
PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
|
||||
PSA_ASSERT( psa_import_key( target_handle, target_type,
|
||||
target_material->x, target_material->len ) );
|
||||
PSA_ASSERT( psa_get_key_information( target_handle, NULL, &target_bits ) );
|
||||
{
|
||||
psa_make_key_persistent( &attributes1, target_id, target_lifetime );
|
||||
psa_set_key_type( &attributes1, target_type );
|
||||
psa_set_key_usage_flags( &attributes1, target_usage );
|
||||
psa_set_key_algorithm( &attributes1, target_alg );
|
||||
PSA_ASSERT( psa_import_key( &attributes1, &target_handle,
|
||||
target_material->x, target_material->len ) );
|
||||
}
|
||||
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
|
||||
|
||||
/* Copy the key. */
|
||||
TEST_EQUAL( psa_copy_key( source_handle, target_handle, NULL ),
|
||||
/* Make a copy attempt. */
|
||||
psa_make_key_persistent( &attributes, target_id, target_lifetime );
|
||||
TEST_EQUAL( psa_copy_key( source_handle,
|
||||
&attributes, &new_handle ),
|
||||
PSA_ERROR_ALREADY_EXISTS );
|
||||
TEST_EQUAL( new_handle , 0 );
|
||||
|
||||
/* Test that the target slot is unaffected. */
|
||||
PSA_ASSERT( psa_get_key_information( target_handle,
|
||||
&got_type, &got_bits ) );
|
||||
TEST_EQUAL( target_type, got_type );
|
||||
TEST_EQUAL( target_bits, got_bits );
|
||||
PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
|
||||
TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
|
||||
TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
|
||||
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
|
||||
TEST_EQUAL( psa_get_key_id( &attributes1 ),
|
||||
psa_get_key_id( &attributes2 ) );
|
||||
TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
|
||||
psa_get_key_lifetime( &attributes2 ) );
|
||||
TEST_EQUAL( psa_get_key_type( &attributes1 ),
|
||||
psa_get_key_type( &attributes2 ) );
|
||||
TEST_EQUAL( psa_get_key_bits( &attributes1 ),
|
||||
psa_get_key_bits( &attributes2 ) );
|
||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes1 ),
|
||||
psa_get_key_usage_flags( &attributes2 ) );
|
||||
TEST_EQUAL( psa_get_key_algorithm( &attributes1 ),
|
||||
psa_get_key_algorithm( &attributes2 ) );
|
||||
if( target_usage & PSA_KEY_USAGE_EXPORT )
|
||||
{
|
||||
size_t length;
|
||||
@ -543,76 +498,11 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void copy_to_same( int lifetime_arg, int id_arg,
|
||||
int usage_arg, int alg_arg,
|
||||
int type_arg, data_t *material )
|
||||
{
|
||||
psa_key_lifetime_t lifetime = lifetime_arg;
|
||||
psa_key_id_t id = id_arg;
|
||||
psa_key_usage_t usage = usage_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_key_handle_t handle = 0;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_type_t type = type_arg;
|
||||
size_t bits;
|
||||
psa_key_policy_t got_policy;
|
||||
psa_key_type_t got_type;
|
||||
size_t got_bits;
|
||||
uint8_t *export_buffer = NULL;
|
||||
|
||||
TEST_MAX_KEY_ID( id );
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Populate the slot. */
|
||||
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
|
||||
PSA_ASSERT( psa_allocate_key( &handle ) );
|
||||
else
|
||||
PSA_ASSERT( psa_create_key( lifetime, id,
|
||||
&handle ) );
|
||||
psa_key_policy_set_usage( &policy, usage, alg );
|
||||
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
|
||||
PSA_ASSERT( psa_import_key( handle, type,
|
||||
material->x, material->len ) );
|
||||
PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
|
||||
|
||||
/* Copy the key. */
|
||||
TEST_EQUAL( psa_copy_key( handle, handle, NULL ),
|
||||
PSA_ERROR_ALREADY_EXISTS );
|
||||
|
||||
/* Test that the slot is unaffected. */
|
||||
PSA_ASSERT( psa_get_key_information( handle,
|
||||
&got_type, &got_bits ) );
|
||||
TEST_EQUAL( type, got_type );
|
||||
TEST_EQUAL( bits, got_bits );
|
||||
PSA_ASSERT( psa_get_key_policy( handle, &got_policy ) );
|
||||
TEST_EQUAL( usage, psa_key_policy_get_usage( &got_policy ) );
|
||||
TEST_EQUAL( alg, psa_key_policy_get_algorithm( &got_policy ) );
|
||||
if( usage & PSA_KEY_USAGE_EXPORT )
|
||||
{
|
||||
size_t length;
|
||||
ASSERT_ALLOC( export_buffer, material->len );
|
||||
PSA_ASSERT( psa_export_key( handle, export_buffer,
|
||||
material->len, &length ) );
|
||||
ASSERT_COMPARE( material->x, material->len,
|
||||
export_buffer, length );
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_psa_crypto_free( );
|
||||
mbedtls_free( export_buffer );
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
psa_purge_key_storage( );
|
||||
#endif
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void invalid_handle( )
|
||||
{
|
||||
psa_key_handle_t handle1 = 0;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t read_type;
|
||||
size_t read_bits;
|
||||
uint8_t material[1] = "a";
|
||||
@ -620,12 +510,12 @@ void invalid_handle( )
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Allocate a handle and store a key in it. */
|
||||
PSA_ASSERT( psa_allocate_key( &handle1 ) );
|
||||
TEST_ASSERT( handle1 != 0 );
|
||||
psa_key_policy_set_usage( &policy, 0, 0 );
|
||||
PSA_ASSERT( psa_set_key_policy( handle1, &policy ) );
|
||||
PSA_ASSERT( psa_import_key( handle1, PSA_KEY_TYPE_RAW_DATA,
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
psa_set_key_usage_flags( &attributes, 0 );
|
||||
psa_set_key_algorithm( &attributes, 0 );
|
||||
PSA_ASSERT( psa_import_key( &attributes, &handle1,
|
||||
material, sizeof( material ) ) );
|
||||
TEST_ASSERT( handle1 != 0 );
|
||||
|
||||
/* Attempt to close and destroy some invalid handles. */
|
||||
TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE );
|
||||
@ -653,26 +543,27 @@ void many_transient_handles( int max_handles_arg )
|
||||
size_t max_handles = max_handles_arg;
|
||||
size_t i, j;
|
||||
psa_status_t status;
|
||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
uint8_t exported[sizeof( size_t )];
|
||||
size_t exported_length;
|
||||
|
||||
ASSERT_ALLOC( handles, max_handles );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
|
||||
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, 0 );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
|
||||
for( i = 0; i < max_handles; i++ )
|
||||
{
|
||||
status = psa_allocate_key( &handles[i] );
|
||||
status = psa_import_key( &attributes, &handles[i],
|
||||
(uint8_t *) &i, sizeof( i ) );
|
||||
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
|
||||
break;
|
||||
PSA_ASSERT( status );
|
||||
TEST_ASSERT( handles[i] != 0 );
|
||||
for( j = 0; j < i; j++ )
|
||||
TEST_ASSERT( handles[i] != handles[j] );
|
||||
PSA_ASSERT( psa_set_key_policy( handles[i], &policy ) );
|
||||
PSA_ASSERT( psa_import_key( handles[i], PSA_KEY_TYPE_RAW_DATA,
|
||||
(uint8_t *) &i, sizeof( i ) ) );
|
||||
}
|
||||
max_handles = i;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user