From b9b844220bcf6df2f9a5c9efc36bcc95a6759ea0 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 14 Oct 2020 14:39:20 +0200 Subject: [PATCH 1/4] Plug in the entry point for public key export through driver Including test. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 16 ++- library/psa_crypto_driver_wrappers.c | 53 +++++++++ library/psa_crypto_driver_wrappers.h | 5 + tests/include/test/drivers/key_management.h | 19 ++- tests/src/drivers/key_management.c | 111 +++++++++++++++++- ...test_suite_psa_crypto_driver_wrappers.data | 16 +++ ..._suite_psa_crypto_driver_wrappers.function | 67 +++++++++++ 7 files changed, 276 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 97b522dd5..8a2e41383 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1656,14 +1656,24 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, /* Exporting private -> private */ return( psa_internal_export_key_buffer( slot, data, data_size, data_length ) ); } + /* Need to export the public part of a private key, - * so conversion is needed */ + * so conversion is needed. Try the accelerators first. */ + psa_status_t status = psa_driver_wrapper_export_public_key( slot, + data, + data_size, + data_length ); + + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + return( status ); + if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) mbedtls_rsa_context *rsa = NULL; - psa_status_t status = psa_load_rsa_representation( + status = psa_load_rsa_representation( slot->attr.type, slot->data.key.data, slot->data.key.bytes, @@ -1692,7 +1702,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_keypair *ecp = NULL; - psa_status_t status = psa_load_ecp_representation( + status = psa_load_ecp_representation( slot->attr.type, slot->data.key.data, slot->data.key.bytes, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 4040b36b6..c3ea6f142 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -438,6 +438,59 @@ psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attrib #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } +psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, + uint8_t *data, + size_t data_size, + size_t *data_length ) +{ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_export_public_key( &attributes, + slot->data.key.data, + slot->data.key.bytes, + data, + data_size, + data_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_export_public_key( &attributes, + slot->data.key.data, + slot->data.key.bytes, + data, + data_size, + data_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + (void) slot; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +} + /* * Cipher functions */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index b0b483bb5..6b5143781 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -55,6 +55,11 @@ psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attrib size_t data_length, size_t *bits ); +psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, + uint8_t *data, + size_t data_size, + size_t *data_length ); + /* * Cipher functions */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 56f3ef82e..90f8c587c 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -58,10 +58,21 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits); +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); + +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index d6d75b3ed..d08969119 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -137,10 +137,11 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits) +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ) { ++test_driver_key_management_hooks.hits; @@ -248,4 +249,106 @@ ecp_exit: * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + ++test_driver_keygen_hooks.hits; + + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); + + if( test_driver_keygen_hooks.forced_output != NULL ) + { + if( test_driver_keygen_hooks.forced_output_length > data_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( data, test_driver_keygen_hooks.forced_output, + test_driver_keygen_hooks.forced_output_length ); + *data_length = test_driver_keygen_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + if( key == NULL || key_length == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + psa_key_type_t keytype = psa_get_key_type( attributes ); + +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( keytype ) ) + { + if( !PSA_KEY_TYPE_IS_KEY_PAIR( keytype ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Mostly copied from psa_crypto.c */ + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( keytype ), + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + if( grp_id == MBEDTLS_ECP_DP_NONE ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + key, + key_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Calculate the public key */ + status = mbedtls_to_psa_error( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_point_write_binary( &ecp.grp, &ecp.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + data_length, + data, + data_size ) ); + if( status != PSA_SUCCESS ) + memset( data, 0, data_size ); +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 1f1ee39cd..2b1400b35 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -59,6 +59,22 @@ validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_ validate key through transparent driver: error validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR +export_key private to public through driver: fake +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_SUCCESS:"0102030405":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_SUCCESS + +export_key private to public through driver: in-driver +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS + +export_key private to public through driver: fallback +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS + +export_key private to public through driver: error +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR + PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a0140d2cb..50415ca3d 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -218,6 +218,73 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void export_key( int force_status_arg, + data_t *fake_output, + int key_in_type_arg, + data_t *key_in, + int key_out_type_arg, + data_t *expected_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t input_key_type = key_in_type_arg; + psa_key_type_t output_key_type = key_out_type_arg; + const uint8_t *expected_output_ptr = NULL; + size_t expected_output_length = 0; + psa_status_t actual_status; + uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0}; + size_t actual_output_length; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + + psa_set_key_type( &attributes, input_key_type ); + psa_set_key_bits( &attributes, 256 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + + PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT( psa_import_key( &attributes, key_in->x, key_in->len, &handle ) ); + + if( fake_output->len > 0 ) + { + expected_output_ptr = test_driver_keygen_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_keygen_hooks.forced_output_length = + fake_output->len; + } + else + { + expected_output_ptr = expected_output->x; + expected_output_length = expected_output->len; + } + + test_driver_keygen_hooks.hits = 0; + test_driver_keygen_hooks.forced_status = force_status; + + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) ) + actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + else + actual_status = psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + TEST_EQUAL( actual_status, expected_status ); + + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) && + !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) ) + TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + + if( actual_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( actual_output, actual_output_length, + expected_output_ptr, expected_output_length ); + } +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); +} +/* END_CASE */ + /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, From 0737c09c7b7abf7cd45f46bb10c68877314e0892 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 14 Oct 2020 14:44:25 +0200 Subject: [PATCH 2/4] Added changelog Signed-off-by: Steven Cooreman --- ChangeLog.d/add_export_public_key_driver.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add_export_public_key_driver.txt diff --git a/ChangeLog.d/add_export_public_key_driver.txt b/ChangeLog.d/add_export_public_key_driver.txt new file mode 100644 index 000000000..a9bffbc06 --- /dev/null +++ b/ChangeLog.d/add_export_public_key_driver.txt @@ -0,0 +1,3 @@ +Features + * Implementation of the export_public_key interface for PSA Crypto + accelerator drivers, as defined in #3493. Contributed in #3786. From c24023649ed41fdc4919dc01adb4559019977815 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 18:47:43 +0100 Subject: [PATCH 3/4] Rename test_driver_keygen to test_driver_key_management ``` perl -i -pe 's/test_driver_keygen/test_driver_key_management/g' tests/src/drivers/key_management.c tests/suites/test_suite_psa_crypto_driver_wrappers.function ``` Follow-up of c4813a6e809a38d42db12804f23585518b725d88 Signed-off-by: Gilles Peskine --- tests/src/drivers/key_management.c | 16 ++++++++-------- ...est_suite_psa_crypto_driver_wrappers.function | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index d08969119..c79069b7a 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -254,18 +254,18 @@ psa_status_t test_transparent_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); - if( test_driver_keygen_hooks.forced_output != NULL ) + if( test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_keygen_hooks.forced_output_length > data_size ) + if( test_driver_key_management_hooks.forced_output_length > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_keygen_hooks.forced_output, - test_driver_keygen_hooks.forced_output_length ); - *data_length = test_driver_keygen_hooks.forced_output_length; + memcpy( data, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *data_length = test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 50415ca3d..ed11a3cc7 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -238,7 +238,7 @@ void export_key( int force_status_arg, psa_status_t actual_status; uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0}; size_t actual_output_length; - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); psa_set_key_type( &attributes, input_key_type ); psa_set_key_bits( &attributes, 256 ); @@ -249,8 +249,8 @@ void export_key( int force_status_arg, if( fake_output->len > 0 ) { - expected_output_ptr = test_driver_keygen_hooks.forced_output = fake_output->x; - expected_output_length = test_driver_keygen_hooks.forced_output_length = + expected_output_ptr = test_driver_key_management_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_key_management_hooks.forced_output_length = fake_output->len; } else @@ -259,8 +259,8 @@ void export_key( int force_status_arg, expected_output_length = expected_output->len; } - test_driver_keygen_hooks.hits = 0; - test_driver_keygen_hooks.forced_status = force_status; + test_driver_key_management_hooks.hits = 0; + test_driver_key_management_hooks.forced_status = force_status; if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) ) actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); @@ -270,7 +270,7 @@ void export_key( int force_status_arg, if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) ) - TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); if( actual_status == PSA_SUCCESS ) { @@ -281,7 +281,7 @@ exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } /* END_CASE */ From e13fb810f250b4447b721275e254d27a012d84e2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 19:33:11 +0100 Subject: [PATCH 4/4] A variable is unused in some configurations Signed-off-by: Gilles Peskine --- tests/src/drivers/key_management.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index c79069b7a..00d2b4519 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -273,6 +273,7 @@ psa_status_t test_transparent_export_public_key( return( PSA_ERROR_INVALID_ARGUMENT ); psa_key_type_t keytype = psa_get_key_type( attributes ); + (void) keytype; #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)