exported_key_sanity_check: make checks slightly more systematic

Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check() somewhat. The resulting behavior changes are: * Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE, even for unstructured key types. * Always complain if a key type is not explicitly covered, not just for public keys. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-11-22 18:05:40 +01:00 · 2021-02-14 01:29:52 +01:00 · 2021-02-14 01:29:52 +01:00 · cc9db30851
commit cc9db30851
parent 5c2665b164
1 changed files with 20 additions and 31 deletions
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@ -578,30 +578,11 @@ int mbedtls_test_psa_exported_key_sanity_check(
    psa_key_type_t type, size_t bits,
    const uint8_t *exported, size_t exported_length )
 {
-    if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
-        TEST_EQUAL( exported_length, ( bits + 7 ) / 8 );
-    else
-        TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
+    TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );

-#if defined(MBEDTLS_DES_C)
-    if( type == PSA_KEY_TYPE_DES )
-    {
-        /* Check the parity bits. */
-        unsigned i;
-        for( i = 0; i < bits / 8; i++ )
-        {
-            unsigned bit_count = 0;
-            unsigned m;
-            for( m = 1; m <= 0x100; m <<= 1 )
-            {
-                if( exported[i] & m )
-                    ++bit_count;
-            }
-            TEST_ASSERT( bit_count % 2 != 0 );
-        }
-    }
+    if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
+        TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
    else
-#endif

 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
    if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
@ -707,20 +688,28 @@ int mbedtls_test_psa_exported_key_sanity_check(
    else
 #endif /* MBEDTLS_ECP_C */

-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
    {
-        char message[47];
-        mbedtls_snprintf( message, sizeof( message ),
-                          "No sanity check for public key type=0x%08lx",
-                          (unsigned long) type );
-        mbedtls_test_fail( message, __LINE__, __FILE__ );
-        return( 0 );
+        TEST_ASSERT( ! "Sanity check not implemented for this key type" );
    }
-    else

+#if defined(MBEDTLS_DES_C)
+    if( type == PSA_KEY_TYPE_DES )
    {
-        /* No sanity checks for other types */
+        /* Check the parity bits. */
+        unsigned i;
+        for( i = 0; i < bits / 8; i++ )
+        {
+            unsigned bit_count = 0;
+            unsigned m;
+            for( m = 1; m <= 0x100; m <<= 1 )
+            {
+                if( exported[i] & m )
+                    ++bit_count;
+            }
+            TEST_ASSERT( bit_count % 2 != 0 );
+        }
    }
+#endif

    return( 1 );