Merge pull request #4067 from stevew817/feature/allow_multilength_aead

Add support for key policies (MAC & AEAD)
This commit is contained in:
Gilles Peskine 2021-03-08 15:04:17 +01:00 committed by GitHub
commit e252868be4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 780 additions and 122 deletions

View File

@ -0,0 +1,5 @@
Features
* In the PSA API, the policy for a MAC or AEAD algorithm can specify a
minimum MAC or tag length thanks to the new wildcards
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC and
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG.

View File

@ -264,6 +264,14 @@ static psa_key_usage_t psa_get_key_usage_flags(
* - An algorithm value permits this particular algorithm. * - An algorithm value permits this particular algorithm.
* - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified * - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
* signature scheme with any hash algorithm. * signature scheme with any hash algorithm.
* - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
* any MAC algorithm from the same base class (e.g. CMAC) which
* generates/verifies a MAC length greater than or equal to the length
* encoded in the wildcard algorithm.
* - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
* allows any AEAD algorithm from the same base class (e.g. CCM) which
* generates/verifies a tag length greater than or equal to the length
* encoded in the wildcard algorithm.
* *
* This function overwrites any algorithm policy * This function overwrites any algorithm policy
* previously set in \p attributes. * previously set in \p attributes.

View File

@ -866,6 +866,14 @@
#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000) #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
#define PSA_MAC_TRUNCATION_OFFSET 16 #define PSA_MAC_TRUNCATION_OFFSET 16
/* In the encoding of a MAC algorithm, the bit corresponding to
* #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
* algorithm policy can be used with any algorithm corresponding to the
* same base class and having a (potentially truncated) MAC length greater or
* equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
/** Macro to build a truncated MAC algorithm. /** Macro to build a truncated MAC algorithm.
* *
* A truncated MAC algorithm is identical to the corresponding MAC * A truncated MAC algorithm is identical to the corresponding MAC
@ -899,8 +907,9 @@
* MAC algorithm or if \p mac_length is too small or * MAC algorithm or if \p mac_length is too small or
* too large for the specified MAC algorithm. * too large for the specified MAC algorithm.
*/ */
#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \ #define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
(((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \ (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK)) ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
/** Macro to build the base MAC algorithm corresponding to a truncated /** Macro to build the base MAC algorithm corresponding to a truncated
@ -915,8 +924,9 @@
* \return Unspecified if \p alg is not a supported * \return Unspecified if \p alg is not a supported
* MAC algorithm. * MAC algorithm.
*/ */
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \ #define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
/** Length to which a MAC algorithm is truncated. /** Length to which a MAC algorithm is truncated.
* *
@ -932,6 +942,34 @@
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \ #define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET) (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
/** Macro to build a MAC minimum-MAC-length wildcard algorithm.
*
* A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms
* sharing the same base algorithm, and where the (potentially truncated) MAC
* length of the specific algorithm is equal to or larger then the wildcard
* algorithm's minimum MAC length.
*
* \note When setting the minimum required MAC length to less than the
* smallest MAC length allowed by the base algorithm, this effectively
* becomes an 'any-MAC-length-allowed' policy for that base algorithm.
*
* \param mac_alg A MAC algorithm identifier (value of type
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true).
* \param min_mac_length Desired minimum length of the message authentication
* code in bytes. This must be at most the untruncated
* length of the MAC and must be at least 1.
*
* \return The corresponding MAC wildcard algorithm with the
* specified minimum length.
* \return Unspecified if \p mac_alg is not a supported MAC
* algorithm or if \p min_mac_length is less than 1 or
* too large for the specified MAC algorithm.
*/
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000) #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
/** The CBC-MAC construction over a block cipher /** The CBC-MAC construction over a block cipher
* *
@ -1092,6 +1130,14 @@
#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000) #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
#define PSA_AEAD_TAG_LENGTH_OFFSET 16 #define PSA_AEAD_TAG_LENGTH_OFFSET 16
/* In the encoding of an AEAD algorithm, the bit corresponding to
* #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
* algorithm policy can be used with any algorithm corresponding to the
* same base class and having a tag length greater than or equal to the one
* encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
/** Macro to build a shortened AEAD algorithm. /** Macro to build a shortened AEAD algorithm.
* *
* A shortened AEAD algorithm is similar to the corresponding AEAD * A shortened AEAD algorithm is similar to the corresponding AEAD
@ -1111,10 +1157,26 @@
* for the specified AEAD algorithm. * for the specified AEAD algorithm.
*/ */
#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \ #define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
(((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \ (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \ ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
PSA_ALG_AEAD_TAG_LENGTH_MASK)) PSA_ALG_AEAD_TAG_LENGTH_MASK))
/** Retrieve the tag length of a specified AEAD algorithm
*
* \param aead_alg An AEAD algorithm identifier (value of type
* #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
* is true).
*
* \return The tag length specified by the input algorithm.
* \return Unspecified if \p alg is not a supported
* AEAD algorithm or if \p tag_length is not valid
* for the specified AEAD algorithm.
*/
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
PSA_AEAD_TAG_LENGTH_OFFSET )
/** Calculate the corresponding AEAD algorithm with the default tag length. /** Calculate the corresponding AEAD algorithm with the default tag length.
* *
* \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that * \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
@ -1134,6 +1196,34 @@
PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \ PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
ref : ref :
/** Macro to build an AEAD minimum-tag-length wildcard algorithm.
*
* A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms
* sharing the same base algorithm, and where the tag length of the specific
* algorithm is equal to or larger then the minimum tag length specified by the
* wildcard algorithm.
*
* \note When setting the minimum required tag length to less than the
* smallest tag length allowed by the base algorithm, this effectively
* becomes an 'any-tag-length-allowed' policy for that base algorithm.
*
* \param aead_alg An AEAD algorithm identifier (value of type
* #psa_algorithm_t such that
* #PSA_ALG_IS_AEAD(\p aead_alg) is true).
* \param min_tag_length Desired minimum length of the authentication tag in
* bytes. This must be at least 1 and at most the largest
* allowed tag length of the algorithm.
*
* \return The corresponding AEAD wildcard algorithm with the
* specified minimum length.
* \return Unspecified if \p aead_alg is not a supported
* AEAD algorithm or if \p min_tag_length is less than 1
* or too large for the specified AEAD algorithm.
*/
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200) #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
/** RSA PKCS#1 v1.5 signature with hashing. /** RSA PKCS#1 v1.5 signature with hashing.
* *
@ -1580,9 +1670,13 @@
* \return This macro may return either 0 or 1 if \c alg is not a supported * \return This macro may return either 0 or 1 if \c alg is not a supported
* algorithm identifier. * algorithm identifier.
*/ */
#define PSA_ALG_IS_WILDCARD(alg) \ #define PSA_ALG_IS_WILDCARD(alg) \
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \ (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \ PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
PSA_ALG_IS_MAC(alg) ? \
(alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
PSA_ALG_IS_AEAD(alg) ? \
(alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
(alg) == PSA_ALG_ANY_HASH) (alg) == PSA_ALG_ANY_HASH)
/**@}*/ /**@}*/

View File

@ -545,6 +545,47 @@ static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
return( slot->attr.bits ); return( slot->attr.bits );
} }
/** Check whether a given key type is valid for use with a given MAC algorithm
*
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
* when called with the validated \p algorithm and \p key_type is well-defined.
*
* \param[in] algorithm The specific MAC algorithm (can be wildcard).
* \param[in] key_type The key type of the key to be used with the
* \p algorithm.
*
* \retval #PSA_SUCCESS
* The \p key_type is valid for use with the \p algorithm
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The \p key_type is not valid for use with the \p algorithm
*/
MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
psa_algorithm_t algorithm,
psa_key_type_t key_type )
{
if( PSA_ALG_IS_HMAC( algorithm ) )
{
if( key_type == PSA_KEY_TYPE_HMAC )
return( PSA_SUCCESS );
}
if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) )
{
/* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
* key. */
if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) ==
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
{
/* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
* the block length (larger than 1) for block ciphers. */
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 )
return( PSA_SUCCESS );
}
}
return( PSA_ERROR_INVALID_ARGUMENT );
}
/** Try to allocate a buffer to an empty key slot. /** Try to allocate a buffer to an empty key slot.
* *
* \param[in,out] slot Key slot to attach buffer to. * \param[in,out] slot Key slot to attach buffer to.
@ -657,6 +698,7 @@ psa_status_t psa_import_key_into_slot(
* Return 0 (which allows no operation) on incompatibility. * Return 0 (which allows no operation) on incompatibility.
*/ */
static psa_algorithm_t psa_key_policy_algorithm_intersection( static psa_algorithm_t psa_key_policy_algorithm_intersection(
psa_key_type_t key_type,
psa_algorithm_t alg1, psa_algorithm_t alg1,
psa_algorithm_t alg2 ) psa_algorithm_t alg2 )
{ {
@ -674,11 +716,92 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection(
if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH ) if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
return( alg1 ); return( alg1 );
} }
/* If the policies are from the same AEAD family, check whether
* one of them is a minimum-tag-length wildcard. Calculate the most
* restrictive tag length. */
if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
{
size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
{
return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
alg1, restricted_len ) );
}
/* If only one is a wildcard, return specific algorithm if compatible. */
if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
( alg1_len <= alg2_len ) )
{
return( alg2 );
}
if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
( alg2_len <= alg1_len ) )
{
return( alg1 );
}
}
/* If the policies are from the same MAC family, check whether one
* of them is a minimum-MAC-length policy. Calculate the most
* restrictive tag length. */
if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
{
/* Validate the combination of key type and algorithm. Since the base
* algorithm of alg1 and alg2 are the same, we only need this once. */
if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
return( 0 );
/* Get the (exact or at-least) output lengths for both sides of the
* requested intersection. None of the currently supported algorithms
* have an output length dependent on the actual key size, so setting it
* to a bogus value of 0 is currently OK.
*
* Note that for at-least-this-length wildcard algorithms, the output
* length is set to the shortest allowed length, which allows us to
* calculate the most restrictive tag length for the intersection. */
size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
/* If both are wildcards, return most restrictive wildcard */
if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
{
return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) );
}
/* If only one is an at-least-this-length policy, the intersection would
* be the other (fixed-length) policy as long as said fixed length is
* equal to or larger than the shortest allowed length. */
if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
{
return( ( alg1_len <= alg2_len ) ? alg2 : 0 );
}
if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
{
return( ( alg2_len <= alg1_len ) ? alg1 : 0 );
}
/* If none of them are wildcards, check whether they define the same tag
* length. This is still possible here when one is default-length and
* the other specific-length. Ensure to always return the
* specific-length version for the intersection. */
if( alg1_len == alg2_len )
return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) );
}
/* If the policies are incompatible, allow nothing. */ /* If the policies are incompatible, allow nothing. */
return( 0 ); return( 0 );
} }
static int psa_key_algorithm_permits( psa_algorithm_t policy_alg, static int psa_key_algorithm_permits( psa_key_type_t key_type,
psa_algorithm_t policy_alg,
psa_algorithm_t requested_alg ) psa_algorithm_t requested_alg )
{ {
/* Common case: the policy only allows requested_alg. */ /* Common case: the policy only allows requested_alg. */
@ -693,6 +816,63 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
return( ( policy_alg & ~PSA_ALG_HASH_MASK ) == return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
( requested_alg & ~PSA_ALG_HASH_MASK ) ); ( requested_alg & ~PSA_ALG_HASH_MASK ) );
} }
/* If policy_alg is a wildcard AEAD algorithm of the same base as
* the requested algorithm, check the requested tag length to be
* equal-length or longer than the wildcard-specified length. */
if( PSA_ALG_IS_AEAD( policy_alg ) &&
PSA_ALG_IS_AEAD( requested_alg ) &&
( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
{
return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
}
/* If policy_alg is a MAC algorithm of the same base as the requested
* algorithm, check whether their MAC lengths are compatible. */
if( PSA_ALG_IS_MAC( policy_alg ) &&
PSA_ALG_IS_MAC( requested_alg ) &&
( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
{
/* Validate the combination of key type and algorithm. Since the policy
* and requested algorithms are the same, we only need this once. */
if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
return( 0 );
/* Get both the requested output length for the algorithm which is to be
* verified, and the default output length for the base algorithm.
* Note that none of the currently supported algorithms have an output
* length dependent on actual key size, so setting it to a bogus value
* of 0 is currently OK. */
size_t requested_output_length = PSA_MAC_LENGTH(
key_type, 0, requested_alg );
size_t default_output_length = PSA_MAC_LENGTH(
key_type, 0,
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
/* If the policy is default-length, only allow an algorithm with
* a declared exact-length matching the default. */
if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 )
return( requested_output_length == default_output_length );
/* If the requested algorithm is default-length, allow it if the policy
* length exactly matches the default length. */
if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 &&
PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length )
{
return( 1 );
}
/* If policy_alg is an at-least-this-length wildcard MAC algorithm,
* check for the requested MAC length to be equal to or longer than the
* minimum allowed length. */
if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
{
return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
requested_output_length );
}
}
/* If policy_alg is a generic key agreement operation, then using it for /* If policy_alg is a generic key agreement operation, then using it for
* a key derivation with that key agreement should also be allowed. This * a key derivation with that key agreement should also be allowed. This
* behaviour is expected to be defined in a future specification version. */ * behaviour is expected to be defined in a future specification version. */
@ -702,23 +882,52 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) == return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
policy_alg ); policy_alg );
} }
/* If it isn't permitted, it's forbidden. */ /* If it isn't explicitly permitted, it's forbidden. */
return( 0 ); return( 0 );
} }
/** Test whether a policy permits an algorithm. /** Test whether a policy permits an algorithm.
* *
* The caller must test usage flags separately. * The caller must test usage flags separately.
*
* \note This function requires providing the key type for which the policy is
* being validated, since some algorithm policy definitions (e.g. MAC)
* have different properties depending on what kind of cipher it is
* combined with.
*
* \retval PSA_SUCCESS When \p alg is a specific algorithm
* allowed by the \p policy.
* \retval PSA_ERROR_INVALID_ARGUMENT When \p alg is not a specific algorithm
* \retval PSA_ERROR_NOT_PERMITTED When \p alg is a specific algorithm, but
* the \p policy does not allow it.
*/ */
static int psa_key_policy_permits( const psa_key_policy_t *policy, static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
psa_algorithm_t alg ) psa_key_type_t key_type,
psa_algorithm_t alg )
{ {
return( psa_key_algorithm_permits( policy->alg, alg ) || /* '0' is not a valid algorithm */
psa_key_algorithm_permits( policy->alg2, alg ) ); if( alg == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
/* A requested algorithm cannot be a wildcard. */
if( PSA_ALG_IS_WILDCARD( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if( psa_key_algorithm_permits( key_type, policy->alg, alg ) ||
psa_key_algorithm_permits( key_type, policy->alg2, alg ) )
return( PSA_SUCCESS );
else
return( PSA_ERROR_NOT_PERMITTED );
} }
/** Restrict a key policy based on a constraint. /** Restrict a key policy based on a constraint.
* *
* \note This function requires providing the key type for which the policy is
* being restricted, since some algorithm policy definitions (e.g. MAC)
* have different properties depending on what kind of cipher it is
* combined with.
*
* \param[in] key_type The key type for which to restrict the policy
* \param[in,out] policy The policy to restrict. * \param[in,out] policy The policy to restrict.
* \param[in] constraint The policy constraint to apply. * \param[in] constraint The policy constraint to apply.
* *
@ -726,17 +935,20 @@ static int psa_key_policy_permits( const psa_key_policy_t *policy,
* \c *policy contains the intersection of the original value of * \c *policy contains the intersection of the original value of
* \c *policy and \c *constraint. * \c *policy and \c *constraint.
* \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INVALID_ARGUMENT
* \c *policy and \c *constraint are incompatible. * \c key_type, \c *policy and \c *constraint are incompatible.
* \c *policy is unchanged. * \c *policy is unchanged.
*/ */
static psa_status_t psa_restrict_key_policy( static psa_status_t psa_restrict_key_policy(
psa_key_type_t key_type,
psa_key_policy_t *policy, psa_key_policy_t *policy,
const psa_key_policy_t *constraint ) const psa_key_policy_t *constraint )
{ {
psa_algorithm_t intersection_alg = psa_algorithm_t intersection_alg =
psa_key_policy_algorithm_intersection( policy->alg, constraint->alg ); psa_key_policy_algorithm_intersection( key_type, policy->alg,
constraint->alg );
psa_algorithm_t intersection_alg2 = psa_algorithm_t intersection_alg2 =
psa_key_policy_algorithm_intersection( policy->alg2, constraint->alg2 ); psa_key_policy_algorithm_intersection( key_type, policy->alg2,
constraint->alg2 );
if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 ) if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 ) if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 )
@ -751,7 +963,8 @@ static psa_status_t psa_restrict_key_policy(
* and lock it. * and lock it.
* *
* The key must have allow all the usage flags set in \p usage. If \p alg is * The key must have allow all the usage flags set in \p usage. If \p alg is
* nonzero, the key must allow operations with this algorithm. * nonzero, the key must allow operations with this algorithm. If \p alg is
* zero, the algorithm is not checked.
* *
* In case of a persistent key, the function loads the description of the key * In case of a persistent key, the function loads the description of the key
* into a key slot if not already done. * into a key slot if not already done.
@ -780,13 +993,21 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy(
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ) if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
usage &= ~PSA_KEY_USAGE_EXPORT; usage &= ~PSA_KEY_USAGE_EXPORT;
status = PSA_ERROR_NOT_PERMITTED;
if( ( slot->attr.policy.usage & usage ) != usage ) if( ( slot->attr.policy.usage & usage ) != usage )
{
status = PSA_ERROR_NOT_PERMITTED;
goto error; goto error;
}
/* Enforce that the usage policy permits the requested algortihm. */ /* Enforce that the usage policy permits the requested algortihm. */
if( alg != 0 && ! psa_key_policy_permits( &slot->attr.policy, alg ) ) if( alg != 0 )
goto error; {
status = psa_key_policy_permits( &slot->attr.policy,
slot->attr.type,
alg );
if( status != PSA_SUCCESS )
goto error;
}
return( PSA_SUCCESS ); return( PSA_SUCCESS );
@ -1880,7 +2101,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
status = psa_restrict_key_policy( &actual_attributes.core.policy, status = psa_restrict_key_policy( source_slot->attr.type,
&actual_attributes.core.policy,
&source_slot->attr.policy ); &source_slot->attr.policy );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
@ -2553,7 +2775,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
{ {
psa_status_t status = PSA_ERROR_NOT_SUPPORTED; psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
operation->alg = alg; operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
operation->key_set = 0; operation->key_set = 0;
operation->iv_set = 0; operation->iv_set = 0;
operation->iv_required = 0; operation->iv_required = 0;
@ -2561,7 +2783,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
operation->is_sign = 0; operation->is_sign = 0;
#if defined(MBEDTLS_CMAC_C) #if defined(MBEDTLS_CMAC_C)
if( alg == PSA_ALG_CMAC ) if( operation->alg == PSA_ALG_CMAC )
{ {
operation->iv_required = 0; operation->iv_required = 0;
mbedtls_cipher_init( &operation->ctx.cmac ); mbedtls_cipher_init( &operation->ctx.cmac );
@ -2645,23 +2867,26 @@ bad_state:
} }
#if defined(MBEDTLS_CMAC_C) #if defined(MBEDTLS_CMAC_C)
static int psa_cmac_setup( psa_mac_operation_t *operation, static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation,
size_t key_bits, psa_key_slot_t *slot )
psa_key_slot_t *slot,
const mbedtls_cipher_info_t *cipher_info )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info =
operation->mac_size = cipher_info->block_size; mbedtls_cipher_info_from_psa( PSA_ALG_CMAC,
slot->attr.type, slot->attr.bits,
NULL );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
if( ret != 0 ) if( ret != 0 )
return( ret ); goto exit;
ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
slot->key.data, slot->key.data,
key_bits ); slot->attr.bits );
return( ret ); exit:
return( mbedtls_to_psa_error( ret ) );
} }
#endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_CMAC_C */
@ -2737,11 +2962,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot; psa_key_slot_t *slot;
size_t key_bits;
psa_key_usage_t usage = psa_key_usage_t usage =
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
uint8_t truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
/* A context must be freshly initialized before it can be set up. */ /* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 ) if( operation->alg != 0 )
@ -2749,7 +2971,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
} }
status = psa_mac_init( operation, full_length_alg ); status = psa_mac_init( operation, alg );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
if( is_sign ) if( is_sign )
@ -2759,40 +2981,48 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
key, &slot, usage, alg ); key, &slot, usage, alg );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
key_bits = psa_get_key_slot_bits( slot );
/* Validate the combination of key type and algorithm */
status = psa_mac_key_can_do( alg, slot->attr.type );
if( status != PSA_SUCCESS )
goto exit;
/* Get the output length for the algorithm and key combination. None of the
* currently supported algorithms have an output length dependent on actual
* key size, so setting it to a bogus value is currently OK. */
operation->mac_size = PSA_MAC_LENGTH( slot->attr.type, 0, alg );
if( operation->mac_size < 4 )
{
/* A very short MAC is too short for security since it can be
* brute-forced. Ancient protocols with 32-bit MACs do exist,
* so we make this our minimum, even though 32 bits is still
* too small for security. */
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
if( operation->mac_size >
PSA_MAC_LENGTH( slot->attr.type, 0, PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
{
/* It's impossible to "truncate" to a larger length than the full length
* of the algorithm. */
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
#if defined(MBEDTLS_CMAC_C) #if defined(MBEDTLS_CMAC_C)
if( full_length_alg == PSA_ALG_CMAC ) if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
{ {
const mbedtls_cipher_info_t *cipher_info = status = psa_cmac_setup( operation, slot );
mbedtls_cipher_info_from_psa( full_length_alg,
slot->attr.type, key_bits, NULL );
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( cipher_info == NULL )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->mac_size = cipher_info->block_size;
ret = psa_cmac_setup( operation, key_bits, slot, cipher_info );
status = mbedtls_to_psa_error( ret );
} }
else else
#endif /* MBEDTLS_CMAC_C */ #endif /* MBEDTLS_CMAC_C */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
if( PSA_ALG_IS_HMAC( full_length_alg ) ) if( PSA_ALG_IS_HMAC( alg ) )
{ {
psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg );
if( hash_alg == 0 )
{
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
operation->mac_size = PSA_HASH_LENGTH( hash_alg );
/* Sanity check. This shouldn't fail on a valid configuration. */ /* Sanity check. This shouldn't fail on a valid configuration. */
if( operation->mac_size == 0 || if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
{ {
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
goto exit; goto exit;
@ -2807,35 +3037,14 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
status = psa_hmac_setup_internal( &operation->ctx.hmac, status = psa_hmac_setup_internal( &operation->ctx.hmac,
slot->key.data, slot->key.data,
slot->key.bytes, slot->key.bytes,
hash_alg ); PSA_ALG_HMAC_GET_HASH( alg ) );
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
{ {
(void) key_bits;
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
} }
if( truncated == 0 )
{
/* The "normal" case: untruncated algorithm. Nothing to do. */
}
else if( truncated < 4 )
{
/* A very short MAC is too short for security since it can be
* brute-forced. Ancient protocols with 32-bit MACs do exist,
* so we make this our minimum, even though 32 bits is still
* too small for security. */
status = PSA_ERROR_NOT_SUPPORTED;
}
else if( truncated > operation->mac_size )
{
/* It's impossible to "truncate" to a larger length. */
status = PSA_ERROR_INVALID_ARGUMENT;
}
else
operation->mac_size = truncated;
exit: exit:
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{ {

View File

@ -35,6 +35,7 @@
#endif #endif
#include "psa/crypto.h" #include "psa/crypto.h"
#include "common.h"
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
@ -76,4 +77,10 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
void (* entropy_free )( mbedtls_entropy_context *ctx ) ); void (* entropy_free )( mbedtls_entropy_context *ctx ) );
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
psa_status_t psa_mac_key_can_do(
psa_algorithm_t algorithm,
psa_key_type_t key_type );
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
#endif /* PSA_CRYPTO_INVASIVE_H */ #endif /* PSA_CRYPTO_INVASIVE_H */

View File

@ -150,7 +150,11 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
unsigned long length_modifier = NO_LENGTH_MODIFIER; unsigned long length_modifier = NO_LENGTH_MODIFIER;
if (PSA_ALG_IS_MAC(alg)) { if (PSA_ALG_IS_MAC(alg)) {
core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
if (core_alg != alg) { if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33);
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
} else if (core_alg != alg) {
append(&buffer, buffer_size, &required_size, append(&buffer, buffer_size, &required_size,
"PSA_ALG_TRUNCATED_MAC(", 22); "PSA_ALG_TRUNCATED_MAC(", 22);
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
@ -160,6 +164,10 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
if (core_alg == 0) { if (core_alg == 0) {
/* For unknown AEAD algorithms, there is no "default tag length". */ /* For unknown AEAD algorithms, there is no "default tag length". */
core_alg = alg; core_alg = alg;
} else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
length_modifier = PSA_AEAD_TAG_LENGTH(alg);
} else if (core_alg != alg) { } else if (core_alg != alg) {
append(&buffer, buffer_size, &required_size, append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32); "PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);

View File

@ -100,7 +100,11 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
unsigned long length_modifier = NO_LENGTH_MODIFIER; unsigned long length_modifier = NO_LENGTH_MODIFIER;
if (PSA_ALG_IS_MAC(alg)) { if (PSA_ALG_IS_MAC(alg)) {
core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
if (core_alg != alg) { if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33);
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
} else if (core_alg != alg) {
append(&buffer, buffer_size, &required_size, append(&buffer, buffer_size, &required_size,
"PSA_ALG_TRUNCATED_MAC(", 22); "PSA_ALG_TRUNCATED_MAC(", 22);
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
@ -110,6 +114,10 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
if (core_alg == 0) { if (core_alg == 0) {
/* For unknown AEAD algorithms, there is no "default tag length". */ /* For unknown AEAD algorithms, there is no "default tag length". */
core_alg = alg; core_alg = alg;
} else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
length_modifier = PSA_AEAD_TAG_LENGTH(alg);
} else if (core_alg != alg) { } else if (core_alg != alg) {
append(&buffer, buffer_size, &required_size, append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32); "PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);

View File

@ -115,6 +115,8 @@ WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([
'PSA_KEY_TYPE_NONE', # not a real key type 'PSA_KEY_TYPE_NONE', # not a real key type
'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise 'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise
'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise 'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise
'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', #only a modifier
'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', #only a modifier
# Not implemented yet: cipher-related key types and algorithms. # Not implemented yet: cipher-related key types and algorithms.
# Manually extracted from crypto_values.h. # Manually extracted from crypto_values.h.

View File

@ -101,7 +101,7 @@ class Inputs:
# PSA_ALG_IS_xxx macros, but are also not currently assigned and are # PSA_ALG_IS_xxx macros, but are also not currently assigned and are
# not likely to be assigned in the near future. # not likely to be assigned in the near future.
self.hash_algorithms = set(['0x020000fe']) # 0x020000ff is PSA_ALG_ANY_HASH self.hash_algorithms = set(['0x020000fe']) # 0x020000ff is PSA_ALG_ANY_HASH
self.mac_algorithms = set(['0x0300ffff']) self.mac_algorithms = set(['0x03007fff'])
self.ka_algorithms = set(['0x09fc0000']) self.ka_algorithms = set(['0x09fc0000'])
self.kdf_algorithms = set(['0x080000ff']) self.kdf_algorithms = set(['0x080000ff'])
# For AEAD algorithms, the only variability is over the tag length, # For AEAD algorithms, the only variability is over the tag length,
@ -146,6 +146,8 @@ class Inputs:
self.arguments_for = { self.arguments_for = {
'mac_length': ['1', '63'], 'mac_length': ['1', '63'],
'tag_length': ['1', '63'], 'tag_length': ['1', '63'],
'min_mac_length': ['1', '63'],
'min_tag_length': ['1', '63'],
} }
def get_names(self, type_word): def get_names(self, type_word):

View File

@ -122,6 +122,12 @@ static int exercise_mac_key( mbedtls_svc_key_id_t key,
unsigned char mac[PSA_MAC_MAX_SIZE] = {0}; unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
size_t mac_length = sizeof( mac ); size_t mac_length = sizeof( mac );
/* Convert wildcard algorithm to exercisable algorithm */
if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
{
alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) );
}
if( usage & PSA_KEY_USAGE_SIGN_HASH ) if( usage & PSA_KEY_USAGE_SIGN_HASH )
{ {
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
@ -236,6 +242,12 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key,
size_t ciphertext_length = sizeof( ciphertext ); size_t ciphertext_length = sizeof( ciphertext );
size_t plaintext_length = sizeof( ciphertext ); size_t plaintext_length = sizeof( ciphertext );
/* Convert wildcard algorithm to exercisable algorithm */
if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
{
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) );
}
/* Default IV length for AES-GCM is 12 bytes */ /* Default IV length for AES-GCM is 12 bytes */
if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) == if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ==
PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) ) PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) )
@ -243,6 +255,13 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key,
nonce_length = 12; nonce_length = 12;
} }
/* IV length for CCM needs to be between 7 and 13 bytes */
if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ==
PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ) )
{
nonce_length = 12;
}
if( usage & PSA_KEY_USAGE_ENCRYPT ) if( usage & PSA_KEY_USAGE_ENCRYPT )
{ {
PSA_ASSERT( psa_aead_encrypt( key, alg, PSA_ASSERT( psa_aead_encrypt( key, alg,

View File

@ -378,31 +378,95 @@ key_attributes_init:
PSA key policy: MAC, sign | verify PSA key policy: MAC, sign | verify
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: MAC, wrong algorithm PSA key policy: MAC, wrong algorithm
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224) mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED
PSA key policy: MAC, alg=0 in policy PSA key policy: MAC, alg=0 in policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
PSA key policy: MAC, ANY_HASH in policy is not meaningful PSA key policy: MAC, ANY_HASH in policy is not meaningful
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
PSA key policy: MAC, sign but not verify PSA key policy: MAC, sign but not verify
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: MAC, verify but not sign PSA key policy: MAC, verify but not sign
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: MAC, neither sign nor verify PSA key policy: MAC, neither sign nor verify
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256) mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, tag length > min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, tag length = min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, tag length < min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
PSA key policy: CMAC, sign-verify, tag length > min-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS
PSA key policy: CMAC, sign-verify, tag length = min-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS
PSA key policy: CMAC, sign-verify, tag length < min-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, default tag length > min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, default tag length = min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, default tag length < min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_CMAC_C
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different hash base)
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different algorithm)
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_CMAC_C
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: HMAC, sign-verify, tag length > exact-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, tag length = exact-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, tag length < exact-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
PSA key policy: cipher, encrypt | decrypt PSA key policy: cipher, encrypt | decrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
@ -430,27 +494,83 @@ cipher_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_A
PSA key policy: AEAD, encrypt | decrypt PSA key policy: AEAD, encrypt | decrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
PSA key policy: AEAD, wrong algorithm PSA key policy: AEAD, wrong algorithm
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_GCM aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_GCM:PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, alg=0 in policy PSA key policy: AEAD, alg=0 in policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_CCM aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_CCM:PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, encrypt but not decrypt PSA key policy: AEAD, encrypt but not decrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM aead_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
PSA key policy: AEAD, decrypt but not encrypt PSA key policy: AEAD, decrypt but not encrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM aead_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
PSA key policy: AEAD, neither encrypt nor decrypt PSA key policy: AEAD, neither encrypt nor decrypt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:0:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM aead_key_policy:0:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, tag length > min-length policy, CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_SUCCESS
PSA key policy: AEAD, tag length = min-length policy, CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_SUCCESS
PSA key policy: AEAD, tag length < min-length policy, CCM
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, tag length > min-length policy, GCM
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":12:8:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8):PSA_SUCCESS
PSA key policy: AEAD, tag length = min-length policy, GCM
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":12:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 4):PSA_SUCCESS
PSA key policy: AEAD, tag length < min-length policy, GCM
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":12:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 4):PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, default tag length > min-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
PSA key policy: AEAD, default tag length = min-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 16):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
PSA key policy: AEAD, default tag length < min-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 17):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, min-length policy, unmatched base alg
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 4):PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, min-length policy used as algorithm
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: AEAD, tag length > exact-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_PERMITTED
PSA key policy: AEAD, tag length = exact-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_SUCCESS
PSA key policy: AEAD, tag length < exact-length policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_ERROR_NOT_PERMITTED
PSA key policy: asymmetric encryption, encrypt | decrypt PSA key policy: asymmetric encryption, encrypt | decrypt
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
@ -698,6 +818,78 @@ Copy fail: AES, incompatible target policy
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=MAC min-length, target=MAC length > min-length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
Copy key: source=MAC min-length, target=MAC length = min-length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy fail: source=MAC min-length, target=MAC length < min-length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=MAC min-length, target=MAC min-length, src > tgt
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
Copy key: source=MAC min-length, target=MAC min-length, src = tgt
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy key: source=MAC min-length, target=MAC min-length, src < tgt
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
Copy fail: source=MAC, target=MAC min-length > length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=MAC, target=MAC min-length = length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy key: source=MAC, target=MAC min-length < length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy key: source=AEAD min-length, target=AEAD length > min-length
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
Copy key: source=AEAD min-length, target=AEAD length = min-length
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0
Copy fail: source=AEAD min-length, target=AEAD length < min-length
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
Copy fail: source=AEAD, target=AEAD min-length > length
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=AEAD, target=AEAD min-length = length
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
Copy key: source=AEAD, target=AEAD min-length < length
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
Copy fail: RSA, incompatible target policy (source wildcard) Copy fail: RSA, incompatible target policy (source wildcard)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT
@ -893,9 +1085,14 @@ PSA MAC setup: good, AES-CMAC
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_SUCCESS mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_SUCCESS
PSA MAC setup: bad algorithm (unknown MAC algorithm) PSA MAC setup: bad algorithm (HMAC without specified hash)
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED
PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm)
depends_on:!PSA_WANT_ALG_MD2
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_MD2):PSA_ERROR_NOT_SUPPORTED
PSA MAC setup: bad algorithm (not a MAC algorithm) PSA MAC setup: bad algorithm (not a MAC algorithm)
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT
@ -915,7 +1112,7 @@ mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161
PSA MAC setup: incompatible key HMAC for CMAC PSA MAC setup: incompatible key HMAC for CMAC
depends_on:MBEDTLS_CMAC_C depends_on:MBEDTLS_CMAC_C
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT
PSA MAC setup: algorithm known but not supported, long key PSA MAC setup: algorithm known but not supported, long key
depends_on:!MBEDTLS_MD5_C depends_on:!MBEDTLS_MD5_C
@ -1926,9 +2123,7 @@ sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb
PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard) PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15
# Arguably the error should be INVALID_ARGUMENT, but NOT_SUPPORTED is simpler sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
# to implement.
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
PSA sign: RSA PKCS#1 v1.5 raw, input too large PSA sign: RSA PKCS#1 v1.5 raw, input too large
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C

View File

@ -834,12 +834,14 @@ void mac_key_policy( int policy_usage,
int policy_alg, int policy_alg,
int key_type, int key_type,
data_t *key_data, data_t *key_data,
int exercise_alg ) int exercise_alg,
int expected_status_arg )
{ {
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status; psa_status_t status;
psa_status_t expected_status = expected_status_arg;
unsigned char mac[PSA_MAC_MAX_SIZE]; unsigned char mac[PSA_MAC_MAX_SIZE];
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
@ -852,20 +854,19 @@ void mac_key_policy( int policy_usage,
&key ) ); &key ) );
status = psa_mac_sign_setup( &operation, key, exercise_alg ); status = psa_mac_sign_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg && if( ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) == 0 )
( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
PSA_ASSERT( status );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
else
TEST_EQUAL( status, expected_status );
psa_mac_abort( &operation ); psa_mac_abort( &operation );
memset( mac, 0, sizeof( mac ) ); memset( mac, 0, sizeof( mac ) );
status = psa_mac_verify_setup( &operation, key, exercise_alg ); status = psa_mac_verify_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg && if( ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) == 0 )
( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
PSA_ASSERT( status );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
else
TEST_EQUAL( status, expected_status );
exit: exit:
psa_mac_abort( &operation ); psa_mac_abort( &operation );
@ -924,11 +925,13 @@ void aead_key_policy( int policy_usage,
data_t *key_data, data_t *key_data,
int nonce_length_arg, int nonce_length_arg,
int tag_length_arg, int tag_length_arg,
int exercise_alg ) int exercise_alg,
int expected_status_arg )
{ {
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status; psa_status_t status;
psa_status_t expected_status = expected_status_arg;
unsigned char nonce[16] = {0}; unsigned char nonce[16] = {0};
size_t nonce_length = nonce_length_arg; size_t nonce_length = nonce_length_arg;
unsigned char tag[16]; unsigned char tag[16];
@ -953,9 +956,8 @@ void aead_key_policy( int policy_usage,
NULL, 0, NULL, 0,
tag, tag_length, tag, tag_length,
&output_length ); &output_length );
if( policy_alg == exercise_alg && if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) TEST_EQUAL( status, expected_status );
PSA_ASSERT( status );
else else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@ -966,11 +968,12 @@ void aead_key_policy( int policy_usage,
tag, tag_length, tag, tag_length,
NULL, 0, NULL, 0,
&output_length ); &output_length );
if( policy_alg == exercise_alg && if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
else if( expected_status == PSA_SUCCESS )
TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE ); TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
else else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); TEST_EQUAL( status, expected_status );
exit: exit:
psa_destroy_key( key ); psa_destroy_key( key );
@ -1334,6 +1337,7 @@ void copy_success( int source_usage_arg,
ASSERT_COMPARE( material->x, material->len, ASSERT_COMPARE( material->x, material->len,
export_buffer, length ); export_buffer, length );
} }
if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) ) if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
goto exit; goto exit;
if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) ) if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )

View File

@ -9,6 +9,7 @@
#endif #endif
#include "psa/crypto.h" #include "psa/crypto.h"
#include "psa_crypto_invasive.h"
/* Flags for algorithm classification macros. There is a flag for every /* Flags for algorithm classification macros. There is a flag for every
* algorithm classification macro PSA_ALG_IS_xxx except for the * algorithm classification macro PSA_ALG_IS_xxx except for the
@ -158,6 +159,10 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
/* Length */ /* Length */
TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) ); TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) );
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
PSA_ASSERT( psa_mac_key_can_do( alg, key_type ) );
#endif
exit: ; exit: ;
} }
@ -263,6 +268,52 @@ void mac_algorithm( int alg_arg, int classification_flags,
PSA_ALG_TRUNCATED_MAC( alg, length - 1) ); PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ), TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ),
PSA_ALG_TRUNCATED_MAC( alg, length ) ); PSA_ALG_TRUNCATED_MAC( alg, length ) );
/* Check that calling PSA_ALG_TRUNCATED_MAC on an algorithm
* earlier constructed with PSA_ALG_AT_LEAST_THIS_LENGTH_MAC gives the
* length of the outer truncation (even if the outer length is smaller
* than the inner length). */
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), 1 ),
PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length - 1 ),
PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length ),
PSA_ALG_TRUNCATED_MAC( alg, length ) );
}
/* At-leat-this-length versions */
for( n = 1; n <= length; n++ )
{
psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, n );
mac_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
key_type, key_bits, n );
TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( policy_alg ), alg );
/* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC twice gives the
* length of the outer truncation (even if the outer length is smaller
* than the inner length). */
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, 1 ),
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length - 1 ),
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length ),
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
/* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC on an algorithm
* earlier constructed with PSA_ALG_TRUNCATED_MAC gives the length of
* the outer truncation (even if the outer length is smaller than the
* inner length). */
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
PSA_ALG_TRUNCATED_MAC( policy_alg, n ), 1),
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length - 1 ),
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length ),
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
} }
} }
/* END_CASE */ /* END_CASE */
@ -329,7 +380,7 @@ void aead_algorithm( int alg_arg, int classification_flags,
aead_algorithm_core( truncated_alg, classification_flags, n ); aead_algorithm_core( truncated_alg, classification_flags, n );
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ), TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ),
alg ); alg );
/* Check that calling PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG twice gives /* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives
* the length of the outer truncation (even if the outer length is * the length of the outer truncation (even if the outer length is
* smaller than the inner length). */ * smaller than the inner length). */
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, 1 ), TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, 1 ),
@ -338,6 +389,52 @@ void aead_algorithm( int alg_arg, int classification_flags,
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) ); PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length ), TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length ),
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) ); PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG on an algorithm
* earlier constructed with PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
* gives the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), 1 ),
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length - 1 ),
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length ),
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
}
/* At-leat-this-length versions */
for( n = 1; n <= tag_length; n++ )
{
psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n );
aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD, n );
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ),
alg );
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice
* gives the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, 1 ),
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length - 1 ),
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length ),
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG on an
* algorithm earlier constructed with PSA_ALG_AEAD_WITH_SHORTENED_TAG
* gives the length of the outer truncation (even if the outer length is
* smaller than the inner length). */
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), 1),
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length - 1 ),
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length ),
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
} }
} }
/* END_CASE */ /* END_CASE */