From 069346cdab62c4bc8c8095e4d6d91e68fadae307 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Jan 2021 21:48:19 +0100 Subject: [PATCH] New test suite for not-supported cases: key creation (import, generate) To start with, test that key creation fails as intended when the key type is not supported. This commit only covers psa_import_key and psa_generate_key. A follow-up will cover psa_key_derivation_output_key. My primary intent in creating this new test suite is to automatically generate test cases by enumerating the key types and algorithms that the library supports. But this commit only adds a few manually written test cases, to get the ball rolling. Move the relevant test cases of test_suite_psa_crypto.data that only depend on generic knowledge about the API. Keep test cases that depend more closely on the implementation, such as tests of non-supported key sizes, in test_suite_psa_crypto.data. Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 1 + tests/suites/test_suite_psa_crypto.data | 12 ----- ...st_suite_psa_crypto_not_supported.function | 52 +++++++++++++++++++ ...t_suite_psa_crypto_not_supported.misc.data | 11 ++++ 4 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 tests/suites/test_suite_psa_crypto_not_supported.function create mode 100644 tests/suites/test_suite_psa_crypto_not_supported.misc.data diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 6873dad081..a05b24334d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -146,6 +146,7 @@ add_test_suite(psa_crypto_entropy) add_test_suite(psa_crypto_hash) add_test_suite(psa_crypto_init) add_test_suite(psa_crypto_metadata) +add_test_suite(psa_crypto_not_supported.misc) add_test_suite(psa_crypto_persistent_key) add_test_suite(psa_crypto_se_driver_hal) add_test_suite(psa_crypto_se_driver_hal_mocks) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c981e98a8e..ad34bad3df 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -25,12 +25,6 @@ import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" PSA import: bad usage flag import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT -PSA import: invalid type (0) -import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED - -PSA import: invalid type (PSA_KEY_TYPE_CATEGORY_MASK) -import_with_policy:PSA_KEY_TYPE_CATEGORY_MASK:0:0:PSA_ERROR_NOT_SUPPORTED - PSA import AES: bad key size depends_on:MBEDTLS_AES_C import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMENT @@ -2809,12 +2803,6 @@ generate_random:MBEDTLS_CTR_DRBG_MAX_REQUEST + 1 PSA generate random: 2*MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1 -PSA generate key: bad type (0) -generate_key:PSA_KEY_TYPE_NONE:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0 - -PSA generate key: bad type (PSA_KEY_TYPE_CATEGORY_MASK) -generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0 - PSA generate key: bad type (RSA public key) generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0 diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function new file mode 100644 index 0000000000..ca62eee9d5 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_not_supported.function @@ -0,0 +1,52 @@ +/* BEGIN_HEADER */ + +#include "psa/crypto.h" +#include "test/psa_crypto_helpers.h" + +#define INVALID_KEY_ID 0xfedcba98 + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void import_not_supported( int key_type, data_t *key_material ) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = INVALID_KEY_ID; + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, key_type ); + TEST_EQUAL( psa_import_key( &attributes, + key_material->x, key_material->len, + &key_id ), + PSA_ERROR_NOT_SUPPORTED ); + TEST_EQUAL( key_id, 0 ); + +exit: + psa_destroy_key( key_id ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void generate_not_supported( int key_type, int bits ) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = INVALID_KEY_ID; + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, bits ); + TEST_EQUAL( psa_generate_key( &attributes, &key_id ), + PSA_ERROR_NOT_SUPPORTED ); + TEST_EQUAL( key_id, 0 ); + +exit: + psa_destroy_key( key_id ); + PSA_DONE( ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_not_supported.misc.data b/tests/suites/test_suite_psa_crypto_not_supported.misc.data new file mode 100644 index 0000000000..2c3673e7cc --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_not_supported.misc.data @@ -0,0 +1,11 @@ +PSA import PSA_KEY_TYPE_NONE never supported +import_not_supported:PSA_KEY_TYPE_NONE:"1234" + +PSA generate PSA_KEY_TYPE_NONE never supported +generate_not_supported:PSA_KEY_TYPE_NONE:16 + +PSA import PSA_KEY_TYPE_CATEGORY_SYMMETRIC never supported +import_not_supported:PSA_KEY_TYPE_CATEGORY_SYMMETRIC:"1234" + +PSA generate PSA_KEY_TYPE_CATEGORY_SYMMETRIC never supported +generate_not_supported:PSA_KEY_TYPE_CATEGORY_SYMMETRIC:16