diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index efaaba58a3..ca70d20f67 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -1,14 +1,16 @@ /* BEGIN_HEADER */ #include +#include #include #include #include -#define TEST_FLAG_EXERCISE 0x00000001 -#define TEST_FLAG_READ_ONLY 0x00000002 +#define TEST_FLAG_EXERCISE 0x00000001 +#define TEST_FLAG_READ_ONLY 0x00000002 +#define TEST_FLAG_OVERSIZED_KEY 0x00000004 /** Write a key with the given attributes and key material to storage. * Test that it has the expected representation. @@ -158,6 +160,12 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, /* Prime the storage with a key file. */ PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0)); + if (flags & TEST_FLAG_OVERSIZED_KEY) { + TEST_EQUAL(psa_get_key_attributes(key_id, &actual_attributes), PSA_ERROR_DATA_INVALID); + ok = 1; + goto exit; + } + /* Check that the injected key exists and looks as expected. */ PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes)); TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, @@ -281,6 +289,7 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1); psa_storage_uid_t uid = 1; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *custom_key_data = NULL, *custom_storage_data = NULL; PSA_INIT(); TEST_USES_KEY_ID(key_id); @@ -293,6 +302,23 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, psa_set_key_algorithm(&attributes, alg); psa_set_key_enrollment_algorithm(&attributes, alg2); + /* Create a persistent key which is intentionally larger than the specified + * bit size. */ + if (flags & TEST_FLAG_OVERSIZED_KEY) { + TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1); + memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits) + 1); + material->len = PSA_BITS_TO_BYTES(bits) + 1; + material->x = custom_key_data; + + /* 36 bytes are the overhead of psa_persistent_key_storage_format */ + TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 1 + 36); + representation->len = PSA_BITS_TO_BYTES(bits) + 1 + 36; + representation->x = custom_storage_data; + + psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1, + &attributes, custom_storage_data); + } + /* Test that we can use a key with the given representation. This * guarantees backward compatibility with keys that were stored by * past versions of Mbed TLS. */ @@ -300,6 +326,8 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, uid, representation, flags)); exit: + mbedtls_free(custom_key_data); + mbedtls_free(custom_storage_data); psa_reset_key_attributes(&attributes); PSA_DONE(); } diff --git a/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tests/suites/test_suite_psa_crypto_storage_format.misc.data index 48e3804b42..8aabe4cb2c 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.misc.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.misc.data @@ -9,3 +9,9 @@ key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ PSA storage save: AES-GCM+CTR depends_on:PSA_WANT_KEY_TYPE_AES key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f" + +# Create a persistent key which is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +# so that when psa_get_key_attributes() tries to load it from the storage it will fail. +PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS +key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*8:PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY