mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add key_destroyable parameter to raw key agreement smoke tests

Browse Source 
All current usages have this parameter set to 0 (meaning the behaviour
of these tests hasn't changed). We also now return the actual error code, not GENERIC_ERROR

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-03-12 16:21:12 +00:00
parent c1cc6686f0
commit 8163028fbd
3 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tests/include/test/psa_exercise_key.h
View File

@ -146,12 +146,15 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
* *
* \param alg A key agreement algorithm compatible with \p key. * \param alg A key agreement algorithm compatible with \p key.
* \param key A key that allows key agreement with \p alg. * \param key A key that allows key agreement with \p alg.
* \param key_destroyable If set to 1, a failure due to the key not existing
* or the key being destroyed mid-operation will only
* be reported if the error code is unexpected.
* *
* \return \c 1 on success, \c 0 on failure. * \return \c 1 on success, \c 0 on failure.
*/ */
psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
psa_algorithm_t alg, psa_algorithm_t alg,
mbedtls_svc_key_id_t key); mbedtls_svc_key_id_t key, int key_destroyable);
/** Perform a key agreement using the given key pair against its public key /** Perform a key agreement using the given key pair against its public key
* using psa_key_derivation_raw_key(). * using psa_key_derivation_raw_key().

38
tests/src/psa_exercise_key.c
View File

@ -668,7 +668,8 @@ exit:
* private key against its own public key. */ * private key against its own public key. */
psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
psa_algorithm_t alg, psa_algorithm_t alg,
mbedtls_svc_key_id_t key) mbedtls_svc_key_id_t key,
int key_destroyable)
{ {
psa_key_type_t private_key_type; psa_key_type_t private_key_type;
psa_key_type_t public_key_type; psa_key_type_t public_key_type;
@ -677,25 +678,38 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
size_t public_key_length; size_t public_key_length;
uint8_t output[1024]; uint8_t output[1024];
size_t output_length; size_t output_length;
/* Return GENERIC_ERROR if something other than the final call to
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
* but it's good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_get_key_attributes(key, &attributes)); psa_status_t status = psa_get_key_attributes(key, &attributes);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
psa_reset_key_attributes(&attributes);
return PSA_SUCCESS;
}
PSA_ASSERT(status);
private_key_type = psa_get_key_type(&attributes); private_key_type = psa_get_key_type(&attributes);
key_bits = psa_get_key_bits(&attributes); key_bits = psa_get_key_bits(&attributes);
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits); public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
TEST_CALLOC(public_key, public_key_length); TEST_CALLOC(public_key, public_key_length);
PSA_ASSERT(psa_export_public_key(key, status = psa_export_public_key(key,
public_key, public_key_length, public_key, public_key_length,
&public_key_length)); &public_key_length);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
status = PSA_SUCCESS;
goto exit;
}
status = psa_raw_key_agreement(alg, key, status = psa_raw_key_agreement(alg, key,
public_key, public_key_length, public_key, public_key_length,
output, sizeof(output), &output_length); output, sizeof(output), &output_length);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
status = PSA_SUCCESS;
goto exit;
}
if (status == PSA_SUCCESS) { if (status == PSA_SUCCESS) {
TEST_ASSERT(output_length <= TEST_ASSERT(output_length <=
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type,
@ -717,14 +731,16 @@ exit:
static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key, static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key,
psa_key_usage_t usage, psa_key_usage_t usage,
psa_algorithm_t alg) psa_algorithm_t alg,
int key_destroyable)
{ {
int ok = 0; int ok = 0;
if (usage & PSA_KEY_USAGE_DERIVE) { if (usage & PSA_KEY_USAGE_DERIVE) {
/* We need two keys to exercise key agreement. Exercise the /* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */ * private key against its own public key. */
PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key)); PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key,
key_destroyable));
} }
ok = 1; ok = 1;

2
tests/suites/test_suite_psa_crypto.function
View File

@ -2572,7 +2572,7 @@ void raw_agreement_key_policy(int policy_usage,
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key)); &key));
status = mbedtls_test_psa_raw_key_agreement_with_self(exercise_alg, key); status = mbedtls_test_psa_raw_key_agreement_with_self(exercise_alg, key, 0);
TEST_EQUAL(status, expected_status); TEST_EQUAL(status, expected_status);