mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 12:32:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add key_destroyable parameter to key derivation smoke tests

Browse Source 
All current usages have this parameter set to 0 (in this case the behaviour of
the test is unchanged)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This commit is contained in:
Ryan Everett 2024-03-12 16:17:43 +00:00
parent d48fc102d3
commit c1cc6686f0
3 changed files with 67 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tests/include/test/psa_exercise_key.h
View File

@ -123,6 +123,9 @@
* \param input2 The first input to pass.
* \param input2_length The length of \p input2 in bytes.
* \param capacity The capacity to set.
* \param key_destroyable If set to 1, a failure due to the key not existing
* or the key being destroyed mid-operation will only
* be reported if the error code is unexpected.
*
* \return \c 1 on success, \c 0 on failure.
*/
@ -132,7 +135,7 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
psa_algorithm_t alg,
const unsigned char *input1, size_t input1_length,
const unsigned char *input2, size_t input2_length,
size_t capacity);
size_t capacity, int key_destroyable);
/** Perform a key agreement using the given key pair against its public key
* using psa_raw_key_agreement().

77
tests/src/psa_exercise_key.c
View File

@ -489,16 +489,22 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
psa_algorithm_t alg,
const unsigned char *input1, size_t input1_length,
const unsigned char *input2, size_t input2_length,
size_t capacity)
size_t capacity, int key_destroyable)
{
PSA_ASSERT(psa_key_derivation_setup(operation, alg));
psa_status_t status = PSA_SUCCESS;
if (PSA_ALG_IS_HKDF(alg)) {
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_SALT,
input1, input1_length));
PSA_ASSERT(psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key));
status = psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
return 1;
}
PSA_ASSERT(status);
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_INFO,
input2,
@ -507,13 +513,23 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_SALT,
input1, input1_length));
PSA_ASSERT(psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key));
status = psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
return 1;
}
PSA_ASSERT(status);
} else if (PSA_ALG_IS_HKDF_EXPAND(alg)) {
PSA_ASSERT(psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key));
status = psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
return 1;
}
PSA_ASSERT(status);
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_INFO,
input2,
@ -523,9 +539,14 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_SEED,
input1, input1_length));
PSA_ASSERT(psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key));
status = psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
return 1;
}
PSA_ASSERT(status);
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length));
@ -537,9 +558,14 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
PSA_KEY_DERIVATION_INPUT_SALT,
input2,
input2_length));
PSA_ASSERT(psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_PASSWORD,
key));
status = psa_key_derivation_input_key(operation,
PSA_KEY_DERIVATION_INPUT_PASSWORD,
key);
if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
/* The key has been destroyed. */
return 1;
}
PSA_ASSERT(status);
} else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
PSA_ASSERT(psa_key_derivation_input_bytes(operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
@ -561,7 +587,8 @@ exit:
static int exercise_key_derivation_key(mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg)
psa_algorithm_t alg,
int key_destroyable)
{
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input1[] = "Input 1";
@ -575,14 +602,20 @@ static int exercise_key_derivation_key(mbedtls_svc_key_id_t key,
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
input1, input1_length,
input2, input2_length,
capacity)) {
capacity, key_destroyable)) {
goto exit;
}
PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
output,
capacity));
PSA_ASSERT(psa_key_derivation_abort(&operation));
psa_status_t status = psa_key_derivation_output_bytes(&operation,
output,
capacity);
if (key_destroyable && status == PSA_ERROR_BAD_STATE) {
/* The key has been destroyed. */
PSA_ASSERT(psa_key_derivation_abort(&operation));
} else {
PSA_ASSERT(status);
PSA_ASSERT(psa_key_derivation_abort(&operation));
}
}
return 1;

16
tests/suites/test_suite_psa_crypto.function
View File

@ -8780,7 +8780,7 @@ void derive_over_capacity(int alg_arg)
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
input1, input1_length,
input2, input2_length,
capacity)) {
capacity, 0)) {
goto exit;
}
@ -9099,7 +9099,7 @@ void derive_full(int alg_arg,
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
input1->x, input1->len,
input2->x, input2->len,
requested_capacity)) {
requested_capacity, 0)) {
goto exit;
}
@ -9216,7 +9216,7 @@ void derive_key_exercise(int alg_arg,
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len,
capacity)) {
capacity, 0)) {
goto exit;
}
@ -9286,7 +9286,7 @@ void derive_key_export(int alg_arg,
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len,
capacity)) {
capacity, 0)) {
goto exit;
}
@ -9299,7 +9299,7 @@ void derive_key_export(int alg_arg,
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len,
capacity)) {
capacity, 0)) {
goto exit;
}
@ -9370,7 +9370,7 @@ void derive_key_type(int alg_arg,
&operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len,
PSA_KEY_DERIVATION_UNLIMITED_CAPACITY) == 0) {
PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) {
goto exit;
}
@ -9435,7 +9435,7 @@ void derive_key_ext(int alg_arg,
&operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len,
PSA_KEY_DERIVATION_UNLIMITED_CAPACITY) == 0) {
PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) {
goto exit;
}
@ -9499,7 +9499,7 @@ void derive_key(int alg_arg,
if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len,
SIZE_MAX)) {
SIZE_MAX, 0)) {
goto exit;
}