mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-30 16:20:11 +00:00
Implement psa_generate_key_custom
Implement `psa_generate_key_custom()` and `psa_key_derivation_output_key_custom()`. These functions replace `psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`. They have the same functionality, but a slightly different interface: the `ext` functions use a structure with a flexible array member to pass variable-length data, while the `custom` functions use a separate parameter. Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0. But make them a thin wrapper around the new `custom` functions. Duplicate the test code and data. The test cases have to be duplicated anyway, and the test functions are individually more readable this way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
be6a47140b
commit
f9408282e8
@ -731,7 +731,8 @@ static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
|
||||
|
||||
static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params, size_t params_data_length,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data, size_t custom_data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
@ -740,7 +741,7 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
int is_default_production =
|
||||
psa_key_production_parameters_are_default(params, params_data_length);
|
||||
psa_key_production_parameters_are_default(custom, custom_data_length);
|
||||
if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
|
||||
{
|
||||
/* We don't support passing custom production parameters
|
||||
@ -811,7 +812,7 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
|
||||
/* Software fallback */
|
||||
status = psa_generate_key_internal(
|
||||
attributes, params, params_data_length,
|
||||
attributes, custom, custom_data, custom_data_length,
|
||||
key_buffer, key_buffer_size, key_buffer_length );
|
||||
break;
|
||||
|
||||
|
@ -6412,27 +6412,28 @@ exit:
|
||||
return status;
|
||||
}
|
||||
|
||||
static const psa_key_production_parameters_t default_production_parameters =
|
||||
static const psa_custom_key_parameters_t default_custom_production =
|
||||
PSA_KEY_PRODUCTION_PARAMETERS_INIT;
|
||||
|
||||
int psa_key_production_parameters_are_default(
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length)
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
size_t custom_data_length)
|
||||
{
|
||||
if (params->flags != 0) {
|
||||
if (custom->flags != 0) {
|
||||
return 0;
|
||||
}
|
||||
if (params_data_length != 0) {
|
||||
if (custom_data_length != 0) {
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
psa_status_t psa_key_derivation_output_key_ext(
|
||||
psa_status_t psa_key_derivation_output_key_custom(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_key_derivation_operation_t *operation,
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data,
|
||||
size_t custom_data_length,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
{
|
||||
psa_status_t status;
|
||||
@ -6447,7 +6448,8 @@ psa_status_t psa_key_derivation_output_key_ext(
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (!psa_key_production_parameters_are_default(params, params_data_length)) {
|
||||
(void) custom_data; /* We only accept 0-length data */
|
||||
if (!psa_key_production_parameters_are_default(custom, custom_data_length)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -6482,14 +6484,29 @@ psa_status_t psa_key_derivation_output_key_ext(
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_status_t psa_key_derivation_output_key_ext(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_key_derivation_operation_t *operation,
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
{
|
||||
return psa_key_derivation_output_key_custom(
|
||||
attributes, operation,
|
||||
(const psa_custom_key_parameters_t *) params,
|
||||
params->data, params_data_length,
|
||||
key);
|
||||
}
|
||||
|
||||
psa_status_t psa_key_derivation_output_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_key_derivation_operation_t *operation,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
{
|
||||
return psa_key_derivation_output_key_ext(attributes, operation,
|
||||
&default_production_parameters, 0,
|
||||
key);
|
||||
return psa_key_derivation_output_key_custom(attributes, operation,
|
||||
&default_custom_production,
|
||||
NULL, 0,
|
||||
key);
|
||||
}
|
||||
|
||||
|
||||
@ -7863,15 +7880,18 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
|
||||
|
||||
psa_status_t psa_generate_key_internal(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params, size_t params_data_length,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data,
|
||||
size_t custom_data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_type_t type = attributes->type;
|
||||
|
||||
/* Only used for RSA */
|
||||
(void) params;
|
||||
(void) params_data_length;
|
||||
(void) custom;
|
||||
(void) custom_data;
|
||||
(void) custom_data_length;
|
||||
|
||||
if (key_type_is_raw_bytes(type)) {
|
||||
status = psa_generate_random_internal(key_buffer, key_buffer_size);
|
||||
@ -7889,7 +7909,7 @@ psa_status_t psa_generate_key_internal(
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
return mbedtls_psa_rsa_generate_key(attributes,
|
||||
params, params_data_length,
|
||||
custom_data, custom_data_length,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
key_buffer_length);
|
||||
@ -7921,10 +7941,11 @@ psa_status_t psa_generate_key_internal(
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data,
|
||||
size_t custom_data_length,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
@ -7946,12 +7967,12 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (params->flags != 0) {
|
||||
if (custom->flags != 0) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
if (!psa_key_production_parameters_are_default(params, params_data_length)) {
|
||||
if (!psa_key_production_parameters_are_default(custom, custom_data_length)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -7992,7 +8013,8 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_generate_key(attributes,
|
||||
params, params_data_length,
|
||||
custom,
|
||||
custom_data, custom_data_length,
|
||||
slot->key.data, slot->key.bytes,
|
||||
&slot->key.bytes);
|
||||
if (status != PSA_SUCCESS) {
|
||||
@ -8010,12 +8032,25 @@ exit:
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
{
|
||||
return psa_generate_key_custom(
|
||||
attributes,
|
||||
(const psa_custom_key_parameters_t *) params,
|
||||
params->data, params_data_length,
|
||||
key);
|
||||
}
|
||||
|
||||
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
|
||||
mbedtls_svc_key_id_t *key)
|
||||
{
|
||||
return psa_generate_key_ext(attributes,
|
||||
&default_production_parameters, 0,
|
||||
key);
|
||||
return psa_generate_key_custom(attributes,
|
||||
&default_custom_production,
|
||||
NULL, 0,
|
||||
key);
|
||||
}
|
||||
|
||||
/****************************************************************/
|
||||
|
@ -343,17 +343,18 @@ psa_status_t psa_export_public_key_internal(
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length);
|
||||
|
||||
/** Whether a key production parameters structure is the default.
|
||||
/** Whether a key custom production parameters structure is the default.
|
||||
*
|
||||
* Calls to a key generation driver with non-default production parameters
|
||||
* Calls to a key generation driver with non-default custom production parameters
|
||||
* require a driver supporting custom production parameters.
|
||||
*
|
||||
* \param[in] params The key production parameters to check.
|
||||
* \param params_data_length Size of `params->data` in bytes.
|
||||
* \param[in] custom The key custom production parameters to check.
|
||||
* \param custom_data_length Size of the associated variable-length data
|
||||
* in bytes.
|
||||
*/
|
||||
int psa_key_production_parameters_are_default(
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length);
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
size_t custom_data_length);
|
||||
|
||||
/**
|
||||
* \brief Generate a key.
|
||||
@ -362,9 +363,10 @@ int psa_key_production_parameters_are_default(
|
||||
* entry point.
|
||||
*
|
||||
* \param[in] attributes The attributes for the key to generate.
|
||||
* \param[in] params The production parameters from
|
||||
* psa_generate_key_ext().
|
||||
* \param params_data_length The size of `params->data` in bytes.
|
||||
* \param[in] custom Custom parameters for the key generation.
|
||||
* \param[in] custom_data Variable-length data associated with \c custom.
|
||||
* \param custom_data_length
|
||||
* Length of `custom_data` in bytes.
|
||||
* \param[out] key_buffer Buffer where the key data is to be written.
|
||||
* \param[in] key_buffer_size Size of \p key_buffer in bytes.
|
||||
* \param[out] key_buffer_length On success, the number of bytes written in
|
||||
@ -379,8 +381,9 @@ int psa_key_production_parameters_are_default(
|
||||
* The size of \p key_buffer is too small.
|
||||
*/
|
||||
psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params,
|
||||
size_t params_data_length,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data,
|
||||
size_t custom_data_length,
|
||||
uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
size_t *key_buffer_length);
|
||||
|
@ -241,7 +241,7 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *e_bytes,
|
||||
|
||||
psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params, size_t params_data_length,
|
||||
const uint8_t *custom_data, size_t custom_data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
|
||||
{
|
||||
psa_status_t status;
|
||||
@ -249,8 +249,8 @@ psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int exponent = 65537;
|
||||
|
||||
if (params_data_length != 0) {
|
||||
status = psa_rsa_read_exponent(params->data, params_data_length,
|
||||
if (custom_data_length != 0) {
|
||||
status = psa_rsa_read_exponent(custom_data, custom_data_length,
|
||||
&exponent);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
|
@ -105,17 +105,11 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
||||
/**
|
||||
* \brief Generate an RSA key.
|
||||
*
|
||||
* \note The signature of the function is that of a PSA driver generate_key
|
||||
* entry point.
|
||||
*
|
||||
* \param[in] attributes The attributes for the RSA key to generate.
|
||||
* \param[in] params Production parameters for the key
|
||||
* generation. This function only uses
|
||||
* `params->data`,
|
||||
* which contains the public exponent.
|
||||
* \param[in] custom The public exponent to use.
|
||||
* This can be a null pointer if
|
||||
* \c params_data_length is 0.
|
||||
* \param params_data_length Length of `params->data` in bytes.
|
||||
* \param custom_data_length Length of \p custom_data in bytes.
|
||||
* This can be 0, in which case the
|
||||
* public exponent will be 65537.
|
||||
* \param[out] key_buffer Buffer where the key data is to be written.
|
||||
@ -132,7 +126,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
||||
*/
|
||||
psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const psa_key_production_parameters_t *params, size_t params_data_length,
|
||||
const uint8_t *custom, size_t custom_data_length,
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
|
||||
|
||||
/** Sign an already-calculated hash with an RSA private key.
|
||||
|
@ -3764,6 +3764,81 @@ psa_status_t psa_key_derivation_output_key(
|
||||
psa_key_derivation_operation_t *operation,
|
||||
mbedtls_svc_key_id_t *key);
|
||||
|
||||
/** Derive a key from an ongoing key derivation operation with custom
|
||||
* production parameters.
|
||||
*
|
||||
* See the description of psa_key_derivation_out_key() for the operation of
|
||||
* this function with the default production parameters.
|
||||
* Mbed TLS currently does not currently support any non-default production
|
||||
* parameters.
|
||||
*
|
||||
* \note This function is experimental and may change in future minor
|
||||
* versions of Mbed TLS.
|
||||
*
|
||||
* \param[in] attributes The attributes for the new key.
|
||||
* If the key type to be created is
|
||||
* #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
|
||||
* the policy must be the same as in the current
|
||||
* operation.
|
||||
* \param[in,out] operation The key derivation operation object to read from.
|
||||
* \param[in] custom Customization parameters for the key generation.
|
||||
* When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
|
||||
* with \p custom_data_length = 0,
|
||||
* this function is equivalent to
|
||||
* psa_key_derivation_output_key().
|
||||
* \param[in] custom_data Variable-length data associated with \c custom.
|
||||
* \param custom_data_length
|
||||
* Length of `custom_data` in bytes.
|
||||
* \param[out] key On success, an identifier for the newly created
|
||||
* key. For persistent keys, this is the key
|
||||
* identifier defined in \p attributes.
|
||||
* \c 0 on failure.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* If the key is persistent, the key material and the key's metadata
|
||||
* have been saved to persistent storage.
|
||||
* \retval #PSA_ERROR_ALREADY_EXISTS
|
||||
* This is an attempt to create a persistent key, and there is
|
||||
* already a persistent key with the given identifier.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_DATA
|
||||
* There was not enough data to create the desired key.
|
||||
* Note that in this case, no output is written to the output buffer.
|
||||
* The operation's capacity is set to 0, thus subsequent calls to
|
||||
* this function will not succeed, even with a smaller output buffer.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* The key type or key size is not supported, either by the
|
||||
* implementation in general or in this particular location.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The provided key attributes are not valid for the operation.
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* The #PSA_KEY_DERIVATION_INPUT_SECRET or
|
||||
* #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
|
||||
* key; or one of the inputs was a key whose policy didn't allow
|
||||
* #PSA_KEY_USAGE_DERIVE.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
|
||||
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The operation state is not valid (it must be active and completed
|
||||
* all required input steps), or the library has not been previously
|
||||
* initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_key_derivation_output_key_custom(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_key_derivation_operation_t *operation,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data,
|
||||
size_t custom_data_length,
|
||||
mbedtls_svc_key_id_t *key);
|
||||
|
||||
/** Derive a key from an ongoing key derivation operation with custom
|
||||
* production parameters.
|
||||
*
|
||||
@ -4131,6 +4206,62 @@ psa_status_t psa_generate_random(uint8_t *output,
|
||||
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
|
||||
mbedtls_svc_key_id_t *key);
|
||||
|
||||
/**
|
||||
* \brief Generate a key or key pair using custom production parameters.
|
||||
*
|
||||
* See the description of psa_generate_key() for the operation of this
|
||||
* function with the default production parameters. In addition, this function
|
||||
* supports the following production customizations, described in more detail
|
||||
* in the documentation of ::psa_custom_key_parameters_t:
|
||||
*
|
||||
* - RSA keys: generation with a custom public exponent.
|
||||
*
|
||||
* \note This function is experimental and may change in future minor
|
||||
* versions of Mbed TLS.
|
||||
*
|
||||
* \param[in] attributes The attributes for the new key.
|
||||
* \param[in] custom Customization parameters for the key generation.
|
||||
* When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
|
||||
* with \p custom_data_length = 0,
|
||||
* this function is equivalent to
|
||||
* psa_generate_key().
|
||||
* \param[in] custom_data Variable-length data associated with \c custom.
|
||||
* \param custom_data_length
|
||||
* Length of `custom_data` in bytes.
|
||||
* \param[out] key On success, an identifier for the newly created
|
||||
* key. For persistent keys, this is the key
|
||||
* identifier defined in \p attributes.
|
||||
* \c 0 on failure.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* If the key is persistent, the key material and the key's metadata
|
||||
* have been saved to persistent storage.
|
||||
* \retval #PSA_ERROR_ALREADY_EXISTS
|
||||
* This is an attempt to create a persistent key, and there is
|
||||
* already a persistent key with the given identifier.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
|
||||
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
|
||||
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes,
|
||||
const psa_custom_key_parameters_t *custom,
|
||||
const uint8_t *custom_data,
|
||||
size_t custom_data_length,
|
||||
mbedtls_svc_key_id_t *key);
|
||||
|
||||
/**
|
||||
* \brief Generate a key or key pair using custom production parameters.
|
||||
*
|
||||
|
@ -223,9 +223,28 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
|
||||
return v;
|
||||
}
|
||||
|
||||
struct psa_key_production_parameters_s {
|
||||
struct psa_custom_key_parameters_s {
|
||||
/* Future versions may add other fields in this structure. */
|
||||
uint32_t flags;
|
||||
};
|
||||
|
||||
/** The default production parameters for key generation or key derivation.
|
||||
*
|
||||
* Calling psa_generate_key_custom() or psa_key_derivation_output_key_custom()
|
||||
* with `custom=PSA_CUSTOM_KEY_PARAMETERS_INIT` and `custom_data_length=0` is
|
||||
* equivalent to calling psa_generate_key() or psa_key_derivation_output_key()
|
||||
* respectively.
|
||||
*/
|
||||
#define PSA_CUSTOM_KEY_PARAMETERS_INIT { 0 }
|
||||
|
||||
/* This is a deprecated variant of `struct psa_custom_key_parameters_s`.
|
||||
* It has exactly the same layout, plus an extra field which is a flexible
|
||||
* array members. Thus a `const struct psa_key_production_parameters_s*`
|
||||
* can be passed to any function that reads a
|
||||
* `const struct psa_custom_key_parameters_s*`.
|
||||
*/
|
||||
struct psa_key_production_parameters_s {
|
||||
uint32_t flags;
|
||||
uint8_t data[];
|
||||
};
|
||||
|
||||
|
@ -455,6 +455,30 @@ typedef uint64_t psa_key_slot_number_t;
|
||||
*/
|
||||
typedef uint16_t psa_key_derivation_step_t;
|
||||
|
||||
/** \brief Custom parameters for key generation or key derivation.
|
||||
*
|
||||
* This is a structure type with at least the following field:
|
||||
*
|
||||
* - \c flags: an unsigned integer type. 0 for the default production parameters.
|
||||
*
|
||||
* Functions that take such a structure as input also take an associated
|
||||
* input buffer \c custom_data of length \c custom_data_length.
|
||||
*
|
||||
* The interpretation of this structure and the associated \c custom_data
|
||||
* parameter depend on the type of the created key.
|
||||
*
|
||||
* - #PSA_KEY_TYPE_RSA_KEY_PAIR:
|
||||
* - \c flags: must be 0.
|
||||
* - \c custom_data: the public exponent, in little-endian order.
|
||||
* This must be an odd integer and must not be 1.
|
||||
* Implementations must support 65537, should support 3 and may
|
||||
* support other values.
|
||||
* When not using a driver, Mbed TLS supports values up to \c INT_MAX.
|
||||
* If this is empty, the default value 65537 is used.
|
||||
* - Other key types: reserved for future use. \c flags must be 0.
|
||||
*/
|
||||
typedef struct psa_custom_key_parameters_s psa_custom_key_parameters_t;
|
||||
|
||||
/** \brief Custom parameters for key generation or key derivation.
|
||||
*
|
||||
* This is a structure type with at least the following fields:
|
||||
|
@ -6935,6 +6935,18 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-256
|
||||
depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52"
|
||||
|
||||
PSA key derivation custom: default -> AES-128
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
|
||||
derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a"
|
||||
|
||||
PSA key derivation custom: flags=1 -> AES-128
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
|
||||
derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:""
|
||||
|
||||
PSA key derivation custom: data non-empty -> AES-128
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
|
||||
derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
|
||||
|
||||
PSA key derivation: default params -> AES-128
|
||||
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
|
||||
derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a"
|
||||
@ -7520,6 +7532,83 @@ PSA generate key: FFDH, 1024 bits, invalid bits
|
||||
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0
|
||||
|
||||
PSA generate key custom: RSA, flags=1
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key custom: RSA, empty e
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: RSA, e=3
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"03":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: RSA, e=3 with leading zeros
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"000003":PSA_SUCCESS
|
||||
|
||||
# TODO: currently errors with NOT_SUPPORTED because e is converted to an int
|
||||
# and the conversion errors out if there are too many digits without checking
|
||||
# for leading zeros. This is a very minor bug. Re-enable this test when this
|
||||
# bug is fixed.
|
||||
#PSA generate key custom: RSA, e=3 with many leading zeros
|
||||
#depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
#generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0000000000000000000000000000000003":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: RSA, e=513
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0201":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: RSA, e=65537
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"010001":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: RSA, e=2^31-1
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:INT_MAX>=0x7fffffff
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"7fffffff":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: RSA, e=2^31+3 (too large for built-in RSA)
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE:INT_MAX<=0x7fffffff
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"80000003":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA generate key custom: RSA, e=2^64+3 (too large for built-in RSA)
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE:INT_MAX<=0xffffffffffffffff
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"010000000000000003":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA generate key custom: RSA, e=1
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key custom: RSA, e=0
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"00":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key custom: RSA, e=2
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"02":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
# Check that with a driver, we reject a custom e as unsupported,
|
||||
# as opposed to silently using the default e.
|
||||
# When we add proper driver support, remove this test case and remove
|
||||
# the dependency on MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE from
|
||||
# the positive/invalid_argument test cases.
|
||||
PSA generate key custom: RSA, e=3 with driver and no fallback (not yet supported)
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"03":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA generate key custom: ECC, flags=0
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
|
||||
generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS
|
||||
|
||||
PSA generate key custom: ECC, flags=1
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
|
||||
generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key custom: ECC, data non-empty
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
|
||||
generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key ext: RSA, params.flags=1
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
@ -9591,6 +9591,77 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void derive_key_custom(int alg_arg,
|
||||
data_t *key_data,
|
||||
data_t *input1,
|
||||
data_t *input2,
|
||||
int key_type_arg, int bits_arg,
|
||||
int flags_arg,
|
||||
data_t *custom_data,
|
||||
psa_status_t expected_status,
|
||||
data_t *expected_export)
|
||||
{
|
||||
mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
const psa_algorithm_t alg = alg_arg;
|
||||
const psa_key_type_t key_type = key_type_arg;
|
||||
const size_t bits = bits_arg;
|
||||
psa_custom_key_parameters_t custom = PSA_CUSTOM_KEY_PARAMETERS_INIT;
|
||||
custom.flags = flags_arg;
|
||||
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||
const size_t export_buffer_size =
|
||||
PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
|
||||
uint8_t *export_buffer = NULL;
|
||||
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
size_t export_length;
|
||||
|
||||
TEST_CALLOC(export_buffer, export_buffer_size);
|
||||
PSA_ASSERT(psa_crypto_init());
|
||||
|
||||
psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE);
|
||||
psa_set_key_algorithm(&base_attributes, alg);
|
||||
psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE);
|
||||
PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len,
|
||||
&base_key));
|
||||
|
||||
if (mbedtls_test_psa_setup_key_derivation_wrap(
|
||||
&operation, base_key, alg,
|
||||
input1->x, input1->len,
|
||||
input2->x, input2->len,
|
||||
PSA_KEY_DERIVATION_UNLIMITED_CAPACITY, 0) == 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT);
|
||||
psa_set_key_algorithm(&derived_attributes, 0);
|
||||
psa_set_key_type(&derived_attributes, key_type);
|
||||
psa_set_key_bits(&derived_attributes, bits);
|
||||
|
||||
TEST_EQUAL(psa_key_derivation_output_key_custom(
|
||||
&derived_attributes, &operation,
|
||||
&custom, custom_data->x, custom_data->len,
|
||||
&derived_key),
|
||||
expected_status);
|
||||
|
||||
if (expected_status == PSA_SUCCESS) {
|
||||
PSA_ASSERT(psa_export_key(derived_key,
|
||||
export_buffer, export_buffer_size,
|
||||
&export_length));
|
||||
TEST_MEMORY_COMPARE(export_buffer, export_length,
|
||||
expected_export->x, expected_export->len);
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_free(export_buffer);
|
||||
psa_key_derivation_abort(&operation);
|
||||
psa_destroy_key(base_key);
|
||||
psa_destroy_key(derived_key);
|
||||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void derive_key_ext(int alg_arg,
|
||||
data_t *key_data,
|
||||
@ -10152,6 +10223,71 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void generate_key_custom(int type_arg,
|
||||
int bits_arg,
|
||||
int usage_arg,
|
||||
int alg_arg,
|
||||
int flags_arg,
|
||||
data_t *custom_data,
|
||||
int expected_status_arg)
|
||||
{
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_type_t type = type_arg;
|
||||
psa_key_usage_t usage = usage_arg;
|
||||
size_t bits = bits_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_custom_key_parameters_t custom = PSA_CUSTOM_KEY_PARAMETERS_INIT;
|
||||
custom.flags = flags_arg;
|
||||
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
PSA_ASSERT(psa_crypto_init());
|
||||
|
||||
psa_set_key_usage_flags(&attributes, usage);
|
||||
psa_set_key_algorithm(&attributes, alg);
|
||||
psa_set_key_type(&attributes, type);
|
||||
psa_set_key_bits(&attributes, bits);
|
||||
|
||||
/* Generate a key */
|
||||
psa_status_t status =
|
||||
psa_generate_key_custom(&attributes,
|
||||
&custom, custom_data->x, custom_data->len,
|
||||
&key);
|
||||
|
||||
TEST_EQUAL(status, expected_status);
|
||||
if (expected_status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* Test the key information */
|
||||
PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
|
||||
TEST_EQUAL(psa_get_key_type(&got_attributes), type);
|
||||
TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
TEST_ASSERT(rsa_test_e(key, bits, custom_data));
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Do something with the key according to its type and permitted usage. */
|
||||
if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit:
|
||||
/*
|
||||
* Key attributes may have been returned by psa_get_key_attributes()
|
||||
* thus reset them as required.
|
||||
*/
|
||||
psa_reset_key_attributes(&got_attributes);
|
||||
psa_destroy_key(key);
|
||||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void generate_key_ext(int type_arg,
|
||||
int bits_arg,
|
||||
|
Loading…
x
Reference in New Issue
Block a user