New test suite for not-supported cases: key creation (import, generate)

To start with, test that key creation fails as intended when the key
type is not supported. This commit only covers psa_import_key and
psa_generate_key. A follow-up will cover psa_key_derivation_output_key.

My primary intent in creating this new test suite is to automatically
generate test cases by enumerating the key types and algorithms that
the library supports. But this commit only adds a few manually written
test cases, to get the ball rolling.

Move the relevant test cases of test_suite_psa_crypto.data that only
depend on generic knowledge about the API. Keep test cases that depend
more closely on the implementation, such as tests of non-supported key
sizes, in test_suite_psa_crypto.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-01-26 21:48:19 +01:00
parent 8ffb585659
commit 069346cdab
4 changed files with 64 additions and 12 deletions

View file

@ -146,6 +146,7 @@ add_test_suite(psa_crypto_entropy)
add_test_suite(psa_crypto_hash)
add_test_suite(psa_crypto_init)
add_test_suite(psa_crypto_metadata)
add_test_suite(psa_crypto_not_supported.misc)
add_test_suite(psa_crypto_persistent_key)
add_test_suite(psa_crypto_se_driver_hal)
add_test_suite(psa_crypto_se_driver_hal_mocks)

View file

@ -25,12 +25,6 @@ import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
PSA import: bad usage flag
import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
PSA import: invalid type (0)
import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED
PSA import: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
import_with_policy:PSA_KEY_TYPE_CATEGORY_MASK:0:0:PSA_ERROR_NOT_SUPPORTED
PSA import AES: bad key size
depends_on:MBEDTLS_AES_C
import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMENT
@ -2809,12 +2803,6 @@ generate_random:MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
PSA generate random: 2*MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes
generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
PSA generate key: bad type (0)
generate_key:PSA_KEY_TYPE_NONE:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
PSA generate key: bad type (PSA_KEY_TYPE_CATEGORY_MASK)
generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
PSA generate key: bad type (RSA public key)
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0

View file

@ -0,0 +1,52 @@
/* BEGIN_HEADER */
#include "psa/crypto.h"
#include "test/psa_crypto_helpers.h"
#define INVALID_KEY_ID 0xfedcba98
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void import_not_supported( int key_type, data_t *key_material )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = INVALID_KEY_ID;
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_type( &attributes, key_type );
TEST_EQUAL( psa_import_key( &attributes,
key_material->x, key_material->len,
&key_id ),
PSA_ERROR_NOT_SUPPORTED );
TEST_EQUAL( key_id, 0 );
exit:
psa_destroy_key( key_id );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void generate_not_supported( int key_type, int bits )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = INVALID_KEY_ID;
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, bits );
TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
PSA_ERROR_NOT_SUPPORTED );
TEST_EQUAL( key_id, 0 );
exit:
psa_destroy_key( key_id );
PSA_DONE( );
}
/* END_CASE */

View file

@ -0,0 +1,11 @@
PSA import PSA_KEY_TYPE_NONE never supported
import_not_supported:PSA_KEY_TYPE_NONE:"1234"
PSA generate PSA_KEY_TYPE_NONE never supported
generate_not_supported:PSA_KEY_TYPE_NONE:16
PSA import PSA_KEY_TYPE_CATEGORY_SYMMETRIC never supported
import_not_supported:PSA_KEY_TYPE_CATEGORY_SYMMETRIC:"1234"
PSA generate PSA_KEY_TYPE_CATEGORY_SYMMETRIC never supported
generate_not_supported:PSA_KEY_TYPE_CATEGORY_SYMMETRIC:16