From 3455009116d0fa9f0169fcad55523f54f5015b61 Mon Sep 17 00:00:00 2001
From: Moran Peker <moran.peker@arm.com>
Date: Wed, 7 Nov 2018 16:19:34 +0200
Subject: [PATCH] Add tests that check export failures after illegal behavior

- export a key after import key failure.
- export a key after the key was destroyed.
- export a key after set key policy but no key material
creation.
---
 tests/suites/test_suite_psa_crypto.data     | 27 ++++++
 tests/suites/test_suite_psa_crypto.function | 99 +++++++++++++++++++++
 2 files changed, 126 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 64cc16c1e..ae21e677e 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -44,6 +44,33 @@ export_invalid_slot:0:PSA_ERROR_INVALID_ARGUMENT
 PSA export out of range key slot - upper bound
 export_invalid_slot:(psa_key_slot_t)(-1):PSA_ERROR_INVALID_ARGUMENT
 
+PSA export a slot where there was some activity but no key material creation
+export_with_no_key_activity
+
+PSA export a slot after a failed import of a AES key
+depends_on:MBEDTLS_AES_C
+export_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
+
+PSA export a slot after a failed import of a RSA key
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_PARSE_C
+export_after_import_failure:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT
+
+PSA export a slot after a failed import of an EC keypair: public key
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+export_after_import_failure:"3059301306072a8648ce3d020106082a8648ce3d03010703420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):PSA_ERROR_INVALID_ARGUMENT
+
+PSA export RSA public key from a slot where there was an import followed by destroy.
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
+export_after_destroy_key:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY
+
+PSA export AES key from a slot where there was an import followed by destroy.
+depends_on:MBEDTLS_AES_C
+export_after_destroy_key:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES
+
+PSA export EC key from a slot where there was an import followed by destroy.
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+export_after_destroy_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1)
+
 PSA import AES: bad key size
 depends_on:MBEDTLS_AES_C
 import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 001869e3e..6e992939b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1047,6 +1047,105 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void export_with_no_key_activity( )
+{
+    int slot = 1;
+    psa_algorithm_t alg = PSA_ALG_CTR;
+    psa_status_t status;
+    psa_key_policy_t policy;
+    unsigned char *exported = NULL;
+    size_t export_size = 0;
+    size_t exported_length = INVALID_EXPORT_LENGTH;
+
+    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
+    psa_key_policy_init( &policy );
+    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
+    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
+    /* Export the key */
+    status = psa_export_key( slot,
+                             exported, export_size,
+                             &exported_length );
+    TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
+
+exit:
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void export_after_import_failure( data_t *data, int type_arg,
+                                  int expected_import_status_arg )
+{
+    int slot = 1;
+    psa_key_type_t type = type_arg;
+    psa_status_t status;
+    unsigned char *exported = NULL;
+    size_t export_size = 0;
+    psa_status_t expected_import_status = expected_import_status_arg;
+    size_t exported_length = INVALID_EXPORT_LENGTH;
+
+    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
+    /* Import the key - expect failure */
+    status = psa_import_key( slot, type,
+                                 data->x, data->len );
+    TEST_ASSERT( status == expected_import_status );
+
+    /* Export the key */
+    status = psa_export_key( slot,
+                             exported, export_size,
+                             &exported_length );
+    TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
+
+exit:
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void export_after_destroy_key( data_t *data, int type_arg )
+{
+    int slot = 1;
+    psa_key_type_t type = type_arg;
+    psa_status_t status;
+    psa_key_policy_t policy;
+    psa_algorithm_t alg = PSA_ALG_CTR;
+    unsigned char *exported = NULL;
+    size_t export_size = 0;
+    size_t exported_length = INVALID_EXPORT_LENGTH;
+
+    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
+    psa_key_policy_init( &policy );
+    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
+    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+    export_size = (ptrdiff_t) data->len;
+    ASSERT_ALLOC( exported, export_size );
+
+    /* Import the key */
+    TEST_ASSERT( psa_import_key( slot, type,
+                                 data->x, data->len ) == PSA_SUCCESS );
+
+    TEST_ASSERT( psa_export_key( slot, exported, export_size,
+                                 &exported_length ) == PSA_SUCCESS );
+
+    /* Destroy the key */
+    TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
+
+    /* Export the key */
+    status = psa_export_key( slot, exported, export_size,
+                             &exported_length );
+    TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
+
+exit:
+    mbedtls_free( exported );
+    mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void import_export_public_key( data_t *data,
                                int type_arg,