From 49cd3299089843bb16485e938a928393c6c3dfba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Aug 2018 18:43:09 +0200 Subject: [PATCH] Key type validation tests For all key types, validate feature test macros (PSA_KEY_TYPE_IS_xxx). For asymmetric keys (public key or key pair), validate the corresponding public/pair type. For ECC keys, validate GET_CURVE. --- .../test_suite_psa_crypto_metadata.data | 122 ++++++++++++++++++ .../test_suite_psa_crypto_metadata.function | 81 ++++++++++++ 2 files changed, 203 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index d1a5986d8..714d094f2 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -181,3 +181,125 @@ asymmetric_encryption_algorithm:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):ALG_IS_RSA_O Key derivation: HKDF using SHA-256 key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF +Key type: raw data +key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED + +Key type: HMAC +key_type:PSA_KEY_TYPE_HMAC:KEY_TYPE_IS_UNSTRUCTURED + +Key type: secret for key derivation +key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED + +Key type: AES +key_type:PSA_KEY_TYPE_AES:KEY_TYPE_IS_UNSTRUCTURED + +Key type: DES +key_type:PSA_KEY_TYPE_DES:KEY_TYPE_IS_UNSTRUCTURED + +Key type: Camellia +key_type:PSA_KEY_TYPE_CAMELLIA:KEY_TYPE_IS_UNSTRUCTURED + +Key type: ARC4 +key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED + +Key type: RSA public key +key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA + +Key type: RSA key pair +key_type:PSA_KEY_TYPE_RSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_RSA + +Key type: DSA public key +key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA + +Key type: DSA key pair +key_type:PSA_KEY_TYPE_DSA_KEYPAIR:KEY_TYPE_IS_KEYPAIR | KEY_TYPE_IS_DSA + +ECC key types: sect163k1 +ecc_key_types:PSA_ECC_CURVE_SECT163K1 + +ECC key types: sect163r1 +ecc_key_types:PSA_ECC_CURVE_SECT163R1 + +ECC key types: sect163r2 +ecc_key_types:PSA_ECC_CURVE_SECT163R2 + +ECC key types: sect193r1 +ecc_key_types:PSA_ECC_CURVE_SECT193R1 + +ECC key types: sect193r2 +ecc_key_types:PSA_ECC_CURVE_SECT193R2 + +ECC key types: sect233k1 +ecc_key_types:PSA_ECC_CURVE_SECT233K1 + +ECC key types: sect233r1 +ecc_key_types:PSA_ECC_CURVE_SECT233R1 + +ECC key types: sect239k1 +ecc_key_types:PSA_ECC_CURVE_SECT239K1 + +ECC key types: sect283k1 +ecc_key_types:PSA_ECC_CURVE_SECT283K1 + +ECC key types: sect283r1 +ecc_key_types:PSA_ECC_CURVE_SECT283R1 + +ECC key types: sect409k1 +ecc_key_types:PSA_ECC_CURVE_SECT409K1 + +ECC key types: sect409r1 +ecc_key_types:PSA_ECC_CURVE_SECT409R1 + +ECC key types: sect571k1 +ecc_key_types:PSA_ECC_CURVE_SECT571K1 + +ECC key types: sect571r1 +ecc_key_types:PSA_ECC_CURVE_SECT571R1 + +ECC key types: secp160k1 +ecc_key_types:PSA_ECC_CURVE_SECP160K1 + +ECC key types: secp160r1 +ecc_key_types:PSA_ECC_CURVE_SECP160R1 + +ECC key types: secp160r2 +ecc_key_types:PSA_ECC_CURVE_SECP160R2 + +ECC key types: secp192k1 +ecc_key_types:PSA_ECC_CURVE_SECP192K1 + +ECC key types: secp192r1 +ecc_key_types:PSA_ECC_CURVE_SECP192R1 + +ECC key types: secp224k1 +ecc_key_types:PSA_ECC_CURVE_SECP224K1 + +ECC key types: secp224r1 +ecc_key_types:PSA_ECC_CURVE_SECP224R1 + +ECC key types: secp256k1 +ecc_key_types:PSA_ECC_CURVE_SECP256K1 + +ECC key types: secp256r1 +ecc_key_types:PSA_ECC_CURVE_SECP256R1 + +ECC key types: secp384r1 +ecc_key_types:PSA_ECC_CURVE_SECP384R1 + +ECC key types: secp521r1 +ecc_key_types:PSA_ECC_CURVE_SECP521R1 + +ECC key types: Brainpool P256R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P256R1 + +ECC key types: Brainpool P384R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P384R1 + +ECC key types: Brainpool P512R1 +ecc_key_types:PSA_ECC_CURVE_BRAINPOOL_P512R1 + +ECC key types: Curve25519 +ecc_key_types:PSA_ECC_CURVE_CURVE25519 + +ECC key types: Curve448 +ecc_key_types:PSA_ECC_CURVE_CURVE448 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index d25aace10..0b8fba075 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -32,6 +32,18 @@ #define ALG_IS_RSA_OAEP ( 1u << 14 ) #define ALG_IS_HKDF ( 1u << 15 ) +/* Flags for key type classification macros. There is a flag for every + * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that + * are tested as derived from other macros. The name of the flag is + * the name of the classification macro without the PSA_ prefix. */ +#define KEY_TYPE_IS_VENDOR_DEFINED ( 1u << 0 ) +#define KEY_TYPE_IS_UNSTRUCTURED ( 1u << 1 ) +#define KEY_TYPE_IS_PUBLIC_KEY ( 1u << 2 ) +#define KEY_TYPE_IS_KEYPAIR ( 1u << 3 ) +#define KEY_TYPE_IS_RSA ( 1u << 4 ) +#define KEY_TYPE_IS_DSA ( 1u << 5 ) +#define KEY_TYPE_IS_ECC ( 1u << 6 ) + #define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \ TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) ) @@ -58,6 +70,30 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags ) exit: ; } +void key_type_classification( psa_key_type_t type, unsigned flags ) +{ + /* Macros tested based on the test case parameter */ + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_VENDOR_DEFINED, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_UNSTRUCTURED, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_PUBLIC_KEY, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_KEYPAIR, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_RSA, type, flags ); + TEST_CLASSIFICATION_MACRO( KEY_TYPE_IS_ECC, type, flags ); + + /* Macros with derived semantics */ + TEST_ASSERT( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) == + ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) || + PSA_KEY_TYPE_IS_KEYPAIR( type ) ) ); + TEST_ASSERT( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) == + ( PSA_KEY_TYPE_IS_ECC( type ) && + PSA_KEY_TYPE_IS_KEYPAIR( type ) ) ); + TEST_ASSERT( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) == + ( PSA_KEY_TYPE_IS_ECC( type ) && + PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) ); + +exit: ; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -248,3 +284,48 @@ void key_derivation_algorithm( int alg_arg, int classification_flags ) } /* END_CASE */ +/* BEGIN_CASE */ +void key_type( int type_arg, int classification_flags ) +{ + psa_key_type_t type = type_arg; + + key_type_classification( type, classification_flags ); + + /* For asymmetric types, check the corresponding pair/public type */ + if( classification_flags & KEY_TYPE_IS_PUBLIC_KEY ) + { + psa_key_type_t pair_type = PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ); + TEST_ASSERT( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( pair_type ) == type ); + key_type_classification( pair_type, + ( classification_flags + & ~KEY_TYPE_IS_PUBLIC_KEY ) + | KEY_TYPE_IS_KEYPAIR ); + TEST_ASSERT( PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ) == type ); + } + if( classification_flags & KEY_TYPE_IS_KEYPAIR ) + { + psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type ); + TEST_ASSERT( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( public_type ) == type ); + key_type_classification( public_type, + ( classification_flags + & ~KEY_TYPE_IS_KEYPAIR ) + | KEY_TYPE_IS_PUBLIC_KEY ); + TEST_ASSERT( PSA_KEY_TYPE_KEYPAIR_OF_PUBLIC_KEY( type ) == type ); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecc_key_types( int curve_arg ) +{ + psa_ecc_curve_t curve = curve_arg; + psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); + psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEYPAIR( curve ); + + test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); + test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEYPAIR ); + + TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( public_type ) == curve ); + TEST_ASSERT( PSA_KEY_TYPE_GET_CURVE( pair_type ) == curve ); +} +/* END_CASE */