Merge pull request #257 from gilles-peskine-arm/psa-remove_zero_length_keys
Forbid zero-length keys
This commit is contained in:
Gilles Peskine
GitHub
commit
a291413a1e
6 changed files with 171 additions and 53 deletions
|
|
@ -226,7 +226,14 @@ static psa_key_usage_t psa_get_key_usage_flags(
|
|||
/** Declare the permitted algorithm policy for a key.
|
||||
*
|
||||
* The permitted algorithm policy of a key encodes which algorithm or
|
||||
* algorithms are permitted to be used with this key.
|
||||
* algorithms are permitted to be used with this key. The following
|
||||
* algorithm policies are supported:
|
||||
* - 0 does not allow any cryptographic operation with the key. The key
|
||||
* may be used for non-cryptographic actions such as exporting (if
|
||||
* permitted by the usage flags).
|
||||
* - An algorithm value permits this particular algorithm.
|
||||
* - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
|
||||
* signature scheme with any hash algorithm.
|
||||
*
|
||||
* This function overwrites any algorithm policy
|
||||
* previously set in \p attributes.
|
||||
|
|
@ -266,6 +273,8 @@ static psa_algorithm_t psa_get_key_algorithm(
|
|||
*
|
||||
* \param[out] attributes The attribute structure to write to.
|
||||
* \param type The key type to write.
|
||||
* If this is 0, the key type in \p attributes
|
||||
* becomes unspecified.
|
||||
*/
|
||||
static void psa_set_key_type(psa_key_attributes_t *attributes,
|
||||
psa_key_type_t type);
|
||||
|
|
@ -281,6 +290,9 @@ static void psa_set_key_type(psa_key_attributes_t *attributes,
|
|||
*
|
||||
* \param[out] attributes The attribute structure to write to.
|
||||
* \param bits The key size in bits.
|
||||
* If this is 0, the key size in \p attributes
|
||||
* becomes unspecified. Keys of size 0 are
|
||||
* not supported.
|
||||
*/
|
||||
static void psa_set_key_bits(psa_key_attributes_t *attributes,
|
||||
size_t bits);
|
||||
|
|
@ -591,6 +603,13 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle);
|
|||
* and to the documentation of psa_export_key() for the format for
|
||||
* other key types.
|
||||
*
|
||||
* The key data determines the key size. The attributes may optionally
|
||||
* specify a key size; in this case it must match the size determined
|
||||
* from the key data. A key size of 0 in \p attributes indicates that
|
||||
* the key size is solely determined by the key data.
|
||||
*
|
||||
* Implementations must reject an attempt to import a key of size 0.
|
||||
*
|
||||
* This specification supports a single format for each key type.
|
||||
* Implementations may support other formats as long as the standard
|
||||
* format is supported. Implementations that support other formats
|
||||
|
|
@ -598,7 +617,6 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle);
|
|||
* minimize the risk that an invalid input is accidentally interpreted
|
||||
* according to a different format.
|
||||
*
|
||||
|
||||
* \param[in] attributes The attributes for the new key.
|
||||
* The key size is always determined from the
|
||||
* \p data buffer.
|
||||
|
|
@ -3102,6 +3120,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
|
|||
* - Clean up the key derivation operation object with
|
||||
* psa_key_derivation_abort().
|
||||
*
|
||||
* Implementations must reject an attempt to derive a key of size 0.
|
||||
*
|
||||
* \param[in,out] operation The key derivation operation object
|
||||
* to set up. It must
|
||||
* have been initialized but not set up yet.
|
||||
|
|
@ -3385,6 +3405,9 @@ psa_status_t psa_key_derivation_output_bytes(
|
|||
*
|
||||
* This function calculates output bytes from a key derivation algorithm
|
||||
* and uses those bytes to generate a key deterministically.
|
||||
* The key's location, usage policy, type and size are taken from
|
||||
* \p attributes.
|
||||
*
|
||||
* If you view the key derivation's output as a stream of bytes, this
|
||||
* function destructively reads as many bytes as required from the
|
||||
* stream.
|
||||
|
|
@ -3627,7 +3650,9 @@ psa_status_t psa_generate_random(uint8_t *output,
|
|||
* \brief Generate a key or key pair.
|
||||
*
|
||||
* The key is generated randomly.
|
||||
* Its location, policy, type and size are taken from \p attributes.
|
||||
* Its location, usage policy, type and size are taken from \p attributes.
|
||||
*
|
||||
* Implementations must reject an attempt to generate a key of size 0.
|
||||
*
|
||||
* The following type-specific considerations apply:
|
||||
* - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
|
||||
|
|
|
|||
|
|
@ -206,11 +206,12 @@ typedef uint32_t psa_key_usage_t;
|
|||
* values:
|
||||
*
|
||||
* - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
|
||||
* - key identifier: unspecified.
|
||||
* - type: \c 0.
|
||||
* - key size: \c 0.
|
||||
* - usage flags: \c 0.
|
||||
* - algorithm: \c 0.
|
||||
* - key identifier: 0 (which is not a valid key identifier).
|
||||
* - type: \c 0 (meaning that the type is unspecified).
|
||||
* - key size: \c 0 (meaning that the size is unspecified).
|
||||
* - usage flags: \c 0 (which allows no usage except exporting a public key).
|
||||
* - algorithm: \c 0 (which allows no cryptographic usage, but allows
|
||||
* exporting).
|
||||
*
|
||||
* A typical sequence to create a key is as follows:
|
||||
* -# Create and initialize an attribute structure.
|
||||
|
|
|
|||
|
|
@ -451,13 +451,6 @@ static psa_status_t prepare_raw_data_slot( psa_key_type_t type,
|
|||
switch( type )
|
||||
{
|
||||
case PSA_KEY_TYPE_RAW_DATA:
|
||||
if( bits == 0 )
|
||||
{
|
||||
raw->bytes = 0;
|
||||
raw->data = NULL;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
break;
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
case PSA_KEY_TYPE_HMAC:
|
||||
#endif
|
||||
|
|
@ -1281,6 +1274,12 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
|||
if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
/* Reject a zero-length output buffer now, since this can never be a
|
||||
* valid key representation. This way we know that data must be a valid
|
||||
* pointer and we can do things like memset(data, ..., data_size). */
|
||||
if( data_size == 0 )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
||||
{
|
||||
|
|
@ -1302,12 +1301,9 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
|||
{
|
||||
if( slot->data.raw.bytes > data_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
if( data_size != 0 )
|
||||
{
|
||||
memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
|
||||
memset( data + slot->data.raw.bytes, 0,
|
||||
data_size - slot->data.raw.bytes );
|
||||
}
|
||||
memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
|
||||
memset( data + slot->data.raw.bytes, 0,
|
||||
data_size - slot->data.raw.bytes );
|
||||
*data_length = slot->data.raw.bytes;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
|
@ -1366,10 +1362,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
|
|||
}
|
||||
if( ret < 0 )
|
||||
{
|
||||
/* If data_size is 0 then data may be NULL and then the
|
||||
* call to memset would have undefined behavior. */
|
||||
if( data_size != 0 )
|
||||
memset( data, 0, data_size );
|
||||
memset( data, 0, data_size );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
/* The mbedtls_pk_xxx functions write to the end of the buffer.
|
||||
|
|
@ -1676,7 +1669,7 @@ static psa_status_t psa_finish_key_creation(
|
|||
slot->attr.bits );
|
||||
uint8_t *buffer = mbedtls_calloc( 1, buffer_size );
|
||||
size_t length = 0;
|
||||
if( buffer == NULL && buffer_size != 0 )
|
||||
if( buffer == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
status = psa_internal_export_key( slot,
|
||||
buffer, buffer_size, &length,
|
||||
|
|
@ -1685,8 +1678,7 @@ static psa_status_t psa_finish_key_creation(
|
|||
status = psa_save_persistent_key( &slot->attr,
|
||||
buffer, length );
|
||||
|
||||
if( buffer_size != 0 )
|
||||
mbedtls_platform_zeroize( buffer, buffer_size );
|
||||
mbedtls_platform_zeroize( buffer, buffer_size );
|
||||
mbedtls_free( buffer );
|
||||
}
|
||||
}
|
||||
|
|
@ -1826,6 +1818,12 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
|
|||
psa_key_slot_t *slot = NULL;
|
||||
psa_se_drv_table_entry_t *driver = NULL;
|
||||
|
||||
/* Reject zero-length symmetric keys (including raw data key objects).
|
||||
* This also rejects any key which might be encoded as an empty string,
|
||||
* which is never valid. */
|
||||
if( data_length == 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
|
||||
handle, &slot, &driver );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
|
@ -1957,7 +1955,7 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
|
|||
buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->attr.type,
|
||||
psa_get_key_slot_bits( source ) );
|
||||
buffer = mbedtls_calloc( 1, buffer_size );
|
||||
if( buffer == NULL && buffer_size != 0 )
|
||||
if( buffer == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
|
@ -1966,8 +1964,7 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
|
|||
status = psa_import_key_into_slot( target, buffer, length );
|
||||
|
||||
exit:
|
||||
if( buffer_size != 0 )
|
||||
mbedtls_platform_zeroize( buffer, buffer_size );
|
||||
mbedtls_platform_zeroize( buffer, buffer_size );
|
||||
mbedtls_free( buffer );
|
||||
return( status );
|
||||
}
|
||||
|
|
@ -3194,8 +3191,8 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
|
|||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( signature_length < mbedtls_rsa_get_len( rsa ) )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
if( signature_length != mbedtls_rsa_get_len( rsa ) )
|
||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
||||
|
|
@ -3350,6 +3347,12 @@ psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
|
|||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
*signature_length = signature_size;
|
||||
/* Immediately reject a zero-length signature buffer. This guarantees
|
||||
* that signature must be a valid pointer. (On the other hand, the hash
|
||||
* buffer can in principle be empty since it doesn't actually have
|
||||
* to be a hash.) */
|
||||
if( signature_size == 0 )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
|
@ -3425,7 +3428,7 @@ exit:
|
|||
if( status == PSA_SUCCESS )
|
||||
memset( signature + *signature_length, '!',
|
||||
signature_size - *signature_length );
|
||||
else if( signature_size != 0 )
|
||||
else
|
||||
memset( signature, '!', signature_size );
|
||||
/* If signature_size is 0 then we have nothing to do. We must not call
|
||||
* memset because signature may be NULL in this case. */
|
||||
|
|
@ -4778,6 +4781,12 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
|||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
psa_se_drv_table_entry_t *driver = NULL;
|
||||
|
||||
/* Reject any attempt to create a zero-length key so that we don't
|
||||
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
|
||||
if( psa_get_key_bits( attributes ) == 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
|
||||
attributes, handle, &slot, &driver );
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
|
|
@ -5512,6 +5521,11 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
|
|||
psa_key_slot_t *slot = NULL;
|
||||
psa_se_drv_table_entry_t *driver = NULL;
|
||||
|
||||
/* Reject any attempt to create a zero-length key so that we don't
|
||||
* risk tripping up later, e.g. on a malloc(0) that returns NULL. */
|
||||
if( psa_get_key_bits( attributes ) == 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
|
||||
attributes, handle, &slot, &driver );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
|
|
|||
|
|
@ -22,9 +22,6 @@ persistence_attributes:0x1234:3:0x1235:0x1235:3
|
|||
PSA key attributes: slot number
|
||||
slot_number_attribute:
|
||||
|
||||
PSA import/export raw: 0 bytes
|
||||
import_export:"":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_SUCCESS:1
|
||||
|
||||
PSA import/export raw: 1 bytes
|
||||
import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:8:0:PSA_SUCCESS:1
|
||||
|
||||
|
|
@ -266,6 +263,18 @@ PSA import/export RSA keypair: import PEM
|
|||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C
|
||||
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:0:PSA_SUCCESS:0
|
||||
|
||||
PSA import: reject raw data key of length 0
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
import_with_data:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import: reject raw data key of length 0 and declared size 1 bit
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
import_with_data:"":PSA_KEY_TYPE_RAW_DATA:1:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import: reject raw data key of length 0 and declared size 8 bits
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import EC keypair: DER format
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
|
@ -568,8 +577,8 @@ PSA key policy algorithm2: ECDH, ECDSA
|
|||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C
|
||||
key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY
|
||||
|
||||
Copy key: raw, 0 bytes
|
||||
copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
|
||||
Copy key: raw, 1 byte
|
||||
copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
|
||||
|
||||
Copy key: AES, copy attributes
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
|
|
@ -1560,6 +1569,14 @@ PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
|
|||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
|
||||
|
||||
PSA sign: RSA PKCS#1 v1.5 SHA-256, empty output buffer
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL
|
||||
|
||||
PSA sign: deterministic ECDSA SECP256R1 SHA-256, empty output buffer
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL
|
||||
|
||||
PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC
|
||||
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
|
@ -1612,14 +1629,30 @@ PSA verify with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
|
|||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
asymmetric_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
|
||||
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash length
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: RSA PSS SHA-256, good signature, 0 bytes
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
|
||||
asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d"
|
||||
|
|
@ -1648,6 +1681,22 @@ PSA verify: ECDSA SECP256R1, wrong signature of correct size
|
|||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: ECDSA SECP256R1, wrong signature (empty)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: ECDSA SECP256R1, wrong signature (truncated)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: ECDSA SECP256R1, wrong signature (trailing junk)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: ECDSA SECP256R1, wrong signature (leading junk)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA verify: invalid algorithm for ECC key
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
|
||||
asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
|
@ -2135,6 +2184,23 @@ PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
|
|||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: invalid length (0)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: invalid length (7 bits)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: raw data, 8 bits
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: invalid length (9 bits)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
# This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes
|
||||
# and not expected to be raised any time soon) is less than the maximum
|
||||
# output from HKDF-SHA512 (255*64 = 16320 bytes).
|
||||
|
|
@ -2262,8 +2328,9 @@ generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT
|
|||
PSA generate key: bad type (RSA public key)
|
||||
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA generate key: raw data, 0 bits
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
|
||||
PSA generate key: raw data, 0 bits: invalid argument
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: raw data, 7 bits: invalid argument
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
|
@ -2271,6 +2338,9 @@ generate_key:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_AR
|
|||
PSA generate key: raw data, 8 bits
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
|
||||
|
||||
PSA generate key: raw data, 9 bits: invalid argument
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
|
||||
|
||||
|
|
@ -2328,6 +2398,11 @@ PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, 0 bits: invalid
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: RSA, 1022 bits: not supported
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED
|
||||
|
|
@ -2366,9 +2441,9 @@ generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
|
|||
PSA generate key: RSA, e=2
|
||||
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import persistent key: raw data, 0 bits
|
||||
PSA import persistent key: raw data, 8 bits
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
|
||||
persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
|
||||
|
||||
PSA import persistent key: AES, 128 bits, exportable
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
|
|
|
|||
|
|
@ -44,9 +44,6 @@ Persistent key import garbage data, should fail
|
|||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
import/export persistent raw key: 0 byte
|
||||
import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:0:0
|
||||
|
||||
import/export persistent raw key: 1 byte
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0
|
||||
|
||||
|
|
@ -73,9 +70,6 @@ PSA import/export-persistent symmetric key: 16 bytes
|
|||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0
|
||||
|
||||
import/export persistent raw key with restart: 0 byte
|
||||
import_export_persistent_key:"":PSA_KEY_TYPE_RAW_DATA:0:1:0
|
||||
|
||||
import/export persistent raw key with restart: 1 byte
|
||||
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0
|
||||
|
||||
|
|
|
|||
|
|
@ -396,6 +396,7 @@ void mock_generate( int mock_alloc_return_value,
|
|||
psa_set_key_lifetime( &attributes, lifetime );
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
psa_set_key_bits( &attributes, 8 );
|
||||
TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result );
|
||||
TEST_ASSERT( mock_allocate_data.called == 1 );
|
||||
TEST_ASSERT( mock_generate_data.called ==
|
||||
|
|
@ -482,6 +483,8 @@ void mock_sign( int mock_sign_return_value, int expected_result )
|
|||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
|
||||
const uint8_t hash[1] = {'H'};
|
||||
uint8_t signature[1] = {'S'};
|
||||
size_t signature_length;
|
||||
|
||||
mock_sign_data.return_value = mock_sign_return_value;
|
||||
|
|
@ -512,7 +515,9 @@ void mock_sign( int mock_sign_return_value, int expected_result )
|
|||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
|
||||
TEST_ASSERT( psa_asymmetric_sign( handle, algorithm, NULL, 0, NULL, 0,
|
||||
TEST_ASSERT( psa_asymmetric_sign( handle, algorithm,
|
||||
hash, sizeof( hash ),
|
||||
signature, sizeof( signature ),
|
||||
&signature_length)
|
||||
== expected_result );
|
||||
TEST_ASSERT( mock_sign_data.called == 1 );
|
||||
|
|
@ -538,6 +543,8 @@ void mock_verify( int mock_verify_return_value, int expected_result )
|
|||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
||||
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
|
||||
const uint8_t hash[1] = {'H'};
|
||||
const uint8_t signature[1] = {'S'};
|
||||
|
||||
mock_verify_data.return_value = mock_verify_return_value;
|
||||
memset( &driver, 0, sizeof( driver ) );
|
||||
|
|
@ -567,7 +574,9 @@ void mock_verify( int mock_verify_return_value, int expected_result )
|
|||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
|
||||
TEST_ASSERT( psa_asymmetric_verify( handle, algorithm, NULL, 0, NULL, 0)
|
||||
TEST_ASSERT( psa_asymmetric_verify( handle, algorithm,
|
||||
hash, sizeof( hash ),
|
||||
signature, sizeof( signature ) )
|
||||
== expected_result );
|
||||
TEST_ASSERT( mock_verify_data.called == 1 );
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue