yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Convert the PSA crypto cryptography tests to the new handle API

Browse source 
Switch from the direct use of slot numbers to handles allocated by
psa_allocate_key.

This commit does not affect persistent key tests except for the one
test function in test_suite_psa_crypto that uses persistent keys
(persistent_key_load_key_from_storage).

The general principle for each function is:
* Change `psa_key_slot_t slot` to `psa_key_handle_t handle`.
* Call psa_allocate_key() before setting the policy of the slot,
  or before creating key material in functions that don't set a policy.
* Some PSA_ERROR_EMPTY_SLOT errors become PSA_ERROR_INVALID_HANDLE
  because there is now a distinction between not having a valid
  handle, and having a valid handle to a slot that doesn't contain key
  material.
* In tests that use symmetric keys, calculate the max_bits parameters
  of psa_allocate_key() from the key data size. In tests where the key
  may be asymmetric, call an auxiliary macro KEY_BITS_FROM_DATA which
  returns an overapproximation. There's no good way to find a good
  value for max_bits with the API, I think the API should be tweaked.
This commit is contained in:
Gilles Peskine 2018-12-03 15:36:32 +01:00
parent a8860b2990
commit bdf309ccdb
2 changed files with 511 additions and 360 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
tests/suites/test_suite_psa_crypto.data
View file

@ -29,17 +29,15 @@ PSA import to non empty key slot
depends_on:MBEDTLS_AES_C depends_on:MBEDTLS_AES_C
import_key_nonempty_slot import_key_nonempty_slot
PSA export empty key slot PSA export invalid handle (0)
export_invalid_slot:1:PSA_ERROR_EMPTY_SLOT export_invalid_handle:0:PSA_ERROR_INVALID_ARGUMENT
PSA export out of range key slot - lower bound PSA export invalid handle (smallest plausible handle)
export_invalid_slot:0:PSA_ERROR_INVALID_ARGUMENT # EMPTY_SLOT is temporary, because this valie is treated as a numbered slot, not as a handle
export_invalid_handle:1:PSA_ERROR_EMPTY_SLOT
PSA export out of range key slot - upper bound PSA export invalid handle (largest plausible handle)
# Hard-code the upper bound of slots that are directly accessible because the export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE
# API does not expose this value. This is temporary: directly-accessible
# slots are about to be removed.
export_invalid_slot:32767:PSA_ERROR_INVALID_ARGUMENT
PSA export a slot where there was some activity but no key material creation PSA export a slot where there was some activity but no key material creation
export_with_no_key_activity export_with_no_key_activity

855
tests/suites/test_suite_psa_crypto.function
View file

File diff suppressed because it is too large Load diff