From c4344042f4bf50518e626e6231c177de926ff7c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Apr 2019 21:52:37 +0200 Subject: [PATCH] Remove tests for empty slots With the attribute-based key creation API, it is no longer possible to have a handle to a slot that does not hold key material. Remove all corresponding tests. --- tests/suites/test_suite_psa_crypto.data | 42 ---- tests/suites/test_suite_psa_crypto.function | 218 -------------------- 2 files changed, 260 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 58e23e202..b70654670 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -28,10 +28,6 @@ PSA import/export AES-256 depends_on:MBEDTLS_AES_C import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1 -PSA import to non empty key slot -depends_on:MBEDTLS_AES_C -import_key_nonempty_slot - PSA export invalid handle (0) export_invalid_handle:0:PSA_ERROR_INVALID_HANDLE @@ -41,40 +37,6 @@ export_invalid_handle:1:PSA_ERROR_INVALID_HANDLE PSA export invalid handle (largest plausible handle) export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE -PSA export a slot where there was some activity but no key material creation -export_with_no_key_activity - -PSA setup cipher where there was some activity on key but no key material creation -cipher_with_no_key_activity - -PSA export a slot after a failed import of a AES key -depends_on:MBEDTLS_AES_C -export_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT - -PSA export a slot after a failed import of a RSA key -depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_PARSE_C -export_after_import_failure:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ERROR_INVALID_ARGUMENT - -PSA export a slot after a failed import of an EC keypair -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -export_after_import_failure:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):PSA_ERROR_INVALID_ARGUMENT - -PSA setup cipher after a failed import of a AES key -depends_on:MBEDTLS_AES_C -cipher_after_import_failure:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT - -PSA export RSA public key from a slot where there was an import followed by destroy. -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -export_after_destroy_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY - -PSA export AES key from a slot where there was an import followed by destroy. -depends_on:MBEDTLS_AES_C -export_after_destroy_key:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES - -PSA export EC key from a slot where there was an import followed by destroy. -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -export_after_destroy_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1) - PSA import AES: bad key size depends_on:MBEDTLS_AES_C import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT @@ -313,10 +275,6 @@ PSA import EC keypair: valid key but RSA depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT -PSA import failure preserves policy -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -import_twice:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_SUCCESS - PSA import RSA key pair: maximum size exceeded depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ddcbd8a35..e856e6e8b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1185,46 +1185,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void import_twice( int alg_arg, int usage_arg, - int type1_arg, data_t *data1, - int expected_import1_status_arg, - int type2_arg, data_t *data2, - int expected_import2_status_arg ) -{ - psa_key_handle_t handle = 0; - psa_algorithm_t alg = alg_arg; - psa_key_usage_t usage = usage_arg; - psa_key_type_t type1 = type1_arg; - psa_status_t expected_import1_status = expected_import1_status_arg; - psa_key_type_t type2 = type2_arg; - psa_status_t expected_import2_status = expected_import2_status_arg; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - psa_status_t status; - - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - psa_key_policy_set_usage( &policy, usage, alg ); - PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); - - status = psa_import_key_to_handle( handle, type1, data1->x, data1->len ); - TEST_EQUAL( status, expected_import1_status ); - status = psa_import_key_to_handle( handle, type2, data2->x, data2->len ); - TEST_EQUAL( status, expected_import2_status ); - - if( expected_import1_status == PSA_SUCCESS || - expected_import2_status == PSA_SUCCESS ) - { - if( ! exercise_key( handle, usage, alg ) ) - goto exit; - } - -exit: - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - /* BEGIN_CASE */ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) { @@ -1355,30 +1315,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void import_key_nonempty_slot( ) -{ - psa_key_handle_t handle = 0; - psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA; - psa_status_t status; - const uint8_t data[] = { 0x1, 0x2, 0x3, 0x4, 0x5 }; - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - - /* Import the key */ - PSA_ASSERT( psa_import_key_to_handle( handle, type, - data, sizeof( data ) ) ); - - /* Import the key again */ - status = psa_import_key_to_handle( handle, type, data, sizeof( data ) ); - TEST_EQUAL( status, PSA_ERROR_ALREADY_EXISTS ); - -exit: - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - /* BEGIN_CASE */ void export_invalid_handle( int handle, int expected_export_status_arg ) { @@ -1401,160 +1337,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void export_with_no_key_activity( ) -{ - psa_key_handle_t handle = 0; - psa_algorithm_t alg = PSA_ALG_CTR; - psa_status_t status; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - unsigned char *exported = NULL; - size_t export_size = 0; - size_t exported_length = INVALID_EXPORT_LENGTH; - - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg ); - PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); - - /* Export the key */ - status = psa_export_key( handle, - exported, export_size, - &exported_length ); - TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); - -exit: - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void cipher_with_no_key_activity( ) -{ - psa_key_handle_t handle = 0; - psa_status_t status; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - int exercise_alg = PSA_ALG_CTR; - - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg ); - PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); - - status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); - TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); - -exit: - psa_cipher_abort( &operation ); - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void export_after_import_failure( data_t *data, int type_arg, - int expected_import_status_arg ) -{ - psa_key_handle_t handle = 0; - psa_key_type_t type = type_arg; - psa_status_t status; - unsigned char *exported = NULL; - size_t export_size = 0; - psa_status_t expected_import_status = expected_import_status_arg; - size_t exported_length = INVALID_EXPORT_LENGTH; - - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - - /* Import the key - expect failure */ - status = psa_import_key_to_handle( handle, type, - data->x, data->len ); - TEST_EQUAL( status, expected_import_status ); - - /* Export the key */ - status = psa_export_key( handle, - exported, export_size, - &exported_length ); - TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); - -exit: - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void cipher_after_import_failure( data_t *data, int type_arg, - int expected_import_status_arg ) -{ - psa_key_handle_t handle = 0; - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - psa_key_type_t type = type_arg; - psa_status_t status; - psa_status_t expected_import_status = expected_import_status_arg; - int exercise_alg = PSA_ALG_CTR; - - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - - /* Import the key - expect failure */ - status = psa_import_key_to_handle( handle, type, - data->x, data->len ); - TEST_EQUAL( status, expected_import_status ); - - status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); - TEST_EQUAL( status, PSA_ERROR_DOES_NOT_EXIST ); - -exit: - psa_cipher_abort( &operation ); - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void export_after_destroy_key( data_t *data, int type_arg ) -{ - psa_key_handle_t handle = 0; - psa_key_type_t type = type_arg; - psa_status_t status; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - psa_algorithm_t alg = PSA_ALG_CTR; - unsigned char *exported = NULL; - size_t export_size = 0; - size_t exported_length = INVALID_EXPORT_LENGTH; - - PSA_ASSERT( psa_crypto_init( ) ); - - PSA_ASSERT( psa_allocate_key( &handle ) ); - psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg ); - PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); - export_size = (ptrdiff_t) data->len; - ASSERT_ALLOC( exported, export_size ); - - /* Import the key */ - PSA_ASSERT( psa_import_key_to_handle( handle, type, - data->x, data->len ) ); - - PSA_ASSERT( psa_export_key( handle, exported, export_size, - &exported_length ) ); - - /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); - - /* Export the key */ - status = psa_export_key( handle, exported, export_size, - &exported_length ); - TEST_EQUAL( status, PSA_ERROR_INVALID_HANDLE ); - -exit: - mbedtls_free( exported ); - mbedtls_psa_crypto_free( ); -} -/* END_CASE */ - /* BEGIN_CASE */ void import_export_public_key( data_t *data, int type_arg,