yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage

Browse source 
Implement mbedtls_pk_get_psa_attributes
This commit is contained in:
Gilles Peskine 2024-02-06 17:28:54 +00:00 committed by GitHub
commit fb7001f15b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 1208 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doxygen/mbedtls.doxyfile
View file

@ -6,7 +6,7 @@ EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES EXTRACT_STATIC = YES
CASE_SENSE_NAMES = NO CASE_SENSE_NAMES = NO
INPUT = ../include input INPUT = ../include input ../tests/include/alt-dummy
FILE_PATTERNS = *.h FILE_PATTERNS = *.h
RECURSIVE = YES RECURSIVE = YES
EXCLUDE_SYMLINKS = YES EXCLUDE_SYMLINKS = YES

119
include/mbedtls/pk.h
View file

@ -28,7 +28,7 @@
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "psa/crypto.h" #include "psa/crypto.h"
#endif #endif
@ -253,6 +253,8 @@ typedef struct mbedtls_pk_context {
* inside the ecp_keypair structure * inside the ecp_keypair structure
* - the following fields are used for all public key operations: signature * - the following fields are used for all public key operations: signature
* verify, key pair check and key write. * verify, key pair check and key write.
* - For a key pair, priv_id contains the private key. For a public key,
* priv_id is null.
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
* ecp_keypair structure is used for storing the public key and performing * ecp_keypair structure is used for storing the public key and performing
* all the operations. * all the operations.
@ -484,6 +486,121 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
psa_key_usage_t usage); psa_key_usage_t usage);
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_C)
/**
* \brief Determine valid PSA attributes that can be used to
* import a key into PSA.
*
* The attributes determined by this function are suitable
* for calling mbedtls_pk_import_into_psa() to create
* a PSA key with the same key material.
*
* The typical flow of operations involving this function is
* ```
* psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
* int ret = mbedtls_pk_get_psa_attributes(pk, &attributes);
* if (ret != 0) ...; // error handling omitted
* // Tweak attributes if desired
* psa_key_id_t key_id = 0;
* ret = mbedtls_pk_import_into_psa(pk, &attributes, &key_id);
* if (ret != 0) ...; // error handling omitted
* ```
*
* \note This function does not support RSA-alt contexts
* (set up with mbedtls_pk_setup_rsa_alt()).
*
* \param[in] pk The PK context to use. It must have been set up.
* It can either contain a key pair or just a public key.
* \param usage A single `PSA_KEY_USAGE_xxx` flag among the following:
* - #PSA_KEY_USAGE_DECRYPT: \p pk must contain a
* key pair. The output \p attributes will contain a
* key pair type, and the usage policy will allow
* #PSA_KEY_USAGE_ENCRYPT as well as
* #PSA_KEY_USAGE_DECRYPT.
* - #PSA_KEY_USAGE_DERIVE: \p pk must contain a
* key pair. The output \p attributes will contain a
* key pair type.
* - #PSA_KEY_USAGE_ENCRYPT: The output
* \p attributes will contain a public key type.
* - #PSA_KEY_USAGE_SIGN_HASH: \p pk must contain a
* key pair. The output \p attributes will contain a
* key pair type, and the usage policy will allow
* #PSA_KEY_USAGE_VERIFY_HASH as well as
* #PSA_KEY_USAGE_SIGN_HASH.
* - #PSA_KEY_USAGE_SIGN_MESSAGE: \p pk must contain a
* key pair. The output \p attributes will contain a
* key pair type, and the usage policy will allow
* #PSA_KEY_USAGE_VERIFY_MESSAGE as well as
* #PSA_KEY_USAGE_SIGN_MESSAGE.
* - #PSA_KEY_USAGE_VERIFY_HASH: The output
* \p attributes will contain a public key type.
* - #PSA_KEY_USAGE_VERIFY_MESSAGE: The output
* \p attributes will contain a public key type.
* \param[out] attributes
* On success, valid attributes to import the key into PSA.
* - The lifetime and key identifier are unchanged. If the
* attribute structure was initialized or reset before
* calling this function, this will result in a volatile
* key. Call psa_set_key_identifier() before or after this
* function if you wish to create a persistent key. Call
* psa_set_key_lifetime() before or after this function if
* you wish to import the key in a secure element.
* - The key type and bit-size are determined by the contents
* of the PK context. If the PK context contains a key
* pair, the key type can be either a key pair type or
* the corresponding public key type, depending on
* \p usage. If the PK context contains a public key,
* the key type is a public key type.
* - The key's policy is determined by the key type and
* the \p usage parameter. The usage always allows
* \p usage, exporting and copying the key, and
* possibly other permissions as documented for the
* \p usage parameter.
* The permitted algorithm policy is determined as follows
* based on the #mbedtls_pk_type_t type of \p pk,
* the chosen \p usage and other factors:
* - #MBEDTLS_PK_RSA whose underlying
* #mbedtls_rsa_context has the padding mode
* #MBEDTLS_RSA_PKCS_V15:
* #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH)
* if \p usage is SIGN/VERIFY, and
* #PSA_ALG_RSA_PKCS1V15_CRYPT
* if \p usage is ENCRYPT/DECRYPT.
* - #MBEDTLS_PK_RSA whose underlying
* #mbedtls_rsa_context has the padding mode
* #MBEDTLS_RSA_PKCS_V21 and the digest type
* corresponding to the PSA algorithm \c hash:
* #PSA_ALG_RSA_PSS_ANY_SALT(#PSA_ALG_ANY_HASH)
* if \p usage is SIGN/VERIFY, and
* #PSA_ALG_RSA_OAEP(\c hash)
* if \p usage is ENCRYPT/DECRYPT.
* - #MBEDTLS_PK_RSA_ALT: not supported.
* - #MBEDTLS_PK_ECDSA or #MBEDTLS_PK_ECKEY
* if \p usage is SIGN/VERIFY:
* #PSA_ALG_DETERMINISTIC_ECDSA(#PSA_ALG_ANY_HASH)
* if #MBEDTLS_ECDSA_DETERMINISTIC is enabled,
* otherwise #PSA_ALG_ECDSA(#PSA_ALG_ANY_HASH).
* - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY
* if \p usage is DERIVE:
* #PSA_ALG_ECDH.
* - #MBEDTLS_PK_OPAQUE: same as the primary algorithm
* set for the underlying PSA key, except that
* sign/decrypt flags are removed if the type is
* set to a public key type.
* The underlying key must allow \p usage.
* Note that the enrollment algorithm set with
* psa_set_key_enrollment_algorithm() is not copied.
*
* \return 0 on success.
* #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain
* a key of the type identified in \p attributes.
* Another error code on other failures.
*/
int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
psa_key_usage_t usage,
psa_key_attributes_t *attributes);
#endif /* MBEDTLS_PSA_CRYPTO_C */
/** /**
* \brief Verify signature (including padding if relevant). * \brief Verify signature (including padding if relevant).
* *

205
library/pk.c
View file

@ -29,7 +29,7 @@
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#endif #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "psa_util_internal.h" #include "psa_util_internal.h"
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#endif #endif
@ -378,6 +378,209 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_RSA_C)
static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa,
int want_crypt)
{
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
if (want_crypt) {
mbedtls_md_type_t md_type = mbedtls_rsa_get_md_alg(rsa);
return PSA_ALG_RSA_OAEP(mbedtls_md_psa_alg_from_type(md_type));
} else {
return PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH);
}
} else {
if (want_crypt) {
return PSA_ALG_RSA_PKCS1V15_CRYPT;
} else {
return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
}
}
}
#endif /* MBEDTLS_RSA_C */
int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
psa_key_usage_t usage,
psa_key_attributes_t *attributes)
{
mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
psa_key_usage_t more_usage = usage;
if (usage == PSA_KEY_USAGE_SIGN_MESSAGE) {
more_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
} else if (usage == PSA_KEY_USAGE_SIGN_HASH) {
more_usage |= PSA_KEY_USAGE_VERIFY_HASH;
} else if (usage == PSA_KEY_USAGE_DECRYPT) {
more_usage |= PSA_KEY_USAGE_ENCRYPT;
}
more_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
int want_private = !(usage == PSA_KEY_USAGE_VERIFY_MESSAGE ||
usage == PSA_KEY_USAGE_VERIFY_HASH ||
usage == PSA_KEY_USAGE_ENCRYPT);
switch (pk_type) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_PK_RSA:
{
int want_crypt = 0; /* 0: sign/verify; 1: encrypt/decrypt */
switch (usage) {
case PSA_KEY_USAGE_SIGN_MESSAGE:
case PSA_KEY_USAGE_SIGN_HASH:
case PSA_KEY_USAGE_VERIFY_MESSAGE:
case PSA_KEY_USAGE_VERIFY_HASH:
/* Nothing to do. */
break;
case PSA_KEY_USAGE_DECRYPT:
case PSA_KEY_USAGE_ENCRYPT:
want_crypt = 1;
break;
default:
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
/* Detect the presence of a private key in a way that works both
* in CRT and non-CRT configurations. */
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
int has_private = (mbedtls_rsa_check_privkey(rsa) == 0);
if (want_private && !has_private) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
psa_set_key_type(attributes, (want_private ?
PSA_KEY_TYPE_RSA_KEY_PAIR :
PSA_KEY_TYPE_RSA_PUBLIC_KEY));
psa_set_key_bits(attributes, mbedtls_pk_get_bitlen(pk));
psa_set_key_algorithm(attributes,
psa_algorithm_for_rsa(rsa, want_crypt));
break;
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
{
int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH);
int derive_ok = (pk_type != MBEDTLS_PK_ECDSA);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_ecc_family_t family = pk->ec_family;
size_t bits = pk->ec_bits;
int has_private = 0;
if (pk->priv_id != MBEDTLS_SVC_KEY_ID_INIT) {
has_private = 1;
}
#else
const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
int has_private = (ec->d.n != 0);
size_t bits = 0;
psa_ecc_family_t family =
mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
#endif
psa_algorithm_t alg = 0;
switch (usage) {
case PSA_KEY_USAGE_SIGN_MESSAGE:
case PSA_KEY_USAGE_SIGN_HASH:
case PSA_KEY_USAGE_VERIFY_MESSAGE:
case PSA_KEY_USAGE_VERIFY_HASH:
if (!sign_ok) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH);
#else
alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
#endif
break;
case PSA_KEY_USAGE_DERIVE:
alg = PSA_ALG_ECDH;
if (!derive_ok) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
break;
default:
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
if (want_private && !has_private) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
psa_set_key_type(attributes, (want_private ?
PSA_KEY_TYPE_ECC_KEY_PAIR(family) :
PSA_KEY_TYPE_ECC_PUBLIC_KEY(family)));
psa_set_key_bits(attributes, bits);
psa_set_key_algorithm(attributes, alg);
break;
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
case MBEDTLS_PK_RSA_ALT:
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
case MBEDTLS_PK_OPAQUE:
{
psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
status = psa_get_key_attributes(pk->priv_id, &old_attributes);
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
psa_key_type_t old_type = psa_get_key_type(&old_attributes);
switch (usage) {
case PSA_KEY_USAGE_SIGN_MESSAGE:
case PSA_KEY_USAGE_SIGN_HASH:
case PSA_KEY_USAGE_VERIFY_MESSAGE:
case PSA_KEY_USAGE_VERIFY_HASH:
if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type) ||
old_type == PSA_KEY_TYPE_RSA_KEY_PAIR)) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
break;
case PSA_KEY_USAGE_DECRYPT:
case PSA_KEY_USAGE_ENCRYPT:
if (old_type != PSA_KEY_TYPE_RSA_KEY_PAIR) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
break;
case PSA_KEY_USAGE_DERIVE:
if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type))) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
break;
default:
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
psa_key_type_t new_type = old_type;
/* Opaque keys are always key pairs, so we don't need a check
* on the input if the required usage is private. We just need
* to adjust the type correctly if the required usage is public. */
if (!want_private) {
new_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(new_type);
}
more_usage = psa_get_key_usage_flags(&old_attributes);
if ((usage & more_usage) == 0) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
psa_set_key_type(attributes, new_type);
psa_set_key_bits(attributes, psa_get_key_bits(&old_attributes));
psa_set_key_algorithm(attributes, psa_get_key_algorithm(&old_attributes));
break;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
default:
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
psa_set_key_usage_flags(attributes, more_usage);
psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE);
return 0;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
/* /*
* Helper for mbedtls_pk_sign and mbedtls_pk_verify * Helper for mbedtls_pk_sign and mbedtls_pk_verify
*/ */

4
library/ssl_tls12_client.c
View file

@ -2005,9 +2005,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
} }
#if defined(MBEDTLS_ECP_C) #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk);
#endif /* MBEDTLS_ECP_C */ #endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
uint16_t tls_id = 0; uint16_t tls_id = 0;

18
tests/scripts/all.sh
View file

@ -1560,6 +1560,7 @@ component_test_full_no_cipher_no_psa_crypto () {
scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_CMAC_C
scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_TICKET_C scripts/config.py unset MBEDTLS_SSL_TICKET_C
# Disable features that depend on PSA_CRYPTO_C # Disable features that depend on PSA_CRYPTO_C
@ -2438,11 +2439,12 @@ component_build_dhm_alt () {
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
} }
component_test_no_use_psa_crypto_full_cmake_asan() { component_test_no_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" msg "build: cmake, full config minus PSA crypto, ASan"
scripts/config.py full scripts/config.py full
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
@ -2453,22 +2455,22 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make make
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: main suites (full minus PSA crypto)"
make test make test
# Note: ssl-opt.sh has some test cases that depend on # Note: ssl-opt.sh has some test cases that depend on
# MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO
# This is the only component where those tests are not skipped. # This is the only component where those tests are not skipped.
msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: ssl-opt.sh (full minus PSA crypto)"
tests/ssl-opt.sh tests/ssl-opt.sh
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: compat.sh default (full minus PSA crypto)"
tests/compat.sh tests/compat.sh
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: compat.sh NULL (full minus PSA crypto)"
tests/compat.sh -f 'NULL' tests/compat.sh -f 'NULL'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
} }

429
tests/suites/test_suite_pk.data
View file

@ -680,3 +680,432 @@ pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512 PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
PSA attributes for pk: NONE (bad)
pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA
# There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt().
# Bad usage due to not specifying sign/crypt/derive.
PSA attributes for pk: RSA usage=0 (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
# Bad usage due to not specifying sign/crypt/derive.
PSA attributes for pk: RSA usage=EXPORT (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH
# This usage could make sense, but is not currently supported.
PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH
# Bad usage due to specifying more than one of sign/crypt/derive.
PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
# This usage could make sense, but is not currently supported.
PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
# This usage could make sense, but is not currently supported.
PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 pair DECRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT
PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
PSA attributes for pk: RSA v15 pair->public ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT
PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
PSA attributes for pk: RSA v15 public ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT
PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
PSA attributes for pk: RSA v15 public DECRYPT (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 pair SIGN_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 pair SIGN_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 pair->public VERIFY_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 public VERIFY_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 public VERIFY_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 public SIGN_HASH (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 pair DERIVE (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 public DERIVE (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair DECRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair DECRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA pair DECRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public DECRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public DECRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA public DECRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair ENCRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA pair ENCRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public ENCRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public ENCRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA public ENCRYPT (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair DERIVE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
PSA attributes for pk: ECKEY_DH pair DERIVE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
PSA attributes for pk: ECDSA pair DERIVE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public DERIVE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public DERIVE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA public DERIVE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair SIGN_MESSAGE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair SIGN_MESSAGE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY pair SIGN_HASH
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair SIGN_HASH
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY pair->public VERIFY_HASH
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA pair->public VERIFY_HASH
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY public VERIFY_MESSAGE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA public VERIFY_MESSAGE
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY public VERIFY_HASH
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECDSA public VERIFY_HASH
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY public SIGN_HASH (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECDSA public SIGN_HASH (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
# For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input
# key's algorithm policy. Just this time, test with a few different algorithms.
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0]
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw]
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15]
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS]
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT
PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad)
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque ECC pair, ... & DERIVE
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE
PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0

375
tests/suites/test_suite_pk.function
View file

@ -6,6 +6,7 @@
#include "mbedtls/asn1.h" #include "mbedtls/asn1.h"
#include "mbedtls/base64.h" #include "mbedtls/base64.h"
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "mbedtls/error.h"
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "pk_internal.h" #include "pk_internal.h"
@ -35,6 +36,30 @@
#define MBEDTLS_TEST_PK_PSA_SIGN #define MBEDTLS_TEST_PK_PSA_SIGN
#endif #endif
/* MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE is enabled when PSA supports
* at least one elliptic curve. This is distinct from
* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY because that symbol can be enabled even
* when there are no curves. This happens in particular in a configuration
* with MBEDTLS_PSA_CRYPTO_CONFIG disabled and where the only legacy curve
* is secp224k1, which is not supported in PSA. */
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) || \
defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) || \
defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) || \
defined(PSA_WANT_ECC_MONTGOMERY_255) || \
defined(PSA_WANT_ECC_MONTGOMERY_448) || \
defined(PSA_WANT_ECC_SECP_K1_192) || \
defined(PSA_WANT_ECC_SECP_K1_224) || \
defined(PSA_WANT_ECC_SECP_K1_256) || \
defined(PSA_WANT_ECC_SECP_R1_192) || \
defined(PSA_WANT_ECC_SECP_R1_224) || \
defined(PSA_WANT_ECC_SECP_R1_256) || \
defined(PSA_WANT_ECC_SECP_R1_384) || \
defined(PSA_WANT_ECC_SECP_R1_521)
#define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
#endif
#endif
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
{ {
@ -111,7 +136,14 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
int ret; int ret;
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
ret = pk_genkey_ec(pk, curve_or_keybits);
if (ret != 0) {
return ret;
}
return 0;
#else
ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
@ -120,15 +152,6 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
&mbedtls_pk_ec_rw(*pk)->d, &mbedtls_pk_ec_rw(*pk)->d,
&mbedtls_pk_ec_rw(*pk)->Q, &mbedtls_pk_ec_rw(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL); mbedtls_test_rnd_std_rand, NULL);
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
ret = pk_genkey_ec(pk, curve_or_keybits);
if (ret != 0) {
return ret;
}
return 0;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
} }
@ -136,6 +159,32 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
return -1; return -1;
} }
#if defined(MBEDTLS_PSA_CRYPTO_C)
static psa_key_usage_t pk_get_psa_attributes_implied_usage(
psa_key_usage_t expected_usage)
{
/* Usage implied universally */
if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) {
expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
}
if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) {
expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
}
/* Usage implied by mbedtls_pk_get_psa_attributes() */
if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) {
expected_usage |= PSA_KEY_USAGE_VERIFY_HASH;
}
if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
}
if (expected_usage & PSA_KEY_USAGE_DECRYPT) {
expected_usage |= PSA_KEY_USAGE_ENCRYPT;
}
expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
return expected_usage;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
@ -162,6 +211,127 @@ size_t mbedtls_rsa_key_len_func(void *ctx)
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS)
static mbedtls_ecp_group_id ecc_pick_grp_id(void)
{
#if defined(MBEDTLS_ECP_LIGHT)
return mbedtls_ecp_grp_id_list()[0];
#elif defined(PSA_WANT_ECC_SECP_R1_192)
return MBEDTLS_ECP_DP_SECP192R1;
#elif defined(PSA_WANT_ECC_SECP_R1_224)
return MBEDTLS_ECP_DP_SECP224R1;
#elif defined(PSA_WANT_ECC_SECP_R1_256)
return MBEDTLS_ECP_DP_SECP256R1;
#elif defined(PSA_WANT_ECC_SECP_R1_384)
return MBEDTLS_ECP_DP_SECP384R1;
#elif defined(PSA_WANT_ECC_SECP_R1_521)
return MBEDTLS_ECP_DP_SECP521R1;
#elif defined(PSA_WANT_ECC_SECP_K1_192)
return MBEDTLS_ECP_DP_SECP192K1;
#elif defined(PSA_WANT_ECC_SECP_K1_224)
return MBEDTLS_ECP_DP_SECP224K1;
#elif defined(PSA_WANT_ECC_SECP_K1_256)
return MBEDTLS_ECP_DP_SECP256K1;
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
return MBEDTLS_ECP_DP_BP256R1;
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
return MBEDTLS_ECP_DP_BP384R1;
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
return MBEDTLS_ECP_DP_BP512R1;
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
return MBEDTLS_ECP_DP_CURVE25519;
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
return MBEDTLS_ECP_DP_CURVE448;
#else
return 0;
#endif
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) */
#if defined(MBEDTLS_PSA_CRYPTO_C)
static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
mbedtls_pk_context *pk, psa_key_type_t *psa_type)
{
if (pk_type == MBEDTLS_PK_NONE) {
return 0;
}
TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0);
switch (pk_type) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_PK_RSA:
{
*psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
if (want_pair) {
#if defined(MBEDTLS_GENPRIME)
TEST_EQUAL(mbedtls_rsa_gen_key(
rsa,
mbedtls_test_rnd_std_rand, NULL,
MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0);
#else
TEST_FAIL("I don't know how to create an RSA key pair in this configuration.");
#endif
} else {
unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff };
N[sizeof(N) - 1] = 0x03;
const unsigned char E[1] = { 0x03 };
TEST_EQUAL(mbedtls_rsa_import_raw(rsa,
N, sizeof(N),
NULL, 0, NULL, 0, NULL, 0,
E, sizeof(E)), 0);
TEST_EQUAL(mbedtls_rsa_complete(rsa), 0);
}
break;
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
{
mbedtls_ecp_group_id grp_id = ecc_pick_grp_id();
size_t bits;
*psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits));
TEST_EQUAL(pk_genkey(pk, grp_id), 0);
if (!want_pair) {
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type(&pub_attributes,
PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type));
psa_set_key_usage_flags(&pub_attributes,
PSA_KEY_USAGE_EXPORT |
PSA_KEY_USAGE_COPY |
PSA_KEY_USAGE_VERIFY_MESSAGE |
PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY);
PSA_ASSERT(psa_destroy_key(pk->priv_id));
pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
#else
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
mbedtls_mpi_free(&ec->d);
#endif
}
break;
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
default:
TEST_FAIL("Unknown PK type in test data");
break;
}
if (!want_pair) {
*psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type);
}
return 0;
exit:
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
/* /*
@ -1263,6 +1433,14 @@ void pk_rsa_alt()
TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
PSA_KEY_USAGE_ENCRYPT,
&attributes),
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
#endif /* MBEDTLS_PSA_CRYPTO_C */
/* Test signature */ /* Test signature */
#if SIZE_MAX > UINT_MAX #if SIZE_MAX > UINT_MAX
TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
@ -1569,3 +1747,180 @@ exit:
PSA_DONE(); PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
void pk_get_psa_attributes(int pk_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t usage = usage_arg;
PSA_INIT();
psa_key_type_t expected_psa_type = 0;
TEST_EQUAL(pk_setup_for_type(pk_type, from_pair,
&pk, &expected_psa_type), 0);
if (!to_pair) {
expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type);
}
psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity
psa_set_key_id(&attributes, key_id);
psa_set_key_lifetime(&attributes, lifetime);
psa_set_key_enrollment_algorithm(&attributes, 42);
psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage);
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/* When the resulting algorithm is ECDSA, the compile-time configuration
* can cause it to be either deterministic or randomized ECDSA.
* Rather than have two near-identical sets of test data depending on
* the configuration, always use randomized in the test data and
* tweak the expected result here. */
if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH);
}
#endif
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0);
TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime);
TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
key_id));
TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type);
TEST_EQUAL(psa_get_key_bits(&attributes),
mbedtls_pk_get_bitlen(&pk));
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
exit:
mbedtls_pk_free(&pk);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */
void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
psa_key_usage_t usage = usage_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_INIT();
psa_key_type_t expected_psa_type = 0;
TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair,
&pk, &expected_psa_type), 0);
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0);
if (!to_pair) {
expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type);
}
psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0);
TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE);
TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
MBEDTLS_SVC_KEY_ID_INIT));
TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type);
TEST_EQUAL(psa_get_key_bits(&attributes),
mbedtls_pk_get_bitlen(&pk));
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
exit:
mbedtls_pk_free(&pk);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
void pk_get_psa_attributes_fail(int pk_type, int from_pair,
int usage_arg,
int expected_ret)
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t usage = usage_arg;
PSA_INIT();
psa_key_type_t expected_psa_type;
TEST_EQUAL(pk_setup_for_type(pk_type, from_pair,
&pk, &expected_psa_type), 0);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes),
expected_ret);
exit:
mbedtls_pk_free(&pk);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg,
int from_usage_arg, int from_alg_arg,
int usage_arg,
int expected_ret,
int to_pair, int expected_usage_arg)
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t from_type = from_type_arg;
size_t bits = from_bits_arg;
psa_key_usage_t from_usage = from_usage_arg;
psa_algorithm_t alg = from_alg_arg;
psa_key_usage_t usage = usage_arg;
psa_key_usage_t expected_usage = expected_usage_arg;
PSA_INIT();
psa_set_key_type(&attributes, from_type);
psa_set_key_bits(&attributes, bits);
psa_set_key_usage_flags(&attributes, from_usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_enrollment_algorithm(&attributes, 42);
//TODO: test with persistent key
PSA_ASSERT(psa_generate_key(&attributes, &key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
psa_key_type_t expected_psa_type =
to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes),
expected_ret);
if (expected_ret == 0) {
TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE);
TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
MBEDTLS_SVC_KEY_ID_INIT));
TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type);
TEST_EQUAL(psa_get_key_bits(&attributes), bits);
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), alg);
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
}
exit:
mbedtls_pk_free(&pk);
psa_destroy_key(key_id);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
/* END_CASE */

82
tests/suites/test_suite_pkparse.function
View file

@ -41,6 +41,33 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx); rsa = mbedtls_pk_rsa(ctx);
TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_DECRYPT,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_ENCRYPT,
&attributes), 0);
#endif
} }
exit: exit:
@ -68,6 +95,21 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result)
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx); rsa = mbedtls_pk_rsa(ctx);
TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_ENCRYPT,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
#endif
} }
exit: exit:
@ -100,6 +142,17 @@ void pk_parse_public_keyfile_ec(char *key_file, int result)
eckey = mbedtls_pk_ec_ro(ctx); eckey = mbedtls_pk_ec_ro(ctx);
TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0); TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0);
#endif #endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
#endif
} }
exit: exit:
@ -124,11 +177,34 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result)
if (res == 0) { if (res == 0) {
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/* PSA keys are already checked on import so nothing to do here. */
#else
const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx);
TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0); TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0);
#else #endif
/* PSA keys are already checked on import so nothing to do here. */
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_DERIVE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
#endif #endif
} }