yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 02:55:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5697 from gilles-peskine-arm/psa-test-op-fail-2.28

Browse source 
Backport 2.28: PSA: systematically test operation failure
This commit is contained in:
Gilles Peskine 2022-04-15 10:52:50 +02:00 committed by GitHub
parent 37f6d01b94 03efa0b8d3
commit a16d8fcee9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 33841 additions and 164 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/config_psa.h
View file

@ -401,7 +401,8 @@ extern "C" {
#endif
#endif /* PSA_WANT_ALG_XTS */
#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
!defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
#endif

105
library/psa_crypto.c
View file

@ -2371,6 +2371,20 @@ static psa_status_t psa_mac_finalize_alg_and_key_validation(
return( PSA_ERROR_INVALID_ARGUMENT );
}
if( *mac_size > PSA_MAC_MAX_SIZE )
{
/* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
* that is disabled in the compile-time configuration. The result can
* therefore be larger than PSA_MAC_MAX_SIZE, which does take the
* configuration into account. In this case, force a return of
* PSA_ERROR_NOT_SUPPORTED here. Otherwise psa_mac_verify(), or
* psa_mac_compute(mac_size=PSA_MAC_MAX_SIZE), would return
* PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
* is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
* systematically generated tests. */
return( PSA_ERROR_NOT_SUPPORTED );
}
return( PSA_SUCCESS );
}
@ -4353,50 +4367,75 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
/****************************************************************/
#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
return( 1 );
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
return( 1 );
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
return( 1 );
#endif
return( 0 );
}
static psa_status_t psa_hash_try_support( psa_algorithm_t alg )
{
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
psa_status_t status = psa_hash_setup( &operation, alg );
psa_hash_abort( &operation );
return( status );
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg )
{
int is_kdf_alg_supported;
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset( &operation->ctx, 0, sizeof( operation->ctx ) );
/* Make sure that kdf_alg is a supported key derivation algorithm. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
is_kdf_alg_supported = 1;
else
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
is_kdf_alg_supported = 1;
else
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
is_kdf_alg_supported = 1;
else
#endif
is_kdf_alg_supported = 0;
if( ! is_kdf_alg_supported( kdf_alg ) )
return( PSA_ERROR_NOT_SUPPORTED );
if( is_kdf_alg_supported )
/* All currently supported key derivation algorithms are based on a
* hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
size_t hash_size = PSA_HASH_LENGTH( hash_alg );
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
/* Make sure that hash_alg is a supported hash algorithm. Otherwise
* we might fail later, which is somewhat unfriendly and potentially
* risk-prone. */
psa_status_t status = psa_hash_try_support( hash_alg );
if( status != PSA_SUCCESS )
return( status );
if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
size_t hash_size = PSA_HASH_LENGTH( hash_alg );
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
{
return( PSA_ERROR_NOT_SUPPORTED );
}
operation->capacity = 255 * hash_size;
return( PSA_SUCCESS );
return( PSA_ERROR_NOT_SUPPORTED );
}
operation->capacity = 255 * hash_size;
return( PSA_SUCCESS );
}
static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg )
{
#if defined(PSA_WANT_ALG_ECDH)
if( alg == PSA_ALG_ECDH )
return( PSA_SUCCESS );
#endif
(void) alg;
return( PSA_ERROR_NOT_SUPPORTED );
}
#endif /* AT_LEAST_ONE_BUILTIN_KDF */
@ -4415,6 +4454,10 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation
{
#if defined(AT_LEAST_ONE_BUILTIN_KDF)
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
status = psa_key_agreement_try_support( ka_alg );
if( status != PSA_SUCCESS )
return( status );
status = psa_key_derivation_setup_kdf( operation, kdf_alg );
#else
return( PSA_ERROR_NOT_SUPPORTED );

36
library/psa_crypto_cipher.c
View file

@ -47,36 +47,56 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
{
switch( alg )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER:
mode = MBEDTLS_MODE_STREAM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
case PSA_ALG_CTR:
mode = MBEDTLS_MODE_CTR;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
case PSA_ALG_CFB:
mode = MBEDTLS_MODE_CFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
case PSA_ALG_OFB:
mode = MBEDTLS_MODE_OFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
case PSA_ALG_ECB_NO_PADDING:
mode = MBEDTLS_MODE_ECB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
case PSA_ALG_CBC_NO_PADDING:
mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
case PSA_ALG_CBC_PKCS7:
mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
mode = MBEDTLS_MODE_CCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
mode = MBEDTLS_MODE_GCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
mode = MBEDTLS_MODE_CHACHAPOLY;
break;
#endif
default:
return( NULL );
}
@ -88,12 +108,17 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
switch( key_type )
{
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES)
case PSA_KEY_TYPE_AES:
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA)
case PSA_KEY_TYPE_ARIA:
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */
@ -107,15 +132,22 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
if( key_bits == 128 )
key_bits = 192;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA)
case PSA_KEY_TYPE_CAMELLIA:
cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4)
case PSA_KEY_TYPE_ARC4:
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20)
case PSA_KEY_TYPE_CHACHA20:
cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
break;
#endif
default:
return( NULL );
}
@ -239,6 +271,7 @@ psa_status_t mbedtls_psa_cipher_set_iv(
iv, iv_length ) ) );
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
/** Process input for which the algorithm is set to ECB mode.
*
* This requires manual processing, since the PSA API is defined as being
@ -342,6 +375,7 @@ static psa_status_t psa_cipher_update_ecb(
exit:
return( status );
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
psa_status_t mbedtls_psa_cipher_update(
mbedtls_psa_cipher_operation_t *operation,
@ -369,6 +403,7 @@ psa_status_t mbedtls_psa_cipher_update(
if( output_size < expected_output_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
if( operation->alg == PSA_ALG_ECB_NO_PADDING )
{
/* mbedtls_cipher_update has an API inconsistency: it will only
@ -381,6 +416,7 @@ psa_status_t mbedtls_psa_cipher_update(
output_length );
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->ctx.cipher, input,

2
library/psa_crypto_driver_wrappers.c
View file

@ -854,6 +854,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)iv;
(void)iv_length;
(void)input;
(void)input_length;
(void)output;

248
scripts/mbedtls_dev/crypto_knowledge.py
View file

@ -18,15 +18,45 @@ This module is entirely based on the PSA API.
# See the License for the specific language governing permissions and
# limitations under the License.
import enum
import re
from typing import Dict, Iterable, Optional, Pattern, Tuple
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
BLOCK_CIPHERS = frozenset(['AES', 'ARIA', 'CAMELLIA', 'DES'])
BLOCK_MAC_MODES = frozenset(['CBC_MAC', 'CMAC'])
BLOCK_CIPHER_MODES = frozenset([
'CTR', 'CFB', 'OFB', 'XTS', 'CCM_STAR_NO_TAG',
'ECB_NO_PADDING', 'CBC_NO_PADDING', 'CBC_PKCS7',
])
BLOCK_AEAD_MODES = frozenset(['CCM', 'GCM'])
class EllipticCurveCategory(enum.Enum):
"""Categorization of elliptic curve families.
The category of a curve determines what algorithms are defined over it.
"""
SHORT_WEIERSTRASS = 0
MONTGOMERY = 1
TWISTED_EDWARDS = 2
@staticmethod
def from_family(family: str) -> 'EllipticCurveCategory':
if family == 'PSA_ECC_FAMILY_MONTGOMERY':
return EllipticCurveCategory.MONTGOMERY
if family == 'PSA_ECC_FAMILY_TWISTED_EDWARDS':
return EllipticCurveCategory.TWISTED_EDWARDS
# Default to SW, which most curves belong to.
return EllipticCurveCategory.SHORT_WEIERSTRASS
class KeyType:
"""Knowledge about a PSA key type."""
def __init__(self, name: str, params: Optional[Iterable[str]] = None):
def __init__(self, name: str, params: Optional[Iterable[str]] = None) -> None:
"""Analyze a key type.
The key type must be specified in PSA syntax. In its simplest form,
@ -62,6 +92,11 @@ class KeyType:
if self.params is not None:
self.expression += '(' + ', '.join(self.params) + ')'
m = re.match(r'PSA_KEY_TYPE_(\w+)', self.name)
assert m
self.head = re.sub(r'_(?:PUBLIC_KEY|KEY_PAIR)\Z', r'', m.group(1))
"""The key type macro name, with common prefixes and suffixes stripped."""
self.private_type = re.sub(r'_PUBLIC_KEY\Z', r'_KEY_PAIR', self.name)
"""The key type macro name for the corresponding key pair type.
@ -69,6 +104,10 @@ class KeyType:
`self.name`.
"""
def is_public(self) -> bool:
"""Whether the key type is for public keys."""
return self.name.endswith('_PUBLIC_KEY')
ECC_KEY_SIZES = {
'PSA_ECC_FAMILY_SECP_K1': (192, 224, 256),
'PSA_ECC_FAMILY_SECP_R1': (225, 256, 384, 521),
@ -151,3 +190,210 @@ class KeyType:
"""
# This is just temporaly solution for the implicit usage flags.
return re.match(self.KEY_TYPE_FOR_SIGNATURE[usage], self.name) is not None
def can_do(self, alg: 'Algorithm') -> bool:
"""Whether this key type can be used for operations with the given algorithm.
This function does not currently handle key derivation or PAKE.
"""
#pylint: disable=too-many-return-statements
if alg.is_wildcard:
return False
if self.head == 'HMAC' and alg.head == 'HMAC':
return True
if self.head in BLOCK_CIPHERS and \
alg.head in frozenset.union(BLOCK_MAC_MODES,
BLOCK_CIPHER_MODES,
BLOCK_AEAD_MODES):
return True
if self.head == 'CHACHA20' and alg.head == 'CHACHA20_POLY1305':
return True
if self.head in {'ARC4', 'CHACHA20'} and \
alg.head == 'STREAM_CIPHER':
return True
if self.head == 'RSA' and alg.head.startswith('RSA_'):
return True
if self.head == 'ECC':
assert self.params is not None
eccc = EllipticCurveCategory.from_family(self.params[0])
if alg.head == 'ECDH' and \
eccc in {EllipticCurveCategory.SHORT_WEIERSTRASS,
EllipticCurveCategory.MONTGOMERY}:
return True
if alg.head == 'ECDSA' and \
eccc == EllipticCurveCategory.SHORT_WEIERSTRASS:
return True
if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \
eccc == EllipticCurveCategory.TWISTED_EDWARDS:
return True
return False
class AlgorithmCategory(enum.Enum):
"""PSA algorithm categories."""
# The numbers are aligned with the category bits in numerical values of
# algorithms.
HASH = 2
MAC = 3
CIPHER = 4
AEAD = 5
SIGN = 6
ASYMMETRIC_ENCRYPTION = 7
KEY_DERIVATION = 8
KEY_AGREEMENT = 9
PAKE = 10
def requires_key(self) -> bool:
"""Whether operations in this category are set up with a key."""
return self not in {self.HASH, self.KEY_DERIVATION}
def is_asymmetric(self) -> bool:
"""Whether operations in this category involve asymmetric keys."""
return self in {
self.SIGN,
self.ASYMMETRIC_ENCRYPTION,
self.KEY_AGREEMENT
}
class AlgorithmNotRecognized(Exception):
def __init__(self, expr: str) -> None:
super().__init__('Algorithm not recognized: ' + expr)
self.expr = expr
class Algorithm:
"""Knowledge about a PSA algorithm."""
@staticmethod
def determine_base(expr: str) -> str:
"""Return an expression for the "base" of the algorithm.
This strips off variants of algorithms such as MAC truncation.
This function does not attempt to detect invalid inputs.
"""
m = re.match(r'PSA_ALG_(?:'
r'(?:TRUNCATED|AT_LEAST_THIS_LENGTH)_MAC|'
r'AEAD_WITH_(?:SHORTENED|AT_LEAST_THIS_LENGTH)_TAG'
r')\((.*),[^,]+\)\Z', expr)
if m:
expr = m.group(1)
return expr
@staticmethod
def determine_head(expr: str) -> str:
"""Return the head of an algorithm expression.
The head is the first (outermost) constructor, without its PSA_ALG_
prefix, and with some normalization of similar algorithms.
"""
m = re.match(r'PSA_ALG_(?:DETERMINISTIC_)?(\w+)', expr)
if not m:
raise AlgorithmNotRecognized(expr)
head = m.group(1)
if head == 'KEY_AGREEMENT':
m = re.match(r'PSA_ALG_KEY_AGREEMENT\s*\(\s*PSA_ALG_(\w+)', expr)
if not m:
raise AlgorithmNotRecognized(expr)
head = m.group(1)
head = re.sub(r'_ANY\Z', r'', head)
if re.match(r'ED[0-9]+PH\Z', head):
head = 'EDDSA_PREHASH'
return head
CATEGORY_FROM_HEAD = {
'SHA': AlgorithmCategory.HASH,
'SHAKE256_512': AlgorithmCategory.HASH,
'MD': AlgorithmCategory.HASH,
'RIPEMD': AlgorithmCategory.HASH,
'ANY_HASH': AlgorithmCategory.HASH,
'HMAC': AlgorithmCategory.MAC,
'STREAM_CIPHER': AlgorithmCategory.CIPHER,
'CHACHA20_POLY1305': AlgorithmCategory.AEAD,
'DSA': AlgorithmCategory.SIGN,
'ECDSA': AlgorithmCategory.SIGN,
'EDDSA': AlgorithmCategory.SIGN,
'PURE_EDDSA': AlgorithmCategory.SIGN,
'RSA_PSS': AlgorithmCategory.SIGN,
'RSA_PKCS1V15_SIGN': AlgorithmCategory.SIGN,
'RSA_PKCS1V15_CRYPT': AlgorithmCategory.ASYMMETRIC_ENCRYPTION,
'RSA_OAEP': AlgorithmCategory.ASYMMETRIC_ENCRYPTION,
'HKDF': AlgorithmCategory.KEY_DERIVATION,
'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION,
'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION,
'PBKDF': AlgorithmCategory.KEY_DERIVATION,
'ECDH': AlgorithmCategory.KEY_AGREEMENT,
'FFDH': AlgorithmCategory.KEY_AGREEMENT,
# KEY_AGREEMENT(...) is a key derivation with a key agreement component
'KEY_AGREEMENT': AlgorithmCategory.KEY_DERIVATION,
'JPAKE': AlgorithmCategory.PAKE,
}
for x in BLOCK_MAC_MODES:
CATEGORY_FROM_HEAD[x] = AlgorithmCategory.MAC
for x in BLOCK_CIPHER_MODES:
CATEGORY_FROM_HEAD[x] = AlgorithmCategory.CIPHER
for x in BLOCK_AEAD_MODES:
CATEGORY_FROM_HEAD[x] = AlgorithmCategory.AEAD
def determine_category(self, expr: str, head: str) -> AlgorithmCategory:
"""Return the category of the given algorithm expression.
This function does not attempt to detect invalid inputs.
"""
prefix = head
while prefix:
if prefix in self.CATEGORY_FROM_HEAD:
return self.CATEGORY_FROM_HEAD[prefix]
if re.match(r'.*[0-9]\Z', prefix):
prefix = re.sub(r'_*[0-9]+\Z', r'', prefix)
else:
prefix = re.sub(r'_*[^_]*\Z', r'', prefix)
raise AlgorithmNotRecognized(expr)
@staticmethod
def determine_wildcard(expr) -> bool:
"""Whether the given algorithm expression is a wildcard.
This function does not attempt to detect invalid inputs.
"""
if re.search(r'\bPSA_ALG_ANY_HASH\b', expr):
return True
if re.search(r'_AT_LEAST_', expr):
return True
return False
def __init__(self, expr: str) -> None:
"""Analyze an algorithm value.
The algorithm must be expressed as a C expression containing only
calls to PSA algorithm constructor macros and numeric literals.
This class is only programmed to handle valid expressions. Invalid
expressions may result in exceptions or in nonsensical results.
"""
self.expression = re.sub(r'\s+', r'', expr)
self.base_expression = self.determine_base(self.expression)
self.head = self.determine_head(self.base_expression)
self.category = self.determine_category(self.base_expression, self.head)
self.is_wildcard = self.determine_wildcard(self.expression)
def is_key_agreement_with_derivation(self) -> bool:
"""Whether this is a combined key agreement and key derivation algorithm."""
if self.category != AlgorithmCategory.KEY_AGREEMENT:
return False
m = re.match(r'PSA_ALG_KEY_AGREEMENT\(\w+,\s*(.*)\)\Z', self.expression)
if not m:
return False
kdf_alg = m.group(1)
# Assume kdf_alg is either a valid KDF or 0.
return not re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg)
def can_do(self, category: AlgorithmCategory) -> bool:
"""Whether this algorithm fits the specified operation category."""
if category == self.category:
return True
if category == AlgorithmCategory.KEY_DERIVATION and \
self.is_key_agreement_with_derivation():
return True
return False

8
tests/include/test/drivers/crypto_config_test_driver_extension.h
View file

@ -166,6 +166,14 @@
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_ARIA)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
#else
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1
#endif
#endif
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA

5
tests/scripts/all.sh
View file

@ -1760,6 +1760,10 @@ component_test_psa_crypto_config_accel_hash () {
component_test_psa_crypto_config_accel_cipher () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
# This test case focuses on cipher+AEAD. We don't yet support all
# combinations of configurations, so deactivate block-cipher-based MACs.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
@ -1774,7 +1778,6 @@ component_test_psa_crypto_config_accel_cipher () {
# PSA configuration options.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7

15
tests/scripts/check-generated-files.sh
View file

@ -65,24 +65,25 @@ check()
fi
for FILE in "$@"; do
cp "$FILE" "$FILE.bak"
cp -p "$FILE" "$FILE.bak"
done
"$SCRIPT"
# Compare the script output to the old files and remove backups
for FILE in "$@"; do
if ! diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
if diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
# Move the original file back so that $FILE's timestamp doesn't
# change (avoids spurious rebuilds with make).
mv "$FILE.bak" "$FILE"
else
echo "'$FILE' was either modified or deleted by '$SCRIPT'"
if [ -z "$UPDATE" ]; then
exit 1
else
rm "$FILE.bak"
fi
fi
if [ -z "$UPDATE" ]; then
mv "$FILE.bak" "$FILE"
else
rm "$FILE.bak"
fi
done
if [ -n "$directory" ]; then

176
tests/scripts/generate_psa_tests.py
View file

@ -21,6 +21,7 @@ generate only the specified files.
# limitations under the License.
import argparse
import enum
import os
import re
import sys
@ -303,6 +304,145 @@ class KeyGenerate:
kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_key_generation(kt)
class OpFail:
"""Generate test cases for operations that must fail."""
#pylint: disable=too-few-public-methods
class Reason(enum.Enum):
NOT_SUPPORTED = 0
INVALID = 1
INCOMPATIBLE = 2
PUBLIC = 3
def __init__(self, info: Information) -> None:
self.constructors = info.constructors
key_type_expressions = self.constructors.generate_expressions(
sorted(self.constructors.key_types)
)
self.key_types = [crypto_knowledge.KeyType(kt_expr)
for kt_expr in key_type_expressions]
def make_test_case(
self,
alg: crypto_knowledge.Algorithm,
category: crypto_knowledge.AlgorithmCategory,
reason: 'Reason',
kt: Optional[crypto_knowledge.KeyType] = None,
not_deps: FrozenSet[str] = frozenset(),
) -> test_case.TestCase:
"""Construct a failure test case for a one-key or keyless operation."""
#pylint: disable=too-many-arguments,too-many-locals
tc = test_case.TestCase()
pretty_alg = re.sub(r'PSA_ALG_', r'', alg.expression)
if reason == self.Reason.NOT_SUPPORTED:
short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
for dep in not_deps]
pretty_reason = '!' + '&'.join(sorted(short_deps))
else:
pretty_reason = reason.name.lower()
if kt:
key_type = kt.expression
pretty_type = re.sub(r'PSA_KEY_TYPE_', r'', key_type)
else:
key_type = ''
pretty_type = ''
tc.set_description('PSA {} {}: {}{}'
.format(category.name.lower(),
pretty_alg,
pretty_reason,
' with ' + pretty_type if pretty_type else ''))
dependencies = automatic_dependencies(alg.base_expression, key_type)
for i, dep in enumerate(dependencies):
if dep in not_deps:
dependencies[i] = '!' + dep
tc.set_dependencies(dependencies)
tc.set_function(category.name.lower() + '_fail')
arguments = []
if kt:
key_material = kt.key_material(kt.sizes_to_test()[0])
arguments += [key_type, test_case.hex_string(key_material)]
arguments.append(alg.expression)
if category.is_asymmetric():
arguments.append('1' if reason == self.Reason.PUBLIC else '0')
error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
'INVALID_ARGUMENT')
arguments.append('PSA_ERROR_' + error)
tc.set_arguments(arguments)
return tc
def no_key_test_cases(
self,
alg: crypto_knowledge.Algorithm,
category: crypto_knowledge.AlgorithmCategory,
) -> Iterator[test_case.TestCase]:
"""Generate failure test cases for keyless operations with the specified algorithm."""
if alg.can_do(category):
# Compatible operation, unsupported algorithm
for dep in automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
not_deps=frozenset([dep]))
else:
# Incompatible operation, supported algorithm
yield self.make_test_case(alg, category, self.Reason.INVALID)
def one_key_test_cases(
self,
alg: crypto_knowledge.Algorithm,
category: crypto_knowledge.AlgorithmCategory,
) -> Iterator[test_case.TestCase]:
"""Generate failure test cases for one-key operations with the specified algorithm."""
for kt in self.key_types:
key_is_compatible = kt.can_do(alg)
if key_is_compatible and alg.can_do(category):
# Compatible key and operation, unsupported algorithm
for dep in automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
kt=kt, not_deps=frozenset([dep]))
# Public key for a private-key operation
if category.is_asymmetric() and kt.is_public():
yield self.make_test_case(alg, category,
self.Reason.PUBLIC,
kt=kt)
elif key_is_compatible:
# Compatible key, incompatible operation, supported algorithm
yield self.make_test_case(alg, category,
self.Reason.INVALID,
kt=kt)
elif alg.can_do(category):
# Incompatible key, compatible operation, supported algorithm
yield self.make_test_case(alg, category,
self.Reason.INCOMPATIBLE,
kt=kt)
else:
# Incompatible key and operation. Don't test cases where
# multiple things are wrong, to keep the number of test
# cases reasonable.
pass
def test_cases_for_algorithm(
self,
alg: crypto_knowledge.Algorithm,
) -> Iterator[test_case.TestCase]:
"""Generate operation failure test cases for the specified algorithm."""
for category in crypto_knowledge.AlgorithmCategory:
if category == crypto_knowledge.AlgorithmCategory.PAKE:
# PAKE operations are not implemented yet
pass
elif category.requires_key():
yield from self.one_key_test_cases(alg, category)
else:
yield from self.no_key_test_cases(alg, category)
def all_test_cases(self) -> Iterator[test_case.TestCase]:
"""Generate all test cases for operations that must fail."""
algorithms = sorted(self.constructors.algorithms)
for expr in self.constructors.generate_expressions(algorithms):
alg = crypto_knowledge.Algorithm(expr)
yield from self.test_cases_for_algorithm(alg)
class StorageKey(psa_storage.Key):
"""Representation of a key for storage format testing."""
@ -441,51 +581,41 @@ class StorageFormat:
continue
yield self.key_for_lifetime(lifetime)
def keys_for_usage_flags(
def key_for_usage_flags(
self,
usage_flags: List[str],
short: Optional[str] = None,
test_implicit_usage: Optional[bool] = False
) -> Iterator[StorageTestData]:
test_implicit_usage: Optional[bool] = True
) -> StorageTestData:
"""Construct a test key for the given key usage."""
usage = ' | '.join(usage_flags) if usage_flags else '0'
if short is None:
short = re.sub(r'\bPSA_KEY_USAGE_', r'', usage)
extra_desc = ' with implication' if test_implicit_usage else ''
extra_desc = ' without implication' if test_implicit_usage else ''
description = 'usage' + extra_desc + ': ' + short
key1 = StorageTestData(version=self.version,
id=1, lifetime=0x00000001,
type='PSA_KEY_TYPE_RAW_DATA', bits=8,
expected_usage=usage,
without_implicit_usage=not test_implicit_usage,
usage=usage, alg=0, alg2=0,
material=b'K',
description=description)
yield key1
if test_implicit_usage:
description = 'usage without implication' + ': ' + short
key2 = StorageTestData(version=self.version,
id=1, lifetime=0x00000001,
type='PSA_KEY_TYPE_RAW_DATA', bits=8,
without_implicit_usage=True,
usage=usage, alg=0, alg2=0,
material=b'K',
description=description)
yield key2
return key1
def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]:
"""Generate test keys covering usage flags."""
known_flags = sorted(self.constructors.key_usage_flags)
yield from self.keys_for_usage_flags(['0'], **kwargs)
yield self.key_for_usage_flags(['0'], **kwargs)
for usage_flag in known_flags:
yield from self.keys_for_usage_flags([usage_flag], **kwargs)
yield self.key_for_usage_flags([usage_flag], **kwargs)
for flag1, flag2 in zip(known_flags,
known_flags[1:] + [known_flags[0]]):
yield from self.keys_for_usage_flags([flag1, flag2], **kwargs)
yield self.key_for_usage_flags([flag1, flag2], **kwargs)
def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]:
known_flags = sorted(self.constructors.key_usage_flags)
yield from self.keys_for_usage_flags(known_flags, short='all known')
yield self.key_for_usage_flags(known_flags, short='all known')
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
yield from self.generate_keys_for_usage_flags()
@ -591,8 +721,8 @@ class StorageFormatV0(StorageFormat):
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
"""Generate test keys covering usage flags."""
yield from self.generate_keys_for_usage_flags(test_implicit_usage=True)
yield from self.generate_key_for_all_usage_flags()
yield from super().all_keys_for_usage_flags()
yield from self.generate_keys_for_usage_flags(test_implicit_usage=False)
def keys_for_implicit_usage(
self,
@ -730,6 +860,8 @@ class TestGenerator:
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: NotSupported(info).test_cases_for_not_supported(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':

384
tests/suites/test_suite_psa_crypto_op_fail.function Normal file
View file

@ -0,0 +1,384 @@
/* BEGIN_HEADER */
#include "psa/crypto.h"
#include "test/psa_crypto_helpers.h"
static int test_equal_status( const char *test,
int line_no, const char* filename,
psa_status_t value1,
psa_status_t value2 )
{
if( ( value1 == PSA_ERROR_INVALID_ARGUMENT &&
value2 == PSA_ERROR_NOT_SUPPORTED ) ||
( value1 == PSA_ERROR_NOT_SUPPORTED &&
value2 == PSA_ERROR_INVALID_ARGUMENT ) )
{
return( 1 );
}
return( mbedtls_test_equal( test, line_no, filename, value1, value2 ) );
}
/** Like #TEST_EQUAL, but expects #psa_status_t values and treats
* #PSA_ERROR_INVALID_ARGUMENT and #PSA_ERROR_NOT_SUPPORTED as
* interchangeable.
*
* This test suite currently allows NOT_SUPPORTED and INVALID_ARGUMENT
* to be interchangeable in places where the library's behavior does not
* match the strict expectations of the test case generator. In the long
* run, it would be better to clarify the expectations and reconcile the
* library and the test case generator.
*/
#define TEST_STATUS( expr1, expr2 ) \
do { \
if( ! test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \
expr1, expr2 ) ) \
goto exit; \
} while( 0 )
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void hash_fail( int alg_arg, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_algorithm_t alg = alg_arg;
psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
uint8_t input[1] = {'A'};
uint8_t output[PSA_HASH_MAX_SIZE] = {0};
size_t length = SIZE_MAX;
PSA_INIT( );
TEST_EQUAL( expected_status,
psa_hash_setup( &operation, alg ) );
TEST_EQUAL( expected_status,
psa_hash_compute( alg, input, sizeof( input ),
output, sizeof( output ), &length ) );
TEST_EQUAL( expected_status,
psa_hash_compare( alg, input, sizeof( input ),
output, sizeof( output ) ) );
exit:
psa_hash_abort( &operation );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void mac_fail( int key_type_arg, data_t *key_data,
int alg_arg, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t input[1] = {'A'};
uint8_t output[PSA_MAC_MAX_SIZE] = {0};
size_t length = SIZE_MAX;
PSA_INIT( );
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes,
key_data->x, key_data->len,
&key_id ) );
TEST_STATUS( expected_status,
psa_mac_sign_setup( &operation, key_id, alg ) );
TEST_STATUS( expected_status,
psa_mac_verify_setup( &operation, key_id, alg ) );
TEST_STATUS( expected_status,
psa_mac_compute( key_id, alg,
input, sizeof( input ),
output, sizeof( output ), &length ) );
TEST_STATUS( expected_status,
psa_mac_verify( key_id, alg,
input, sizeof( input ),
output, sizeof( output ) ) );
exit:
psa_mac_abort( &operation );
psa_destroy_key( key_id );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_fail( int key_type_arg, data_t *key_data,
int alg_arg, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t input[1] = {'A'};
uint8_t output[64] = {0};
size_t length = SIZE_MAX;
PSA_INIT( );
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes,
key_data->x, key_data->len,
&key_id ) );
TEST_STATUS( expected_status,
psa_cipher_encrypt_setup( &operation, key_id, alg ) );
TEST_STATUS( expected_status,
psa_cipher_decrypt_setup( &operation, key_id, alg ) );
TEST_STATUS( expected_status,
psa_cipher_encrypt( key_id, alg,
input, sizeof( input ),
output, sizeof( output ), &length ) );
TEST_STATUS( expected_status,
psa_cipher_decrypt( key_id, alg,
input, sizeof( input ),
output, sizeof( output ), &length ) );
exit:
psa_cipher_abort( &operation );
psa_destroy_key( key_id );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void aead_fail( int key_type_arg, data_t *key_data,
int alg_arg, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t input[16] = "ABCDEFGHIJKLMNO";
uint8_t output[64] = {0};
size_t length = SIZE_MAX;
PSA_INIT( );
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes,
key_data->x, key_data->len,
&key_id ) );
TEST_STATUS( expected_status,
psa_aead_encrypt( key_id, alg,
input, sizeof( input ),
NULL, 0, input, sizeof( input ),
output, sizeof( output ), &length ) );
TEST_STATUS( expected_status,
psa_aead_decrypt( key_id, alg,
input, sizeof( input ),
NULL, 0, input, sizeof( input ),
output, sizeof( output ), &length ) );
exit:
psa_destroy_key( key_id );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void sign_fail( int key_type_arg, data_t *key_data,
int alg_arg, int private_only,
int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t input[1] = {'A'};
uint8_t output[PSA_SIGNATURE_MAX_SIZE] = {0};
size_t length = SIZE_MAX;
PSA_INIT( );
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes,
key_data->x, key_data->len,
&key_id ) );
TEST_STATUS( expected_status,
psa_sign_hash( key_id, alg,
input, sizeof( input ),
output, sizeof( output ), &length ) );
if( ! private_only )
{
/* Determine a plausible signature size to avoid an INVALID_SIGNATURE
* error based on this. */
PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
size_t key_bits = psa_get_key_bits( &attributes );
size_t output_length = sizeof( output );
if( PSA_KEY_TYPE_IS_RSA( key_type ) )
output_length = PSA_BITS_TO_BYTES( key_bits );
else if( PSA_KEY_TYPE_IS_ECC( key_type ) )
output_length = 2 * PSA_BITS_TO_BYTES( key_bits );
TEST_ASSERT( output_length <= sizeof( output ) );
TEST_STATUS( expected_status,
psa_verify_hash( key_id, alg,
input, sizeof( input ),
output, output_length ) );
}
exit:
psa_destroy_key( key_id );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void asymmetric_encryption_fail( int key_type_arg, data_t *key_data,
int alg_arg, int private_only,
int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = {0};
uint8_t ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = {0};
size_t length = SIZE_MAX;
PSA_INIT( );
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes,
key_data->x, key_data->len,
&key_id ) );
if( ! private_only )
{
TEST_STATUS( expected_status,
psa_asymmetric_encrypt( key_id, alg,
plaintext, 1,
NULL, 0,
ciphertext, sizeof( ciphertext ),
&length ) );
}
TEST_STATUS( expected_status,
psa_asymmetric_decrypt( key_id, alg,
ciphertext, sizeof( ciphertext ),
NULL, 0,
plaintext, sizeof( plaintext ),
&length ) );
exit:
psa_destroy_key( key_id );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void key_derivation_fail( int alg_arg, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_algorithm_t alg = alg_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
PSA_INIT( );
TEST_EQUAL( expected_status,
psa_key_derivation_setup( &operation, alg ) );
exit:
psa_key_derivation_abort( &operation );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void key_agreement_fail( int key_type_arg, data_t *key_data,
int alg_arg, int private_only,
int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t public_key[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE] = {0};
size_t public_key_length = SIZE_MAX;
uint8_t output[PSA_SIGNATURE_MAX_SIZE] = {0};
size_t length = SIZE_MAX;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
PSA_INIT( );
psa_set_key_type( &attributes, key_type );
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes,
key_data->x, key_data->len,
&key_id ) );
if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ||
PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
{
PSA_ASSERT( psa_export_public_key( key_id,
public_key, sizeof( public_key ),
&public_key_length ) );
}
TEST_STATUS( expected_status,
psa_raw_key_agreement( alg, key_id,
public_key, public_key_length,
output, sizeof( output ), &length ) );
#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
PSA_ASSERT( psa_key_derivation_setup( &operation,
PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) );
TEST_STATUS( expected_status,
psa_key_derivation_key_agreement(
&operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key_id,
public_key, public_key_length ) );
#endif
/* There are no public-key operations. */
(void) private_only;
exit:
psa_key_derivation_abort( &operation );
psa_destroy_key( key_id );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
/* END_CASE */

32806
tests/suites/test_suite_psa_crypto_op_fail.generated.data Normal file
View file

File diff suppressed because it is too large Load diff

15
tests/suites/test_suite_psa_crypto_op_fail.misc.data Normal file
View file

@ -0,0 +1,15 @@
# Most operation failure test cases are automatically generated in
# test_suite_psa_crypto_op_fail.generated.data. The manually written
# test cases in this file are only intended to help with debugging the
# test code.
PSA hash: invalid algorithm
hash_fail:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
PSA sign RSA_PSS(SHA_256): incompatible key type
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
sign_fail:PSA_KEY_TYPE_AES:"48657265006973206b6579a064617461":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT
PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair
depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_NOT_SUPPORTED

40
tests/suites/test_suite_psa_crypto_storage_format.current.data
View file

@ -16,83 +16,83 @@ PSA storage save: lifetime: PERSISTENT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000100000001100800010000000000000000000000010000004c"
PSA storage save: usage: 0
PSA storage save: usage without implication: 0
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b"
PSA storage save: usage: COPY
PSA storage save: usage without implication: COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b"
PSA storage save: usage: DECRYPT
PSA storage save: usage without implication: DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b"
PSA storage save: usage: DERIVE
PSA storage save: usage without implication: DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b"
PSA storage save: usage: ENCRYPT
PSA storage save: usage without implication: ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b"
PSA storage save: usage: EXPORT
PSA storage save: usage without implication: EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b"
PSA storage save: usage: SIGN_HASH
PSA storage save: usage without implication: SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b"
PSA storage save: usage: SIGN_MESSAGE
PSA storage save: usage without implication: SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b"
PSA storage save: usage: VERIFY_HASH
PSA storage save: usage without implication: VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b"
PSA storage save: usage: VERIFY_MESSAGE
PSA storage save: usage without implication: VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b"
PSA storage save: usage: COPY | DECRYPT
PSA storage save: usage without implication: COPY | DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b"
PSA storage save: usage: DECRYPT | DERIVE
PSA storage save: usage without implication: DECRYPT | DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b"
PSA storage save: usage: DERIVE | ENCRYPT
PSA storage save: usage without implication: DERIVE | ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b"
PSA storage save: usage: ENCRYPT | EXPORT
PSA storage save: usage without implication: ENCRYPT | EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b"
PSA storage save: usage: EXPORT | SIGN_HASH
PSA storage save: usage without implication: EXPORT | SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011400000000000000000000010000004b"
PSA storage save: usage: SIGN_HASH | SIGN_MESSAGE
PSA storage save: usage without implication: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b"
PSA storage save: usage: SIGN_MESSAGE | VERIFY_HASH
PSA storage save: usage without implication: SIGN_MESSAGE | VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002c00000000000000000000010000004b"
PSA storage save: usage: VERIFY_HASH | VERIFY_MESSAGE
PSA storage save: usage without implication: VERIFY_HASH | VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b"
PSA storage save: usage: VERIFY_MESSAGE | COPY
PSA storage save: usage without implication: VERIFY_MESSAGE | COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b"
PSA storage save: usage: all known
PSA storage save: usage without implication: all known
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037f00000000000000000000010000004b"

162
tests/suites/test_suite_psa_crypto_storage_format.v0.data
View file

@ -20,162 +20,162 @@ PSA storage read: lifetime: PERSISTENT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000100000001100800010000000000000000000000010000004c":0
PSA storage read: usage with implication: 0
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b":0
PSA storage read: usage without implication: 0
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b":0
PSA storage read: usage with implication: COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b":0
PSA storage read: usage without implication: COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b":0
PSA storage read: usage with implication: DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b":0
PSA storage read: usage without implication: DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b":0
PSA storage read: usage with implication: DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b":0
PSA storage read: usage without implication: DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b":0
PSA storage read: usage with implication: ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b":0
PSA storage read: usage without implication: ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b":0
PSA storage read: usage with implication: EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b":0
PSA storage read: usage without implication: EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b":0
PSA storage read: usage with implication: SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
PSA storage read: usage without implication: SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b":0
PSA storage read: usage with implication: SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b":0
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
PSA storage read: usage without implication: SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b":0
PSA storage read: usage with implication: VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
PSA storage read: usage without implication: VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b":0
PSA storage read: usage with implication: VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b":0
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
PSA storage read: usage without implication: VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b":0
PSA storage read: usage with implication: COPY | DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b":0
PSA storage read: usage without implication: COPY | DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b":0
PSA storage read: usage with implication: DECRYPT | DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b":0
PSA storage read: usage without implication: DECRYPT | DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b":0
PSA storage read: usage with implication: DERIVE | ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b":0
PSA storage read: usage without implication: DERIVE | ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b":0
PSA storage read: usage with implication: ENCRYPT | EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b":0
PSA storage read: usage without implication: ENCRYPT | EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b":0
PSA storage read: usage with implication: EXPORT | SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011400000000000000000000010000004b":0
PSA storage read: usage without implication: EXPORT | SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b":0
PSA storage read: usage with implication: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011400000000000000000000010000004b":0
PSA storage read: usage without implication: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
PSA storage read: usage with implication: SIGN_MESSAGE | VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002c00000000000000000000010000004b":0
PSA storage read: usage without implication: SIGN_MESSAGE | VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002400000000000000000000010000004b":0
PSA storage read: usage with implication: VERIFY_HASH | VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002c00000000000000000000010000004b":0
PSA storage read: usage without implication: VERIFY_HASH | VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
PSA storage read: usage with implication: VERIFY_MESSAGE | COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b":0
PSA storage read: usage without implication: VERIFY_MESSAGE | COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b":0
PSA storage read: usage: all known
PSA storage read: usage without implication: all known
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037f00000000000000000000010000004b":0
PSA storage read: usage: 0
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b":0
PSA storage read: usage: COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b":0
PSA storage read: usage: DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b":0
PSA storage read: usage: DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b":0
PSA storage read: usage: ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b":0
PSA storage read: usage: EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b":0
PSA storage read: usage: SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b":0
PSA storage read: usage: SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b":0
PSA storage read: usage: VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b":0
PSA storage read: usage: VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b":0
PSA storage read: usage: COPY | DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b":0
PSA storage read: usage: DECRYPT | DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b":0
PSA storage read: usage: DERIVE | ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b":0
PSA storage read: usage: ENCRYPT | EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b":0
PSA storage read: usage: EXPORT | SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b":0
PSA storage read: usage: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
PSA storage read: usage: SIGN_MESSAGE | VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002400000000000000000000010000004b":0
PSA storage read: usage: VERIFY_HASH | VERIFY_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
PSA storage read: usage: VERIFY_MESSAGE | COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b":0
PSA storage read: type: AES 128-bit
depends_on:PSA_WANT_KEY_TYPE_AES
key_storage_read:0x0001:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000002480000100000000000000000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE