diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 954895910..ff03abd16 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -490,11 +490,12 @@ static psa_status_t psa_internal_export_key( psa_key_slot_t key, if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); - if( export_public_key && ( !( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->type ) ) ) ) + if( export_public_key && ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - if( ( !export_public_key ) && ( !( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) ) ) && - ( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) ) ) + if( ! export_public_key && + ! PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->type ) && + ( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_NOT_PERMITTED ); if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) @@ -551,8 +552,8 @@ psa_status_t psa_export_key( psa_key_slot_t key, size_t data_size, size_t *data_length ) { - return psa_internal_export_key( key, data, data_size, - data_length, 0 ); + return( psa_internal_export_key( key, data, data_size, + data_length, 0 ) ); } @@ -561,8 +562,8 @@ psa_status_t psa_export_public_key( psa_key_slot_t key, size_t data_size, size_t *data_length ) { - return psa_internal_export_key( key, data, data_size, - data_length, 1 ); + return( psa_internal_export_key( key, data, data_size, + data_length, 1 ) ); } /****************************************************************/ @@ -1030,7 +1031,7 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) if( PSA_ALG_IS_HMAC( operation->alg ) ) { unsigned int block_size = - psa_get_hash_block_size( ( PSA_ALG_HMAC_HASH( operation->alg ) ) ); + psa_get_hash_block_size( PSA_ALG_HMAC_HASH( operation->alg ) ); if( block_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -1082,13 +1083,13 @@ static int psa_hmac_start( psa_mac_operation_t *operation, unsigned char *opad = operation->ctx.hmac.opad; size_t i; size_t block_size = - psa_get_hash_block_size( ( PSA_ALG_HMAC_HASH( alg ) ) ); + psa_get_hash_block_size( PSA_ALG_HMAC_HASH( alg ) ); unsigned int digest_size = - PSA_HASH_SIZE( ( PSA_ALG_HMAC_HASH( alg ) ) ); + PSA_HASH_SIZE( PSA_ALG_HMAC_HASH( alg ) ); size_t key_length = slot->data.raw.bytes; psa_status_t status; - if( ( block_size == 0 ) || ( digest_size == 0 ) ) + if( block_size == 0 || digest_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); if( key_type != PSA_KEY_TYPE_HMAC ) @@ -1253,14 +1254,14 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, } break; } - if( ( ret != 0 ) || ( status != PSA_SUCCESS ) ) + if( ret != 0 || status != PSA_SUCCESS ) { psa_mac_abort( operation ); if( ret != 0 ) status = mbedtls_to_psa_error( ret ); } - return status; + return( status ); } static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, @@ -1299,7 +1300,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, unsigned char *opad = operation->ctx.hmac.opad; size_t hash_size = 0; size_t block_size = - psa_get_hash_block_size( ( PSA_ALG_HMAC_HASH( operation->alg ) ) ); + psa_get_hash_block_size( PSA_ALG_HMAC_HASH( operation->alg ) ); if( block_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -1339,7 +1340,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, } cleanup: - if( ( ret == 0 ) && ( status == PSA_SUCCESS ) ) + if( ret == 0 && status == PSA_SUCCESS ) { return( psa_mac_abort( operation ) ); } @@ -1349,7 +1350,7 @@ cleanup: if( ret != 0 ) status = mbedtls_to_psa_error( ret ); - return status; + return( status ); } } @@ -1358,7 +1359,7 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation, size_t mac_size, size_t *mac_length ) { - if( !( operation->key_usage_sign ) ) + if( ! operation->key_usage_sign ) return( PSA_ERROR_NOT_PERMITTED ); return( psa_mac_finish_internal( operation, mac, @@ -1377,7 +1378,7 @@ psa_status_t psa_mac_verify( psa_mac_operation_t *operation, size_t actual_mac_length; psa_status_t status; - if( !( operation->key_usage_verify ) ) + if( ! operation->key_usage_verify ) return( PSA_ERROR_NOT_PERMITTED ); status = psa_mac_finish_internal( operation, @@ -1546,8 +1547,8 @@ psa_status_t psa_asymmetric_verify( psa_key_slot_t key, return( PSA_ERROR_NOT_PERMITTED ); #if defined(MBEDTLS_RSA_C) - if( ( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) || - ( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) ) + if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR || + slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { mbedtls_rsa_context *rsa = slot->data.rsa; int ret; @@ -1639,8 +1640,8 @@ psa_status_t psa_asymmetric_encrypt( psa_key_slot_t key, return( PSA_ERROR_NOT_PERMITTED ); #if defined(MBEDTLS_RSA_C) - if( ( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) || - ( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) ) + if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR || + slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { mbedtls_rsa_context *rsa = slot->data.rsa; int ret; @@ -1830,7 +1831,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->block_size = ( PSA_ALG_IS_BLOCK_CIPHER( alg ) ? PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) : 1 ); - if( PSA_ALG_IS_BLOCK_CIPHER( alg ) || ( alg == PSA_ALG_CTR ) ) + if( PSA_ALG_IS_BLOCK_CIPHER( alg ) || alg == PSA_ALG_CTR ) { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); } @@ -1842,14 +1843,14 @@ psa_status_t psa_encrypt_setup( psa_cipher_operation_t *operation, psa_key_slot_t key, psa_algorithm_t alg ) { - return psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ); + return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) ); } psa_status_t psa_decrypt_setup( psa_cipher_operation_t *operation, psa_key_slot_t key, psa_algorithm_t alg ) { - return psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ); + return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) ); } psa_status_t psa_encrypt_generate_iv( psa_cipher_operation_t *operation, @@ -1858,7 +1859,7 @@ psa_status_t psa_encrypt_generate_iv( psa_cipher_operation_t *operation, size_t *iv_length ) { int ret = PSA_SUCCESS; - if( operation->iv_set || !( operation->iv_required ) ) + if( operation->iv_set || ! operation->iv_required ) return( PSA_ERROR_BAD_STATE ); if( iv_size < operation->iv_size ) { @@ -1887,7 +1888,7 @@ psa_status_t psa_encrypt_set_iv( psa_cipher_operation_t *operation, size_t iv_length ) { int ret = PSA_SUCCESS; - if( operation->iv_set || !( operation->iv_required ) ) + if( operation->iv_set || ! operation->iv_required ) return( PSA_ERROR_BAD_STATE ); if( iv_length != operation->iv_size ) { @@ -2053,9 +2054,11 @@ psa_status_t psa_set_key_policy( psa_key_slot_t key, if( slot->type != PSA_KEY_TYPE_NONE ) return( PSA_ERROR_OCCUPIED_SLOT ); - if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT - | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN - | PSA_KEY_USAGE_VERIFY ) ) != 0 ) + if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_ENCRYPT | + PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_SIGN | + PSA_KEY_USAGE_VERIFY ) ) != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); slot->policy = *policy; @@ -2164,7 +2167,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) ) + if( ( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) == 0 ) return( PSA_ERROR_NOT_PERMITTED ); if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != @@ -2231,7 +2234,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, - nonce, nonce_length, additional_data, + nonce, nonce_length, + additional_data, additional_data_length, plaintext, ciphertext, tag, tag_length ); @@ -2369,7 +2373,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, } ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length - tag_length, nonce, nonce_length, - additional_data, additional_data_length, + additional_data, + additional_data_length, ciphertext, plaintext, tag, tag_length ); mbedtls_ccm_free( &ccm ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5a68074e4..5e66986ae 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -186,7 +186,8 @@ void import_export_public_key( data_t *data, /* Test the key information */ TEST_ASSERT( psa_get_key_information( slot, - &got_type, &got_bits ) == PSA_SUCCESS ); + &got_type, + &got_bits ) == PSA_SUCCESS ); TEST_ASSERT( got_type == type ); TEST_ASSERT( got_bits == (size_t) expected_bits ); @@ -348,7 +349,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg, TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, (size_t) key->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_encrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_encrypt_setup( &operation, + key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); @@ -413,7 +415,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, (size_t) key->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_encrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_encrypt_setup( &operation, + key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); @@ -482,7 +485,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, (size_t) key->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_decrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_decrypt_setup( &operation, + key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); @@ -552,7 +556,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, (size_t) key->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_decrypt_setup( &operation, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_decrypt_setup( &operation, + key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, iv, sizeof( iv ) ) == PSA_SUCCESS ); @@ -620,8 +625,10 @@ void cipher_verify_output( int alg_arg, int key_type_arg, TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, (size_t) key->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_encrypt_setup( &operation1, key_slot, alg ) == PSA_SUCCESS ); - TEST_ASSERT( psa_decrypt_setup( &operation2, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_encrypt_setup( &operation1, + key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_decrypt_setup( &operation2, + key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_generate_iv( &operation1, iv, iv_size, @@ -704,8 +711,10 @@ void cipher_verify_output_multipart( int alg_arg, TEST_ASSERT( psa_import_key( key_slot, key_type, key->x, (size_t) key->len ) == PSA_SUCCESS ); - TEST_ASSERT( psa_encrypt_setup( &operation1, key_slot, alg ) == PSA_SUCCESS ); - TEST_ASSERT( psa_decrypt_setup( &operation2, key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_encrypt_setup( &operation1, + key_slot, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_decrypt_setup( &operation2, + key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_generate_iv( &operation1, iv, iv_size, @@ -775,9 +784,13 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void aead_encrypt_decrypt( int key_type_arg, data_t * key_data, - int alg_arg, data_t * input_data, data_t * nonce, - data_t * additional_data, int expected_result_arg ) +void aead_encrypt_decrypt( int key_type_arg, + data_t * key_data, + int alg_arg, + data_t * input_data, + data_t * nonce, + data_t * additional_data, + int expected_result_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; @@ -808,7 +821,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t * key_data, psa_key_policy_init( &policy ); - psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT , alg ); + psa_key_policy_set_usage( &policy, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, + alg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); @@ -833,8 +848,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t * key_data, nonce->x, (size_t) nonce->len, additional_data->x, (size_t) additional_data->len, - output_data, output_length, output_data2, - output_length, &output_length2 ) == + output_data, output_length, + output_data2, output_length, + &output_length2 ) == expected_result ); @@ -898,8 +914,8 @@ void aead_encrypt( int key_type_arg, data_t * key_data, additional_data->x, (size_t) additional_data->len, input_data->x, (size_t) input_data->len, - output_data, - output_size, &output_length ) == PSA_SUCCESS ); + output_data, output_size, + &output_length ) == PSA_SUCCESS ); TEST_ASSERT( memcmp( output_data, expected_result->x, @@ -959,7 +975,8 @@ void aead_decrypt( int key_type_arg, data_t * key_data, TEST_ASSERT( psa_aead_decrypt( slot, alg, nonce->x, (size_t) nonce->len, - additional_data->x, (size_t) additional_data->len, + additional_data->x, + (size_t) additional_data->len, input_data->x, (size_t) input_data->len, output_data, output_size, &output_length ) == @@ -982,7 +999,10 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void signature_size( int type_arg, int bits, int alg_arg, int expected_size_arg ) +void signature_size( int type_arg, + int bits, + int alg_arg, + int expected_size_arg ) { psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; @@ -1028,7 +1048,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data, NULL, &key_bits ) == PSA_SUCCESS ); - signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); + signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, + key_bits, alg ); TEST_ASSERT( signature_size != 0 ); signature = mbedtls_calloc( 1, signature_size ); TEST_ASSERT( signature != NULL ); @@ -1117,9 +1138,11 @@ void key_policy( int usage_arg, int alg_arg ) psa_key_policy_set_usage( &policy_set, usage_arg, alg_arg ); - TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == (psa_key_usage_t) usage_arg ); + TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == + (psa_key_usage_t) usage_arg ); - TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == (psa_algorithm_t) alg_arg ); + TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == + (psa_algorithm_t) alg_arg ); TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS ); @@ -1218,7 +1241,9 @@ exit: /* BEGIN_CASE */ -void key_lifetime_set_fail( int key_slot_arg, int lifetime_arg, int expected_status_arg ) +void key_lifetime_set_fail( int key_slot_arg, + int lifetime_arg, + int expected_status_arg ) { int key_slot = 1; psa_key_lifetime_t lifetime_set = (psa_key_lifetime_t) lifetime_arg; @@ -1360,7 +1385,9 @@ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *key_data, TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); psa_key_policy_init( &policy ); - psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg_arg ); + psa_key_policy_set_usage( &policy, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, + alg_arg ); TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); TEST_ASSERT( psa_import_key( slot, key_type, @@ -1385,8 +1412,8 @@ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *key_data, output2, output2_size, &output2_length ) == PSA_SUCCESS ); - TEST_ASSERT( memcmp( input_data->x, output2, (size_t) input_data->len ) - == 0 ); + TEST_ASSERT( memcmp( input_data->x, output2, + (size_t) input_data->len ) == 0 ); exit: psa_destroy_key( slot ); @@ -1493,7 +1520,7 @@ void asymmetric_decrypt( int key_type_arg, data_t *key_data, output_size, &output_length ) == PSA_SUCCESS ); TEST_ASSERT( ( (size_t) expected_size ) == output_length ); - TEST_ASSERT( memcmp( expected_data->x, output, ( output_length ) ) == 0 ); + TEST_ASSERT( memcmp( expected_data->x, output, output_length ) == 0 ); exit: psa_destroy_key( slot );