mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-22 22:00:58 +00:00
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
This commit is contained in:
commit
e252868be4
5
ChangeLog.d/psa-crypto-new-wildcard-policies.txt
Normal file
5
ChangeLog.d/psa-crypto-new-wildcard-policies.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Features
|
||||
* In the PSA API, the policy for a MAC or AEAD algorithm can specify a
|
||||
minimum MAC or tag length thanks to the new wildcards
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC and
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG.
|
|
@ -264,6 +264,14 @@ static psa_key_usage_t psa_get_key_usage_flags(
|
|||
* - An algorithm value permits this particular algorithm.
|
||||
* - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
|
||||
* signature scheme with any hash algorithm.
|
||||
* - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
|
||||
* any MAC algorithm from the same base class (e.g. CMAC) which
|
||||
* generates/verifies a MAC length greater than or equal to the length
|
||||
* encoded in the wildcard algorithm.
|
||||
* - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
|
||||
* allows any AEAD algorithm from the same base class (e.g. CCM) which
|
||||
* generates/verifies a tag length greater than or equal to the length
|
||||
* encoded in the wildcard algorithm.
|
||||
*
|
||||
* This function overwrites any algorithm policy
|
||||
* previously set in \p attributes.
|
||||
|
|
|
@ -866,6 +866,14 @@
|
|||
#define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000)
|
||||
#define PSA_MAC_TRUNCATION_OFFSET 16
|
||||
|
||||
/* In the encoding of a MAC algorithm, the bit corresponding to
|
||||
* #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
|
||||
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
|
||||
* algorithm policy can be used with any algorithm corresponding to the
|
||||
* same base class and having a (potentially truncated) MAC length greater or
|
||||
* equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
|
||||
#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
|
||||
|
||||
/** Macro to build a truncated MAC algorithm.
|
||||
*
|
||||
* A truncated MAC algorithm is identical to the corresponding MAC
|
||||
|
@ -899,8 +907,9 @@
|
|||
* MAC algorithm or if \p mac_length is too small or
|
||||
* too large for the specified MAC algorithm.
|
||||
*/
|
||||
#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
|
||||
(((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK) | \
|
||||
#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \
|
||||
(((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
|
||||
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \
|
||||
((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
|
||||
|
||||
/** Macro to build the base MAC algorithm corresponding to a truncated
|
||||
|
@ -915,8 +924,9 @@
|
|||
* \return Unspecified if \p alg is not a supported
|
||||
* MAC algorithm.
|
||||
*/
|
||||
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
|
||||
((mac_alg) & ~PSA_ALG_MAC_TRUNCATION_MASK)
|
||||
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
|
||||
((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | \
|
||||
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
|
||||
|
||||
/** Length to which a MAC algorithm is truncated.
|
||||
*
|
||||
|
@ -932,6 +942,34 @@
|
|||
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
|
||||
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
|
||||
|
||||
/** Macro to build a MAC minimum-MAC-length wildcard algorithm.
|
||||
*
|
||||
* A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms
|
||||
* sharing the same base algorithm, and where the (potentially truncated) MAC
|
||||
* length of the specific algorithm is equal to or larger then the wildcard
|
||||
* algorithm's minimum MAC length.
|
||||
*
|
||||
* \note When setting the minimum required MAC length to less than the
|
||||
* smallest MAC length allowed by the base algorithm, this effectively
|
||||
* becomes an 'any-MAC-length-allowed' policy for that base algorithm.
|
||||
*
|
||||
* \param mac_alg A MAC algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
|
||||
* is true).
|
||||
* \param min_mac_length Desired minimum length of the message authentication
|
||||
* code in bytes. This must be at most the untruncated
|
||||
* length of the MAC and must be at least 1.
|
||||
*
|
||||
* \return The corresponding MAC wildcard algorithm with the
|
||||
* specified minimum length.
|
||||
* \return Unspecified if \p mac_alg is not a supported MAC
|
||||
* algorithm or if \p min_mac_length is less than 1 or
|
||||
* too large for the specified MAC algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \
|
||||
( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | \
|
||||
PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
|
||||
|
||||
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
|
||||
/** The CBC-MAC construction over a block cipher
|
||||
*
|
||||
|
@ -1092,6 +1130,14 @@
|
|||
#define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000)
|
||||
#define PSA_AEAD_TAG_LENGTH_OFFSET 16
|
||||
|
||||
/* In the encoding of an AEAD algorithm, the bit corresponding to
|
||||
* #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
|
||||
* is a wildcard algorithm. A key with such wildcard algorithm as permitted
|
||||
* algorithm policy can be used with any algorithm corresponding to the
|
||||
* same base class and having a tag length greater than or equal to the one
|
||||
* encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
|
||||
#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
|
||||
|
||||
/** Macro to build a shortened AEAD algorithm.
|
||||
*
|
||||
* A shortened AEAD algorithm is similar to the corresponding AEAD
|
||||
|
@ -1111,10 +1157,26 @@
|
|||
* for the specified AEAD algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \
|
||||
(((aead_alg) & ~PSA_ALG_AEAD_TAG_LENGTH_MASK) | \
|
||||
(((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | \
|
||||
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \
|
||||
((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \
|
||||
PSA_ALG_AEAD_TAG_LENGTH_MASK))
|
||||
|
||||
/** Retrieve the tag length of a specified AEAD algorithm
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
|
||||
* is true).
|
||||
*
|
||||
* \return The tag length specified by the input algorithm.
|
||||
* \return Unspecified if \p alg is not a supported
|
||||
* AEAD algorithm or if \p tag_length is not valid
|
||||
* for the specified AEAD algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
|
||||
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
|
||||
PSA_AEAD_TAG_LENGTH_OFFSET )
|
||||
|
||||
/** Calculate the corresponding AEAD algorithm with the default tag length.
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
|
||||
|
@ -1134,6 +1196,34 @@
|
|||
PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \
|
||||
ref :
|
||||
|
||||
/** Macro to build an AEAD minimum-tag-length wildcard algorithm.
|
||||
*
|
||||
* A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms
|
||||
* sharing the same base algorithm, and where the tag length of the specific
|
||||
* algorithm is equal to or larger then the minimum tag length specified by the
|
||||
* wildcard algorithm.
|
||||
*
|
||||
* \note When setting the minimum required tag length to less than the
|
||||
* smallest tag length allowed by the base algorithm, this effectively
|
||||
* becomes an 'any-tag-length-allowed' policy for that base algorithm.
|
||||
*
|
||||
* \param aead_alg An AEAD algorithm identifier (value of type
|
||||
* #psa_algorithm_t such that
|
||||
* #PSA_ALG_IS_AEAD(\p aead_alg) is true).
|
||||
* \param min_tag_length Desired minimum length of the authentication tag in
|
||||
* bytes. This must be at least 1 and at most the largest
|
||||
* allowed tag length of the algorithm.
|
||||
*
|
||||
* \return The corresponding AEAD wildcard algorithm with the
|
||||
* specified minimum length.
|
||||
* \return Unspecified if \p aead_alg is not a supported
|
||||
* AEAD algorithm or if \p min_tag_length is less than 1
|
||||
* or too large for the specified AEAD algorithm.
|
||||
*/
|
||||
#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
|
||||
( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | \
|
||||
PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
|
||||
|
||||
#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200)
|
||||
/** RSA PKCS#1 v1.5 signature with hashing.
|
||||
*
|
||||
|
@ -1580,9 +1670,13 @@
|
|||
* \return This macro may return either 0 or 1 if \c alg is not a supported
|
||||
* algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_WILDCARD(alg) \
|
||||
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
|
||||
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
|
||||
#define PSA_ALG_IS_WILDCARD(alg) \
|
||||
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
|
||||
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
|
||||
PSA_ALG_IS_MAC(alg) ? \
|
||||
(alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
|
||||
PSA_ALG_IS_AEAD(alg) ? \
|
||||
(alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
|
||||
(alg) == PSA_ALG_ANY_HASH)
|
||||
|
||||
/**@}*/
|
||||
|
|
|
@ -545,6 +545,47 @@ static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
|
|||
return( slot->attr.bits );
|
||||
}
|
||||
|
||||
/** Check whether a given key type is valid for use with a given MAC algorithm
|
||||
*
|
||||
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
|
||||
* when called with the validated \p algorithm and \p key_type is well-defined.
|
||||
*
|
||||
* \param[in] algorithm The specific MAC algorithm (can be wildcard).
|
||||
* \param[in] key_type The key type of the key to be used with the
|
||||
* \p algorithm.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* The \p key_type is valid for use with the \p algorithm
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The \p key_type is not valid for use with the \p algorithm
|
||||
*/
|
||||
MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
|
||||
psa_algorithm_t algorithm,
|
||||
psa_key_type_t key_type )
|
||||
{
|
||||
if( PSA_ALG_IS_HMAC( algorithm ) )
|
||||
{
|
||||
if( key_type == PSA_KEY_TYPE_HMAC )
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) )
|
||||
{
|
||||
/* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
|
||||
* key. */
|
||||
if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) ==
|
||||
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
|
||||
{
|
||||
/* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
|
||||
* the block length (larger than 1) for block ciphers. */
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 )
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
}
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
/** Try to allocate a buffer to an empty key slot.
|
||||
*
|
||||
* \param[in,out] slot Key slot to attach buffer to.
|
||||
|
@ -657,6 +698,7 @@ psa_status_t psa_import_key_into_slot(
|
|||
* Return 0 (which allows no operation) on incompatibility.
|
||||
*/
|
||||
static psa_algorithm_t psa_key_policy_algorithm_intersection(
|
||||
psa_key_type_t key_type,
|
||||
psa_algorithm_t alg1,
|
||||
psa_algorithm_t alg2 )
|
||||
{
|
||||
|
@ -674,11 +716,92 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection(
|
|||
if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
|
||||
return( alg1 );
|
||||
}
|
||||
/* If the policies are from the same AEAD family, check whether
|
||||
* one of them is a minimum-tag-length wildcard. Calculate the most
|
||||
* restrictive tag length. */
|
||||
if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
|
||||
( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
|
||||
{
|
||||
size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
|
||||
size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
|
||||
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
|
||||
|
||||
/* If both are wildcards, return most restrictive wildcard */
|
||||
if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
|
||||
( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
|
||||
{
|
||||
return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
|
||||
alg1, restricted_len ) );
|
||||
}
|
||||
/* If only one is a wildcard, return specific algorithm if compatible. */
|
||||
if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
|
||||
( alg1_len <= alg2_len ) )
|
||||
{
|
||||
return( alg2 );
|
||||
}
|
||||
if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
|
||||
( alg2_len <= alg1_len ) )
|
||||
{
|
||||
return( alg1 );
|
||||
}
|
||||
}
|
||||
/* If the policies are from the same MAC family, check whether one
|
||||
* of them is a minimum-MAC-length policy. Calculate the most
|
||||
* restrictive tag length. */
|
||||
if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
|
||||
( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
|
||||
PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
|
||||
{
|
||||
/* Validate the combination of key type and algorithm. Since the base
|
||||
* algorithm of alg1 and alg2 are the same, we only need this once. */
|
||||
if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
|
||||
return( 0 );
|
||||
|
||||
/* Get the (exact or at-least) output lengths for both sides of the
|
||||
* requested intersection. None of the currently supported algorithms
|
||||
* have an output length dependent on the actual key size, so setting it
|
||||
* to a bogus value of 0 is currently OK.
|
||||
*
|
||||
* Note that for at-least-this-length wildcard algorithms, the output
|
||||
* length is set to the shortest allowed length, which allows us to
|
||||
* calculate the most restrictive tag length for the intersection. */
|
||||
size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
|
||||
size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
|
||||
size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
|
||||
|
||||
/* If both are wildcards, return most restrictive wildcard */
|
||||
if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
|
||||
( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
|
||||
{
|
||||
return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) );
|
||||
}
|
||||
|
||||
/* If only one is an at-least-this-length policy, the intersection would
|
||||
* be the other (fixed-length) policy as long as said fixed length is
|
||||
* equal to or larger than the shortest allowed length. */
|
||||
if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
|
||||
{
|
||||
return( ( alg1_len <= alg2_len ) ? alg2 : 0 );
|
||||
}
|
||||
if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
|
||||
{
|
||||
return( ( alg2_len <= alg1_len ) ? alg1 : 0 );
|
||||
}
|
||||
|
||||
/* If none of them are wildcards, check whether they define the same tag
|
||||
* length. This is still possible here when one is default-length and
|
||||
* the other specific-length. Ensure to always return the
|
||||
* specific-length version for the intersection. */
|
||||
if( alg1_len == alg2_len )
|
||||
return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) );
|
||||
}
|
||||
/* If the policies are incompatible, allow nothing. */
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
|
||||
static int psa_key_algorithm_permits( psa_key_type_t key_type,
|
||||
psa_algorithm_t policy_alg,
|
||||
psa_algorithm_t requested_alg )
|
||||
{
|
||||
/* Common case: the policy only allows requested_alg. */
|
||||
|
@ -693,6 +816,63 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
|
|||
return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
|
||||
( requested_alg & ~PSA_ALG_HASH_MASK ) );
|
||||
}
|
||||
/* If policy_alg is a wildcard AEAD algorithm of the same base as
|
||||
* the requested algorithm, check the requested tag length to be
|
||||
* equal-length or longer than the wildcard-specified length. */
|
||||
if( PSA_ALG_IS_AEAD( policy_alg ) &&
|
||||
PSA_ALG_IS_AEAD( requested_alg ) &&
|
||||
( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
|
||||
( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
|
||||
{
|
||||
return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
|
||||
PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
|
||||
}
|
||||
/* If policy_alg is a MAC algorithm of the same base as the requested
|
||||
* algorithm, check whether their MAC lengths are compatible. */
|
||||
if( PSA_ALG_IS_MAC( policy_alg ) &&
|
||||
PSA_ALG_IS_MAC( requested_alg ) &&
|
||||
( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
|
||||
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
|
||||
{
|
||||
/* Validate the combination of key type and algorithm. Since the policy
|
||||
* and requested algorithms are the same, we only need this once. */
|
||||
if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
|
||||
return( 0 );
|
||||
|
||||
/* Get both the requested output length for the algorithm which is to be
|
||||
* verified, and the default output length for the base algorithm.
|
||||
* Note that none of the currently supported algorithms have an output
|
||||
* length dependent on actual key size, so setting it to a bogus value
|
||||
* of 0 is currently OK. */
|
||||
size_t requested_output_length = PSA_MAC_LENGTH(
|
||||
key_type, 0, requested_alg );
|
||||
size_t default_output_length = PSA_MAC_LENGTH(
|
||||
key_type, 0,
|
||||
PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
|
||||
|
||||
/* If the policy is default-length, only allow an algorithm with
|
||||
* a declared exact-length matching the default. */
|
||||
if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 )
|
||||
return( requested_output_length == default_output_length );
|
||||
|
||||
/* If the requested algorithm is default-length, allow it if the policy
|
||||
* length exactly matches the default length. */
|
||||
if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 &&
|
||||
PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
/* If policy_alg is an at-least-this-length wildcard MAC algorithm,
|
||||
* check for the requested MAC length to be equal to or longer than the
|
||||
* minimum allowed length. */
|
||||
if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
|
||||
{
|
||||
return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
|
||||
requested_output_length );
|
||||
}
|
||||
}
|
||||
/* If policy_alg is a generic key agreement operation, then using it for
|
||||
* a key derivation with that key agreement should also be allowed. This
|
||||
* behaviour is expected to be defined in a future specification version. */
|
||||
|
@ -702,23 +882,52 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
|
|||
return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
|
||||
policy_alg );
|
||||
}
|
||||
/* If it isn't permitted, it's forbidden. */
|
||||
/* If it isn't explicitly permitted, it's forbidden. */
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/** Test whether a policy permits an algorithm.
|
||||
*
|
||||
* The caller must test usage flags separately.
|
||||
*
|
||||
* \note This function requires providing the key type for which the policy is
|
||||
* being validated, since some algorithm policy definitions (e.g. MAC)
|
||||
* have different properties depending on what kind of cipher it is
|
||||
* combined with.
|
||||
*
|
||||
* \retval PSA_SUCCESS When \p alg is a specific algorithm
|
||||
* allowed by the \p policy.
|
||||
* \retval PSA_ERROR_INVALID_ARGUMENT When \p alg is not a specific algorithm
|
||||
* \retval PSA_ERROR_NOT_PERMITTED When \p alg is a specific algorithm, but
|
||||
* the \p policy does not allow it.
|
||||
*/
|
||||
static int psa_key_policy_permits( const psa_key_policy_t *policy,
|
||||
psa_algorithm_t alg )
|
||||
static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
|
||||
psa_key_type_t key_type,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
return( psa_key_algorithm_permits( policy->alg, alg ) ||
|
||||
psa_key_algorithm_permits( policy->alg2, alg ) );
|
||||
/* '0' is not a valid algorithm */
|
||||
if( alg == 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
/* A requested algorithm cannot be a wildcard. */
|
||||
if( PSA_ALG_IS_WILDCARD( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( psa_key_algorithm_permits( key_type, policy->alg, alg ) ||
|
||||
psa_key_algorithm_permits( key_type, policy->alg2, alg ) )
|
||||
return( PSA_SUCCESS );
|
||||
else
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
}
|
||||
|
||||
/** Restrict a key policy based on a constraint.
|
||||
*
|
||||
* \note This function requires providing the key type for which the policy is
|
||||
* being restricted, since some algorithm policy definitions (e.g. MAC)
|
||||
* have different properties depending on what kind of cipher it is
|
||||
* combined with.
|
||||
*
|
||||
* \param[in] key_type The key type for which to restrict the policy
|
||||
* \param[in,out] policy The policy to restrict.
|
||||
* \param[in] constraint The policy constraint to apply.
|
||||
*
|
||||
|
@ -726,17 +935,20 @@ static int psa_key_policy_permits( const psa_key_policy_t *policy,
|
|||
* \c *policy contains the intersection of the original value of
|
||||
* \c *policy and \c *constraint.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c *policy and \c *constraint are incompatible.
|
||||
* \c key_type, \c *policy and \c *constraint are incompatible.
|
||||
* \c *policy is unchanged.
|
||||
*/
|
||||
static psa_status_t psa_restrict_key_policy(
|
||||
psa_key_type_t key_type,
|
||||
psa_key_policy_t *policy,
|
||||
const psa_key_policy_t *constraint )
|
||||
{
|
||||
psa_algorithm_t intersection_alg =
|
||||
psa_key_policy_algorithm_intersection( policy->alg, constraint->alg );
|
||||
psa_key_policy_algorithm_intersection( key_type, policy->alg,
|
||||
constraint->alg );
|
||||
psa_algorithm_t intersection_alg2 =
|
||||
psa_key_policy_algorithm_intersection( policy->alg2, constraint->alg2 );
|
||||
psa_key_policy_algorithm_intersection( key_type, policy->alg2,
|
||||
constraint->alg2 );
|
||||
if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 )
|
||||
|
@ -751,7 +963,8 @@ static psa_status_t psa_restrict_key_policy(
|
|||
* and lock it.
|
||||
*
|
||||
* The key must have allow all the usage flags set in \p usage. If \p alg is
|
||||
* nonzero, the key must allow operations with this algorithm.
|
||||
* nonzero, the key must allow operations with this algorithm. If \p alg is
|
||||
* zero, the algorithm is not checked.
|
||||
*
|
||||
* In case of a persistent key, the function loads the description of the key
|
||||
* into a key slot if not already done.
|
||||
|
@ -780,13 +993,21 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy(
|
|||
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
|
||||
usage &= ~PSA_KEY_USAGE_EXPORT;
|
||||
|
||||
status = PSA_ERROR_NOT_PERMITTED;
|
||||
if( ( slot->attr.policy.usage & usage ) != usage )
|
||||
{
|
||||
status = PSA_ERROR_NOT_PERMITTED;
|
||||
goto error;
|
||||
}
|
||||
|
||||
/* Enforce that the usage policy permits the requested algortihm. */
|
||||
if( alg != 0 && ! psa_key_policy_permits( &slot->attr.policy, alg ) )
|
||||
goto error;
|
||||
if( alg != 0 )
|
||||
{
|
||||
status = psa_key_policy_permits( &slot->attr.policy,
|
||||
slot->attr.type,
|
||||
alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto error;
|
||||
}
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
|
||||
|
@ -1880,7 +2101,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
|
|||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_restrict_key_policy( &actual_attributes.core.policy,
|
||||
status = psa_restrict_key_policy( source_slot->attr.type,
|
||||
&actual_attributes.core.policy,
|
||||
&source_slot->attr.policy );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
@ -2553,7 +2775,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
|
|||
{
|
||||
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
|
||||
|
||||
operation->alg = alg;
|
||||
operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
|
||||
operation->key_set = 0;
|
||||
operation->iv_set = 0;
|
||||
operation->iv_required = 0;
|
||||
|
@ -2561,7 +2783,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
|
|||
operation->is_sign = 0;
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
if( alg == PSA_ALG_CMAC )
|
||||
if( operation->alg == PSA_ALG_CMAC )
|
||||
{
|
||||
operation->iv_required = 0;
|
||||
mbedtls_cipher_init( &operation->ctx.cmac );
|
||||
|
@ -2645,23 +2867,26 @@ bad_state:
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
static int psa_cmac_setup( psa_mac_operation_t *operation,
|
||||
size_t key_bits,
|
||||
psa_key_slot_t *slot,
|
||||
const mbedtls_cipher_info_t *cipher_info )
|
||||
static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation,
|
||||
psa_key_slot_t *slot )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
operation->mac_size = cipher_info->block_size;
|
||||
const mbedtls_cipher_info_t *cipher_info =
|
||||
mbedtls_cipher_info_from_psa( PSA_ALG_CMAC,
|
||||
slot->attr.type, slot->attr.bits,
|
||||
NULL );
|
||||
if( cipher_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
goto exit;
|
||||
|
||||
ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
|
||||
slot->key.data,
|
||||
key_bits );
|
||||
return( ret );
|
||||
slot->attr.bits );
|
||||
exit:
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
#endif /* MBEDTLS_CMAC_C */
|
||||
|
||||
|
@ -2737,11 +2962,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
|
|||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
size_t key_bits;
|
||||
psa_key_usage_t usage =
|
||||
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
|
||||
uint8_t truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
|
||||
psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
|
||||
|
||||
/* A context must be freshly initialized before it can be set up. */
|
||||
if( operation->alg != 0 )
|
||||
|
@ -2749,7 +2971,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
|
|||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
status = psa_mac_init( operation, full_length_alg );
|
||||
status = psa_mac_init( operation, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
if( is_sign )
|
||||
|
@ -2759,40 +2981,48 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
|
|||
key, &slot, usage, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
key_bits = psa_get_key_slot_bits( slot );
|
||||
|
||||
/* Validate the combination of key type and algorithm */
|
||||
status = psa_mac_key_can_do( alg, slot->attr.type );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
/* Get the output length for the algorithm and key combination. None of the
|
||||
* currently supported algorithms have an output length dependent on actual
|
||||
* key size, so setting it to a bogus value is currently OK. */
|
||||
operation->mac_size = PSA_MAC_LENGTH( slot->attr.type, 0, alg );
|
||||
|
||||
if( operation->mac_size < 4 )
|
||||
{
|
||||
/* A very short MAC is too short for security since it can be
|
||||
* brute-forced. Ancient protocols with 32-bit MACs do exist,
|
||||
* so we make this our minimum, even though 32 bits is still
|
||||
* too small for security. */
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( operation->mac_size >
|
||||
PSA_MAC_LENGTH( slot->attr.type, 0, PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
|
||||
{
|
||||
/* It's impossible to "truncate" to a larger length than the full length
|
||||
* of the algorithm. */
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
if( full_length_alg == PSA_ALG_CMAC )
|
||||
if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
|
||||
{
|
||||
const mbedtls_cipher_info_t *cipher_info =
|
||||
mbedtls_cipher_info_from_psa( full_length_alg,
|
||||
slot->attr.type, key_bits, NULL );
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
if( cipher_info == NULL )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
operation->mac_size = cipher_info->block_size;
|
||||
ret = psa_cmac_setup( operation, key_bits, slot, cipher_info );
|
||||
status = mbedtls_to_psa_error( ret );
|
||||
status = psa_cmac_setup( operation, slot );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_CMAC_C */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
|
||||
if( PSA_ALG_IS_HMAC( full_length_alg ) )
|
||||
if( PSA_ALG_IS_HMAC( alg ) )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg );
|
||||
if( hash_alg == 0 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
operation->mac_size = PSA_HASH_LENGTH( hash_alg );
|
||||
/* Sanity check. This shouldn't fail on a valid configuration. */
|
||||
if( operation->mac_size == 0 ||
|
||||
operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
|
||||
if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
|
@ -2807,35 +3037,14 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
|
|||
status = psa_hmac_setup_internal( &operation->ctx.hmac,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
hash_alg );
|
||||
PSA_ALG_HMAC_GET_HASH( alg ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
|
||||
{
|
||||
(void) key_bits;
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
if( truncated == 0 )
|
||||
{
|
||||
/* The "normal" case: untruncated algorithm. Nothing to do. */
|
||||
}
|
||||
else if( truncated < 4 )
|
||||
{
|
||||
/* A very short MAC is too short for security since it can be
|
||||
* brute-forced. Ancient protocols with 32-bit MACs do exist,
|
||||
* so we make this our minimum, even though 32 bits is still
|
||||
* too small for security. */
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
else if( truncated > operation->mac_size )
|
||||
{
|
||||
/* It's impossible to "truncate" to a larger length. */
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
else
|
||||
operation->mac_size = truncated;
|
||||
|
||||
exit:
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
#endif
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "common.h"
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
|
||||
|
@ -76,4 +77,10 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
|
|||
void (* entropy_free )( mbedtls_entropy_context *ctx ) );
|
||||
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
psa_status_t psa_mac_key_can_do(
|
||||
psa_algorithm_t algorithm,
|
||||
psa_key_type_t key_type );
|
||||
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
#endif /* PSA_CRYPTO_INVASIVE_H */
|
||||
|
|
|
@ -150,7 +150,11 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
|
|||
unsigned long length_modifier = NO_LENGTH_MODIFIER;
|
||||
if (PSA_ALG_IS_MAC(alg)) {
|
||||
core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
|
||||
if (core_alg != alg) {
|
||||
if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33);
|
||||
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
|
||||
} else if (core_alg != alg) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_TRUNCATED_MAC(", 22);
|
||||
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
|
||||
|
@ -160,6 +164,10 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
|
|||
if (core_alg == 0) {
|
||||
/* For unknown AEAD algorithms, there is no "default tag length". */
|
||||
core_alg = alg;
|
||||
} else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
|
||||
length_modifier = PSA_AEAD_TAG_LENGTH(alg);
|
||||
} else if (core_alg != alg) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);
|
||||
|
|
|
@ -100,7 +100,11 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
|
|||
unsigned long length_modifier = NO_LENGTH_MODIFIER;
|
||||
if (PSA_ALG_IS_MAC(alg)) {
|
||||
core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
|
||||
if (core_alg != alg) {
|
||||
if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33);
|
||||
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
|
||||
} else if (core_alg != alg) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_TRUNCATED_MAC(", 22);
|
||||
length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
|
||||
|
@ -110,6 +114,10 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
|
|||
if (core_alg == 0) {
|
||||
/* For unknown AEAD algorithms, there is no "default tag length". */
|
||||
core_alg = alg;
|
||||
} else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
|
||||
length_modifier = PSA_AEAD_TAG_LENGTH(alg);
|
||||
} else if (core_alg != alg) {
|
||||
append(&buffer, buffer_size, &required_size,
|
||||
"PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);
|
||||
|
|
|
@ -115,6 +115,8 @@ WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([
|
|||
'PSA_KEY_TYPE_NONE', # not a real key type
|
||||
'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise
|
||||
'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise
|
||||
'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', #only a modifier
|
||||
'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', #only a modifier
|
||||
|
||||
# Not implemented yet: cipher-related key types and algorithms.
|
||||
# Manually extracted from crypto_values.h.
|
||||
|
|
|
@ -101,7 +101,7 @@ class Inputs:
|
|||
# PSA_ALG_IS_xxx macros, but are also not currently assigned and are
|
||||
# not likely to be assigned in the near future.
|
||||
self.hash_algorithms = set(['0x020000fe']) # 0x020000ff is PSA_ALG_ANY_HASH
|
||||
self.mac_algorithms = set(['0x0300ffff'])
|
||||
self.mac_algorithms = set(['0x03007fff'])
|
||||
self.ka_algorithms = set(['0x09fc0000'])
|
||||
self.kdf_algorithms = set(['0x080000ff'])
|
||||
# For AEAD algorithms, the only variability is over the tag length,
|
||||
|
@ -146,6 +146,8 @@ class Inputs:
|
|||
self.arguments_for = {
|
||||
'mac_length': ['1', '63'],
|
||||
'tag_length': ['1', '63'],
|
||||
'min_mac_length': ['1', '63'],
|
||||
'min_tag_length': ['1', '63'],
|
||||
}
|
||||
|
||||
def get_names(self, type_word):
|
||||
|
|
|
@ -122,6 +122,12 @@ static int exercise_mac_key( mbedtls_svc_key_id_t key,
|
|||
unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
|
||||
size_t mac_length = sizeof( mac );
|
||||
|
||||
/* Convert wildcard algorithm to exercisable algorithm */
|
||||
if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
|
||||
{
|
||||
alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) );
|
||||
}
|
||||
|
||||
if( usage & PSA_KEY_USAGE_SIGN_HASH )
|
||||
{
|
||||
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
|
||||
|
@ -236,6 +242,12 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key,
|
|||
size_t ciphertext_length = sizeof( ciphertext );
|
||||
size_t plaintext_length = sizeof( ciphertext );
|
||||
|
||||
/* Convert wildcard algorithm to exercisable algorithm */
|
||||
if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
|
||||
{
|
||||
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) );
|
||||
}
|
||||
|
||||
/* Default IV length for AES-GCM is 12 bytes */
|
||||
if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ==
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ) )
|
||||
|
@ -243,6 +255,13 @@ static int exercise_aead_key( mbedtls_svc_key_id_t key,
|
|||
nonce_length = 12;
|
||||
}
|
||||
|
||||
/* IV length for CCM needs to be between 7 and 13 bytes */
|
||||
if( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ==
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ) )
|
||||
{
|
||||
nonce_length = 12;
|
||||
}
|
||||
|
||||
if( usage & PSA_KEY_USAGE_ENCRYPT )
|
||||
{
|
||||
PSA_ASSERT( psa_aead_encrypt( key, alg,
|
||||
|
|
|
@ -378,31 +378,95 @@ key_attributes_init:
|
|||
|
||||
PSA key policy: MAC, sign | verify
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key policy: MAC, wrong algorithm
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224)
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: MAC, alg=0 in policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: MAC, ANY_HASH in policy is not meaningful
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: MAC, sign but not verify
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key policy: MAC, verify but not sign
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key policy: MAC, neither sign nor verify
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, tag length > min-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS
|
||||
|
||||
PSA key policy: HMAC, sign-verify, tag length = min-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
|
||||
|
||||
PSA key policy: HMAC, sign-verify, tag length < min-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: CMAC, sign-verify, tag length > min-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS
|
||||
|
||||
PSA key policy: CMAC, sign-verify, tag length = min-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS
|
||||
|
||||
PSA key policy: CMAC, sign-verify, tag length < min-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, default tag length > min-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key policy: HMAC, sign-verify, default tag length = min-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key policy: HMAC, sign-verify, default tag length < min-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_CMAC_C
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different hash base)
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different algorithm)
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_CMAC_C
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, min-length policy used as algorithm
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key policy: HMAC, sign-verify, tag length > exact-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: HMAC, sign-verify, tag length = exact-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
|
||||
|
||||
PSA key policy: HMAC, sign-verify, tag length < exact-length policy
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: cipher, encrypt | decrypt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
|
@ -430,27 +494,83 @@ cipher_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_A
|
|||
|
||||
PSA key policy: AEAD, encrypt | decrypt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, wrong algorithm
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_GCM
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_GCM:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, alg=0 in policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_CCM
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":16:16:PSA_ALG_CCM:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, encrypt but not decrypt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, decrypt but not encrypt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
|
||||
aead_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, neither encrypt nor decrypt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:0:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM
|
||||
aead_key_policy:0:PSA_ALG_CCM:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, tag length > min-length policy, CCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, tag length = min-length policy, CCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, tag length < min-length policy, CCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, tag length > min-length policy, GCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":12:8:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8):PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, tag length = min-length policy, GCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":12:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 4):PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, tag length < min-length policy, GCM
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":12:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 4):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, default tag length > min-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, default tag length = min-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 16):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, default tag length < min-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 17):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:16:PSA_ALG_CCM:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, min-length policy, unmatched base alg
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_GCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 4):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, min-length policy used as algorithm
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key policy: AEAD, tag length > exact-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: AEAD, tag length = exact-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_SUCCESS
|
||||
|
||||
PSA key policy: AEAD, tag length < exact-length policy
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:4:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key policy: asymmetric encryption, encrypt | decrypt
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
|
@ -698,6 +818,78 @@ Copy fail: AES, incompatible target policy
|
|||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
|
||||
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy key: source=MAC min-length, target=MAC length > min-length
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
|
||||
|
||||
Copy key: source=MAC min-length, target=MAC length = min-length
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
|
||||
|
||||
Copy fail: source=MAC min-length, target=MAC length < min-length
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy key: source=MAC min-length, target=MAC min-length, src > tgt
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
|
||||
|
||||
Copy key: source=MAC min-length, target=MAC min-length, src = tgt
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
|
||||
|
||||
Copy key: source=MAC min-length, target=MAC min-length, src < tgt
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
|
||||
|
||||
Copy fail: source=MAC, target=MAC min-length > length
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy key: source=MAC, target=MAC min-length = length
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
|
||||
|
||||
Copy key: source=MAC, target=MAC min-length < length
|
||||
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
|
||||
copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
|
||||
|
||||
Copy key: source=AEAD min-length, target=AEAD length > min-length
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
|
||||
|
||||
Copy key: source=AEAD min-length, target=AEAD length = min-length
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0
|
||||
|
||||
Copy fail: source=AEAD min-length, target=AEAD length < min-length
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy key: source=AEAD min-length, target=AEAD min-length, src > tgt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
|
||||
|
||||
Copy key: source=AEAD min-length, target=AEAD min-length, src = tgt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
|
||||
|
||||
Copy key: source=AEAD min-length, target=AEAD min-length, src < tgt
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0
|
||||
|
||||
Copy fail: source=AEAD, target=AEAD min-length > length
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_fail:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Copy key: source=AEAD, target=AEAD min-length = length
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8):0
|
||||
|
||||
Copy key: source=AEAD, target=AEAD min-length < length
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0
|
||||
|
||||
Copy fail: RSA, incompatible target policy (source wildcard)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C
|
||||
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
@ -893,9 +1085,14 @@ PSA MAC setup: good, AES-CMAC
|
|||
depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C
|
||||
mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_SUCCESS
|
||||
|
||||
PSA MAC setup: bad algorithm (unknown MAC algorithm)
|
||||
PSA MAC setup: bad algorithm (HMAC without specified hash)
|
||||
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
|
||||
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm)
|
||||
depends_on:!PSA_WANT_ALG_MD2
|
||||
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_MD2):PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA MAC setup: bad algorithm (not a MAC algorithm)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
@ -915,7 +1112,7 @@ mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161
|
|||
PSA MAC setup: incompatible key HMAC for CMAC
|
||||
depends_on:MBEDTLS_CMAC_C
|
||||
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
|
||||
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
|
||||
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA MAC setup: algorithm known but not supported, long key
|
||||
depends_on:!MBEDTLS_MD5_C
|
||||
|
@ -1926,9 +2123,7 @@ sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb
|
|||
|
||||
PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15
|
||||
# Arguably the error should be INVALID_ARGUMENT, but NOT_SUPPORTED is simpler
|
||||
# to implement.
|
||||
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_NOT_SUPPORTED
|
||||
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA sign: RSA PKCS#1 v1.5 raw, input too large
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
|
||||
|
|
|
@ -834,12 +834,14 @@ void mac_key_policy( int policy_usage,
|
|||
int policy_alg,
|
||||
int key_type,
|
||||
data_t *key_data,
|
||||
int exercise_alg )
|
||||
int exercise_alg,
|
||||
int expected_status_arg )
|
||||
{
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
|
||||
psa_status_t status;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
unsigned char mac[PSA_MAC_MAX_SIZE];
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
@ -852,20 +854,19 @@ void mac_key_policy( int policy_usage,
|
|||
&key ) );
|
||||
|
||||
status = psa_mac_sign_setup( &operation, key, exercise_alg );
|
||||
if( policy_alg == exercise_alg &&
|
||||
( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
|
||||
PSA_ASSERT( status );
|
||||
else
|
||||
if( ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) == 0 )
|
||||
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
|
||||
else
|
||||
TEST_EQUAL( status, expected_status );
|
||||
|
||||
psa_mac_abort( &operation );
|
||||
|
||||
memset( mac, 0, sizeof( mac ) );
|
||||
status = psa_mac_verify_setup( &operation, key, exercise_alg );
|
||||
if( policy_alg == exercise_alg &&
|
||||
( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
|
||||
PSA_ASSERT( status );
|
||||
else
|
||||
if( ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) == 0 )
|
||||
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
|
||||
else
|
||||
TEST_EQUAL( status, expected_status );
|
||||
|
||||
exit:
|
||||
psa_mac_abort( &operation );
|
||||
|
@ -924,11 +925,13 @@ void aead_key_policy( int policy_usage,
|
|||
data_t *key_data,
|
||||
int nonce_length_arg,
|
||||
int tag_length_arg,
|
||||
int exercise_alg )
|
||||
int exercise_alg,
|
||||
int expected_status_arg )
|
||||
{
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_status_t status;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
unsigned char nonce[16] = {0};
|
||||
size_t nonce_length = nonce_length_arg;
|
||||
unsigned char tag[16];
|
||||
|
@ -953,9 +956,8 @@ void aead_key_policy( int policy_usage,
|
|||
NULL, 0,
|
||||
tag, tag_length,
|
||||
&output_length );
|
||||
if( policy_alg == exercise_alg &&
|
||||
( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
|
||||
PSA_ASSERT( status );
|
||||
if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
|
||||
TEST_EQUAL( status, expected_status );
|
||||
else
|
||||
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
|
||||
|
||||
|
@ -966,11 +968,12 @@ void aead_key_policy( int policy_usage,
|
|||
tag, tag_length,
|
||||
NULL, 0,
|
||||
&output_length );
|
||||
if( policy_alg == exercise_alg &&
|
||||
( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
|
||||
if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
|
||||
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
|
||||
else if( expected_status == PSA_SUCCESS )
|
||||
TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
|
||||
else
|
||||
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
|
||||
TEST_EQUAL( status, expected_status );
|
||||
|
||||
exit:
|
||||
psa_destroy_key( key );
|
||||
|
@ -1334,6 +1337,7 @@ void copy_success( int source_usage_arg,
|
|||
ASSERT_COMPARE( material->x, material->len,
|
||||
export_buffer, length );
|
||||
}
|
||||
|
||||
if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
|
||||
goto exit;
|
||||
if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
#endif
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "psa_crypto_invasive.h"
|
||||
|
||||
/* Flags for algorithm classification macros. There is a flag for every
|
||||
* algorithm classification macro PSA_ALG_IS_xxx except for the
|
||||
|
@ -158,6 +159,10 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
|
|||
/* Length */
|
||||
TEST_EQUAL( length, PSA_MAC_LENGTH( key_type, key_bits, alg ) );
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
PSA_ASSERT( psa_mac_key_can_do( alg, key_type ) );
|
||||
#endif
|
||||
|
||||
exit: ;
|
||||
}
|
||||
|
||||
|
@ -263,6 +268,52 @@ void mac_algorithm( int alg_arg, int classification_flags,
|
|||
PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC( truncated_alg, length ),
|
||||
PSA_ALG_TRUNCATED_MAC( alg, length ) );
|
||||
|
||||
/* Check that calling PSA_ALG_TRUNCATED_MAC on an algorithm
|
||||
* earlier constructed with PSA_ALG_AT_LEAST_THIS_LENGTH_MAC gives the
|
||||
* length of the outer truncation (even if the outer length is smaller
|
||||
* than the inner length). */
|
||||
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), 1 ),
|
||||
PSA_ALG_TRUNCATED_MAC( alg, 1 ) );
|
||||
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length - 1 ),
|
||||
PSA_ALG_TRUNCATED_MAC( alg, length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_TRUNCATED_MAC(
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( truncated_alg, n ), length ),
|
||||
PSA_ALG_TRUNCATED_MAC( alg, length ) );
|
||||
}
|
||||
|
||||
/* At-leat-this-length versions */
|
||||
for( n = 1; n <= length; n++ )
|
||||
{
|
||||
psa_algorithm_t policy_alg = PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, n );
|
||||
mac_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
|
||||
key_type, key_bits, n );
|
||||
TEST_EQUAL( PSA_ALG_FULL_LENGTH_MAC( policy_alg ), alg );
|
||||
/* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC twice gives the
|
||||
* length of the outer truncation (even if the outer length is smaller
|
||||
* than the inner length). */
|
||||
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, 1 ),
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
|
||||
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length - 1 ),
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( policy_alg, length ),
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
|
||||
|
||||
/* Check that calling PSA_ALG_AT_LEAST_THIS_LENGTH_MAC on an algorithm
|
||||
* earlier constructed with PSA_ALG_TRUNCATED_MAC gives the length of
|
||||
* the outer truncation (even if the outer length is smaller than the
|
||||
* inner length). */
|
||||
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
|
||||
PSA_ALG_TRUNCATED_MAC( policy_alg, n ), 1),
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, 1 ) );
|
||||
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
|
||||
PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length - 1 ),
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(
|
||||
PSA_ALG_TRUNCATED_MAC( policy_alg, n ), length ),
|
||||
PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg, length ) );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
@ -329,7 +380,7 @@ void aead_algorithm( int alg_arg, int classification_flags,
|
|||
aead_algorithm_core( truncated_alg, classification_flags, n );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ),
|
||||
alg );
|
||||
/* Check that calling PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG twice gives
|
||||
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives
|
||||
* the length of the outer truncation (even if the outer length is
|
||||
* smaller than the inner length). */
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, 1 ),
|
||||
|
@ -338,6 +389,52 @@ void aead_algorithm( int alg_arg, int classification_flags,
|
|||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG( truncated_alg, tag_length ),
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
|
||||
|
||||
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG on an algorithm
|
||||
* earlier constructed with PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
|
||||
* gives the length of the outer truncation (even if the outer length is
|
||||
* smaller than the inner length). */
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), 1 ),
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 1 ) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length - 1 ),
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_SHORTENED_TAG(
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( truncated_alg, n ), tag_length ),
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, tag_length ) );
|
||||
}
|
||||
|
||||
/* At-leat-this-length versions */
|
||||
for( n = 1; n <= tag_length; n++ )
|
||||
{
|
||||
psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n );
|
||||
aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD, n );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ),
|
||||
alg );
|
||||
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice
|
||||
* gives the length of the outer truncation (even if the outer length is
|
||||
* smaller than the inner length). */
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, 1 ),
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length - 1 ),
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( policy_alg, tag_length ),
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
|
||||
|
||||
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG on an
|
||||
* algorithm earlier constructed with PSA_ALG_AEAD_WITH_SHORTENED_TAG
|
||||
* gives the length of the outer truncation (even if the outer length is
|
||||
* smaller than the inner length). */
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), 1),
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, 1 ) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length - 1 ),
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length - 1) );
|
||||
TEST_EQUAL( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
|
||||
PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, n ), tag_length ),
|
||||
PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, tag_length ) );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
Loading…
Reference in a new issue