For must-fail asymmetric decryption tests, add an output size parameter
so that tests can directly control what output buffer size they allocate
and use independently from the key size used. This enables better
testing of behavior with various output buffer sizes.
When RSA decrypting, unlike with RSA encrypting, we sometimes expect the
output length will be less than the key size. For instance, in the case
where the plaintext is zero-length we expect the output length of the
decryption to be zero-length as well, not key size in length.
For must-fail tests, we don't expect output-buffer-sized RSA-decryption,
only that the output length is less than or equal to the output size, so
these tests remain unchanged.
Change the must-pass tests to expect that the actual output size is
equal to the expected length of the output buffer instead of always
being the key size.
In one place, exercise_key was used in a such a way that if the test
failed inside exercise_key, the test suite would correctly report the
test as failed but would not report the exact location of the failure.
Fix this.
Add documentation for exercise_key that explains how to use it.
Split the testing into tests that exercise policies in
test_suite_psa_crypto and tests that exercise slot content (slot
states, key material) in test_suite_psa_crypto_slot_management.
Test various cases of source and target policies with and without
wildcards. Missing: testing of the policy constraint on psa_copy_key
itself.
Test several key types (raw data, AES, RSA). Test with the
source or target being persistent.
Add failure tests (incompatible policies, source slot empty, target
slot occupied).
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.
As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.
Change the API and adapt the implementation, the units test and the
sample code accordingly.
You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.
Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.
Add new initializers for cipher operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
Add new initializers for MAC operation objects and use them in our tests
and library code. Prefer using the macro initializers due to their
straightforwardness.
Add new initializers for hash operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
Change the way some lines are wrapped to cut at a more logical place.
This commit mainly rewrites multi-line calls to TEST_EQUAL, and also a
few calls to PSA_ASSERT.
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):
perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==([^;=]*)\);$/${1}TEST_EQUAL($2,$3);/gm' tests/suites/test_suite_psa_*.function
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):
perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==\s*PSA_SUCCESS\s*\);$/${1}PSA_ASSERT($2 );/gm' tests/suites/test_suite_psa_*.function
Switch from the direct use of slot numbers to handles allocated by
psa_allocate_key.
This commit does not affect persistent key tests except for the one
test function in test_suite_psa_crypto that uses persistent keys
(persistent_key_load_key_from_storage).
The general principle for each function is:
* Change `psa_key_slot_t slot` to `psa_key_handle_t handle`.
* Call psa_allocate_key() before setting the policy of the slot,
or before creating key material in functions that don't set a policy.
* Some PSA_ERROR_EMPTY_SLOT errors become PSA_ERROR_INVALID_HANDLE
because there is now a distinction between not having a valid
handle, and having a valid handle to a slot that doesn't contain key
material.
* In tests that use symmetric keys, calculate the max_bits parameters
of psa_allocate_key() from the key data size. In tests where the key
may be asymmetric, call an auxiliary macro KEY_BITS_FROM_DATA which
returns an overapproximation. There's no good way to find a good
value for max_bits with the API, I think the API should be tweaked.
Allow use of persistent keys, including configuring them, importing and
exporting them, and destroying them.
When getting a slot using psa_get_key_slot, there are 3 scenarios that
can occur if the keys lifetime is persistent:
1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry:
- The key slot is treated as a standard empty key slot
2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists:
- Attempt to load the key from persistent storage
3. Key type is not PSA_KEY_TYPE_NONE:
- As checking persistent storage on every use of the key could
be expensive, the persistent key is assumed to be saved in
persistent storage, the in-memory key is continued to be used.
Add test cases that do key agreement with raw selection in pieces, to
validate that selection works even when the application doesn't read
everything in one chunk.
We had only allocated 40 bytes for printing into, but we wanted to print 46
bytes. Update the buffer to be 47 bytes, which is large enough to hold what
we want to print plus a terminating null byte.