mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-05-09 03:04:24 +02:00
Merge pull request #9025 from gilles-peskine-arm/psa-storage-test-cases-never-supported-2.28
Backport 2.28: Fix the detection of not-supported mechanisms in systematically generated PSA tests
This commit is contained in:
Gilles Peskine
@@ -2262,6 +2262,50 @@ exit:
|
||||
/* Message digests */
|
||||
/****************************************************************/
|
||||
|
||||
static int is_hash_supported(psa_algorithm_t alg)
|
||||
{
|
||||
switch (alg) {
|
||||
#if defined(PSA_WANT_ALG_MD2)
|
||||
case PSA_ALG_MD2:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_MD4)
|
||||
case PSA_ALG_MD4:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_MD5)
|
||||
case PSA_ALG_MD5:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_RIPEMD160)
|
||||
case PSA_ALG_RIPEMD160:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
case PSA_ALG_SHA_1:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_SHA_224)
|
||||
case PSA_ALG_SHA_224:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
case PSA_ALG_SHA_256:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
case PSA_ALG_SHA_384:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ALG_SHA_512)
|
||||
case PSA_ALG_SHA_512:
|
||||
return 1;
|
||||
#endif
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
|
||||
{
|
||||
/* Aborting a non-active operation is allowed */
|
||||
@@ -2916,16 +2960,44 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message,
|
||||
if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
}
|
||||
|
||||
if (PSA_ALG_IS_SIGN_HASH(alg)) {
|
||||
if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (!PSA_ALG_IS_SIGN_HASH(alg)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
psa_algorithm_t hash_alg = 0;
|
||||
if (PSA_ALG_IS_SIGN_HASH(alg)) {
|
||||
hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
|
||||
}
|
||||
|
||||
/* Now hash_alg==0 if alg by itself doesn't need a hash.
|
||||
* This is good enough for sign-hash, but a guaranteed failure for
|
||||
* sign-message which needs to hash first for all algorithms
|
||||
* supported at the moment. */
|
||||
|
||||
if (hash_alg == 0 && input_is_message) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
if (hash_alg == PSA_ALG_ANY_HASH) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
/* Give up immediately if the hash is not supported. This has
|
||||
* several advantages:
|
||||
* - For mechanisms that don't use the hash at all (e.g.
|
||||
* ECDSA verification, randomized ECDSA signature), without
|
||||
* this check, the operation would succeed even though it has
|
||||
* been given an invalid argument. This would not be insecure
|
||||
* since the hash was not necessary, but it would be weird.
|
||||
* - For mechanisms that do use the hash, we avoid an error
|
||||
* deep inside the execution. In principle this doesn't matter,
|
||||
* but there is a little more risk of a bug in error handling
|
||||
* deep inside than in this preliminary check.
|
||||
* - When calling a driver, the driver might be capable of using
|
||||
* a hash that the core doesn't support. This could potentially
|
||||
* result in a buffer overflow if the hash is larger than the
|
||||
* maximum hash size assumed by the core.
|
||||
* - Returning a consistent error makes it possible to test
|
||||
* not-supported hashes in a consistent way.
|
||||
*/
|
||||
if (hash_alg != 0 && !is_hash_supported(hash_alg)) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
return PSA_SUCCESS;
|
||||
|
||||
@@ -6,9 +6,10 @@
|
||||
|
||||
|
||||
import re
|
||||
from typing import Dict, FrozenSet, List, Optional
|
||||
from typing import Dict, FrozenSet, Iterator, List, Optional, Set
|
||||
|
||||
from . import macro_collector
|
||||
from . import test_case
|
||||
|
||||
|
||||
def psa_want_symbol(name: str) -> str:
|
||||
@@ -53,26 +54,6 @@ def automatic_dependencies(*expressions: str) -> List[str]:
|
||||
used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
|
||||
return sorted(psa_want_symbol(name) for name in used)
|
||||
|
||||
# A temporary hack: at the time of writing, not all dependency symbols
|
||||
# are implemented yet. Skip test cases for which the dependency symbols are
|
||||
# not available. Once all dependency symbols are available, this hack must
|
||||
# be removed so that a bug in the dependency symbols properly leads to a test
|
||||
# failure.
|
||||
def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
|
||||
return frozenset(symbol
|
||||
for line in open(filename)
|
||||
for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
|
||||
_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
|
||||
|
||||
def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
|
||||
global _implemented_dependencies #pylint: disable=global-statement,invalid-name
|
||||
if _implemented_dependencies is None:
|
||||
_implemented_dependencies = \
|
||||
read_implemented_dependencies('include/psa/crypto_config.h')
|
||||
if not all((dep.lstrip('!') in _implemented_dependencies or
|
||||
not dep.lstrip('!').startswith('PSA_WANT'))
|
||||
for dep in dependencies):
|
||||
dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
|
||||
|
||||
class Information:
|
||||
"""Gather information about PSA constructors."""
|
||||
@@ -84,8 +65,13 @@ class Information:
|
||||
def remove_unwanted_macros(
|
||||
constructors: macro_collector.PSAMacroEnumerator
|
||||
) -> None:
|
||||
# Mbed TLS doesn't support finite-field DH yet and will not support
|
||||
# finite-field DSA. Don't attempt to generate any related test case.
|
||||
"""Remove macros from consideration during value enumeration."""
|
||||
# Remove some mechanisms that are declared but not implemented.
|
||||
# The corresponding test cases would be commented out anyway
|
||||
# thanks to the detect_not_implemented_dependencies mechanism,
|
||||
# but for those particular key types, we don't even have enough
|
||||
# support in the test scripts to construct test keys. So
|
||||
# we arrange to not even attempt to generate test cases.
|
||||
constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
|
||||
constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
|
||||
constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
|
||||
@@ -104,3 +90,101 @@ class Information:
|
||||
self.remove_unwanted_macros(constructors)
|
||||
constructors.gather_arguments()
|
||||
return constructors
|
||||
|
||||
|
||||
class TestCase(test_case.TestCase):
|
||||
"""A PSA test case with automatically inferred dependencies.
|
||||
|
||||
For mechanisms like ECC curves where the support status includes
|
||||
the key bit-size, this class assumes that only one bit-size is
|
||||
involved in a given test case.
|
||||
"""
|
||||
|
||||
# Use a class variable to cache the set of implemented dependencies.
|
||||
# Call read_implemented_dependencies() to fill the cache.
|
||||
_implemented_dependencies = None #type: Optional[FrozenSet[str]]
|
||||
|
||||
DEPENDENCY_SYMBOL_RE = re.compile(r'\bPSA_WANT_\w+\b')
|
||||
@classmethod
|
||||
def _yield_implemented_dependencies(cls) -> Iterator[str]:
|
||||
for filename in ['include/psa/crypto_config.h',
|
||||
'include/mbedtls/config_psa.h']:
|
||||
with open(filename) as inp:
|
||||
content = inp.read()
|
||||
yield from cls.DEPENDENCY_SYMBOL_RE.findall(content)
|
||||
|
||||
@classmethod
|
||||
def read_implemented_dependencies(cls) -> FrozenSet[str]:
|
||||
if cls._implemented_dependencies is None:
|
||||
cls._implemented_dependencies = \
|
||||
frozenset(cls._yield_implemented_dependencies())
|
||||
# Redundant return to reassure pylint (mypy is fine without it).
|
||||
# Known issue: https://github.com/pylint-dev/pylint/issues/3045
|
||||
return cls._implemented_dependencies
|
||||
return cls._implemented_dependencies
|
||||
|
||||
# We skip test cases for which the dependency symbols are not defined.
|
||||
# We assume that this means that a required mechanism is not implemented.
|
||||
# Note that if we erroneously skip generating test cases for
|
||||
# mechanisms that are not implemented, this should be caught
|
||||
# by the NOT_SUPPORTED test cases generated by generate_psa_tests.py
|
||||
# in test_suite_psa_crypto_not_supported and test_suite_psa_crypto_op_fail:
|
||||
# those emit negative tests, which will not be skipped here.
|
||||
def detect_not_implemented_dependencies(self) -> None:
|
||||
"""Detect dependencies that are not implemented."""
|
||||
all_implemented_dependencies = self.read_implemented_dependencies()
|
||||
not_implemented = [dep
|
||||
for dep in self.dependencies
|
||||
if (dep.startswith('PSA_WANT') and
|
||||
dep not in all_implemented_dependencies)]
|
||||
if not_implemented:
|
||||
self.skip_because('not implemented: ' +
|
||||
' '.join(not_implemented))
|
||||
|
||||
def __init__(self) -> None:
|
||||
super().__init__()
|
||||
self.key_bits = None #type: Optional[int]
|
||||
self.negated_dependencies = set() #type: Set[str]
|
||||
|
||||
def assumes_not_supported(self, name: str) -> None:
|
||||
"""Negate the given mechanism for automatic dependency generation.
|
||||
|
||||
Call this function before set_arguments() for a test case that should
|
||||
run if the given mechanism is not supported.
|
||||
|
||||
A mechanism is either a PSA_XXX symbol (e.g. PSA_KEY_TYPE_AES,
|
||||
PSA_ALG_HMAC, etc.) or a PSA_WANT_XXX symbol.
|
||||
"""
|
||||
symbol = name
|
||||
if not symbol.startswith('PSA_WANT_'):
|
||||
symbol = psa_want_symbol(name)
|
||||
self.negated_dependencies.add(symbol)
|
||||
|
||||
def set_key_bits(self, key_bits: Optional[int]) -> None:
|
||||
"""Use the given key size for automatic dependency generation.
|
||||
|
||||
Call this function before set_arguments() if relevant.
|
||||
|
||||
This is only relevant for ECC and DH keys. For other key types,
|
||||
this information is ignored.
|
||||
"""
|
||||
self.key_bits = key_bits
|
||||
|
||||
def set_arguments(self, arguments: List[str]) -> None:
|
||||
"""Set test case arguments and automatically infer dependencies."""
|
||||
super().set_arguments(arguments)
|
||||
dependencies = automatic_dependencies(*arguments)
|
||||
# In test cases for not-supported features, the dependencies for
|
||||
# the not-supported feature(s) must be negated. We make sure that
|
||||
# all negated dependencies are present in the result, even in edge
|
||||
# cases where they would not be detected automatically (for example,
|
||||
# to restrict ECDSA-not-supported test cases to configurations
|
||||
# where neither deterministic ECDSA nor randomized ECDSA are supported,
|
||||
# to avoid the edge case that both ECDSA verifications are the same).
|
||||
dependencies = ([dep for dep in dependencies
|
||||
if dep not in self.negated_dependencies] +
|
||||
['!' + dep for dep in self.negated_dependencies])
|
||||
if self.key_bits is not None:
|
||||
dependencies = finish_family_dependencies(dependencies, self.key_bits)
|
||||
self.dependencies += sorted(dependencies)
|
||||
self.detect_not_implemented_dependencies()
|
||||
|
||||
@@ -31,6 +31,7 @@ class TestCase:
|
||||
self.dependencies = [] #type: List[str]
|
||||
self.function = None #type: Optional[str]
|
||||
self.arguments = [] #type: List[str]
|
||||
self.skip_reason = ''
|
||||
|
||||
def add_comment(self, *lines: str) -> None:
|
||||
self.comments += lines
|
||||
@@ -47,6 +48,23 @@ class TestCase:
|
||||
def set_arguments(self, arguments: List[str]) -> None:
|
||||
self.arguments = arguments
|
||||
|
||||
def skip_because(self, reason: str) -> None:
|
||||
"""Skip this test case.
|
||||
|
||||
It will be included in the output, but commented out.
|
||||
|
||||
This is intended for test cases that are obtained from a
|
||||
systematic enumeration, but that have dependencies that cannot
|
||||
be fulfilled. Since we don't want to have test cases that are
|
||||
never executed, we arrange not to have actual test cases. But
|
||||
we do include comments to make it easier to understand the output
|
||||
of test case generation.
|
||||
|
||||
reason must be a non-empty string explaining to humans why this
|
||||
test case is skipped.
|
||||
"""
|
||||
self.skip_reason = reason
|
||||
|
||||
def check_completeness(self) -> None:
|
||||
if self.description is None:
|
||||
raise MissingDescription
|
||||
@@ -67,10 +85,16 @@ class TestCase:
|
||||
out.write('\n')
|
||||
for line in self.comments:
|
||||
out.write('# ' + line + '\n')
|
||||
out.write(self.description + '\n')
|
||||
prefix = ''
|
||||
if self.skip_reason:
|
||||
prefix = '## '
|
||||
out.write('## # skipped because: ' + self.skip_reason + '\n')
|
||||
out.write(prefix + self.description + '\n')
|
||||
if self.dependencies:
|
||||
out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
|
||||
out.write(self.function + ':' + ':'.join(self.arguments) + '\n')
|
||||
out.write(prefix + 'depends_on:' +
|
||||
':'.join(self.dependencies) + '\n')
|
||||
out.write(prefix + self.function + ':' +
|
||||
':'.join(self.arguments) + '\n')
|
||||
|
||||
def write_data_file(filename: str,
|
||||
test_cases: Iterable[TestCase],
|
||||
|
||||
@@ -25,23 +25,21 @@ from mbedtls_dev import test_data_generation
|
||||
|
||||
def test_case_for_key_type_not_supported(
|
||||
verb: str, key_type: str, bits: int,
|
||||
dependencies: List[str],
|
||||
not_supported_mechanism: str,
|
||||
*args: str,
|
||||
param_descr: str = ''
|
||||
) -> test_case.TestCase:
|
||||
"""Return one test case exercising a key creation method
|
||||
for an unsupported key type or size.
|
||||
"""
|
||||
psa_information.hack_dependencies_not_implemented(dependencies)
|
||||
tc = test_case.TestCase()
|
||||
tc = psa_information.TestCase()
|
||||
short_key_type = crypto_knowledge.short_expression(key_type)
|
||||
adverb = 'not' if dependencies else 'never'
|
||||
if param_descr:
|
||||
adverb = param_descr + ' ' + adverb
|
||||
tc.set_description('PSA {} {} {}-bit {} supported'
|
||||
.format(verb, short_key_type, bits, adverb))
|
||||
tc.set_dependencies(dependencies)
|
||||
tc.set_description('PSA {} {} {}-bit{} not supported'
|
||||
.format(verb, short_key_type, bits,
|
||||
' ' + param_descr if param_descr else ''))
|
||||
tc.set_function(verb + '_not_supported')
|
||||
tc.set_key_bits(bits)
|
||||
tc.assumes_not_supported(not_supported_mechanism)
|
||||
tc.set_arguments([key_type] + list(args))
|
||||
return tc
|
||||
|
||||
@@ -71,34 +69,27 @@ class KeyTypeNotSupported:
|
||||
# Don't generate test cases for key types that are always supported.
|
||||
# They would be skipped in all configurations, which is noise.
|
||||
return
|
||||
import_dependencies = [('!' if param is None else '') +
|
||||
psa_information.psa_want_symbol(kt.name)]
|
||||
if kt.params is not None:
|
||||
import_dependencies += [('!' if param == i else '') +
|
||||
psa_information.psa_want_symbol(sym)
|
||||
for i, sym in enumerate(kt.params)]
|
||||
if kt.name.endswith('_PUBLIC_KEY'):
|
||||
generate_dependencies = []
|
||||
if param is None:
|
||||
not_supported_mechanism = kt.name
|
||||
else:
|
||||
generate_dependencies = import_dependencies
|
||||
assert kt.params is not None
|
||||
not_supported_mechanism = kt.params[param]
|
||||
for bits in kt.sizes_to_test():
|
||||
yield test_case_for_key_type_not_supported(
|
||||
'import', kt.expression, bits,
|
||||
psa_information.finish_family_dependencies(import_dependencies, bits),
|
||||
not_supported_mechanism,
|
||||
test_case.hex_string(kt.key_material(bits)),
|
||||
param_descr=param_descr,
|
||||
)
|
||||
if not generate_dependencies and param is not None:
|
||||
# If generation is impossible for this key type, rather than
|
||||
# supported or not depending on implementation capabilities,
|
||||
# only generate the test case once.
|
||||
continue
|
||||
# For public key we expect that key generation fails with
|
||||
# INVALID_ARGUMENT. It is handled by KeyGenerate class.
|
||||
# Don't generate not-supported test cases for key generation of
|
||||
# public keys. Our implementation always returns
|
||||
# PSA_ERROR_INVALID_ARGUMENT when attempting to generate a
|
||||
# public key, so we cover this together with the positive cases
|
||||
# in the KeyGenerate class.
|
||||
if not kt.is_public():
|
||||
yield test_case_for_key_type_not_supported(
|
||||
'generate', kt.expression, bits,
|
||||
psa_information.finish_family_dependencies(generate_dependencies, bits),
|
||||
not_supported_mechanism,
|
||||
str(bits),
|
||||
param_descr=param_descr,
|
||||
)
|
||||
@@ -124,21 +115,18 @@ class KeyTypeNotSupported:
|
||||
|
||||
def test_case_for_key_generation(
|
||||
key_type: str, bits: int,
|
||||
dependencies: List[str],
|
||||
*args: str,
|
||||
result: str = ''
|
||||
) -> test_case.TestCase:
|
||||
"""Return one test case exercising a key generation.
|
||||
"""
|
||||
psa_information.hack_dependencies_not_implemented(dependencies)
|
||||
tc = test_case.TestCase()
|
||||
tc = psa_information.TestCase()
|
||||
short_key_type = crypto_knowledge.short_expression(key_type)
|
||||
tc.set_description('PSA {} {}-bit'
|
||||
.format(short_key_type, bits))
|
||||
tc.set_dependencies(dependencies)
|
||||
tc.set_function('generate_key')
|
||||
tc.set_key_bits(bits)
|
||||
tc.set_arguments([key_type] + list(args) + [result])
|
||||
|
||||
return tc
|
||||
|
||||
class KeyGenerate:
|
||||
@@ -160,28 +148,25 @@ class KeyGenerate:
|
||||
PSA_ERROR_INVALID_ARGUMENT status is expected.
|
||||
"""
|
||||
result = 'PSA_SUCCESS'
|
||||
|
||||
import_dependencies = [psa_information.psa_want_symbol(kt.name)]
|
||||
if kt.params is not None:
|
||||
import_dependencies += [psa_information.psa_want_symbol(sym)
|
||||
for i, sym in enumerate(kt.params)]
|
||||
if kt.name.endswith('_PUBLIC_KEY'):
|
||||
# The library checks whether the key type is a public key generically,
|
||||
# before it reaches a point where it needs support for the specific key
|
||||
# type, so it returns INVALID_ARGUMENT for unsupported public key types.
|
||||
generate_dependencies = []
|
||||
result = 'PSA_ERROR_INVALID_ARGUMENT'
|
||||
else:
|
||||
generate_dependencies = import_dependencies
|
||||
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
|
||||
generate_dependencies.append("MBEDTLS_GENPRIME")
|
||||
for bits in kt.sizes_to_test():
|
||||
yield test_case_for_key_generation(
|
||||
tc = test_case_for_key_generation(
|
||||
kt.expression, bits,
|
||||
psa_information.finish_family_dependencies(generate_dependencies, bits),
|
||||
str(bits),
|
||||
result
|
||||
)
|
||||
if result == 'PSA_ERROR_INVALID_ARGUMENT':
|
||||
# The library checks whether the key type is a public key generically,
|
||||
# before it reaches a point where it needs support for the specific key
|
||||
# type, so it returns INVALID_ARGUMENT for unsupported public key types.
|
||||
tc.set_dependencies([])
|
||||
elif kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
|
||||
# A necessary deviation because PSA_WANT symbols don't
|
||||
# distinguish between key generation and usage, but for
|
||||
# RSA key generation has an extra requirement.
|
||||
tc.dependencies.insert(0, 'MBEDTLS_GENPRIME')
|
||||
yield tc
|
||||
|
||||
def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
|
||||
"""Generate test cases that exercise the generation of keys."""
|
||||
@@ -223,7 +208,7 @@ class OpFail:
|
||||
) -> test_case.TestCase:
|
||||
"""Construct a failure test case for a one-key or keyless operation."""
|
||||
#pylint: disable=too-many-arguments,too-many-locals
|
||||
tc = test_case.TestCase()
|
||||
tc = psa_information.TestCase()
|
||||
pretty_alg = alg.short_expression()
|
||||
if reason == self.Reason.NOT_SUPPORTED:
|
||||
short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
|
||||
@@ -242,22 +227,22 @@ class OpFail:
|
||||
pretty_alg,
|
||||
pretty_reason,
|
||||
' with ' + pretty_type if pretty_type else ''))
|
||||
dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
|
||||
for i, dep in enumerate(dependencies):
|
||||
if dep in not_deps:
|
||||
dependencies[i] = '!' + dep
|
||||
tc.set_dependencies(dependencies)
|
||||
tc.set_function(category.name.lower() + '_fail')
|
||||
arguments = [] # type: List[str]
|
||||
if kt:
|
||||
key_material = kt.key_material(kt.sizes_to_test()[0])
|
||||
bits = kt.sizes_to_test()[0]
|
||||
key_material = kt.key_material(bits)
|
||||
arguments += [key_type, test_case.hex_string(key_material)]
|
||||
tc.set_key_bits(bits)
|
||||
arguments.append(alg.expression)
|
||||
if category.is_asymmetric():
|
||||
arguments.append('1' if reason == self.Reason.PUBLIC else '0')
|
||||
private_only = (reason == self.Reason.PUBLIC)
|
||||
arguments.append('1' if private_only else '0')
|
||||
error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
|
||||
'INVALID_ARGUMENT')
|
||||
arguments.append('PSA_ERROR_' + error)
|
||||
for dep in not_deps:
|
||||
tc.assumes_not_supported(dep)
|
||||
tc.set_arguments(arguments)
|
||||
return tc
|
||||
|
||||
@@ -288,9 +273,25 @@ class OpFail:
|
||||
if key_is_compatible and alg.can_do(category):
|
||||
# Compatible key and operation, unsupported algorithm
|
||||
for dep in psa_information.automatic_dependencies(alg.base_expression):
|
||||
deps = [dep]
|
||||
# Special case: if one of deterministic/randomized
|
||||
# ECDSA is supported but not the other, then the one
|
||||
# that is not supported in the signature direction is
|
||||
# still supported in the verification direction,
|
||||
# because the two verification algorithms are
|
||||
# identical. This property is how Mbed TLS chooses to
|
||||
# behave, the specification would also allow it to
|
||||
# reject the algorithm. In the generated test cases,
|
||||
# we avoid this difficulty by not running the
|
||||
# not-supported test case when exactly one of the
|
||||
# two variants is supported.
|
||||
if dep == 'PSA_WANT_ALG_DETERMINISTIC_ECDSA':
|
||||
deps.append('PSA_WANT_ALG_ECDSA')
|
||||
elif dep == 'PSA_WANT_ALG_ECDSA':
|
||||
deps.append('PSA_WANT_ALG_DETERMINISTIC_ECDSA')
|
||||
yield self.make_test_case(alg, category,
|
||||
self.Reason.NOT_SUPPORTED,
|
||||
kt=kt, not_deps=frozenset([dep]))
|
||||
kt=kt, not_deps=frozenset(deps))
|
||||
# Public key for a private-key operation
|
||||
if category.is_asymmetric() and kt.is_public():
|
||||
yield self.make_test_case(alg, category,
|
||||
@@ -461,14 +462,9 @@ class StorageFormat:
|
||||
correctly.
|
||||
"""
|
||||
verb = 'save' if self.forward else 'read'
|
||||
tc = test_case.TestCase()
|
||||
tc = psa_information.TestCase()
|
||||
tc.set_description(verb + ' ' + key.description)
|
||||
dependencies = psa_information.automatic_dependencies(
|
||||
key.lifetime.string, key.type.string,
|
||||
key.alg.string, key.alg2.string,
|
||||
)
|
||||
dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
|
||||
tc.set_dependencies(dependencies)
|
||||
tc.set_key_bits(key.bits)
|
||||
tc.set_function('key_storage_' + verb)
|
||||
if self.forward:
|
||||
extra_arguments = []
|
||||
|
||||
@@ -2752,6 +2752,29 @@ PSA verify hash with keypair: ECDSA SECP256R1, good
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||
verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
|
||||
|
||||
# The next 4 test cases check what happens if only one of the two ECDSA
|
||||
# variants is supported. The ECDSA variants (deterministic and randomized)
|
||||
# are different signature algorithms that can be enabled independently,
|
||||
# but they have the same verification. Mbed TLS accepts either variant
|
||||
# as the algorithm requested for verification even if that variant is not
|
||||
# supported. Test that this works. It would also be acceptable if the
|
||||
# library returned NOT_SUPPORTED in this case.
|
||||
PSA verify hash: ECDSA SECP256R1, only deterministic supported
|
||||
depends_on:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||
verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
|
||||
|
||||
PSA verify hash with keypair: ECDSA SECP256R1, only deterministic supported
|
||||
depends_on:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||
verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
|
||||
|
||||
PSA verify hash: deterministic ECDSA SECP256R1, only randomized supported
|
||||
depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
|
||||
verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
|
||||
|
||||
PSA verify hash with keypair: determinitic ECDSA SECP256R1, only randomized supported
|
||||
depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
|
||||
verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
|
||||
|
||||
PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||
verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
|
||||
@@ -2817,14 +2840,14 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS
|
||||
sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C
|
||||
sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash (wildcard)
|
||||
PSA sign message: ECDSA SECP256R1, invalid hash (wildcard)
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
|
||||
sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"616263":64:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash algorithm (0)
|
||||
PSA sign message: ECDSA SECP256R1, invalid hash algorithm (0)
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
|
||||
sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(0):"616263":64:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
|
||||
@@ -109,11 +109,11 @@ depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
|
||||
generate_key:PSA_KEY_TYPE_RAW_DATA:128:PSA_SUCCESS:
|
||||
|
||||
PSA RSA_KEY_PAIR 1024-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME
|
||||
depends_on:MBEDTLS_GENPRIME:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_SUCCESS:
|
||||
|
||||
PSA RSA_KEY_PAIR 1536-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME
|
||||
depends_on:MBEDTLS_GENPRIME:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_SUCCESS:
|
||||
|
||||
PSA RSA_PUBLIC_KEY 1024-bit
|
||||
@@ -122,48 +122,56 @@ generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ERROR_INVALID_ARGUMENT:
|
||||
PSA RSA_PUBLIC_KEY 1536-bit
|
||||
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_160
|
||||
## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
|
||||
## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_192
|
||||
## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit
|
||||
## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_224
|
||||
## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit
|
||||
## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256
|
||||
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_320
|
||||
## PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit
|
||||
## depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384
|
||||
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512
|
||||
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_160
|
||||
## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_192
|
||||
## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_224
|
||||
## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_BRAINPOOL_P_R1_320
|
||||
## PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_ERROR_INVALID_ARGUMENT:
|
||||
@@ -172,11 +180,11 @@ PSA ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(MONTGOMERY) 255-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255
|
||||
depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(MONTGOMERY) 448-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
|
||||
depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(MONTGOMERY) 255-bit
|
||||
@@ -186,44 +194,46 @@ PSA ECC_PUBLIC_KEY(MONTGOMERY) 448-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_K1) 192-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_192
|
||||
depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_K1) 225-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_225:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):225:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECP_K1_225
|
||||
## PSA ECC_KEY_PAIR(SECP_K1) 225-bit
|
||||
## depends_on:PSA_WANT_ECC_SECP_K1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):225:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_K1) 256-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_256
|
||||
depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECP_K1) 192-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECP_K1) 225-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):225:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECP_K1_225
|
||||
## PSA ECC_PUBLIC_KEY(SECP_K1) 225-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):225:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECP_K1) 256-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_R1) 192-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_192
|
||||
depends_on:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):192:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_R1) 224-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_224
|
||||
depends_on:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):224:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_R1) 256-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
|
||||
depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_R1) 384-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384
|
||||
depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_R1) 521-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521
|
||||
depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECP_R1) 192-bit
|
||||
@@ -241,109 +251,139 @@ generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384:PSA_ERROR_I
|
||||
PSA ECC_PUBLIC_KEY(SECP_R1) 521-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECP_R2) 160-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECP_R2_160
|
||||
## PSA ECC_KEY_PAIR(SECP_R2) 160-bit
|
||||
## depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECP_R2) 160-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECP_R2_160
|
||||
## PSA ECC_PUBLIC_KEY(SECP_R2) 160-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_K1) 163-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_163
|
||||
## PSA ECC_KEY_PAIR(SECT_K1) 163-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_K1) 233-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_233
|
||||
## PSA ECC_KEY_PAIR(SECT_K1) 233-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_K1) 239-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_239
|
||||
## PSA ECC_KEY_PAIR(SECT_K1) 239-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_K1) 283-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_283
|
||||
## PSA ECC_KEY_PAIR(SECT_K1) 283-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_K1) 409-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_409
|
||||
## PSA ECC_KEY_PAIR(SECT_K1) 409-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_K1) 571-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_571
|
||||
## PSA ECC_KEY_PAIR(SECT_K1) 571-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_K1) 163-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_163
|
||||
## PSA ECC_PUBLIC_KEY(SECT_K1) 163-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_K1) 233-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_233
|
||||
## PSA ECC_PUBLIC_KEY(SECT_K1) 233-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_K1) 239-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_239
|
||||
## PSA ECC_PUBLIC_KEY(SECT_K1) 239-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_K1) 283-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_283
|
||||
## PSA ECC_PUBLIC_KEY(SECT_K1) 283-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_K1) 409-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_409
|
||||
## PSA ECC_PUBLIC_KEY(SECT_K1) 409-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_K1) 571-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_K1_571
|
||||
## PSA ECC_PUBLIC_KEY(SECT_K1) 571-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_R1) 163-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_163
|
||||
## PSA ECC_KEY_PAIR(SECT_R1) 163-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_R1) 233-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_233
|
||||
## PSA ECC_KEY_PAIR(SECT_R1) 233-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_R1) 283-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_283
|
||||
## PSA ECC_KEY_PAIR(SECT_R1) 283-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_R1) 409-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_409
|
||||
## PSA ECC_KEY_PAIR(SECT_R1) 409-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_R1) 571-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_571
|
||||
## PSA ECC_KEY_PAIR(SECT_R1) 571-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_R1) 163-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_163
|
||||
## PSA ECC_PUBLIC_KEY(SECT_R1) 163-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_R1) 233-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_233
|
||||
## PSA ECC_PUBLIC_KEY(SECT_R1) 233-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_R1) 283-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_283
|
||||
## PSA ECC_PUBLIC_KEY(SECT_R1) 283-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_R1) 409-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_409
|
||||
## PSA ECC_PUBLIC_KEY(SECT_R1) 409-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_R1) 571-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R1_571
|
||||
## PSA ECC_PUBLIC_KEY(SECT_R1) 571-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(SECT_R2) 163-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R2_163
|
||||
## PSA ECC_KEY_PAIR(SECT_R2) 163-bit
|
||||
## depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(SECT_R2) 163-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_SECT_R2_163
|
||||
## PSA ECC_PUBLIC_KEY(SECT_R2) 163-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_255
|
||||
## PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
|
||||
## depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit
|
||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_SUCCESS:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_448
|
||||
## PSA ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit
|
||||
## depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
## generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_SUCCESS:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_255
|
||||
## PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit
|
||||
generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_ERROR_INVALID_ARGUMENT:
|
||||
## # skipped because: not implemented: PSA_WANT_ECC_TWISTED_EDWARDS_448
|
||||
## PSA ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit
|
||||
## generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_ERROR_INVALID_ARGUMENT:
|
||||
|
||||
# End of automatically generated file.
|
||||
|
||||
@@ -20,10 +20,28 @@ void import_not_supported(int key_type, data_t *key_material)
|
||||
|
||||
PSA_ASSERT(psa_crypto_init());
|
||||
psa_set_key_type(&attributes, key_type);
|
||||
TEST_EQUAL(psa_import_key(&attributes,
|
||||
key_material->x, key_material->len,
|
||||
&key_id),
|
||||
PSA_ERROR_NOT_SUPPORTED);
|
||||
psa_status_t actual_status =
|
||||
psa_import_key(&attributes, key_material->x, key_material->len, &key_id);
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
if (actual_status == PSA_ERROR_INVALID_ARGUMENT) {
|
||||
/* Edge case: when importing an ECC public key with an unspecified
|
||||
* bit-size (as we do here), the implementation of psa_import_key()
|
||||
* infers the bit-size from the input. If the key type specifies an
|
||||
* unknown curve, the validation might reject the data as invalid
|
||||
* before it checks that the curve is supported. If so, that's ok.
|
||||
* In practice, at the time of writing, this happens with Ed25519,
|
||||
* for which a valid but unsupported 32-byte input causes
|
||||
* psa_import_key() to fail because it assumes a Weierstrass curve
|
||||
* which must have an odd-length encoding.
|
||||
*
|
||||
* In other cases, we do not expect an INVALID_ARGUMENT error here. */
|
||||
TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(key_type));
|
||||
} else
|
||||
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
|
||||
{
|
||||
TEST_EQUAL(actual_status, PSA_ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT));
|
||||
|
||||
exit:
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -232,8 +232,8 @@ void sign_fail(int key_type_arg, data_t *key_data,
|
||||
input, sizeof(input),
|
||||
output, sizeof(output), &length));
|
||||
if (!private_only) {
|
||||
/* Determine a plausible signature size to avoid an INVALID_SIGNATURE
|
||||
* error based on this. */
|
||||
/* Construct a signature candidate of a plausible size to avoid an
|
||||
* INVALID_SIGNATURE error based on an early size verification. */
|
||||
PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
|
||||
size_t key_bits = psa_get_key_bits(&attributes);
|
||||
size_t output_length = sizeof(output);
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -43,3 +43,24 @@ sign_fail:PSA_KEY_TYPE_AES:"48657265006973206b6579a064617461":PSA_ALG_RSA_PSS(PS
|
||||
PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair
|
||||
depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
|
||||
sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
# There is a special case with ECDSA: deterministic and randomized ECDSA are
|
||||
# different signature algorithms that can be enabled independently, but
|
||||
# the verification algorithms are the same. Mbed TLS supports verification
|
||||
# of either variant when either variant is enabled. (It would also be correct
|
||||
# to reject the not-supported algorithm, but it would require a few more lines
|
||||
# of code.) In the automatically generated test cases, we avoid this difficulty
|
||||
# by making the not-supported test cases require neither variant to be
|
||||
# enabled. Here, test the signature operation when one variant is supported
|
||||
# but not the other. Testing the positive cases for the verification
|
||||
# operation is the job of test_suite_psa_crypto.
|
||||
#
|
||||
# We only test with one curve and one hash, because we know from a gray-box
|
||||
# approach that the curve and hash don't matter here.
|
||||
PSA sign DETERMINISTIC_ECDSA(SHA_256): !DETERMINISTIC_ECDSA but ECDSA with ECC_KEY_PAIR(SECP_R1)
|
||||
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):1:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)
|
||||
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
|
||||
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190":PSA_ALG_ECDSA(PSA_ALG_SHA_256):1:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
@@ -550,7 +550,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 */
|
||||
void mock_sign(int mock_sign_return_value, int expected_result)
|
||||
{
|
||||
psa_drv_se_t driver;
|
||||
@@ -611,7 +611,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 */
|
||||
void mock_verify(int mock_verify_return_value, int expected_result)
|
||||
{
|
||||
psa_drv_se_t driver;
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user