TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 039bbbac3397a0d8b6b3d199b659a77acb88b816^! / .
commit039bbbac3397a0d8b6b3d199b659a77acb88b816[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Thu Feb 29 07:24:26 2024 +0100
committerValerio Setti <valerio.setti@nordicsemi.no>Mon Mar 11 11:34:58 2024 +0100
tree7b7c8f597022d0ff451c922425dc25854c651f0e
parent4114a54403e66dd136b289704c981572e4d306fd [diff]
test_suite_pk: destroy original xkey after pk_copy_from_psa() in pk_copy_from_psa_success()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 4ad0113..5cc924c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function

@@ -474,6 +474,27 @@
     return pub_key;
 }
 
+/* Create a copy of a PSA key with same usage and algorithm policy and destroy
+ * the original one. */
+mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id)
+{
+    psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT;
+    mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+
+    PSA_ASSERT(psa_get_key_attributes(orig_key_id, &orig_attr));
+    psa_set_key_usage_flags(&new_attr, psa_get_key_usage_flags(&orig_attr));
+    psa_set_key_algorithm(&new_attr, psa_get_key_algorithm(&orig_attr));
+
+    PSA_ASSERT(psa_copy_key(orig_key_id, &new_attr, &new_key_id));
+    psa_destroy_key(orig_key_id);
+
+exit:
+    psa_reset_key_attributes(&orig_attr);
+    psa_reset_key_attributes(&new_attr);
+    return new_key_id;
+}
+
 psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len,
                                psa_key_type_t type, psa_key_usage_t usage,
                                psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
@@ -2347,7 +2368,7 @@
     psa_key_type_t key_type = key_type_arg;
     psa_algorithm_t key_alg = key_alg_arg;
     psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
-                                PSA_KEY_USAGE_EXPORT;
+                                PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
     mbedtls_pk_context pk_priv, pk_pub;
     mbedtls_svc_key_id_t priv_key_id = MBEDTLS_SVC_KEY_ID_INIT;
     mbedtls_svc_key_id_t pub_key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -2378,16 +2399,20 @@
         key_usage |= PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
     }
 
-    /* Create a private key in PSA and create a PK context from it. */
+    /* Create both a private key and its public counterpart in PSA. */
     PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len,
                                  key_type, key_usage, key_alg, &priv_key_id));
-    TEST_EQUAL(mbedtls_pk_copy_from_psa(priv_key_id, &pk_priv), 0);
-
-    /* Generate a 2nd PK contex using only the public key derived from its private
-     * counterpart generated above. */
     pub_key_id = psa_pub_key_from_priv(priv_key_id);
+
+    /* Generate 2 PK contexts starting from the PSA keys we just created. */
+    TEST_EQUAL(mbedtls_pk_copy_from_psa(priv_key_id, &pk_priv), 0);
     TEST_EQUAL(mbedtls_pk_copy_from_psa(pub_key_id, &pk_pub), 0);
 
+    /* Destoy both PSA keys to prove that generated PK contexts are independent
+     * from them. */
+    priv_key_id = psa_copy_and_destroy(priv_key_id);
+    pub_key_id = psa_copy_and_destroy(pub_key_id);
+
     /* Test #1:
      * - check that the generated PK contexts are of the correct type.
      * - [only for RSA] check that the padding mode is correct.