TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 30f77cdfc17e1a5dcac52f280c44b4ed87c79286^! / . / tests / suites / test_suite_psa_crypto.function
commit30f77cdfc17e1a5dcac52f280c44b4ed87c79286[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Jan 14 16:06:39 2019 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Jan 14 19:38:56 2019 +0100
tree894e4fb04b212615974b3892772f47d5719f4161
parentd35b489ce56fbaca81481a077a9c9cf261c7d876 [diff] [blame]
Add a hash wildcard value for hash-and-sign algorithm

You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.

Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6916bf4..24ffe80 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function

@@ -1660,13 +1660,19 @@
                                       int policy_alg,
                                       int key_type,
                                       data_t *key_data,
-                                      int exercise_alg )
+                                      int exercise_alg,
+                                      int payload_length_arg )
 {
     psa_key_handle_t handle = 0;
     psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
     psa_status_t status;
-    unsigned char payload[16] = {1};
-    size_t payload_length = sizeof( payload );
+    unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+    /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
+     * compatible with the policy and `payload_length_arg` is supposed to be
+     * a valid input length to sign. If `payload_length_arg <= 0`,
+     * `exercise_alg` is supposed to be forbidden by the policy. */
+    int compatible_alg = payload_length_arg > 0;
+    size_t payload_length = compatible_alg ? payload_length_arg : 0;
     unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
     size_t signature_length;
 
@@ -1685,8 +1691,7 @@
                                   payload, payload_length,
                                   signature, sizeof( signature ),
                                   &signature_length );
-    if( policy_alg == exercise_alg &&
-        ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
+    if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
         PSA_ASSERT( status );
     else
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@@ -1695,8 +1700,7 @@
     status = psa_asymmetric_verify( handle, exercise_alg,
                                     payload, payload_length,
                                     signature, sizeof( signature ) );
-    if( policy_alg == exercise_alg &&
-        ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
+    if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
         TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
     else
         TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );