tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used
anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 5fee0d7..9803f90 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -100,13 +100,13 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
- * Generate a key using PSA and return a handle to that key,
+ * Generate a key using PSA and return the key identifier of that key,
* or 0 if the key generation failed.
* The key uses NIST P-256 and is usable for signing with SHA-256.
*/
-psa_key_handle_t pk_psa_genkey( void )
+mbedtls_svc_key_id_t pk_psa_genkey( void )
{
- psa_key_handle_t key;
+ mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const psa_key_type_t type =
PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 );
@@ -133,7 +133,7 @@
void pk_psa_utils( )
{
mbedtls_pk_context pk, pk2;
- psa_key_handle_t key;
+ mbedtls_svc_key_id_t key;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const char * const name = "Opaque";
@@ -151,14 +151,14 @@
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
- TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, PSA_KEY_HANDLE_INIT ) ==
+ TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
mbedtls_pk_free( &pk );
mbedtls_pk_init( &pk );
key = pk_psa_genkey();
- if( psa_key_handle_is_null( key ) )
+ if( mbedtls_svc_key_id_is_null( key ) )
goto exit;
TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 );
@@ -1220,7 +1220,7 @@
unsigned char *pkey_legacy_start, *pkey_psa_start;
size_t sig_len, klen_legacy, klen_psa;
int ret;
- psa_key_handle_t handle;
+ mbedtls_svc_key_id_t key_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg );
size_t expected_bits = expected_bits_arg;
@@ -1252,10 +1252,10 @@
pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy;
/* Turn PK context into an opaque one. */
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle,
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id,
PSA_ALG_SHA_256 ) == 0 );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), expected_type );
TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
@@ -1280,7 +1280,7 @@
TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 );
mbedtls_pk_free( &pk );
- TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) );
+ TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) );
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start,
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 23d827e..9b113b4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -229,7 +229,7 @@
return( len );
}
-int check_key_attributes_sanity( psa_key_handle_t key )
+int check_key_attributes_sanity( mbedtls_svc_key_id_t key )
{
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -305,31 +305,29 @@
psa_mac_operation_t *operation,
psa_status_t *status )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
- &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
- *status = psa_mac_sign_setup( operation, handle, alg );
+ *status = psa_mac_sign_setup( operation, key, alg );
/* Whether setup succeeded or failed, abort must succeed. */
PSA_ASSERT( psa_mac_abort( operation ) );
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object. */
if( *status != PSA_SUCCESS )
{
- TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ),
- *status );
+ TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status );
}
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 1 );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 0 );
}
@@ -340,35 +338,34 @@
psa_cipher_operation_t *operation,
psa_status_t *status )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
- &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
- *status = psa_cipher_encrypt_setup( operation, handle, alg );
+ *status = psa_cipher_encrypt_setup( operation, key, alg );
/* Whether setup succeeded or failed, abort must succeed. */
PSA_ASSERT( psa_cipher_abort( operation ) );
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object. */
if( *status != PSA_SUCCESS )
{
- TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ),
+ TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ),
*status );
}
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 1 );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 0 );
}
-static int exercise_mac_key( psa_key_handle_t handle,
+static int exercise_mac_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -379,8 +376,7 @@
if( usage & PSA_KEY_USAGE_SIGN_HASH )
{
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_sign_finish( &operation,
@@ -394,8 +390,7 @@
( usage & PSA_KEY_USAGE_SIGN_HASH ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ),
@@ -409,7 +404,7 @@
return( 0 );
}
-static int exercise_cipher_key( psa_key_handle_t handle,
+static int exercise_cipher_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -424,8 +419,7 @@
if( usage & PSA_KEY_USAGE_ENCRYPT )
{
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation,
iv, sizeof( iv ),
&iv_length ) );
@@ -447,15 +441,14 @@
if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
/* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't
* have this macro yet. */
iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(
psa_get_key_type( &attributes ) );
maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
}
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, iv_length ) );
PSA_ASSERT( psa_cipher_update( &operation,
@@ -483,7 +476,7 @@
return( 0 );
}
-static int exercise_aead_key( psa_key_handle_t handle,
+static int exercise_aead_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -496,7 +489,7 @@
if( usage & PSA_KEY_USAGE_ENCRYPT )
{
- PSA_ASSERT( psa_aead_encrypt( handle, alg,
+ PSA_ASSERT( psa_aead_encrypt( key, alg,
nonce, nonce_length,
NULL, 0,
plaintext, sizeof( plaintext ),
@@ -510,7 +503,7 @@
( usage & PSA_KEY_USAGE_ENCRYPT ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce, nonce_length,
NULL, 0,
ciphertext, ciphertext_length,
@@ -525,7 +518,7 @@
return( 0 );
}
-static int exercise_signature_key( psa_key_handle_t handle,
+static int exercise_signature_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -554,7 +547,7 @@
* even for algorithms that allow other input sizes. */
if( hash_alg != 0 )
payload_length = PSA_HASH_SIZE( hash_alg );
- PSA_ASSERT( psa_sign_hash( handle, alg,
+ PSA_ASSERT( psa_sign_hash( key, alg,
payload, payload_length,
signature, sizeof( signature ),
&signature_length ) );
@@ -566,7 +559,7 @@
( usage & PSA_KEY_USAGE_SIGN_HASH ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_hash( handle, alg,
+ TEST_EQUAL( psa_verify_hash( key, alg,
payload, payload_length,
signature, signature_length ),
verify_status );
@@ -578,7 +571,7 @@
return( 0 );
}
-static int exercise_asymmetric_encryption_key( psa_key_handle_t handle,
+static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -589,7 +582,7 @@
if( usage & PSA_KEY_USAGE_ENCRYPT )
{
- PSA_ASSERT( psa_asymmetric_encrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
plaintext, plaintext_length,
NULL, 0,
ciphertext, sizeof( ciphertext ),
@@ -599,7 +592,7 @@
if( usage & PSA_KEY_USAGE_DECRYPT )
{
psa_status_t status =
- psa_asymmetric_decrypt( handle, alg,
+ psa_asymmetric_decrypt( key, alg,
ciphertext, ciphertext_length,
NULL, 0,
plaintext, sizeof( plaintext ),
@@ -617,7 +610,7 @@
}
static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation,
- psa_key_handle_t handle,
+ mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
unsigned char* input1, size_t input1_length,
unsigned char* input2, size_t input2_length,
@@ -631,7 +624,7 @@
input1, input1_length ) );
PSA_ASSERT( psa_key_derivation_input_key( operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle ) );
+ key ) );
PSA_ASSERT( psa_key_derivation_input_bytes( operation,
PSA_KEY_DERIVATION_INPUT_INFO,
input2,
@@ -645,7 +638,7 @@
input1, input1_length ) );
PSA_ASSERT( psa_key_derivation_input_key( operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle ) );
+ key ) );
PSA_ASSERT( psa_key_derivation_input_bytes( operation,
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length ) );
@@ -665,7 +658,7 @@
}
-static int exercise_key_derivation_key( psa_key_handle_t handle,
+static int exercise_key_derivation_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -679,7 +672,7 @@
if( usage & PSA_KEY_USAGE_DERIVE )
{
- if( !setup_key_derivation_wrap( &operation, handle, alg,
+ if( !setup_key_derivation_wrap( &operation, key, alg,
input1, input1_length,
input2, input2_length, capacity ) )
goto exit;
@@ -700,7 +693,7 @@
* private key against its own public key. */
static psa_status_t key_agreement_with_self(
psa_key_derivation_operation_t *operation,
- psa_key_handle_t handle )
+ mbedtls_svc_key_id_t key )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -713,18 +706,17 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( handle,
- public_key, public_key_length,
+ PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
&public_key_length ) );
status = psa_key_derivation_key_agreement(
- operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
+ operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
@@ -735,7 +727,7 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
- psa_key_handle_t handle )
+ mbedtls_svc_key_id_t key )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -750,17 +742,17 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( handle,
+ PSA_ASSERT( psa_export_public_key( key,
public_key, public_key_length,
&public_key_length ) );
- status = psa_raw_key_agreement( alg, handle,
+ status = psa_raw_key_agreement( alg, key,
public_key, public_key_length,
output, sizeof( output ), &output_length );
exit:
@@ -769,7 +761,7 @@
return( status );
}
-static int exercise_raw_key_agreement_key( psa_key_handle_t handle,
+static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -779,7 +771,7 @@
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) );
+ PSA_ASSERT( raw_key_agreement_with_self( alg, key ) );
}
ok = 1;
@@ -787,7 +779,7 @@
return( ok );
}
-static int exercise_key_agreement_key( psa_key_handle_t handle,
+static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -800,7 +792,7 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
+ PSA_ASSERT( key_agreement_with_self( &operation, key ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
@@ -1011,7 +1003,7 @@
return( 0 );
}
-static int exercise_export_key( psa_key_handle_t handle,
+static int exercise_export_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1020,12 +1012,12 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
{
- TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
+ TEST_EQUAL( psa_export_key( key, NULL, 0, &exported_length ),
PSA_ERROR_NOT_PERMITTED );
ok = 1;
goto exit;
@@ -1035,7 +1027,7 @@
psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( key,
exported, exported_size,
&exported_length ) );
ok = exported_key_sanity_check( psa_get_key_type( &attributes ),
@@ -1048,7 +1040,7 @@
return( ok );
}
-static int exercise_export_public_key( psa_key_handle_t handle )
+static int exercise_export_public_key( mbedtls_svc_key_id_t key )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t public_type;
@@ -1057,10 +1049,10 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
{
- TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ),
+ TEST_EQUAL( psa_export_public_key( key, NULL, 0, &exported_length ),
PSA_ERROR_INVALID_ARGUMENT );
return( 1 );
}
@@ -1071,7 +1063,7 @@
psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
- PSA_ASSERT( psa_export_public_key( handle,
+ PSA_ASSERT( psa_export_public_key( key,
exported, exported_size,
&exported_length ) );
ok = exported_key_sanity_check( public_type,
@@ -1103,7 +1095,7 @@
* if( ! exercise_key( ... ) ) goto exit;
* ```
*
- * \param handle The key to exercise. It should be capable of performing
+ * \param key The key to exercise. It should be capable of performing
* \p alg.
* \param usage The usage flags to assume.
* \param alg The algorithm to exercise.
@@ -1111,33 +1103,33 @@
* \retval 0 The key failed the smoke tests.
* \retval 1 The key passed the smoke tests.
*/
-static int exercise_key( psa_key_handle_t handle,
+static int exercise_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
int ok;
- if( ! check_key_attributes_sanity( handle ) )
+ if( ! check_key_attributes_sanity( key ) )
return( 0 );
if( alg == 0 )
ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
else if( PSA_ALG_IS_MAC( alg ) )
- ok = exercise_mac_key( handle, usage, alg );
+ ok = exercise_mac_key( key, usage, alg );
else if( PSA_ALG_IS_CIPHER( alg ) )
- ok = exercise_cipher_key( handle, usage, alg );
+ ok = exercise_cipher_key( key, usage, alg );
else if( PSA_ALG_IS_AEAD( alg ) )
- ok = exercise_aead_key( handle, usage, alg );
+ ok = exercise_aead_key( key, usage, alg );
else if( PSA_ALG_IS_SIGN( alg ) )
- ok = exercise_signature_key( handle, usage, alg );
+ ok = exercise_signature_key( key, usage, alg );
else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
- ok = exercise_asymmetric_encryption_key( handle, usage, alg );
+ ok = exercise_asymmetric_encryption_key( key, usage, alg );
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
- ok = exercise_key_derivation_key( handle, usage, alg );
+ ok = exercise_key_derivation_key( key, usage, alg );
else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
- ok = exercise_raw_key_agreement_key( handle, usage, alg );
+ ok = exercise_raw_key_agreement_key( key, usage, alg );
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- ok = exercise_key_agreement_key( handle, usage, alg );
+ ok = exercise_key_agreement_key( key, usage, alg );
else
{
char message[40];
@@ -1148,8 +1140,8 @@
ok = 0;
}
- ok = ok && exercise_export_key( handle, usage );
- ok = ok && exercise_export_public_key( handle );
+ ok = ok && exercise_export_key( key, usage );
+ ok = ok && exercise_export_public_key( key );
return( ok );
}
@@ -1182,7 +1174,7 @@
}
-static int test_operations_on_invalid_handle( psa_key_handle_t handle )
+static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
@@ -1194,7 +1186,7 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
+ TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
PSA_ERROR_DOES_NOT_EXIST );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
@@ -1206,10 +1198,9 @@
TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
- TEST_EQUAL( psa_export_key( handle,
- buffer, sizeof( buffer ), &length ),
+ TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
PSA_ERROR_DOES_NOT_EXIST );
- TEST_EQUAL( psa_export_public_key( handle,
+ TEST_EQUAL( psa_export_public_key( key,
buffer, sizeof( buffer ), &length ),
PSA_ERROR_DOES_NOT_EXIST );
@@ -1459,7 +1450,7 @@
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
@@ -1475,22 +1466,22 @@
status = psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle );
+ &key );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &got_attributes );
PSA_DONE( );
}
@@ -1503,7 +1494,7 @@
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t attr_bits = attr_bits_arg;
psa_status_t expected_status = expected_status_arg;
@@ -1514,22 +1505,22 @@
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, attr_bits );
- status = psa_import_key( &attributes, data->x, data->len, &handle );
+ status = psa_import_key( &attributes, data->x, data->len, &key );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
if( attr_bits != 0 )
TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &got_attributes );
PSA_DONE( );
}
@@ -1543,7 +1534,7 @@
size_t byte_size = byte_size_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
uint8_t *buffer = NULL;
size_t buffer_size = byte_size + 1;
@@ -1559,18 +1550,18 @@
/* Try importing the key */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, buffer, byte_size, &handle );
+ status = psa_import_key( &attributes, buffer, byte_size, &key );
TEST_EQUAL( status, expected_status );
if( status == PSA_SUCCESS )
{
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ),
PSA_BYTES_TO_BITS( byte_size ) );
ASSERT_NO_SLOT_NUMBER( &attributes );
memset( buffer, 0, byte_size + 1 );
- PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) );
+ PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) );
for( n = 0; n < byte_size; n++ )
TEST_EQUAL( buffer[n], 'K' );
for( n = byte_size; n < buffer_size; n++ )
@@ -1578,7 +1569,7 @@
}
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( buffer );
}
@@ -1587,7 +1578,7 @@
/* BEGIN_CASE */
void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t bits = bits_arg;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@@ -1610,11 +1601,11 @@
/* Try importing the key */
psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, p, length, &handle );
+ status = psa_import_key( &attributes, p, length, &key );
TEST_EQUAL( status, expected_status );
if( status == PSA_SUCCESS )
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
exit:
mbedtls_free( buffer );
@@ -1631,7 +1622,7 @@
int expected_export_status_arg,
int canonical_input )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_export_status = expected_export_status_arg;
@@ -1655,18 +1646,16 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
/* Export the key */
- status = psa_export_key( handle,
- exported, export_size,
- &exported_length );
+ status = psa_export_key( key, exported, export_size, &exported_length );
TEST_EQUAL( status, expected_export_status );
/* The exported length must be set by psa_export_key() to a value between 0
@@ -1683,30 +1672,30 @@
goto destroy;
}
- if( ! exercise_export_key( handle, usage_arg ) )
+ if( ! exercise_export_key( key, usage_arg ) )
goto exit;
if( canonical_input )
ASSERT_COMPARE( data->x, data->len, exported, exported_length );
else
{
- psa_key_handle_t handle2;
+ mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
- &handle2 ) );
- PSA_ASSERT( psa_export_key( handle2,
+ &key2 ) );
+ PSA_ASSERT( psa_export_key( key2,
reexported,
export_size,
&reexported_length ) );
ASSERT_COMPARE( exported, exported_length,
reexported, reexported_length );
- PSA_ASSERT( psa_close_key( handle2 ) );
+ PSA_ASSERT( psa_destroy_key( key2 ) );
}
TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
destroy:
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
mbedtls_free( exported );
@@ -1724,7 +1713,7 @@
int expected_export_status_arg,
data_t *expected_public_key )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_export_status = expected_export_status_arg;
@@ -1741,11 +1730,11 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
/* Export the public key */
ASSERT_ALLOC( exported, export_size );
- status = psa_export_public_key( handle,
+ status = psa_export_public_key( key,
exported, export_size,
&exported_length );
TEST_EQUAL( status, expected_export_status );
@@ -1753,7 +1742,7 @@
{
psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
size_t bits;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
bits = psa_get_key_bits( &attributes );
TEST_ASSERT( expected_public_key->len <=
PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
@@ -1763,7 +1752,7 @@
exit:
mbedtls_free( exported );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
@@ -1775,7 +1764,7 @@
int bits_arg,
int alg_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_algorithm_t alg = alg_arg;
@@ -1790,22 +1779,22 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &got_attributes );
PSA_DONE( );
}
@@ -1817,7 +1806,7 @@
int usage_arg, int expected_usage_arg,
int alg_arg, int expected_alg_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = type_arg;
psa_key_type_t expected_key_type = expected_type_arg;
size_t bits = bits_arg;
@@ -1835,17 +1824,17 @@
psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, bits );
- PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type );
TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
@@ -1903,7 +1892,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status;
@@ -1916,9 +1905,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_mac_sign_setup( &operation, handle, exercise_alg );
+ status = psa_mac_sign_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
PSA_ASSERT( status );
@@ -1927,7 +1916,7 @@
psa_mac_abort( &operation );
memset( mac, 0, sizeof( mac ) );
- status = psa_mac_verify_setup( &operation, handle, exercise_alg );
+ status = psa_mac_verify_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
PSA_ASSERT( status );
@@ -1936,7 +1925,7 @@
exit:
psa_mac_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -1948,7 +1937,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_status_t status;
@@ -1960,9 +1949,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
+ status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
PSA_ASSERT( status );
@@ -1970,7 +1959,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
psa_cipher_abort( &operation );
- status = psa_cipher_decrypt_setup( &operation, handle, exercise_alg );
+ status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
PSA_ASSERT( status );
@@ -1979,7 +1968,7 @@
exit:
psa_cipher_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -1993,7 +1982,7 @@
int tag_length_arg,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
unsigned char nonce[16] = {0};
@@ -2012,9 +2001,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_aead_encrypt( handle, exercise_alg,
+ status = psa_aead_encrypt( key, exercise_alg,
nonce, nonce_length,
NULL, 0,
NULL, 0,
@@ -2027,7 +2016,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
memset( tag, 0, sizeof( tag ) );
- status = psa_aead_decrypt( handle, exercise_alg,
+ status = psa_aead_decrypt( key, exercise_alg,
nonce, nonce_length,
NULL, 0,
tag, tag_length,
@@ -2040,7 +2029,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2052,7 +2041,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
size_t key_bits;
@@ -2067,15 +2056,15 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
exercise_alg );
ASSERT_ALLOC( buffer, buffer_length );
- status = psa_asymmetric_encrypt( handle, exercise_alg,
+ status = psa_asymmetric_encrypt( key, exercise_alg,
NULL, 0,
NULL, 0,
buffer, buffer_length,
@@ -2088,7 +2077,7 @@
if( buffer_length != 0 )
memset( buffer, 0, buffer_length );
- status = psa_asymmetric_decrypt( handle, exercise_alg,
+ status = psa_asymmetric_decrypt( key, exercise_alg,
buffer, buffer_length,
NULL, 0,
buffer, buffer_length,
@@ -2100,7 +2089,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
mbedtls_free( buffer );
@@ -2115,7 +2104,7 @@
int exercise_alg,
int payload_length_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
@@ -2135,9 +2124,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_sign_hash( handle, exercise_alg,
+ status = psa_sign_hash( key, exercise_alg,
payload, payload_length,
signature, sizeof( signature ),
&signature_length );
@@ -2147,7 +2136,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
memset( signature, 0, sizeof( signature ) );
- status = psa_verify_hash( handle, exercise_alg,
+ status = psa_verify_hash( key, exercise_alg,
payload, payload_length,
signature, sizeof( signature ) );
if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
@@ -2156,7 +2145,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2168,7 +2157,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
@@ -2180,7 +2169,7 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
@@ -2195,7 +2184,7 @@
status = psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle );
+ key );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -2205,7 +2194,7 @@
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2218,7 +2207,7 @@
int exercise_alg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -2232,16 +2221,16 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
- status = key_agreement_with_self( &operation, handle );
+ status = key_agreement_with_self( &operation, key );
TEST_EQUAL( status, expected_status );
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2250,7 +2239,7 @@
void key_policy_alg2( int key_type_arg, data_t *key_data,
int usage_arg, int alg_arg, int alg2_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -2265,20 +2254,20 @@
psa_set_key_enrollment_algorithm( &attributes, alg2 );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
- if( ! exercise_key( handle, usage, alg2 ) )
+ if( ! exercise_key( key, usage, alg2 ) )
goto exit;
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2291,7 +2280,7 @@
int exercise_alg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -2305,15 +2294,15 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = raw_key_agreement_with_self( exercise_alg, handle );
+ status = raw_key_agreement_with_self( exercise_alg, key );
TEST_EQUAL( status, expected_status );
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2333,8 +2322,8 @@
psa_key_usage_t expected_usage = expected_usage_arg;
psa_algorithm_t expected_alg = expected_alg_arg;
psa_algorithm_t expected_alg2 = expected_alg2_arg;
- psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t *export_buffer = NULL;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2346,8 +2335,8 @@
psa_set_key_type( &source_attributes, type_arg );
PSA_ASSERT( psa_import_key( &source_attributes,
material->x, material->len,
- &source_handle ) );
- PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
+ &source_key ) );
+ PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) );
/* Prepare the target attributes. */
if( copy_attributes )
@@ -2360,14 +2349,14 @@
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( source_handle,
- &target_attributes, &target_handle ) );
+ PSA_ASSERT( psa_copy_key( source_key,
+ &target_attributes, &target_key ) );
/* Destroy the source to ensure that this doesn't affect the target. */
- PSA_ASSERT( psa_destroy_key( source_handle ) );
+ PSA_ASSERT( psa_destroy_key( source_key ) );
/* Test that the target slot has the expected content and policy. */
- PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) );
TEST_EQUAL( psa_get_key_type( &source_attributes ),
psa_get_key_type( &target_attributes ) );
TEST_EQUAL( psa_get_key_bits( &source_attributes ),
@@ -2380,17 +2369,17 @@
{
size_t length;
ASSERT_ALLOC( export_buffer, material->len );
- PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ PSA_ASSERT( psa_export_key( target_key, export_buffer,
material->len, &length ) );
ASSERT_COMPARE( material->x, material->len,
export_buffer, length );
}
- if( ! exercise_key( target_handle, expected_usage, expected_alg ) )
+ if( ! exercise_key( target_key, expected_usage, expected_alg ) )
goto exit;
- if( ! exercise_key( target_handle, expected_usage, expected_alg2 ) )
+ if( ! exercise_key( target_key, expected_usage, expected_alg2 ) )
goto exit;
- PSA_ASSERT( psa_close_key( target_handle ) );
+ PSA_ASSERT( psa_destroy_key( target_key ) );
exit:
psa_reset_key_attributes( &source_attributes );
@@ -2411,8 +2400,8 @@
{
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2423,7 +2412,7 @@
psa_set_key_type( &source_attributes, type_arg );
PSA_ASSERT( psa_import_key( &source_attributes,
material->x, material->len,
- &source_handle ) );
+ &source_key ) );
/* Prepare the target attributes. */
psa_set_key_type( &target_attributes, target_type_arg );
@@ -2433,11 +2422,11 @@
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Try to copy the key. */
- TEST_EQUAL( psa_copy_key( source_handle,
- &target_attributes, &target_handle ),
+ TEST_EQUAL( psa_copy_key( source_key,
+ &target_attributes, &target_key ),
expected_status_arg );
- PSA_ASSERT( psa_destroy_key( source_handle ) );
+ PSA_ASSERT( psa_destroy_key( source_key ) );
exit:
psa_reset_key_attributes( &source_attributes );
@@ -2916,10 +2905,10 @@
/* BEGIN_CASE */
void mac_bad_order( )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
- const uint8_t key[] = {
+ const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
@@ -2938,7 +2927,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
+ &key ) );
/* Call update without calling setup beforehand. */
TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
@@ -2958,16 +2948,13 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call setup twice in a row. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
- TEST_EQUAL( psa_mac_sign_setup( &operation,
- handle, alg ),
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call update after sign finish. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -2977,8 +2964,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call update after verify finish. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@@ -2987,8 +2973,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call sign finish twice in a row. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -3000,8 +2985,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call verify finish twice in a row. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@@ -3011,8 +2995,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Setup sign but try verify. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ),
@@ -3020,8 +3003,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Setup verify but try sign. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -3029,7 +3011,7 @@
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_mac_abort( &operation ) );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
exit:
PSA_DONE( );
@@ -3038,19 +3020,19 @@
/* BEGIN_CASE */
void mac_sign( int key_type_arg,
- data_t *key,
+ data_t *key_data,
int alg_arg,
data_t *input,
data_t *expected_mac )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
- PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
+ PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
size_t mac_length = 0;
const size_t output_sizes_to_test[] = {
0,
@@ -3070,7 +3052,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ )
{
@@ -3083,8 +3066,7 @@
ASSERT_ALLOC( actual_mac, output_size );
/* Calculate the MAC. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_sign_finish( &operation,
@@ -3104,7 +3086,7 @@
exit:
psa_mac_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( actual_mac );
}
@@ -3112,12 +3094,12 @@
/* BEGIN_CASE */
void mac_verify( int key_type_arg,
- data_t *key,
+ data_t *key_data,
int alg_arg,
data_t *input,
data_t *expected_mac )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
@@ -3132,11 +3114,11 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
/* Test the correct MAC. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
@@ -3144,8 +3126,7 @@
expected_mac->len ) );
/* Test a MAC that's too short. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
@@ -3156,8 +3137,7 @@
/* Test a MAC that's too long. */
ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
@@ -3170,8 +3150,7 @@
{
test_set_step( i );
perturbed_mac[i] ^= 1;
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
@@ -3183,7 +3162,7 @@
exit:
psa_mac_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( perturbed_mac );
}
@@ -3271,13 +3250,13 @@
/* BEGIN_CASE */
void cipher_bad_order( )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
- const uint8_t key[] = {
+ const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa };
const uint8_t text[] = {
@@ -3290,18 +3269,18 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
-
+ PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
+ &key ) );
/* Call encrypt setup twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
- TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ),
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call decrypt setup twice in a row. */
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) );
- TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ),
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -3313,7 +3292,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Generate an IV twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ) );
@@ -3324,7 +3303,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Generate an IV after it's already set. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
TEST_EQUAL( psa_cipher_generate_iv( &operation,
@@ -3340,7 +3319,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Set an IV after it's already set. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
TEST_EQUAL( psa_cipher_set_iv( &operation,
@@ -3349,7 +3328,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Set an IV after it's already generated. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ) );
@@ -3375,7 +3354,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call update after finish. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
PSA_ASSERT( psa_cipher_finish( &operation,
@@ -3394,7 +3373,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call finish without an IV where an IV is required. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
/* Not calling update means we are encrypting an empty buffer, which is OK
* for cipher modes with padding. */
TEST_EQUAL( psa_cipher_finish( &operation,
@@ -3403,7 +3382,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call finish twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
PSA_ASSERT( psa_cipher_finish( &operation,
@@ -3413,7 +3392,7 @@
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
exit:
psa_cipher_abort( &operation );
@@ -3423,11 +3402,11 @@
/* BEGIN_CASE */
void cipher_encrypt( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input, data_t *expected_output,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -3445,10 +3424,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3481,20 +3460,20 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
data_t *expected_output )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -3513,10 +3492,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3554,20 +3533,20 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
data_t *expected_output )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -3586,10 +3565,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3628,18 +3607,18 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_decrypt( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input, data_t *expected_output,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -3657,10 +3636,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3693,17 +3672,17 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_verify_output( int alg_arg, int key_type_arg,
- data_t *key,
+ data_t *key_data,
data_t *input )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char iv[16] = {0};
@@ -3726,12 +3705,11 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
- handle, alg ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
if( alg != PSA_ALG_ECB_NO_PADDING )
{
@@ -3784,7 +3762,7 @@
psa_cipher_abort( &operation2 );
mbedtls_free( output1 );
mbedtls_free( output2 );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -3792,11 +3770,11 @@
/* BEGIN_CASE */
void cipher_verify_output_multipart( int alg_arg,
int key_type_arg,
- data_t *key,
+ data_t *key_data,
data_t *input,
int first_part_size_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -3820,12 +3798,11 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
- handle, alg ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
if( alg != PSA_ALG_ECB_NO_PADDING )
{
@@ -3896,7 +3873,7 @@
psa_cipher_abort( &operation2 );
mbedtls_free( output1 );
mbedtls_free( output2 );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -3909,7 +3886,7 @@
data_t *input_data,
int expected_result_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output_data = NULL;
@@ -3936,9 +3913,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- TEST_EQUAL( psa_aead_encrypt( handle, alg,
+ TEST_EQUAL( psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
additional_data->len,
@@ -3956,7 +3933,7 @@
TEST_EQUAL( input_data->len,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
- TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
additional_data->len,
@@ -3970,7 +3947,7 @@
}
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output_data );
mbedtls_free( output_data2 );
PSA_DONE( );
@@ -3985,7 +3962,7 @@
data_t *input_data,
data_t *expected_result )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output_data = NULL;
@@ -4008,9 +3985,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_aead_encrypt( handle, alg,
+ PSA_ASSERT( psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
additional_data->x, additional_data->len,
input_data->x, input_data->len,
@@ -4021,7 +3998,7 @@
output_data, output_length );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
}
@@ -4036,7 +4013,7 @@
data_t *expected_data,
int expected_result_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output_data = NULL;
@@ -4061,9 +4038,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
additional_data->len,
@@ -4077,7 +4054,7 @@
output_data, output_length );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
}
@@ -4109,7 +4086,7 @@
int alg_arg, data_t *input_data,
data_t *output_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t key_bits;
@@ -4125,8 +4102,8 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
@@ -4138,7 +4115,7 @@
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
- PSA_ASSERT( psa_sign_hash( handle, alg,
+ PSA_ASSERT( psa_sign_hash( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
@@ -4149,7 +4126,7 @@
#if defined(MBEDTLS_TEST_DEPRECATED)
memset( signature, 0, signature_size );
signature_length = INVALID_EXPORT_LENGTH;
- PSA_ASSERT( psa_asymmetric_sign( handle, alg,
+ PSA_ASSERT( psa_asymmetric_sign( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
@@ -4159,7 +4136,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( signature );
PSA_DONE( );
}
@@ -4170,7 +4147,7 @@
int alg_arg, data_t *input_data,
int signature_size_arg, int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t signature_size = signature_size_arg;
@@ -4189,9 +4166,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- actual_status = psa_sign_hash( handle, alg,
+ actual_status = psa_sign_hash( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length );
@@ -4204,7 +4181,7 @@
#if defined(MBEDTLS_TEST_DEPRECATED)
signature_length = INVALID_EXPORT_LENGTH;
- TEST_EQUAL( psa_asymmetric_sign( handle, alg,
+ TEST_EQUAL( psa_asymmetric_sign( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ),
@@ -4214,7 +4191,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( signature );
PSA_DONE( );
}
@@ -4224,7 +4201,7 @@
void sign_verify( int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t key_bits;
@@ -4240,8 +4217,8 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
@@ -4253,7 +4230,7 @@
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
- PSA_ASSERT( psa_sign_hash( handle, alg,
+ PSA_ASSERT( psa_sign_hash( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
@@ -4262,7 +4239,7 @@
TEST_ASSERT( signature_length > 0 );
/* Use the library to verify that the signature is correct. */
- PSA_ASSERT( psa_verify_hash( handle, alg,
+ PSA_ASSERT( psa_verify_hash( key, alg,
input_data->x, input_data->len,
signature, signature_length ) );
@@ -4272,7 +4249,7 @@
* detected as invalid. Flip a bit at the beginning, not at the end,
* because ECDSA may ignore the last few bits of the input. */
input_data->x[0] ^= 1;
- TEST_EQUAL( psa_verify_hash( handle, alg,
+ TEST_EQUAL( psa_verify_hash( key, alg,
input_data->x, input_data->len,
signature, signature_length ),
PSA_ERROR_INVALID_SIGNATURE );
@@ -4280,7 +4257,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( signature );
PSA_DONE( );
}
@@ -4291,7 +4268,7 @@
int alg_arg, data_t *hash_data,
data_t *signature_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -4305,14 +4282,14 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_verify_hash( handle, alg,
+ PSA_ASSERT( psa_verify_hash( key, alg,
hash_data->x, hash_data->len,
signature_data->x, signature_data->len ) );
#if defined(MBEDTLS_TEST_DEPRECATED)
- PSA_ASSERT( psa_asymmetric_verify( handle, alg,
+ PSA_ASSERT( psa_asymmetric_verify( key, alg,
hash_data->x, hash_data->len,
signature_data->x,
signature_data->len ) );
@@ -4321,7 +4298,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -4332,7 +4309,7 @@
data_t *signature_data,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t actual_status;
@@ -4346,15 +4323,15 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- actual_status = psa_verify_hash( handle, alg,
+ actual_status = psa_verify_hash( key, alg,
hash_data->x, hash_data->len,
signature_data->x, signature_data->len );
TEST_EQUAL( actual_status, expected_status );
#if defined(MBEDTLS_TEST_DEPRECATED)
- TEST_EQUAL( psa_asymmetric_verify( handle, alg,
+ TEST_EQUAL( psa_asymmetric_verify( key, alg,
hash_data->x, hash_data->len,
signature_data->x, signature_data->len ),
expected_status );
@@ -4362,7 +4339,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -4376,7 +4353,7 @@
int expected_output_length_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t expected_output_length = expected_output_length_arg;
@@ -4395,16 +4372,16 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
/* Determine the maximum output length */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
/* Encrypt the input */
- actual_status = psa_asymmetric_encrypt( handle, alg,
+ actual_status = psa_asymmetric_encrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output, output_size,
@@ -4419,7 +4396,7 @@
output_length = ~0;
if( output_size != 0 )
memset( output, 0, output_size );
- actual_status = psa_asymmetric_encrypt( handle, alg,
+ actual_status = psa_asymmetric_encrypt( key, alg,
input_data->x, input_data->len,
NULL, label->len,
output, output_size,
@@ -4430,7 +4407,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
PSA_DONE( );
}
@@ -4443,7 +4420,7 @@
data_t *input_data,
data_t *label )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t key_bits;
@@ -4462,10 +4439,10 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
/* Determine the maximum ciphertext length */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
@@ -4475,7 +4452,7 @@
/* We test encryption by checking that encrypt-then-decrypt gives back
* the original plaintext because of the non-optional random
* part of encryption process which prevents using fixed vectors. */
- PSA_ASSERT( psa_asymmetric_encrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output, output_size,
@@ -4484,7 +4461,7 @@
* it looks sensible. */
TEST_ASSERT( output_length <= output_size );
- PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
output, output_length,
label->x, label->len,
output2, output2_size,
@@ -4494,7 +4471,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
mbedtls_free( output2 );
PSA_DONE( );
@@ -4509,7 +4486,7 @@
data_t *label,
data_t *expected_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output = NULL;
@@ -4527,9 +4504,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output,
@@ -4545,7 +4522,7 @@
output_length = ~0;
if( output_size != 0 )
memset( output, 0, output_size );
- PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
NULL, label->len,
output,
@@ -4557,7 +4534,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
PSA_DONE( );
}
@@ -4572,7 +4549,7 @@
int output_size_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output = NULL;
@@ -4591,9 +4568,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- actual_status = psa_asymmetric_decrypt( handle, alg,
+ actual_status = psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output, output_size,
@@ -4608,7 +4585,7 @@
output_length = ~0;
if( output_size != 0 )
memset( output, 0, output_size );
- actual_status = psa_asymmetric_decrypt( handle, alg,
+ actual_status = psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
NULL, label->len,
output, output_size,
@@ -4619,7 +4596,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
PSA_DONE( );
}
@@ -4711,14 +4688,14 @@
expected_status_arg2,
expected_status_arg3};
data_t *inputs[] = {input1, input2, input3};
- psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT};
+ mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT };
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t i;
psa_key_type_t output_key_type = output_key_type_arg;
- psa_key_handle_t output_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t expected_output_status = expected_output_status_arg;
psa_status_t actual_output_status;
@@ -4736,19 +4713,19 @@
psa_set_key_type( &attributes, key_types[i] );
PSA_ASSERT( psa_import_key( &attributes,
inputs[i]->x, inputs[i]->len,
- &handles[i] ) );
+ &keys[i] ) );
if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
{
// When taking a private key as secret input, use key agreement
// to add the shared secret to the derivation
- TEST_EQUAL( key_agreement_with_self( &operation, handles[i] ),
+ TEST_EQUAL( key_agreement_with_self( &operation, keys[i] ),
expected_statuses[i] );
}
else
{
TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
- handles[i] ),
+ keys[i] ),
expected_statuses[i] );
}
}
@@ -4768,7 +4745,7 @@
psa_set_key_bits( &attributes, 8 );
actual_output_status =
psa_key_derivation_output_key( &attributes, &operation,
- &output_handle );
+ &output_key );
}
else
{
@@ -4781,9 +4758,9 @@
exit:
psa_key_derivation_abort( &operation );
- for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
- psa_destroy_key( handles[i] );
- psa_destroy_key( output_handle );
+ for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
+ psa_destroy_key( keys[i] );
+ psa_destroy_key( output_key );
PSA_DONE( );
}
/* END_CASE */
@@ -4792,7 +4769,7 @@
void test_derive_invalid_key_derivation_state( int alg_arg )
{
psa_algorithm_t alg = alg_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t key_type = PSA_KEY_TYPE_DERIVE;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input1[] = "Input 1";
@@ -4814,10 +4791,10 @@
PSA_ASSERT( psa_import_key( &attributes,
key_data, sizeof( key_data ),
- &handle ) );
+ &key ) );
/* valid key derivation */
- if( !setup_key_derivation_wrap( &operation, handle, alg,
+ if( !setup_key_derivation_wrap( &operation, key, alg,
input1, input1_length,
input2, input2_length,
capacity ) )
@@ -4834,7 +4811,7 @@
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -4880,9 +4857,9 @@
psa_algorithm_t alg = alg_arg;
psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
data_t *inputs[] = {input1, input2, input3};
- psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT};
+ mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT };
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
@@ -4924,10 +4901,9 @@
case PSA_KEY_DERIVATION_INPUT_SECRET:
PSA_ASSERT( psa_import_key( &attributes,
inputs[i]->x, inputs[i]->len,
- &handles[i] ) );
+ &keys[i] ) );
PSA_ASSERT( psa_key_derivation_input_key(
- &operation, steps[i],
- handles[i] ) );
+ &operation, steps[i], keys[i] ) );
break;
default:
PSA_ASSERT( psa_key_derivation_input_bytes(
@@ -4979,8 +4955,8 @@
exit:
mbedtls_free( output_buffer );
psa_key_derivation_abort( &operation );
- for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
- psa_destroy_key( handles[i] );
+ for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
+ psa_destroy_key( keys[i] );
PSA_DONE( );
}
/* END_CASE */
@@ -4992,7 +4968,7 @@
data_t *input2,
int requested_capacity_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -5008,9 +4984,9 @@
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- if( !setup_key_derivation_wrap( &operation, handle, alg,
+ if( !setup_key_derivation_wrap( &operation, key, alg,
input1->x, input1->len,
input2->x, input2->len,
requested_capacity ) )
@@ -5043,7 +5019,7 @@
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -5058,8 +5034,8 @@
int derived_usage_arg,
int derived_alg_arg )
{
- psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t derived_type = derived_type_arg;
size_t derived_bits = derived_bits_arg;
@@ -5076,10 +5052,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &base_handle ) );
+ &base_key ) );
/* Derive a key. */
- if ( setup_key_derivation_wrap( &operation, base_handle, alg,
+ if ( setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, capacity ) )
goto exit;
@@ -5089,22 +5065,22 @@
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
- &derived_handle ) );
+ &derived_key ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
/* Exercise the derived key. */
- if( ! exercise_key( derived_handle, derived_usage, derived_alg ) )
+ if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
goto exit;
exit:
psa_key_derivation_abort( &operation );
psa_reset_key_attributes( &got_attributes );
- psa_destroy_key( base_handle );
- psa_destroy_key( derived_handle );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -5117,8 +5093,8 @@
int bytes1_arg,
int bytes2_arg )
{
- psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
size_t bytes1 = bytes1_arg;
size_t bytes2 = bytes2_arg;
@@ -5138,10 +5114,10 @@
psa_set_key_algorithm( &base_attributes, alg );
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
- &base_handle ) );
+ &base_key ) );
/* Derive some material and output it. */
- if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ if( !setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, capacity ) )
goto exit;
@@ -5152,7 +5128,7 @@
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
/* Derive the same output again, but this time store it in key objects. */
- if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ if( !setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, capacity ) )
goto exit;
@@ -5162,16 +5138,16 @@
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_handle ) );
- PSA_ASSERT( psa_export_key( derived_handle,
+ &derived_key ) );
+ PSA_ASSERT( psa_export_key( derived_key,
export_buffer, bytes1,
&length ) );
TEST_EQUAL( length, bytes1 );
- PSA_ASSERT( psa_destroy_key( derived_handle ) );
+ PSA_ASSERT( psa_destroy_key( derived_key ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_handle ) );
- PSA_ASSERT( psa_export_key( derived_handle,
+ &derived_key ) );
+ PSA_ASSERT( psa_export_key( derived_key,
export_buffer + bytes1, bytes2,
&length ) );
TEST_EQUAL( length, bytes2 );
@@ -5184,8 +5160,8 @@
mbedtls_free( output_buffer );
mbedtls_free( export_buffer );
psa_key_derivation_abort( &operation );
- psa_destroy_key( base_handle );
- psa_destroy_key( derived_handle );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -5196,8 +5172,8 @@
int type_arg, int bits_arg,
int expected_status_arg )
{
- psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
@@ -5212,9 +5188,9 @@
psa_set_key_algorithm( &base_attributes, alg );
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
- &base_handle ) );
+ &base_key ) );
- if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ if( !setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, SIZE_MAX ) )
goto exit;
@@ -5224,13 +5200,13 @@
psa_set_key_type( &derived_attributes, type );
psa_set_key_bits( &derived_attributes, bits );
TEST_EQUAL( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_handle ),
+ &derived_key ),
expected_status );
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( base_handle );
- psa_destroy_key( derived_handle );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -5241,7 +5217,7 @@
data_t *our_key_data, data_t *peer_key_data,
int expected_status_arg )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_algorithm_t our_key_alg = our_key_alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
@@ -5290,7 +5266,7 @@
data_t *peer_key_data,
data_t *expected_output )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -5327,7 +5303,7 @@
data_t *peer_key_data,
int expected_capacity_arg )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -5387,7 +5363,7 @@
data_t *peer_key_data,
data_t *expected_output1, data_t *expected_output2 )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -5501,7 +5477,7 @@
int alg_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_key_usage_t usage = usage_arg;
size_t bits = bits_arg;
@@ -5518,22 +5494,22 @@
psa_set_key_bits( &attributes, bits );
/* Generate a key */
- TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+ TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
if( expected_status != PSA_SUCCESS )
goto exit;
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
exit:
psa_reset_key_attributes( &got_attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -5543,7 +5519,7 @@
data_t *e_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
size_t bits = bits_arg;
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
@@ -5578,12 +5554,12 @@
psa_set_key_bits( &attributes, bits );
/* Generate a key */
- TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+ TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
if( expected_status != PSA_SUCCESS )
goto exit;
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
@@ -5595,11 +5571,11 @@
ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
/* Export the key and check the public exponent. */
- PSA_ASSERT( psa_export_public_key( handle,
+ PSA_ASSERT( psa_export_public_key( key,
exported, exported_size,
&exported_length ) );
{
@@ -5634,7 +5610,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( e_read_buffer );
mbedtls_free( exported );
@@ -5649,8 +5625,8 @@
{
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t base_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
@@ -5681,12 +5657,12 @@
case IMPORT_KEY:
/* Import the key */
PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
- &handle ) );
+ &key ) );
break;
case GENERATE_KEY:
/* Generate a key */
- PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
break;
case DERIVE_KEY:
@@ -5711,10 +5687,10 @@
NULL, 0 ) );
PSA_ASSERT( psa_key_derivation_output_key( &attributes,
&operation,
- &handle ) );
+ &key ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
- base_key = PSA_KEY_HANDLE_INIT;
+ base_key = MBEDTLS_SVC_KEY_ID_INIT;
}
break;
}
@@ -5723,7 +5699,7 @@
/* Export the key if permitted by the key policy. */
if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( key,
first_export, export_size,
&first_exported_length ) );
if( generation_method == IMPORT_KEY )
@@ -5732,13 +5708,12 @@
}
/* Shutdown and restart */
- PSA_ASSERT( psa_close_key( handle ) );
+ PSA_ASSERT( psa_purge_key( key ) );
PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
/* Check key slot still contains key data */
- PSA_ASSERT( psa_open_key( key_id, &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
@@ -5751,7 +5726,7 @@
/* Export the key again if permitted by the key policy. */
if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( key,
second_export, export_size,
&second_exported_length ) );
ASSERT_COMPARE( first_export, first_exported_length,
@@ -5759,7 +5734,7 @@
}
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage_flags, alg ) )
+ if( ! exercise_key( key, usage_flags, alg ) )
goto exit;
exit:
@@ -5768,14 +5743,7 @@
mbedtls_free( second_export );
psa_key_derivation_abort( &operation );
psa_destroy_key( base_key );
- if( psa_key_handle_is_null( handle ) )
- {
- /* In case there was a test failure after creating the persistent key
- * but while it was not open, try to re-open the persistent key
- * to delete it. */
- (void) psa_open_key( key_id, &handle );
- }
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 53df781..4154188 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -19,7 +19,7 @@
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
uint8_t signature[64];
@@ -34,7 +34,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
key_input->x, key_input->len,
- &handle );
+ &key );
test_driver_signature_sign_hooks.forced_status = force_status;
if( fake_output == 1 )
@@ -43,7 +43,7 @@
test_driver_signature_sign_hooks.forced_output_length = expected_output->len;
}
- actual_status = psa_sign_hash( handle, alg,
+ actual_status = psa_sign_hash( key, alg,
data_input->x, data_input->len,
signature, sizeof( signature ),
&signature_length );
@@ -57,7 +57,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_signature_sign_hooks = test_driver_signature_hooks_init();
}
@@ -73,7 +73,7 @@
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
psa_status_t actual_status;
@@ -88,7 +88,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
key_input->x, key_input->len,
- &handle );
+ &key );
}
else
{
@@ -98,12 +98,12 @@
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
key_input->x, key_input->len,
- &handle );
+ &key );
}
test_driver_signature_verify_hooks.forced_status = force_status;
- actual_status = psa_verify_hash( handle, alg,
+ actual_status = psa_verify_hash( key, alg,
data_input->x, data_input->len,
signature_input->x, signature_input->len );
TEST_EQUAL( actual_status, expected_status );
@@ -111,7 +111,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_signature_verify_hooks = test_driver_signature_hooks_init();
}
@@ -124,7 +124,7 @@
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
const uint8_t *expected_output = NULL;
@@ -152,13 +152,13 @@
PSA_ASSERT( psa_crypto_init( ) );
- actual_status = psa_generate_key( &attributes, &handle );
+ actual_status = psa_generate_key( &attributes, &key );
TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
if( actual_status == PSA_SUCCESS )
{
- psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
+ psa_export_key( key, actual_output, sizeof(actual_output), &actual_output_length );
if( fake_output->len > 0 )
{
@@ -178,7 +178,7 @@
}
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_key_management_hooks = test_driver_key_management_hooks_init();
}
@@ -193,7 +193,7 @@
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_type_t key_type = key_type_arg;
- psa_key_handle_t handle = 0;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t actual_status;
test_driver_key_management_hooks = test_driver_key_management_hooks_init();
@@ -207,12 +207,12 @@
PSA_ASSERT( psa_crypto_init( ) );
- actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &handle );
+ actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key );
TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_key_management_hooks = test_driver_key_management_hooks_init();
}
@@ -220,13 +220,13 @@
/* BEGIN_CASE */
void cipher_encrypt( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input, data_t *expected_output,
int mock_output_arg,
int force_status_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -247,10 +247,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
test_driver_cipher_hooks.hits = 0;
@@ -305,7 +305,7 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
}
@@ -313,13 +313,13 @@
/* BEGIN_CASE */
void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
data_t *expected_output )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -339,10 +339,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
test_driver_cipher_hooks.hits = 0;
@@ -390,7 +390,7 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
}
@@ -398,13 +398,13 @@
/* BEGIN_CASE */
void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
data_t *expected_output )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -424,10 +424,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
test_driver_cipher_hooks.hits = 0;
@@ -477,7 +477,7 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
}
@@ -485,13 +485,13 @@
/* BEGIN_CASE */
void cipher_decrypt( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input, data_t *expected_output,
int mock_output_arg,
int force_status_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -512,10 +512,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
test_driver_cipher_hooks.hits = 0;
@@ -569,7 +569,7 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
}
@@ -577,10 +577,10 @@
/* BEGIN_CASE */
void cipher_entry_points( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -600,12 +600,12 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
/* Test setup call, encrypt */
test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
- status = psa_cipher_encrypt_setup( &operation,
- handle, alg );
+ status = psa_cipher_encrypt_setup( &operation, key, alg );
/* When setup fails, it shouldn't call any further entry points */
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
@@ -615,8 +615,7 @@
TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
/* Test setup call failure, decrypt */
- status = psa_cipher_decrypt_setup( &operation,
- handle, alg );
+ status = psa_cipher_decrypt_setup( &operation, key, alg );
/* When setup fails, it shouldn't call any further entry points */
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
@@ -627,8 +626,7 @@
/* Test IV setting failure */
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation,
- handle, alg );
+ status = psa_cipher_encrypt_setup( &operation, key, alg );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
test_driver_cipher_hooks.hits = 0;
@@ -650,8 +648,7 @@
/* Test IV generation failure */
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation,
- handle, alg );
+ status = psa_cipher_encrypt_setup( &operation, key, alg );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
test_driver_cipher_hooks.hits = 0;
@@ -673,8 +670,7 @@
/* Test update failure */
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation,
- handle, alg );
+ status = psa_cipher_encrypt_setup( &operation, key, alg );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
test_driver_cipher_hooks.hits = 0;
@@ -704,8 +700,7 @@
/* Test finish failure */
test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
- status = psa_cipher_encrypt_setup( &operation,
- handle, alg );
+ status = psa_cipher_encrypt_setup( &operation, key, alg );
TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
test_driver_cipher_hooks.hits = 0;
@@ -744,7 +739,7 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
}
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index d587886..62ef6e2 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -185,7 +185,7 @@
psa_status_t status;
uint8_t data[10] = { 0 };
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0xdead, 0xdead );
int i;
for( i = 0; i < count; i++ )
@@ -195,9 +195,9 @@
PSA_DONE( );
}
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- status = psa_import_key( &attributes, data, sizeof( data ), &handle );
+ status = psa_import_key( &attributes, data, sizeof( data ), &key );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_ASSERT( psa_key_handle_is_null( handle ) );
+ TEST_ASSERT( mbedtls_svc_key_id_is_null( key ) );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index 34b88a7..ed30848 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -117,7 +117,6 @@
void save_large_persistent_key( int data_length_arg, int expected_status )
{
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
uint8_t *data = NULL;
size_t data_length = data_length_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -129,11 +128,11 @@
psa_set_key_id( &attributes, key_id );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ),
+ TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ),
expected_status );
if( expected_status == PSA_SUCCESS )
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key_id ) );
exit:
mbedtls_free( data );
@@ -149,7 +148,7 @@
{
mbedtls_svc_key_id_t key_id =
mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -160,24 +159,21 @@
psa_set_key_type( &attributes, first_type );
PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len,
- &handle ) );
+ &returned_key_id ) );
if( restart )
{
- psa_close_key( handle );
+ psa_close_key( key_id );
PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_open_key( key_id, &handle ) );
}
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key_id ) );
/* Check key slot storage is removed */
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
- TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
- TEST_ASSERT( psa_key_handle_is_null( handle ) );
/* Shutdown and restart */
PSA_DONE();
@@ -187,9 +183,9 @@
psa_set_key_id( &attributes, key_id );
psa_set_key_type( &attributes, second_type );
PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len,
- &handle ) );
+ &returned_key_id ) );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key_id ) );
exit:
PSA_DONE();
@@ -203,42 +199,44 @@
{
mbedtls_svc_key_id_t key_id =
mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
+ mbedtls_svc_key_id_t returned_key_id;
psa_key_type_t type = (psa_key_type_t) type_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init() );
psa_set_key_id( &attributes, key_id );
psa_set_key_type( &attributes, type );
- TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ),
+ TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ),
expected_status );
if( expected_status != PSA_SUCCESS )
{
+ TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) );
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
goto exit;
}
+ TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) );
+
if( restart )
{
- psa_close_key( handle );
+ PSA_ASSERT( psa_purge_key( key_id ) );
PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_open_key( key_id, &handle ) );
}
psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
- TEST_ASSERT( mbedtls_svc_key_id_equal(
- psa_get_key_id( &attributes ), key_id ) );
+ PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
+ TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ),
+ key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key_id ) );
exit:
psa_reset_key_attributes( &attributes );
@@ -254,7 +252,7 @@
{
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
psa_key_type_t type = (psa_key_type_t) type_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT;
unsigned char *exported = NULL;
size_t export_size = data->len;
size_t exported_length;
@@ -269,20 +267,20 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
+ &returned_key_id ) );
if( restart )
{
- psa_close_key( handle );
+ PSA_ASSERT( psa_purge_key( key_id ) );
PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
- PSA_ASSERT( psa_open_key( key_id, &handle ) );
}
/* Test the key information */
psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
@@ -299,13 +297,13 @@
psa_destroy_persistent_key( key_id );
}
/* Export the key */
- PSA_ASSERT( psa_export_key( handle, exported, export_size,
+ PSA_ASSERT( psa_export_key( key_id, exported, export_size,
&exported_length ) );
ASSERT_COMPARE( data->x, data->len, exported, exported_length );
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key_id ) );
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
exit:
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index f22e6b7..e5f87e0 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -367,7 +367,7 @@
size_t *data_length )
{
psa_status_t status;
- psa_key_handle_t handle;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
(void) context;
@@ -379,11 +379,11 @@
status = psa_import_key( &attributes,
ram_slots[slot_number].content,
PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ),
- &handle );
+ &key );
if( status != PSA_SUCCESS )
return( status );
- status = psa_export_public_key( handle, data, data_size, data_length );
- psa_destroy_key( handle );
+ status = psa_export_public_key( key, data, data_size, data_length );
+ psa_destroy_key( key );
return( PSA_SUCCESS );
}
@@ -450,7 +450,7 @@
{
ram_slot_t *slot;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
(void) context;
@@ -463,13 +463,13 @@
DRIVER_ASSERT( psa_import_key( &attributes,
slot->content,
PSA_BITS_TO_BYTES( slot->bits ),
- &handle ) == PSA_SUCCESS );
- status = psa_sign_hash( handle, alg,
+ &key ) == PSA_SUCCESS );
+ status = psa_sign_hash( key, alg,
hash, hash_length,
signature, signature_size, signature_length );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( status );
}
@@ -483,7 +483,7 @@
{
ram_slot_t *slot;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
(void) context;
@@ -496,20 +496,18 @@
DRIVER_ASSERT( psa_import_key( &attributes,
slot->content,
PSA_BITS_TO_BYTES( slot->bits ),
- &handle ) ==
+ &key ) ==
PSA_SUCCESS );
- status = psa_verify_hash( handle, alg,
+ status = psa_verify_hash( key, alg,
hash, hash_length,
signature, signature_length );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( status );
}
-
-
/****************************************************************/
/* Other test helper functions */
/****************************************************************/
@@ -524,13 +522,13 @@
/* Check that the attributes of a key reported by psa_get_key_attributes()
* are consistent with the attributes used when creating the key. */
static int check_key_attributes(
- psa_key_handle_t handle,
+ mbedtls_svc_key_id_t key,
const psa_key_attributes_t *reference_attributes )
{
int ok = 0;
psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &actual_attributes ),
@@ -654,7 +652,7 @@
* mostly bogus parameters: the goal is to ensure that there is no memory
* corruption or crash. This test function is most useful when run under
* an environment with sanity checks such as ASan or MSan. */
-static int smoke_test_key( psa_key_handle_t handle )
+static int smoke_test_key( mbedtls_svc_key_id_t key )
{
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -664,54 +662,54 @@
PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t buffer[80]; /* large enough for a public key for ECDH */
size_t length;
- psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
- SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) );
- SMOKE_ASSERT( psa_export_key( handle,
+ SMOKE_ASSERT( psa_export_key( key,
buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_export_public_key( handle,
+ SMOKE_ASSERT( psa_export_public_key( key,
buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) );
- if( ! psa_key_handle_is_null( handle2 ) )
- PSA_ASSERT( psa_close_key( handle2 ) );
+ SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) );
+ if( ! mbedtls_svc_key_id_is_null( key2 ) )
+ PSA_ASSERT( psa_destroy_key( key2 ) );
- SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) );
+ SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) );
PSA_ASSERT( psa_mac_abort( &mac_operation ) );
- SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, handle,
+ SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key,
PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) );
PSA_ASSERT( psa_mac_abort( &mac_operation ) );
- SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, handle,
+ SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key,
PSA_ALG_CTR ) );
PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
- SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, handle,
+ SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key,
PSA_ALG_CTR ) );
PSA_ASSERT( psa_cipher_abort( &cipher_operation ) );
- SMOKE_ASSERT( psa_aead_encrypt( handle, PSA_ALG_CCM,
+ SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM,
buffer, sizeof( buffer ),
NULL, 0,
buffer, sizeof( buffer),
buffer, sizeof( buffer), &length ) );
- SMOKE_ASSERT( psa_aead_decrypt( handle, PSA_ALG_CCM,
+ SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM,
buffer, sizeof( buffer ),
NULL, 0,
buffer, sizeof( buffer),
buffer, sizeof( buffer), &length ) );
- SMOKE_ASSERT( psa_sign_hash( handle, PSA_ALG_ECDSA_ANY,
+ SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY,
buffer, 32,
buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_verify_hash( handle, PSA_ALG_ECDSA_ANY,
+ SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY,
buffer, 32,
buffer, sizeof( buffer ) ) );
- SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT,
buffer, 10, NULL, 0,
buffer, sizeof( buffer ), &length ) );
- SMOKE_ASSERT( psa_asymmetric_decrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT,
buffer, sizeof( buffer ), NULL, 0,
buffer, sizeof( buffer ), &length ) );
@@ -724,12 +722,12 @@
NULL, 0 ) );
SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle ) );
+ key ) );
PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
/* If the key is asymmetric, try it in a key agreement, both as
* part of a derivation operation and standalone. */
- if( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ) ==
+ if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) ==
PSA_SUCCESS )
{
psa_algorithm_t alg =
@@ -742,11 +740,11 @@
SMOKE_ASSERT( psa_key_derivation_key_agreement(
&derivation_operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle, buffer, length ) );
+ key, buffer, length ) );
PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) );
SMOKE_ASSERT( psa_raw_key_agreement(
- alg, handle, buffer, length,
+ alg, key, buffer, length,
buffer, sizeof( buffer ), &length ) );
}
#endif /* MBEDTLS_SHA256_C */
@@ -880,7 +878,8 @@
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
uint8_t exported[sizeof( key_material )];
@@ -909,7 +908,7 @@
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle ) );
+ &returned_id ) );
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
@@ -940,7 +939,8 @@
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
/* Check that the PSA core has no knowledge of the volatile key */
- TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST );
+ TEST_ASSERT( psa_open_key( returned_id, &handle ) ==
+ PSA_ERROR_DOES_NOT_EXIST );
/* Drop data from our mockup driver */
ram_slots_reset();
@@ -948,20 +948,16 @@
/* Re-import key */
PSA_ASSERT( psa_import_key( &attributes,
- key_material, sizeof( key_material ),
- &handle ) );
+ key_material, sizeof( key_material ),
+ &returned_id ) );
}
else
{
-
- /* Check we can re-open the persistent key */
+ /* Check the persistent key file */
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
-
- /* Check that the PSA core still knows about the key */
- PSA_ASSERT( psa_open_key( id, &handle ) );
}
}
@@ -972,24 +968,23 @@
psa_set_key_bits( &attributes,
PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
psa_set_key_slot_number( &attributes, min_slot );
- psa_set_key_id( &attributes, handle );
- if( ! check_key_attributes( handle, &attributes ) )
+ psa_set_key_id( &attributes, returned_id );
+ if( ! check_key_attributes( returned_id, &attributes ) )
goto exit;
/* Test the key data. */
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( returned_id,
exported, sizeof( exported ),
&exported_length ) );
ASSERT_COMPARE( key_material, sizeof( key_material ),
exported, exported_length );
- PSA_ASSERT( psa_destroy_key( handle ) );
- handle = PSA_KEY_HANDLE_INIT;
+ PSA_ASSERT( psa_destroy_key( returned_id ) );
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ),
+ TEST_EQUAL( psa_open_key( returned_id, &handle ),
PSA_ERROR_DOES_NOT_EXIST );
/* Test that the key has been erased from the designated slot. */
@@ -1015,7 +1010,8 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
+ psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@@ -1042,7 +1038,7 @@
psa_set_key_slot_number( &attributes, wanted_slot );
status = psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle );
+ &returned_id );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
@@ -1062,7 +1058,6 @@
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
- PSA_ASSERT( psa_open_key( id, &handle ) );
}
/* Test that the key was created in the expected slot. */
@@ -1070,16 +1065,14 @@
/* Test that the key is reported with the correct attributes,
* including the expected slot. */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
- PSA_ASSERT( psa_destroy_key( handle ) );
- handle = PSA_KEY_HANDLE_INIT;
+ PSA_ASSERT( psa_destroy_key( id ) );
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
exit:
PSA_DONE( );
@@ -1099,7 +1092,8 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
+ psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_USES_KEY_ID( id );
@@ -1127,13 +1121,13 @@
psa_set_key_type( &attributes, type );
PSA_ASSERT( psa_import_key( &attributes,
key_material->x, key_material->len,
- &handle ) );
+ &returned_id ) );
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
/* Do stuff with the key. */
- if( ! smoke_test_key( handle ) )
+ if( ! smoke_test_key( id ) )
goto exit;
/* Restart and try again. */
@@ -1143,18 +1137,15 @@
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
- PSA_ASSERT( psa_open_key( id, &handle ) );
- if( ! smoke_test_key( handle ) )
+ if( ! smoke_test_key( id ) )
goto exit;
/* We're done. */
- PSA_ASSERT( psa_destroy_key( handle ) );
- handle = PSA_KEY_HANDLE_INIT;
+ PSA_ASSERT( psa_destroy_key( id ) );
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
exit:
PSA_DONE( );
@@ -1173,7 +1164,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_USES_KEY_ID( id );
@@ -1193,7 +1184,7 @@
psa_set_key_lifetime( &attributes, lifetime );
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
- TEST_EQUAL( psa_generate_key( &attributes, &handle ),
+ TEST_EQUAL( psa_generate_key( &attributes, &returned_id ),
PSA_ERROR_NOT_SUPPORTED );
exit:
@@ -1214,7 +1205,8 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
+ psa_key_handle_t handle;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_USES_KEY_ID( id );
@@ -1241,13 +1233,13 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
- PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+ PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) );
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
/* Do stuff with the key. */
- if( ! smoke_test_key( handle ) )
+ if( ! smoke_test_key( id ) )
goto exit;
/* Restart and try again. */
@@ -1257,18 +1249,15 @@
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
- PSA_ASSERT( psa_open_key( id, &handle ) );
- if( ! smoke_test_key( handle ) )
+ if( ! smoke_test_key( id ) )
goto exit;
/* We're done. */
- PSA_ASSERT( psa_destroy_key( handle ) );
- handle = PSA_KEY_HANDLE_INIT;
+ PSA_ASSERT( psa_destroy_key( id ) );
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
- TEST_EQUAL( psa_open_key( id, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
exit:
PSA_DONE( );
@@ -1296,8 +1285,8 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t drv_handle = PSA_KEY_HANDLE_INIT; /* key managed by the driver */
- psa_key_handle_t sw_handle = PSA_KEY_HANDLE_INIT; /* transparent key */
+ mbedtls_svc_key_id_t returned_id;
+ mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t drv_attributes;
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
@@ -1352,11 +1341,11 @@
if( generating )
{
psa_set_key_bits( &drv_attributes, bits );
- PSA_ASSERT( psa_generate_key( &drv_attributes, &drv_handle ) );
+ PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) );
/* Since we called a generate method that does not actually
* generate material, store the desired result of generation in
* the mock secure element storage. */
- PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) );
TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) );
memcpy( ram_slots[ram_min_slot].content, key_material->x,
key_material->len );
@@ -1365,7 +1354,7 @@
{
PSA_ASSERT( psa_import_key( &drv_attributes,
key_material->x, key_material->len,
- &drv_handle ) );
+ &returned_id ) );
}
/* Either import the same key in software, or export the driver's
@@ -1376,20 +1365,20 @@
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
PSA_ASSERT( psa_import_key( &sw_attributes,
key_material->x, key_material->len,
- &sw_handle ) );
+ &sw_key ) );
break;
case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
{
uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )];
size_t public_key_length;
- PSA_ASSERT( psa_export_public_key( drv_handle,
+ PSA_ASSERT( psa_export_public_key( id,
public_key, sizeof( public_key ),
&public_key_length ) );
psa_set_key_type( &sw_attributes,
PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) );
PSA_ASSERT( psa_import_key( &sw_attributes,
public_key, public_key_length,
- &sw_handle ) );
+ &sw_key ) );
break;
}
}
@@ -1400,16 +1389,14 @@
case SIGN_IN_DRIVER_AND_PARALLEL_CREATION:
case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:
PSA_ASSERT_VIA_DRIVER(
- psa_sign_hash( drv_handle,
- alg,
+ psa_sign_hash( id, alg,
input->x, input->len,
signature, sizeof( signature ),
&signature_length ),
PSA_SUCCESS );
break;
case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:
- PSA_ASSERT( psa_sign_hash( sw_handle,
- alg,
+ PSA_ASSERT( psa_sign_hash( sw_key, alg,
input->x, input->len,
signature, sizeof( signature ),
&signature_length ) );
@@ -1417,30 +1404,30 @@
}
/* Verify with both keys. */
- PSA_ASSERT( psa_verify_hash( sw_handle, alg,
+ PSA_ASSERT( psa_verify_hash( sw_key, alg,
input->x, input->len,
signature, signature_length ) );
PSA_ASSERT_VIA_DRIVER(
- psa_verify_hash( drv_handle, alg,
+ psa_verify_hash( id, alg,
input->x, input->len,
signature, signature_length ),
PSA_SUCCESS );
/* Change the signature and verify again. */
signature[0] ^= 1;
- TEST_EQUAL( psa_verify_hash( sw_handle, alg,
+ TEST_EQUAL( psa_verify_hash( sw_key, alg,
input->x, input->len,
signature, signature_length ),
PSA_ERROR_INVALID_SIGNATURE );
PSA_ASSERT_VIA_DRIVER(
- psa_verify_hash( drv_handle, alg,
+ psa_verify_hash( id, alg,
input->x, input->len,
signature, signature_length ),
PSA_ERROR_INVALID_SIGNATURE );
exit:
- psa_destroy_key( drv_handle );
- psa_destroy_key( sw_handle );
+ psa_destroy_key( id );
+ psa_destroy_key( sw_key );
PSA_DONE( );
ram_slots_reset( );
psa_purge_storage( );
@@ -1461,9 +1448,9 @@
psa_drv_se_key_management_t key_management;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
+ psa_key_handle_t handle;
size_t bit_size = 48;
psa_key_slot_number_t wanted_slot = 0x123456789;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
psa_status_t status;
TEST_USES_KEY_ID( id );
@@ -1499,10 +1486,8 @@
goto exit;
/* Test that the key exists and has the expected attributes. */
- PSA_ASSERT( psa_open_key( id, &handle ) );
- if( ! check_key_attributes( handle, &attributes ) )
+ if( ! check_key_attributes( id, &attributes ) )
goto exit;
- PSA_ASSERT( psa_close_key( handle ) );
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_svc_key_id_t invalid_id =
@@ -1510,22 +1495,21 @@
TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
#endif
+ PSA_ASSERT( psa_purge_key( id ) );
+
/* Restart and try again. */
PSA_DONE( );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- PSA_ASSERT( psa_open_key( id, &handle ) );
- if( ! check_key_attributes( handle, &attributes ) )
+ if( ! check_key_attributes( id, &attributes ) )
goto exit;
/* This time, destroy the key. */
- PSA_ASSERT( psa_destroy_key( handle ) );
- handle = PSA_KEY_HANDLE_INIT;
- TEST_EQUAL( psa_open_key( id, &handle ),
- PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ASSERT( psa_destroy_key( id ) );
+ TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( id );
PSA_DONE( );
psa_purge_storage( );
memset( &validate_slot_number_directions, 0,
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index 0e2e203..629c924 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -333,7 +333,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@@ -357,7 +357,7 @@
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
TEST_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle ) == expected_result );
+ &returned_id ) == expected_result );
TEST_ASSERT( mock_allocate_data.called == 1 );
TEST_ASSERT( mock_import_data.called ==
@@ -385,7 +385,7 @@
if( expected_result == PSA_SUCCESS )
{
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( id ) );
TEST_ASSERT( mock_destroy_data.called == 1 );
}
exit:
@@ -402,7 +402,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
uint8_t exported[sizeof( key_material )];
@@ -428,15 +428,15 @@
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle ) );
+ &returned_id ) );
- TEST_ASSERT( psa_export_key( handle,
- exported, sizeof( exported ),
- &exported_length ) == expected_result );
+ TEST_ASSERT( psa_export_key( id,
+ exported, sizeof( exported ),
+ &exported_length ) == expected_result );
TEST_ASSERT( mock_export_data.called == 1 );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( id ) );
TEST_ASSERT( mock_destroy_data.called == 1 );
@@ -456,7 +456,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mock_allocate_data.return_value = mock_alloc_return_value;
@@ -477,7 +477,7 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &attributes, 8 );
- TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result );
+ TEST_ASSERT( psa_generate_key( &attributes, &returned_id) == expected_result );
TEST_ASSERT( mock_allocate_data.called == 1 );
TEST_ASSERT( mock_generate_data.called ==
( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
@@ -504,7 +504,7 @@
if( expected_result == PSA_SUCCESS )
{
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( id ) );
TEST_ASSERT( mock_destroy_data.called == 1 );
}
@@ -523,7 +523,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
uint8_t exported[sizeof( key_material )];
@@ -549,13 +549,13 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle ) );
+ &returned_id ) );
- TEST_ASSERT( psa_export_public_key( handle, exported, sizeof(exported),
+ TEST_ASSERT( psa_export_public_key( id, exported, sizeof(exported),
&exported_length ) == expected_result );
TEST_ASSERT( mock_export_public_data.called == 1 );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( id ) );
TEST_ASSERT( mock_destroy_data.called == 1 );
exit:
@@ -573,7 +573,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
@@ -607,16 +607,16 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle ) );
+ &returned_id ) );
- TEST_ASSERT( psa_sign_hash( handle, algorithm,
+ TEST_ASSERT( psa_sign_hash( id, algorithm,
hash, sizeof( hash ),
signature, sizeof( signature ),
&signature_length)
== expected_result );
TEST_ASSERT( mock_sign_data.called == 1 );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( id ) );
TEST_ASSERT( mock_destroy_data.called == 1 );
exit:
@@ -634,7 +634,7 @@
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
@@ -667,15 +667,15 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle ) );
+ &returned_id ) );
- TEST_ASSERT( psa_verify_hash( handle, algorithm,
+ TEST_ASSERT( psa_verify_hash( id, algorithm,
hash, sizeof( hash ),
signature, sizeof( signature ) )
== expected_result );
TEST_ASSERT( mock_verify_data.called == 1 );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( id ) );
TEST_ASSERT( mock_destroy_data.called == 1 );
exit:
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 2b3087f..4e959b6 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -164,5 +164,5 @@
invalid handle: huge
invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE
-Open many transient handles
-many_transient_handles:42
+Open many transient keys
+many_transient_keys:42
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 12cf3ea..2f9d01b 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -7,11 +7,11 @@
typedef enum
{
- CLOSE_BY_CLOSE, /**< Close the handle(s). */
- CLOSE_BY_DESTROY, /**< Destroy the handle(s). */
- CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */
- CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */
- CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */
+ CLOSE_BY_CLOSE, /**< Close key(s). */
+ CLOSE_BY_DESTROY, /**< Destroy key(s) */
+ CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing keys. */
+ CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close key(s) then deinit/reinit. */
+ CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy key(s) then deinit/reinit. */
} close_method_t;
typedef enum
@@ -74,21 +74,22 @@
#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-/** Apply \p close_method to invalidate the specified handles:
+/** Apply \p close_method to invalidate the specified key:
* close it, destroy it, or do nothing;
*/
-static int invalidate_handle( close_method_t close_method,
- psa_key_handle_t handle )
+static int invalidate_key( close_method_t close_method,
+ mbedtls_svc_key_id_t key )
{
switch( close_method )
{
+ /* Closing the key invalidate only volatile keys, not permanent ones. */
case CLOSE_BY_CLOSE:
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
- PSA_ASSERT( psa_close_key( handle ) );
+ PSA_ASSERT( psa_close_key( key ) );
break;
case CLOSE_BY_DESTROY:
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
break;
case CLOSE_BY_SHUTDOWN:
break;
@@ -142,7 +143,7 @@
psa_key_usage_t usage_flags = usage_arg;
psa_key_type_t type = type_arg;
close_method_t close_method = close_method_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@@ -152,21 +153,21 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
- TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ &key ) );
+ TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
- /* Do something that invalidates the handle. */
- if( ! invalidate_handle( close_method, handle ) )
+ /* Do something that invalidates the key. */
+ if( ! invalidate_key( close_method, key ) )
goto exit;
if( ! invalidate_psa( close_method ) )
goto exit;
- /* Test that the handle is now invalid. */
- TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
+ /* Test that the key is now invalid. */
+ TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
PSA_ERROR_DOES_NOT_EXIST );
- TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST );
exit:
PSA_DONE( );
@@ -186,6 +187,7 @@
psa_key_usage_t usage_flags = usage_arg;
psa_key_type_t type = type_arg;
close_method_t close_method = close_method_arg;
+ mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -195,14 +197,13 @@
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_svc_key_id_t wrong_owner_id =
mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
- psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t invalid_svc_key_id = MBEDTLS_SVC_KEY_ID_INIT;
#endif
TEST_USES_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
- /* Get a handle and import a key. */
psa_set_key_id( &attributes, id );
psa_set_key_lifetime( &attributes, lifetime );
psa_set_key_type( &attributes, type );
@@ -210,15 +211,15 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_enrollment_algorithm( &attributes, alg2 );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
- TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
+ &returned_id ) );
+ TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) );
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
- TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
+ TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ),
PSA_ERROR_DOES_NOT_EXIST );
#endif
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
@@ -227,15 +228,16 @@
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
- /* Close the key and reopen it. */
- PSA_ASSERT( psa_close_key( handle ) );
+ /* Close the key and then open it. */
+ PSA_ASSERT( psa_close_key( id ) );
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
- TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
+ TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ),
PSA_ERROR_DOES_NOT_EXIST );
#endif
PSA_ASSERT( psa_open_key( id, &handle ) );
+ TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_ASSERT( mbedtls_svc_key_id_equal(
@@ -245,13 +247,16 @@
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
- /* Do something that invalidates the handle. */
- if( ! invalidate_handle( close_method, handle ) )
+ /*
+ * Do something that wipes key data in volatile memory or destroy the
+ * key.
+ */
+ if( ! invalidate_key( close_method, id ) )
goto exit;
if( ! invalidate_psa( close_method ) )
goto exit;
- /* Try to reopen the key. If we destroyed it, check that it doesn't
+ /* Try to reaccess the key. If we destroyed it, check that it doesn't
* exist. Otherwise check that it still exists and has the expected
* content. */
switch( close_method )
@@ -260,7 +265,7 @@
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
case CLOSE_BY_SHUTDOWN:
PSA_ASSERT( psa_open_key( id, &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
psa_get_key_lifetime( &read_attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
@@ -278,17 +283,14 @@
if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
ASSERT_ALLOC( reexported, key_data->len );
- PSA_ASSERT( psa_export_key( handle,
- reexported, key_data->len,
+ PSA_ASSERT( psa_export_key( id, reexported, key_data->len,
&reexported_length ) );
ASSERT_COMPARE( key_data->x, key_data->len,
reexported, reexported_length );
}
else
{
- TEST_EQUAL( psa_export_key( handle,
- NULL, 0,
- &reexported_length ),
+ TEST_EQUAL( psa_export_key( id, NULL, 0, &reexported_length ),
PSA_ERROR_NOT_PERMITTED );
}
PSA_ASSERT( psa_close_key( handle ) );
@@ -296,7 +298,14 @@
case CLOSE_BY_DESTROY:
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
- TEST_EQUAL( psa_open_key( id, &handle ),
+ /*
+ * Test that the key handle and identifier are now not refering to an
+ * existing key.
+ */
+ TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
+ PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST );
+ TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ),
PSA_ERROR_DOES_NOT_EXIST );
break;
}
@@ -314,8 +323,7 @@
{
psa_key_lifetime_t lifetime = lifetime_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
- psa_key_handle_t handle1 = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
const uint8_t material1[5] = "a key";
@@ -336,26 +344,24 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, 0 );
PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
- &handle1 ) );
- TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) );
+ &returned_id ) );
+ TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) );
if( reopen_policy == CLOSE_BEFORE )
- PSA_ASSERT( psa_close_key( handle1 ) );
+ PSA_ASSERT( psa_close_key( id ) );
/* Attempt to create a new key in the same slot. */
TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
- &handle2 ),
+ &returned_id ),
PSA_ERROR_ALREADY_EXISTS );
- TEST_ASSERT( psa_key_handle_is_null( handle2 ) );
+ TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) );
if( reopen_policy == CLOSE_AFTER )
- PSA_ASSERT( psa_close_key( handle1 ) );
- if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
- PSA_ASSERT( psa_open_key( id, &handle1 ) );
+ PSA_ASSERT( psa_close_key( id ) );
/* Check that the original key hasn't changed. */
psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( id, &attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
@@ -364,13 +370,13 @@
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
- PSA_ASSERT( psa_export_key( handle1,
+ PSA_ASSERT( psa_export_key( id,
reexported, sizeof( reexported ),
&reexported_length ) );
ASSERT_COMPARE( material1, sizeof( material1 ),
reexported, reexported_length );
- PSA_ASSERT( psa_close_key( handle1 ) );
+ PSA_ASSERT( psa_close_key( id ) );
exit:
PSA_DONE( );
@@ -404,7 +410,8 @@
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
+ mbedtls_svc_key_id_t returned_id =
+ mbedtls_svc_key_id_make( 0xdead, 0xdead );
uint8_t material[1] = {'k'};
TEST_USES_KEY_ID( id );
@@ -415,9 +422,9 @@
psa_set_key_lifetime( &attributes, lifetime );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
- &handle ),
+ &returned_id ),
expected_status );
- TEST_ASSERT( psa_key_handle_is_null( handle ) );
+ TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) );
exit:
PSA_DONE( );
@@ -443,16 +450,17 @@
mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg );
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
- psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t source_type = type_arg;
+ mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
mbedtls_svc_key_id_t target_id =
mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg );
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
- psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
psa_key_usage_t expected_usage = expected_usage_arg;
psa_algorithm_t expected_alg = expected_alg_arg;
psa_algorithm_t expected_alg2 = expected_alg2_arg;
@@ -473,9 +481,10 @@
psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
PSA_ASSERT( psa_import_key( &source_attributes,
material->x, material->len,
- &source_handle ) );
+ &returned_source_id ) );
/* Update the attributes with the bit size. */
- PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( returned_source_id,
+ &source_attributes ) );
/* Prepare the target slot. */
psa_set_key_id( &target_attributes, target_id );
@@ -486,11 +495,11 @@
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( source_handle,
- &target_attributes, &target_handle ) );
+ PSA_ASSERT( psa_copy_key( returned_source_id,
+ &target_attributes, &returned_target_id ) );
/* Destroy the source to ensure that this doesn't affect the target. */
- PSA_ASSERT( psa_destroy_key( source_handle ) );
+ PSA_ASSERT( psa_destroy_key( returned_source_id ) );
/* If the target key is persistent, restart the system to make
* sure that the material is still alive. */
@@ -503,7 +512,8 @@
/* Test that the target slot has the expected content. */
psa_reset_key_attributes( &target_attributes );
- PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( returned_target_id,
+ &target_attributes ) );
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
@@ -513,10 +523,9 @@
else
{
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
- TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ),
+ TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( returned_target_id ),
target_owner_id_arg );
#endif
- TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 );
}
TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
@@ -531,7 +540,7 @@
{
size_t length;
ASSERT_ALLOC( export_buffer, material->len );
- PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ PSA_ASSERT( psa_export_key( returned_target_id, export_buffer,
material->len, &length ) );
ASSERT_COMPARE( material->x, material->len,
export_buffer, length );
@@ -540,12 +549,12 @@
{
size_t length;
/* Check that the key is actually non-exportable. */
- TEST_EQUAL( psa_export_key( target_handle, export_buffer,
+ TEST_EQUAL( psa_export_key( returned_target_id, export_buffer,
material->len, &length ),
PSA_ERROR_NOT_PERMITTED );
}
- PSA_ASSERT( psa_destroy_key( target_handle ) );
+ PSA_ASSERT( psa_destroy_key( returned_target_id ) );
exit:
PSA_DONE( );
@@ -569,16 +578,16 @@
mbedtls_svc_key_id_make( 1, source_id_arg );
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
- psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
psa_key_type_t source_type = source_type_arg;
+ mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
mbedtls_svc_key_id_t target_id =
mbedtls_svc_key_id_make( 1, target_id_arg );
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
- psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
psa_key_type_t target_type = target_type_arg;
- psa_key_handle_t new_handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
+ mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t new_key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t *export_buffer = NULL;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
@@ -600,12 +609,12 @@
psa_set_key_algorithm( &attributes, source_alg );
PSA_ASSERT( psa_import_key( &attributes,
source_material->x, source_material->len,
- &source_handle ) );
+ &returned_source_id ) );
/* Populate the target slot. */
if( mbedtls_svc_key_id_equal( target_id, source_id ) )
{
- target_handle = source_handle;
+ returned_target_id = returned_source_id;
}
else
{
@@ -616,20 +625,21 @@
psa_set_key_algorithm( &attributes1, target_alg );
PSA_ASSERT( psa_import_key( &attributes1,
target_material->x, target_material->len,
- &target_handle ) );
+ &returned_target_id ) );
}
- PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
+
+ PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes1 ) );
/* Make a copy attempt. */
psa_set_key_id( &attributes, target_id );
psa_set_key_lifetime( &attributes, target_lifetime );
- TEST_EQUAL( psa_copy_key( source_handle,
- &attributes, &new_handle ),
+ TEST_EQUAL( psa_copy_key( returned_source_id,
+ &attributes, &new_key ),
PSA_ERROR_ALREADY_EXISTS );
- TEST_ASSERT( psa_key_handle_is_null( new_handle ) );
+ TEST_ASSERT( mbedtls_svc_key_id_is_null( new_key ) );
/* Test that the target slot is unaffected. */
- PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
+ PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes2 ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes1 ),
psa_get_key_id( &attributes2 ) ) );
@@ -647,15 +657,15 @@
{
size_t length;
ASSERT_ALLOC( export_buffer, target_material->len );
- PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ PSA_ASSERT( psa_export_key( returned_target_id, export_buffer,
target_material->len, &length ) );
ASSERT_COMPARE( target_material->x, target_material->len,
export_buffer, length );
}
- PSA_ASSERT( psa_destroy_key( source_handle ) );
- if( ! psa_key_handle_equal( target_handle, source_handle ) )
- PSA_ASSERT( psa_destroy_key( target_handle ) );
+ PSA_ASSERT( psa_destroy_key( returned_source_id ) );
+ if( ! mbedtls_svc_key_id_equal( target_id, source_id ) )
+ PSA_ASSERT( psa_destroy_key( returned_target_id ) );
exit:
PSA_DONE( );
@@ -750,51 +760,51 @@
/* END_CASE */
/* BEGIN_CASE */
-void many_transient_handles( int max_handles_arg )
+void many_transient_keys( int max_keys_arg )
{
- psa_key_handle_t *handles = NULL;
- size_t max_handles = max_handles_arg;
+ mbedtls_svc_key_id_t *keys = NULL;
+ size_t max_keys = max_keys_arg;
size_t i, j;
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t exported[sizeof( size_t )];
size_t exported_length;
- ASSERT_ALLOC( handles, max_handles );
+ ASSERT_ALLOC( keys, max_keys );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, 0 );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- for( i = 0; i < max_handles; i++ )
+ for( i = 0; i < max_keys; i++ )
{
status = psa_import_key( &attributes,
(uint8_t *) &i, sizeof( i ),
- &handles[i] );
+ &keys[i] );
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
break;
PSA_ASSERT( status );
- TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) );
+ TEST_ASSERT( ! mbedtls_svc_key_id_is_null( keys[i] ) );
for( j = 0; j < i; j++ )
- TEST_ASSERT( ! psa_key_handle_equal( handles[i], handles[j] ) );
+ TEST_ASSERT( ! mbedtls_svc_key_id_equal( keys[i], keys[j] ) );
}
- max_handles = i;
+ max_keys = i;
- for( i = 1; i < max_handles; i++ )
+ for( i = 1; i < max_keys; i++ )
{
- PSA_ASSERT( psa_close_key( handles[i - 1] ) );
- PSA_ASSERT( psa_export_key( handles[i],
+ PSA_ASSERT( psa_close_key( keys[i - 1] ) );
+ PSA_ASSERT( psa_export_key( keys[i],
exported, sizeof( exported ),
&exported_length ) );
ASSERT_COMPARE( exported, exported_length,
(uint8_t *) &i, sizeof( i ) );
}
- PSA_ASSERT( psa_close_key( handles[i - 1] ) );
+ PSA_ASSERT( psa_close_key( keys[i - 1] ) );
exit:
PSA_DONE( );
- mbedtls_free( handles );
+ mbedtls_free( keys );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 1dd2642..9f2007d 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -161,7 +161,7 @@
int cert_type )
{
mbedtls_pk_context key;
- psa_key_handle_t slot = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t md_alg_psa;
mbedtls_x509write_csr req;
unsigned char buf[4096];
@@ -178,7 +178,7 @@
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
- TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
@@ -202,7 +202,7 @@
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
- psa_destroy_key( slot );
+ psa_destroy_key( key_id );
PSA_DONE( );
}
/* END_CASE */