tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used
anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 23d827e..9b113b4 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -229,7 +229,7 @@
return( len );
}
-int check_key_attributes_sanity( psa_key_handle_t key )
+int check_key_attributes_sanity( mbedtls_svc_key_id_t key )
{
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -305,31 +305,29 @@
psa_mac_operation_t *operation,
psa_status_t *status )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
- &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
- *status = psa_mac_sign_setup( operation, handle, alg );
+ *status = psa_mac_sign_setup( operation, key, alg );
/* Whether setup succeeded or failed, abort must succeed. */
PSA_ASSERT( psa_mac_abort( operation ) );
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object. */
if( *status != PSA_SUCCESS )
{
- TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ),
- *status );
+ TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status );
}
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 1 );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 0 );
}
@@ -340,35 +338,34 @@
psa_cipher_operation_t *operation,
psa_status_t *status )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
- &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
- *status = psa_cipher_encrypt_setup( operation, handle, alg );
+ *status = psa_cipher_encrypt_setup( operation, key, alg );
/* Whether setup succeeded or failed, abort must succeed. */
PSA_ASSERT( psa_cipher_abort( operation ) );
/* If setup failed, reproduce the failure, so that the caller can
* test the resulting state of the operation object. */
if( *status != PSA_SUCCESS )
{
- TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ),
+ TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ),
*status );
}
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 1 );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
return( 0 );
}
-static int exercise_mac_key( psa_key_handle_t handle,
+static int exercise_mac_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -379,8 +376,7 @@
if( usage & PSA_KEY_USAGE_SIGN_HASH )
{
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_sign_finish( &operation,
@@ -394,8 +390,7 @@
( usage & PSA_KEY_USAGE_SIGN_HASH ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ),
@@ -409,7 +404,7 @@
return( 0 );
}
-static int exercise_cipher_key( psa_key_handle_t handle,
+static int exercise_cipher_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -424,8 +419,7 @@
if( usage & PSA_KEY_USAGE_ENCRYPT )
{
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation,
iv, sizeof( iv ),
&iv_length ) );
@@ -447,15 +441,14 @@
if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
/* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't
* have this macro yet. */
iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(
psa_get_key_type( &attributes ) );
maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
}
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, iv_length ) );
PSA_ASSERT( psa_cipher_update( &operation,
@@ -483,7 +476,7 @@
return( 0 );
}
-static int exercise_aead_key( psa_key_handle_t handle,
+static int exercise_aead_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -496,7 +489,7 @@
if( usage & PSA_KEY_USAGE_ENCRYPT )
{
- PSA_ASSERT( psa_aead_encrypt( handle, alg,
+ PSA_ASSERT( psa_aead_encrypt( key, alg,
nonce, nonce_length,
NULL, 0,
plaintext, sizeof( plaintext ),
@@ -510,7 +503,7 @@
( usage & PSA_KEY_USAGE_ENCRYPT ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce, nonce_length,
NULL, 0,
ciphertext, ciphertext_length,
@@ -525,7 +518,7 @@
return( 0 );
}
-static int exercise_signature_key( psa_key_handle_t handle,
+static int exercise_signature_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -554,7 +547,7 @@
* even for algorithms that allow other input sizes. */
if( hash_alg != 0 )
payload_length = PSA_HASH_SIZE( hash_alg );
- PSA_ASSERT( psa_sign_hash( handle, alg,
+ PSA_ASSERT( psa_sign_hash( key, alg,
payload, payload_length,
signature, sizeof( signature ),
&signature_length ) );
@@ -566,7 +559,7 @@
( usage & PSA_KEY_USAGE_SIGN_HASH ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_hash( handle, alg,
+ TEST_EQUAL( psa_verify_hash( key, alg,
payload, payload_length,
signature, signature_length ),
verify_status );
@@ -578,7 +571,7 @@
return( 0 );
}
-static int exercise_asymmetric_encryption_key( psa_key_handle_t handle,
+static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -589,7 +582,7 @@
if( usage & PSA_KEY_USAGE_ENCRYPT )
{
- PSA_ASSERT( psa_asymmetric_encrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
plaintext, plaintext_length,
NULL, 0,
ciphertext, sizeof( ciphertext ),
@@ -599,7 +592,7 @@
if( usage & PSA_KEY_USAGE_DECRYPT )
{
psa_status_t status =
- psa_asymmetric_decrypt( handle, alg,
+ psa_asymmetric_decrypt( key, alg,
ciphertext, ciphertext_length,
NULL, 0,
plaintext, sizeof( plaintext ),
@@ -617,7 +610,7 @@
}
static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation,
- psa_key_handle_t handle,
+ mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
unsigned char* input1, size_t input1_length,
unsigned char* input2, size_t input2_length,
@@ -631,7 +624,7 @@
input1, input1_length ) );
PSA_ASSERT( psa_key_derivation_input_key( operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle ) );
+ key ) );
PSA_ASSERT( psa_key_derivation_input_bytes( operation,
PSA_KEY_DERIVATION_INPUT_INFO,
input2,
@@ -645,7 +638,7 @@
input1, input1_length ) );
PSA_ASSERT( psa_key_derivation_input_key( operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle ) );
+ key ) );
PSA_ASSERT( psa_key_derivation_input_bytes( operation,
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length ) );
@@ -665,7 +658,7 @@
}
-static int exercise_key_derivation_key( psa_key_handle_t handle,
+static int exercise_key_derivation_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -679,7 +672,7 @@
if( usage & PSA_KEY_USAGE_DERIVE )
{
- if( !setup_key_derivation_wrap( &operation, handle, alg,
+ if( !setup_key_derivation_wrap( &operation, key, alg,
input1, input1_length,
input2, input2_length, capacity ) )
goto exit;
@@ -700,7 +693,7 @@
* private key against its own public key. */
static psa_status_t key_agreement_with_self(
psa_key_derivation_operation_t *operation,
- psa_key_handle_t handle )
+ mbedtls_svc_key_id_t key )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -713,18 +706,17 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( handle,
- public_key, public_key_length,
+ PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
&public_key_length ) );
status = psa_key_derivation_key_agreement(
- operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
+ operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
@@ -735,7 +727,7 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
- psa_key_handle_t handle )
+ mbedtls_svc_key_id_t key )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -750,17 +742,17 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( handle,
+ PSA_ASSERT( psa_export_public_key( key,
public_key, public_key_length,
&public_key_length ) );
- status = psa_raw_key_agreement( alg, handle,
+ status = psa_raw_key_agreement( alg, key,
public_key, public_key_length,
output, sizeof( output ), &output_length );
exit:
@@ -769,7 +761,7 @@
return( status );
}
-static int exercise_raw_key_agreement_key( psa_key_handle_t handle,
+static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -779,7 +771,7 @@
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) );
+ PSA_ASSERT( raw_key_agreement_with_self( alg, key ) );
}
ok = 1;
@@ -787,7 +779,7 @@
return( ok );
}
-static int exercise_key_agreement_key( psa_key_handle_t handle,
+static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
@@ -800,7 +792,7 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
+ PSA_ASSERT( key_agreement_with_self( &operation, key ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
@@ -1011,7 +1003,7 @@
return( 0 );
}
-static int exercise_export_key( psa_key_handle_t handle,
+static int exercise_export_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1020,12 +1012,12 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
{
- TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
+ TEST_EQUAL( psa_export_key( key, NULL, 0, &exported_length ),
PSA_ERROR_NOT_PERMITTED );
ok = 1;
goto exit;
@@ -1035,7 +1027,7 @@
psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( key,
exported, exported_size,
&exported_length ) );
ok = exported_key_sanity_check( psa_get_key_type( &attributes ),
@@ -1048,7 +1040,7 @@
return( ok );
}
-static int exercise_export_public_key( psa_key_handle_t handle )
+static int exercise_export_public_key( mbedtls_svc_key_id_t key )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t public_type;
@@ -1057,10 +1049,10 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
{
- TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ),
+ TEST_EQUAL( psa_export_public_key( key, NULL, 0, &exported_length ),
PSA_ERROR_INVALID_ARGUMENT );
return( 1 );
}
@@ -1071,7 +1063,7 @@
psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
- PSA_ASSERT( psa_export_public_key( handle,
+ PSA_ASSERT( psa_export_public_key( key,
exported, exported_size,
&exported_length ) );
ok = exported_key_sanity_check( public_type,
@@ -1103,7 +1095,7 @@
* if( ! exercise_key( ... ) ) goto exit;
* ```
*
- * \param handle The key to exercise. It should be capable of performing
+ * \param key The key to exercise. It should be capable of performing
* \p alg.
* \param usage The usage flags to assume.
* \param alg The algorithm to exercise.
@@ -1111,33 +1103,33 @@
* \retval 0 The key failed the smoke tests.
* \retval 1 The key passed the smoke tests.
*/
-static int exercise_key( psa_key_handle_t handle,
+static int exercise_key( mbedtls_svc_key_id_t key,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
int ok;
- if( ! check_key_attributes_sanity( handle ) )
+ if( ! check_key_attributes_sanity( key ) )
return( 0 );
if( alg == 0 )
ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
else if( PSA_ALG_IS_MAC( alg ) )
- ok = exercise_mac_key( handle, usage, alg );
+ ok = exercise_mac_key( key, usage, alg );
else if( PSA_ALG_IS_CIPHER( alg ) )
- ok = exercise_cipher_key( handle, usage, alg );
+ ok = exercise_cipher_key( key, usage, alg );
else if( PSA_ALG_IS_AEAD( alg ) )
- ok = exercise_aead_key( handle, usage, alg );
+ ok = exercise_aead_key( key, usage, alg );
else if( PSA_ALG_IS_SIGN( alg ) )
- ok = exercise_signature_key( handle, usage, alg );
+ ok = exercise_signature_key( key, usage, alg );
else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
- ok = exercise_asymmetric_encryption_key( handle, usage, alg );
+ ok = exercise_asymmetric_encryption_key( key, usage, alg );
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
- ok = exercise_key_derivation_key( handle, usage, alg );
+ ok = exercise_key_derivation_key( key, usage, alg );
else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
- ok = exercise_raw_key_agreement_key( handle, usage, alg );
+ ok = exercise_raw_key_agreement_key( key, usage, alg );
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- ok = exercise_key_agreement_key( handle, usage, alg );
+ ok = exercise_key_agreement_key( key, usage, alg );
else
{
char message[40];
@@ -1148,8 +1140,8 @@
ok = 0;
}
- ok = ok && exercise_export_key( handle, usage );
- ok = ok && exercise_export_public_key( handle );
+ ok = ok && exercise_export_key( key, usage );
+ ok = ok && exercise_export_public_key( key );
return( ok );
}
@@ -1182,7 +1174,7 @@
}
-static int test_operations_on_invalid_handle( psa_key_handle_t handle )
+static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
@@ -1194,7 +1186,7 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
+ TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
PSA_ERROR_DOES_NOT_EXIST );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
@@ -1206,10 +1198,9 @@
TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
- TEST_EQUAL( psa_export_key( handle,
- buffer, sizeof( buffer ), &length ),
+ TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
PSA_ERROR_DOES_NOT_EXIST );
- TEST_EQUAL( psa_export_public_key( handle,
+ TEST_EQUAL( psa_export_public_key( key,
buffer, sizeof( buffer ), &length ),
PSA_ERROR_DOES_NOT_EXIST );
@@ -1459,7 +1450,7 @@
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
@@ -1475,22 +1466,22 @@
status = psa_import_key( &attributes,
key_material, sizeof( key_material ),
- &handle );
+ &key );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &got_attributes );
PSA_DONE( );
}
@@ -1503,7 +1494,7 @@
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t attr_bits = attr_bits_arg;
psa_status_t expected_status = expected_status_arg;
@@ -1514,22 +1505,22 @@
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, attr_bits );
- status = psa_import_key( &attributes, data->x, data->len, &handle );
+ status = psa_import_key( &attributes, data->x, data->len, &key );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
if( attr_bits != 0 )
TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &got_attributes );
PSA_DONE( );
}
@@ -1543,7 +1534,7 @@
size_t byte_size = byte_size_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
uint8_t *buffer = NULL;
size_t buffer_size = byte_size + 1;
@@ -1559,18 +1550,18 @@
/* Try importing the key */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, buffer, byte_size, &handle );
+ status = psa_import_key( &attributes, buffer, byte_size, &key );
TEST_EQUAL( status, expected_status );
if( status == PSA_SUCCESS )
{
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ),
PSA_BYTES_TO_BITS( byte_size ) );
ASSERT_NO_SLOT_NUMBER( &attributes );
memset( buffer, 0, byte_size + 1 );
- PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) );
+ PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) );
for( n = 0; n < byte_size; n++ )
TEST_EQUAL( buffer[n], 'K' );
for( n = byte_size; n < buffer_size; n++ )
@@ -1578,7 +1569,7 @@
}
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( buffer );
}
@@ -1587,7 +1578,7 @@
/* BEGIN_CASE */
void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t bits = bits_arg;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@@ -1610,11 +1601,11 @@
/* Try importing the key */
psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, p, length, &handle );
+ status = psa_import_key( &attributes, p, length, &key );
TEST_EQUAL( status, expected_status );
if( status == PSA_SUCCESS )
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
exit:
mbedtls_free( buffer );
@@ -1631,7 +1622,7 @@
int expected_export_status_arg,
int canonical_input )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_export_status = expected_export_status_arg;
@@ -1655,18 +1646,16 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
/* Export the key */
- status = psa_export_key( handle,
- exported, export_size,
- &exported_length );
+ status = psa_export_key( key, exported, export_size, &exported_length );
TEST_EQUAL( status, expected_export_status );
/* The exported length must be set by psa_export_key() to a value between 0
@@ -1683,30 +1672,30 @@
goto destroy;
}
- if( ! exercise_export_key( handle, usage_arg ) )
+ if( ! exercise_export_key( key, usage_arg ) )
goto exit;
if( canonical_input )
ASSERT_COMPARE( data->x, data->len, exported, exported_length );
else
{
- psa_key_handle_t handle2;
+ mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
- &handle2 ) );
- PSA_ASSERT( psa_export_key( handle2,
+ &key2 ) );
+ PSA_ASSERT( psa_export_key( key2,
reexported,
export_size,
&reexported_length ) );
ASSERT_COMPARE( exported, exported_length,
reexported, reexported_length );
- PSA_ASSERT( psa_close_key( handle2 ) );
+ PSA_ASSERT( psa_destroy_key( key2 ) );
}
TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
destroy:
/* Destroy the key */
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
mbedtls_free( exported );
@@ -1724,7 +1713,7 @@
int expected_export_status_arg,
data_t *expected_public_key )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_export_status = expected_export_status_arg;
@@ -1741,11 +1730,11 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
/* Export the public key */
ASSERT_ALLOC( exported, export_size );
- status = psa_export_public_key( handle,
+ status = psa_export_public_key( key,
exported, export_size,
&exported_length );
TEST_EQUAL( status, expected_export_status );
@@ -1753,7 +1742,7 @@
{
psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
size_t bits;
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
bits = psa_get_key_bits( &attributes );
TEST_ASSERT( expected_public_key->len <=
PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
@@ -1763,7 +1752,7 @@
exit:
mbedtls_free( exported );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
@@ -1775,7 +1764,7 @@
int bits_arg,
int alg_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_algorithm_t alg = alg_arg;
@@ -1790,22 +1779,22 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
- PSA_ASSERT( psa_destroy_key( handle ) );
- test_operations_on_invalid_handle( handle );
+ PSA_ASSERT( psa_destroy_key( key ) );
+ test_operations_on_invalid_key( key );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &got_attributes );
PSA_DONE( );
}
@@ -1817,7 +1806,7 @@
int usage_arg, int expected_usage_arg,
int alg_arg, int expected_alg_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = type_arg;
psa_key_type_t expected_key_type = expected_type_arg;
size_t bits = bits_arg;
@@ -1835,17 +1824,17 @@
psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, bits );
- PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
psa_reset_key_attributes( &attributes );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type );
TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
}
@@ -1903,7 +1892,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status;
@@ -1916,9 +1905,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_mac_sign_setup( &operation, handle, exercise_alg );
+ status = psa_mac_sign_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
PSA_ASSERT( status );
@@ -1927,7 +1916,7 @@
psa_mac_abort( &operation );
memset( mac, 0, sizeof( mac ) );
- status = psa_mac_verify_setup( &operation, handle, exercise_alg );
+ status = psa_mac_verify_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
PSA_ASSERT( status );
@@ -1936,7 +1925,7 @@
exit:
psa_mac_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -1948,7 +1937,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_status_t status;
@@ -1960,9 +1949,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
+ status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
PSA_ASSERT( status );
@@ -1970,7 +1959,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
psa_cipher_abort( &operation );
- status = psa_cipher_decrypt_setup( &operation, handle, exercise_alg );
+ status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
PSA_ASSERT( status );
@@ -1979,7 +1968,7 @@
exit:
psa_cipher_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -1993,7 +1982,7 @@
int tag_length_arg,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
unsigned char nonce[16] = {0};
@@ -2012,9 +2001,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_aead_encrypt( handle, exercise_alg,
+ status = psa_aead_encrypt( key, exercise_alg,
nonce, nonce_length,
NULL, 0,
NULL, 0,
@@ -2027,7 +2016,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
memset( tag, 0, sizeof( tag ) );
- status = psa_aead_decrypt( handle, exercise_alg,
+ status = psa_aead_decrypt( key, exercise_alg,
nonce, nonce_length,
NULL, 0,
tag, tag_length,
@@ -2040,7 +2029,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2052,7 +2041,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
size_t key_bits;
@@ -2067,15 +2056,15 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
exercise_alg );
ASSERT_ALLOC( buffer, buffer_length );
- status = psa_asymmetric_encrypt( handle, exercise_alg,
+ status = psa_asymmetric_encrypt( key, exercise_alg,
NULL, 0,
NULL, 0,
buffer, buffer_length,
@@ -2088,7 +2077,7 @@
if( buffer_length != 0 )
memset( buffer, 0, buffer_length );
- status = psa_asymmetric_decrypt( handle, exercise_alg,
+ status = psa_asymmetric_decrypt( key, exercise_alg,
buffer, buffer_length,
NULL, 0,
buffer, buffer_length,
@@ -2100,7 +2089,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
psa_reset_key_attributes( &attributes );
PSA_DONE( );
mbedtls_free( buffer );
@@ -2115,7 +2104,7 @@
int exercise_alg,
int payload_length_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
@@ -2135,9 +2124,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = psa_sign_hash( handle, exercise_alg,
+ status = psa_sign_hash( key, exercise_alg,
payload, payload_length,
signature, sizeof( signature ),
&signature_length );
@@ -2147,7 +2136,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
memset( signature, 0, sizeof( signature ) );
- status = psa_verify_hash( handle, exercise_alg,
+ status = psa_verify_hash( key, exercise_alg,
payload, payload_length,
signature, sizeof( signature ) );
if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
@@ -2156,7 +2145,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2168,7 +2157,7 @@
data_t *key_data,
int exercise_alg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
@@ -2180,7 +2169,7 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
@@ -2195,7 +2184,7 @@
status = psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
- handle );
+ key );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -2205,7 +2194,7 @@
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2218,7 +2207,7 @@
int exercise_alg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -2232,16 +2221,16 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
- status = key_agreement_with_self( &operation, handle );
+ status = key_agreement_with_self( &operation, key );
TEST_EQUAL( status, expected_status );
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2250,7 +2239,7 @@
void key_policy_alg2( int key_type_arg, data_t *key_data,
int usage_arg, int alg_arg, int alg2_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -2265,20 +2254,20 @@
psa_set_key_enrollment_algorithm( &attributes, alg2 );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
- if( ! exercise_key( handle, usage, alg2 ) )
+ if( ! exercise_key( key, usage, alg2 ) )
goto exit;
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2291,7 +2280,7 @@
int exercise_alg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -2305,15 +2294,15 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- status = raw_key_agreement_with_self( exercise_alg, handle );
+ status = raw_key_agreement_with_self( exercise_alg, key );
TEST_EQUAL( status, expected_status );
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -2333,8 +2322,8 @@
psa_key_usage_t expected_usage = expected_usage_arg;
psa_algorithm_t expected_alg = expected_alg_arg;
psa_algorithm_t expected_alg2 = expected_alg2_arg;
- psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
uint8_t *export_buffer = NULL;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2346,8 +2335,8 @@
psa_set_key_type( &source_attributes, type_arg );
PSA_ASSERT( psa_import_key( &source_attributes,
material->x, material->len,
- &source_handle ) );
- PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
+ &source_key ) );
+ PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) );
/* Prepare the target attributes. */
if( copy_attributes )
@@ -2360,14 +2349,14 @@
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Copy the key. */
- PSA_ASSERT( psa_copy_key( source_handle,
- &target_attributes, &target_handle ) );
+ PSA_ASSERT( psa_copy_key( source_key,
+ &target_attributes, &target_key ) );
/* Destroy the source to ensure that this doesn't affect the target. */
- PSA_ASSERT( psa_destroy_key( source_handle ) );
+ PSA_ASSERT( psa_destroy_key( source_key ) );
/* Test that the target slot has the expected content and policy. */
- PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) );
TEST_EQUAL( psa_get_key_type( &source_attributes ),
psa_get_key_type( &target_attributes ) );
TEST_EQUAL( psa_get_key_bits( &source_attributes ),
@@ -2380,17 +2369,17 @@
{
size_t length;
ASSERT_ALLOC( export_buffer, material->len );
- PSA_ASSERT( psa_export_key( target_handle, export_buffer,
+ PSA_ASSERT( psa_export_key( target_key, export_buffer,
material->len, &length ) );
ASSERT_COMPARE( material->x, material->len,
export_buffer, length );
}
- if( ! exercise_key( target_handle, expected_usage, expected_alg ) )
+ if( ! exercise_key( target_key, expected_usage, expected_alg ) )
goto exit;
- if( ! exercise_key( target_handle, expected_usage, expected_alg2 ) )
+ if( ! exercise_key( target_key, expected_usage, expected_alg2 ) )
goto exit;
- PSA_ASSERT( psa_close_key( target_handle ) );
+ PSA_ASSERT( psa_destroy_key( target_key ) );
exit:
psa_reset_key_attributes( &source_attributes );
@@ -2411,8 +2400,8 @@
{
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2423,7 +2412,7 @@
psa_set_key_type( &source_attributes, type_arg );
PSA_ASSERT( psa_import_key( &source_attributes,
material->x, material->len,
- &source_handle ) );
+ &source_key ) );
/* Prepare the target attributes. */
psa_set_key_type( &target_attributes, target_type_arg );
@@ -2433,11 +2422,11 @@
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
/* Try to copy the key. */
- TEST_EQUAL( psa_copy_key( source_handle,
- &target_attributes, &target_handle ),
+ TEST_EQUAL( psa_copy_key( source_key,
+ &target_attributes, &target_key ),
expected_status_arg );
- PSA_ASSERT( psa_destroy_key( source_handle ) );
+ PSA_ASSERT( psa_destroy_key( source_key ) );
exit:
psa_reset_key_attributes( &source_attributes );
@@ -2916,10 +2905,10 @@
/* BEGIN_CASE */
void mac_bad_order( )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
- const uint8_t key[] = {
+ const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
@@ -2938,7 +2927,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
+ &key ) );
/* Call update without calling setup beforehand. */
TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
@@ -2958,16 +2948,13 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call setup twice in a row. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
- TEST_EQUAL( psa_mac_sign_setup( &operation,
- handle, alg ),
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call update after sign finish. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -2977,8 +2964,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call update after verify finish. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@@ -2987,8 +2973,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call sign finish twice in a row. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -3000,8 +2985,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Call verify finish twice in a row. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@@ -3011,8 +2995,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Setup sign but try verify. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ),
@@ -3020,8 +3003,7 @@
PSA_ASSERT( psa_mac_abort( &operation ) );
/* Setup verify but try sign. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@@ -3029,7 +3011,7 @@
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_mac_abort( &operation ) );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
exit:
PSA_DONE( );
@@ -3038,19 +3020,19 @@
/* BEGIN_CASE */
void mac_sign( int key_type_arg,
- data_t *key,
+ data_t *key_data,
int alg_arg,
data_t *input,
data_t *expected_mac )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_mac = NULL;
size_t mac_buffer_size =
- PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
+ PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
size_t mac_length = 0;
const size_t output_sizes_to_test[] = {
0,
@@ -3070,7 +3052,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ )
{
@@ -3083,8 +3066,7 @@
ASSERT_ALLOC( actual_mac, output_size );
/* Calculate the MAC. */
- PSA_ASSERT( psa_mac_sign_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_sign_finish( &operation,
@@ -3104,7 +3086,7 @@
exit:
psa_mac_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( actual_mac );
}
@@ -3112,12 +3094,12 @@
/* BEGIN_CASE */
void mac_verify( int key_type_arg,
- data_t *key,
+ data_t *key_data,
int alg_arg,
data_t *input,
data_t *expected_mac )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
@@ -3132,11 +3114,11 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
/* Test the correct MAC. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
@@ -3144,8 +3126,7 @@
expected_mac->len ) );
/* Test a MAC that's too short. */
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
@@ -3156,8 +3137,7 @@
/* Test a MAC that's too long. */
ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
@@ -3170,8 +3150,7 @@
{
test_set_step( i );
perturbed_mac[i] ^= 1;
- PSA_ASSERT( psa_mac_verify_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
TEST_EQUAL( psa_mac_verify_finish( &operation,
@@ -3183,7 +3162,7 @@
exit:
psa_mac_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( perturbed_mac );
}
@@ -3271,13 +3250,13 @@
/* BEGIN_CASE */
void cipher_bad_order( )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 };
- const uint8_t key[] = {
+ const uint8_t key_data[] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa };
const uint8_t text[] = {
@@ -3290,18 +3269,18 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
-
+ PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
+ &key ) );
/* Call encrypt setup twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
- TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ),
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call decrypt setup twice in a row. */
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) );
- TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ),
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -3313,7 +3292,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Generate an IV twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ) );
@@ -3324,7 +3303,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Generate an IV after it's already set. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
TEST_EQUAL( psa_cipher_generate_iv( &operation,
@@ -3340,7 +3319,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Set an IV after it's already set. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
TEST_EQUAL( psa_cipher_set_iv( &operation,
@@ -3349,7 +3328,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Set an IV after it's already generated. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ) );
@@ -3375,7 +3354,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call update after finish. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
PSA_ASSERT( psa_cipher_finish( &operation,
@@ -3394,7 +3373,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call finish without an IV where an IV is required. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
/* Not calling update means we are encrypting an empty buffer, which is OK
* for cipher modes with padding. */
TEST_EQUAL( psa_cipher_finish( &operation,
@@ -3403,7 +3382,7 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call finish twice in a row. */
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
PSA_ASSERT( psa_cipher_finish( &operation,
@@ -3413,7 +3392,7 @@
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_cipher_abort( &operation ) );
- PSA_ASSERT( psa_destroy_key( handle ) );
+ PSA_ASSERT( psa_destroy_key( key ) );
exit:
psa_cipher_abort( &operation );
@@ -3423,11 +3402,11 @@
/* BEGIN_CASE */
void cipher_encrypt( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input, data_t *expected_output,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -3445,10 +3424,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3481,20 +3460,20 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
data_t *expected_output )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -3513,10 +3492,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3554,20 +3533,20 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
data_t *expected_output )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -3586,10 +3565,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3628,18 +3607,18 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_decrypt( int alg_arg, int key_type_arg,
- data_t *key, data_t *iv,
+ data_t *key_data, data_t *iv,
data_t *input, data_t *expected_output,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
@@ -3657,10 +3636,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
if( iv->len > 0 )
{
@@ -3693,17 +3672,17 @@
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
/* BEGIN_CASE */
void cipher_verify_output( int alg_arg, int key_type_arg,
- data_t *key,
+ data_t *key_data,
data_t *input )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char iv[16] = {0};
@@ -3726,12 +3705,11 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
- handle, alg ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
if( alg != PSA_ALG_ECB_NO_PADDING )
{
@@ -3784,7 +3762,7 @@
psa_cipher_abort( &operation2 );
mbedtls_free( output1 );
mbedtls_free( output2 );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -3792,11 +3770,11 @@
/* BEGIN_CASE */
void cipher_verify_output_multipart( int alg_arg,
int key_type_arg,
- data_t *key,
+ data_t *key_data,
data_t *input,
int first_part_size_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t first_part_size = first_part_size_arg;
@@ -3820,12 +3798,11 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
- handle, alg ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
- handle, alg ) );
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
+ PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
if( alg != PSA_ALG_ECB_NO_PADDING )
{
@@ -3896,7 +3873,7 @@
psa_cipher_abort( &operation2 );
mbedtls_free( output1 );
mbedtls_free( output2 );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -3909,7 +3886,7 @@
data_t *input_data,
int expected_result_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output_data = NULL;
@@ -3936,9 +3913,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- TEST_EQUAL( psa_aead_encrypt( handle, alg,
+ TEST_EQUAL( psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
additional_data->len,
@@ -3956,7 +3933,7 @@
TEST_EQUAL( input_data->len,
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
- TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
additional_data->len,
@@ -3970,7 +3947,7 @@
}
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output_data );
mbedtls_free( output_data2 );
PSA_DONE( );
@@ -3985,7 +3962,7 @@
data_t *input_data,
data_t *expected_result )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output_data = NULL;
@@ -4008,9 +3985,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_aead_encrypt( handle, alg,
+ PSA_ASSERT( psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
additional_data->x, additional_data->len,
input_data->x, input_data->len,
@@ -4021,7 +3998,7 @@
output_data, output_length );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
}
@@ -4036,7 +4013,7 @@
data_t *expected_data,
int expected_result_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output_data = NULL;
@@ -4061,9 +4038,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- TEST_EQUAL( psa_aead_decrypt( handle, alg,
+ TEST_EQUAL( psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
additional_data->len,
@@ -4077,7 +4054,7 @@
output_data, output_length );
exit:
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
}
@@ -4109,7 +4086,7 @@
int alg_arg, data_t *input_data,
data_t *output_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t key_bits;
@@ -4125,8 +4102,8 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
@@ -4138,7 +4115,7 @@
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
- PSA_ASSERT( psa_sign_hash( handle, alg,
+ PSA_ASSERT( psa_sign_hash( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
@@ -4149,7 +4126,7 @@
#if defined(MBEDTLS_TEST_DEPRECATED)
memset( signature, 0, signature_size );
signature_length = INVALID_EXPORT_LENGTH;
- PSA_ASSERT( psa_asymmetric_sign( handle, alg,
+ PSA_ASSERT( psa_asymmetric_sign( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
@@ -4159,7 +4136,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( signature );
PSA_DONE( );
}
@@ -4170,7 +4147,7 @@
int alg_arg, data_t *input_data,
int signature_size_arg, int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t signature_size = signature_size_arg;
@@ -4189,9 +4166,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- actual_status = psa_sign_hash( handle, alg,
+ actual_status = psa_sign_hash( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length );
@@ -4204,7 +4181,7 @@
#if defined(MBEDTLS_TEST_DEPRECATED)
signature_length = INVALID_EXPORT_LENGTH;
- TEST_EQUAL( psa_asymmetric_sign( handle, alg,
+ TEST_EQUAL( psa_asymmetric_sign( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ),
@@ -4214,7 +4191,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( signature );
PSA_DONE( );
}
@@ -4224,7 +4201,7 @@
void sign_verify( int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t key_bits;
@@ -4240,8 +4217,8 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
@@ -4253,7 +4230,7 @@
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
- PSA_ASSERT( psa_sign_hash( handle, alg,
+ PSA_ASSERT( psa_sign_hash( key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length ) );
@@ -4262,7 +4239,7 @@
TEST_ASSERT( signature_length > 0 );
/* Use the library to verify that the signature is correct. */
- PSA_ASSERT( psa_verify_hash( handle, alg,
+ PSA_ASSERT( psa_verify_hash( key, alg,
input_data->x, input_data->len,
signature, signature_length ) );
@@ -4272,7 +4249,7 @@
* detected as invalid. Flip a bit at the beginning, not at the end,
* because ECDSA may ignore the last few bits of the input. */
input_data->x[0] ^= 1;
- TEST_EQUAL( psa_verify_hash( handle, alg,
+ TEST_EQUAL( psa_verify_hash( key, alg,
input_data->x, input_data->len,
signature, signature_length ),
PSA_ERROR_INVALID_SIGNATURE );
@@ -4280,7 +4257,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( signature );
PSA_DONE( );
}
@@ -4291,7 +4268,7 @@
int alg_arg, data_t *hash_data,
data_t *signature_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -4305,14 +4282,14 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_verify_hash( handle, alg,
+ PSA_ASSERT( psa_verify_hash( key, alg,
hash_data->x, hash_data->len,
signature_data->x, signature_data->len ) );
#if defined(MBEDTLS_TEST_DEPRECATED)
- PSA_ASSERT( psa_asymmetric_verify( handle, alg,
+ PSA_ASSERT( psa_asymmetric_verify( key, alg,
hash_data->x, hash_data->len,
signature_data->x,
signature_data->len ) );
@@ -4321,7 +4298,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -4332,7 +4309,7 @@
data_t *signature_data,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t actual_status;
@@ -4346,15 +4323,15 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- actual_status = psa_verify_hash( handle, alg,
+ actual_status = psa_verify_hash( key, alg,
hash_data->x, hash_data->len,
signature_data->x, signature_data->len );
TEST_EQUAL( actual_status, expected_status );
#if defined(MBEDTLS_TEST_DEPRECATED)
- TEST_EQUAL( psa_asymmetric_verify( handle, alg,
+ TEST_EQUAL( psa_asymmetric_verify( key, alg,
hash_data->x, hash_data->len,
signature_data->x, signature_data->len ),
expected_status );
@@ -4362,7 +4339,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -4376,7 +4353,7 @@
int expected_output_length_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t expected_output_length = expected_output_length_arg;
@@ -4395,16 +4372,16 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
/* Determine the maximum output length */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
/* Encrypt the input */
- actual_status = psa_asymmetric_encrypt( handle, alg,
+ actual_status = psa_asymmetric_encrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output, output_size,
@@ -4419,7 +4396,7 @@
output_length = ~0;
if( output_size != 0 )
memset( output, 0, output_size );
- actual_status = psa_asymmetric_encrypt( handle, alg,
+ actual_status = psa_asymmetric_encrypt( key, alg,
input_data->x, input_data->len,
NULL, label->len,
output, output_size,
@@ -4430,7 +4407,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
PSA_DONE( );
}
@@ -4443,7 +4420,7 @@
data_t *input_data,
data_t *label )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
size_t key_bits;
@@ -4462,10 +4439,10 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
/* Determine the maximum ciphertext length */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
@@ -4475,7 +4452,7 @@
/* We test encryption by checking that encrypt-then-decrypt gives back
* the original plaintext because of the non-optional random
* part of encryption process which prevents using fixed vectors. */
- PSA_ASSERT( psa_asymmetric_encrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output, output_size,
@@ -4484,7 +4461,7 @@
* it looks sensible. */
TEST_ASSERT( output_length <= output_size );
- PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
output, output_length,
label->x, label->len,
output2, output2_size,
@@ -4494,7 +4471,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
mbedtls_free( output2 );
PSA_DONE( );
@@ -4509,7 +4486,7 @@
data_t *label,
data_t *expected_data )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output = NULL;
@@ -4527,9 +4504,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output,
@@ -4545,7 +4522,7 @@
output_length = ~0;
if( output_size != 0 )
memset( output, 0, output_size );
- PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
+ PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
NULL, label->len,
output,
@@ -4557,7 +4534,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
PSA_DONE( );
}
@@ -4572,7 +4549,7 @@
int output_size_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *output = NULL;
@@ -4591,9 +4568,9 @@
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- actual_status = psa_asymmetric_decrypt( handle, alg,
+ actual_status = psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
label->x, label->len,
output, output_size,
@@ -4608,7 +4585,7 @@
output_length = ~0;
if( output_size != 0 )
memset( output, 0, output_size );
- actual_status = psa_asymmetric_decrypt( handle, alg,
+ actual_status = psa_asymmetric_decrypt( key, alg,
input_data->x, input_data->len,
NULL, label->len,
output, output_size,
@@ -4619,7 +4596,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
mbedtls_free( output );
PSA_DONE( );
}
@@ -4711,14 +4688,14 @@
expected_status_arg2,
expected_status_arg3};
data_t *inputs[] = {input1, input2, input3};
- psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT};
+ mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT };
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t i;
psa_key_type_t output_key_type = output_key_type_arg;
- psa_key_handle_t output_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t expected_output_status = expected_output_status_arg;
psa_status_t actual_output_status;
@@ -4736,19 +4713,19 @@
psa_set_key_type( &attributes, key_types[i] );
PSA_ASSERT( psa_import_key( &attributes,
inputs[i]->x, inputs[i]->len,
- &handles[i] ) );
+ &keys[i] ) );
if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
{
// When taking a private key as secret input, use key agreement
// to add the shared secret to the derivation
- TEST_EQUAL( key_agreement_with_self( &operation, handles[i] ),
+ TEST_EQUAL( key_agreement_with_self( &operation, keys[i] ),
expected_statuses[i] );
}
else
{
TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
- handles[i] ),
+ keys[i] ),
expected_statuses[i] );
}
}
@@ -4768,7 +4745,7 @@
psa_set_key_bits( &attributes, 8 );
actual_output_status =
psa_key_derivation_output_key( &attributes, &operation,
- &output_handle );
+ &output_key );
}
else
{
@@ -4781,9 +4758,9 @@
exit:
psa_key_derivation_abort( &operation );
- for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
- psa_destroy_key( handles[i] );
- psa_destroy_key( output_handle );
+ for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
+ psa_destroy_key( keys[i] );
+ psa_destroy_key( output_key );
PSA_DONE( );
}
/* END_CASE */
@@ -4792,7 +4769,7 @@
void test_derive_invalid_key_derivation_state( int alg_arg )
{
psa_algorithm_t alg = alg_arg;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t key_type = PSA_KEY_TYPE_DERIVE;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input1[] = "Input 1";
@@ -4814,10 +4791,10 @@
PSA_ASSERT( psa_import_key( &attributes,
key_data, sizeof( key_data ),
- &handle ) );
+ &key ) );
/* valid key derivation */
- if( !setup_key_derivation_wrap( &operation, handle, alg,
+ if( !setup_key_derivation_wrap( &operation, key, alg,
input1, input1_length,
input2, input2_length,
capacity ) )
@@ -4834,7 +4811,7 @@
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -4880,9 +4857,9 @@
psa_algorithm_t alg = alg_arg;
psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
data_t *inputs[] = {input1, input2, input3};
- psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT,
- PSA_KEY_HANDLE_INIT};
+ mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT,
+ MBEDTLS_SVC_KEY_ID_INIT };
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
@@ -4924,10 +4901,9 @@
case PSA_KEY_DERIVATION_INPUT_SECRET:
PSA_ASSERT( psa_import_key( &attributes,
inputs[i]->x, inputs[i]->len,
- &handles[i] ) );
+ &keys[i] ) );
PSA_ASSERT( psa_key_derivation_input_key(
- &operation, steps[i],
- handles[i] ) );
+ &operation, steps[i], keys[i] ) );
break;
default:
PSA_ASSERT( psa_key_derivation_input_bytes(
@@ -4979,8 +4955,8 @@
exit:
mbedtls_free( output_buffer );
psa_key_derivation_abort( &operation );
- for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
- psa_destroy_key( handles[i] );
+ for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
+ psa_destroy_key( keys[i] );
PSA_DONE( );
}
/* END_CASE */
@@ -4992,7 +4968,7 @@
data_t *input2,
int requested_capacity_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -5008,9 +4984,9 @@
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &handle ) );
+ &key ) );
- if( !setup_key_derivation_wrap( &operation, handle, alg,
+ if( !setup_key_derivation_wrap( &operation, key, alg,
input1->x, input1->len,
input2->x, input2->len,
requested_capacity ) )
@@ -5043,7 +5019,7 @@
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -5058,8 +5034,8 @@
int derived_usage_arg,
int derived_alg_arg )
{
- psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t derived_type = derived_type_arg;
size_t derived_bits = derived_bits_arg;
@@ -5076,10 +5052,10 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &base_handle ) );
+ &base_key ) );
/* Derive a key. */
- if ( setup_key_derivation_wrap( &operation, base_handle, alg,
+ if ( setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, capacity ) )
goto exit;
@@ -5089,22 +5065,22 @@
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
- &derived_handle ) );
+ &derived_key ) );
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
/* Exercise the derived key. */
- if( ! exercise_key( derived_handle, derived_usage, derived_alg ) )
+ if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
goto exit;
exit:
psa_key_derivation_abort( &operation );
psa_reset_key_attributes( &got_attributes );
- psa_destroy_key( base_handle );
- psa_destroy_key( derived_handle );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -5117,8 +5093,8 @@
int bytes1_arg,
int bytes2_arg )
{
- psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
size_t bytes1 = bytes1_arg;
size_t bytes2 = bytes2_arg;
@@ -5138,10 +5114,10 @@
psa_set_key_algorithm( &base_attributes, alg );
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
- &base_handle ) );
+ &base_key ) );
/* Derive some material and output it. */
- if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ if( !setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, capacity ) )
goto exit;
@@ -5152,7 +5128,7 @@
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
/* Derive the same output again, but this time store it in key objects. */
- if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ if( !setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, capacity ) )
goto exit;
@@ -5162,16 +5138,16 @@
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_handle ) );
- PSA_ASSERT( psa_export_key( derived_handle,
+ &derived_key ) );
+ PSA_ASSERT( psa_export_key( derived_key,
export_buffer, bytes1,
&length ) );
TEST_EQUAL( length, bytes1 );
- PSA_ASSERT( psa_destroy_key( derived_handle ) );
+ PSA_ASSERT( psa_destroy_key( derived_key ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_handle ) );
- PSA_ASSERT( psa_export_key( derived_handle,
+ &derived_key ) );
+ PSA_ASSERT( psa_export_key( derived_key,
export_buffer + bytes1, bytes2,
&length ) );
TEST_EQUAL( length, bytes2 );
@@ -5184,8 +5160,8 @@
mbedtls_free( output_buffer );
mbedtls_free( export_buffer );
psa_key_derivation_abort( &operation );
- psa_destroy_key( base_handle );
- psa_destroy_key( derived_handle );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -5196,8 +5172,8 @@
int type_arg, int bits_arg,
int expected_status_arg )
{
- psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
@@ -5212,9 +5188,9 @@
psa_set_key_algorithm( &base_attributes, alg );
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
- &base_handle ) );
+ &base_key ) );
- if( !setup_key_derivation_wrap( &operation, base_handle, alg,
+ if( !setup_key_derivation_wrap( &operation, base_key, alg,
input1->x, input1->len,
input2->x, input2->len, SIZE_MAX ) )
goto exit;
@@ -5224,13 +5200,13 @@
psa_set_key_type( &derived_attributes, type );
psa_set_key_bits( &derived_attributes, bits );
TEST_EQUAL( psa_key_derivation_output_key( &derived_attributes, &operation,
- &derived_handle ),
+ &derived_key ),
expected_status );
exit:
psa_key_derivation_abort( &operation );
- psa_destroy_key( base_handle );
- psa_destroy_key( derived_handle );
+ psa_destroy_key( base_key );
+ psa_destroy_key( derived_key );
PSA_DONE( );
}
/* END_CASE */
@@ -5241,7 +5217,7 @@
data_t *our_key_data, data_t *peer_key_data,
int expected_status_arg )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_algorithm_t our_key_alg = our_key_alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
@@ -5290,7 +5266,7 @@
data_t *peer_key_data,
data_t *expected_output )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -5327,7 +5303,7 @@
data_t *peer_key_data,
int expected_capacity_arg )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -5387,7 +5363,7 @@
data_t *peer_key_data,
data_t *expected_output1, data_t *expected_output2 )
{
- psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -5501,7 +5477,7 @@
int alg_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
psa_key_usage_t usage = usage_arg;
size_t bits = bits_arg;
@@ -5518,22 +5494,22 @@
psa_set_key_bits( &attributes, bits );
/* Generate a key */
- TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+ TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
if( expected_status != PSA_SUCCESS )
goto exit;
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
exit:
psa_reset_key_attributes( &got_attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
}
/* END_CASE */
@@ -5543,7 +5519,7 @@
data_t *e_arg,
int expected_status_arg )
{
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
size_t bits = bits_arg;
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
@@ -5578,12 +5554,12 @@
psa_set_key_bits( &attributes, bits );
/* Generate a key */
- TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status );
+ TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
if( expected_status != PSA_SUCCESS )
goto exit;
/* Test the key information */
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
@@ -5595,11 +5571,11 @@
ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage, alg ) )
+ if( ! exercise_key( key, usage, alg ) )
goto exit;
/* Export the key and check the public exponent. */
- PSA_ASSERT( psa_export_public_key( handle,
+ PSA_ASSERT( psa_export_public_key( key,
exported, exported_size,
&exported_length ) );
{
@@ -5634,7 +5610,7 @@
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE( );
mbedtls_free( e_read_buffer );
mbedtls_free( exported );
@@ -5649,8 +5625,8 @@
{
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
- psa_key_handle_t base_key = PSA_KEY_HANDLE_INIT;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
@@ -5681,12 +5657,12 @@
case IMPORT_KEY:
/* Import the key */
PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
- &handle ) );
+ &key ) );
break;
case GENERATE_KEY:
/* Generate a key */
- PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
+ PSA_ASSERT( psa_generate_key( &attributes, &key ) );
break;
case DERIVE_KEY:
@@ -5711,10 +5687,10 @@
NULL, 0 ) );
PSA_ASSERT( psa_key_derivation_output_key( &attributes,
&operation,
- &handle ) );
+ &key ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
- base_key = PSA_KEY_HANDLE_INIT;
+ base_key = MBEDTLS_SVC_KEY_ID_INIT;
}
break;
}
@@ -5723,7 +5699,7 @@
/* Export the key if permitted by the key policy. */
if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( key,
first_export, export_size,
&first_exported_length ) );
if( generation_method == IMPORT_KEY )
@@ -5732,13 +5708,12 @@
}
/* Shutdown and restart */
- PSA_ASSERT( psa_close_key( handle ) );
+ PSA_ASSERT( psa_purge_key( key ) );
PSA_DONE();
PSA_ASSERT( psa_crypto_init() );
/* Check key slot still contains key data */
- PSA_ASSERT( psa_open_key( key_id, &handle ) );
- PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
@@ -5751,7 +5726,7 @@
/* Export the key again if permitted by the key policy. */
if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
- PSA_ASSERT( psa_export_key( handle,
+ PSA_ASSERT( psa_export_key( key,
second_export, export_size,
&second_exported_length ) );
ASSERT_COMPARE( first_export, first_exported_length,
@@ -5759,7 +5734,7 @@
}
/* Do something with the key according to its type and permitted usage. */
- if( ! exercise_key( handle, usage_flags, alg ) )
+ if( ! exercise_key( key, usage_flags, alg ) )
goto exit;
exit:
@@ -5768,14 +5743,7 @@
mbedtls_free( second_export );
psa_key_derivation_abort( &operation );
psa_destroy_key( base_key );
- if( psa_key_handle_is_null( handle ) )
- {
- /* In case there was a test failure after creating the persistent key
- * but while it was not open, try to re-open the persistent key
- * to delete it. */
- (void) psa_open_key( key_id, &handle );
- }
- psa_destroy_key( handle );
+ psa_destroy_key( key );
PSA_DONE();
}
/* END_CASE */