Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 862919a..fe4abf1 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -25,6 +25,14 @@
Persistent slot, check after restart, id=max
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
+Persistent slot: ECP keypair (ECDSA, exportable); close
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
+
+Persistent slot: ECP keypair (ECDSA, exportable); restart
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
+
Attempt to overwrite: close before
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index f1b332f..c073f0b 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -134,9 +134,11 @@
psa_key_usage_t usage_flags = usage_arg;
psa_key_type_t type = type_arg;
close_method_t close_method = close_method_arg;
- psa_key_type_t read_type;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *reexported = NULL;
+ size_t reexported_length = -1;
TEST_USES_KEY_ID( id );
@@ -151,14 +153,22 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
TEST_ASSERT( handle != 0 );
- PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
- TEST_EQUAL( read_type, type );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+ TEST_EQUAL( psa_get_key_id( &attributes ), id );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
/* Close the key and reopen it. */
PSA_ASSERT( psa_close_key( handle ) );
PSA_ASSERT( psa_open_key( id, &handle ) );
- PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
- TEST_EQUAL( read_type, type );
+ PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
+ TEST_EQUAL( psa_get_key_id( &attributes ), id );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
+ TEST_EQUAL( psa_get_key_type( &attributes ), type );
/* Do something that invalidates the handle. */
switch( close_method )
@@ -175,19 +185,47 @@
break;
}
/* Test that the handle is now invalid. */
- TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ),
+ TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
PSA_ERROR_INVALID_HANDLE );
+ psa_reset_key_attributes( &read_attributes );
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
/* Try to reopen the key. If we destroyed it, check that it doesn't
- * exist, otherwise check that it still exists. */
+ * exist. Otherwise check that it still exists and has the expected
+ * content. */
switch( close_method )
{
case CLOSE_BY_CLOSE:
case CLOSE_BY_SHUTDOWN:
PSA_ASSERT( psa_open_key( id, &handle ) );
- PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
- TEST_EQUAL( read_type, type );
+ PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &attributes ),
+ psa_get_key_lifetime( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_id( &attributes ),
+ psa_get_key_id( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ),
+ psa_get_key_algorithm( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &attributes ),
+ psa_get_key_type( &read_attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ),
+ psa_get_key_bits( &read_attributes ) );
+ if( usage_flags & PSA_KEY_USAGE_EXPORT )
+ {
+ ASSERT_ALLOC( reexported, key_data->len );
+ PSA_ASSERT( psa_export_key( handle,
+ reexported, key_data->len,
+ &reexported_length ) );
+ ASSERT_COMPARE( key_data->x, key_data->len,
+ reexported, reexported_length );
+ }
+ else
+ {
+ TEST_EQUAL( psa_export_key( handle,
+ reexported, sizeof( reexported ),
+ &reexported_length ),
+ PSA_ERROR_NOT_PERMITTED );
+ }
break;
case CLOSE_BY_DESTROY:
TEST_EQUAL( psa_open_key( id, &handle ),
@@ -198,6 +236,7 @@
exit:
mbedtls_psa_crypto_free( );
psa_purge_key_storage( );
+ mbedtls_free( reexported );
}
/* END_CASE */