SE keys: implement and test psa_get_key_attributes
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fc9161d..b3a6f8a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1145,10 +1145,10 @@
}
#endif /* MBEDTLS_RSA_C */
-/** Retrieve the readily-accessible attributes of a key in a slot.
+/** Retrieve the generic attributes of a key in a slot.
*
- * This function does not compute attributes that are not directly
- * stored in the slot, such as the bit size of a transparent key.
+ * This function does not retrieve domain parameters, which require
+ * additional memory management.
*/
static void psa_get_key_slot_attributes( psa_key_slot_t *slot,
psa_key_attributes_t *attributes )
@@ -1157,6 +1157,7 @@
attributes->lifetime = slot->lifetime;
attributes->policy = slot->policy;
attributes->type = slot->type;
+ attributes->bits = psa_get_key_slot_bits( slot );
}
/** Retrieve all the publicly-accessible attributes of a key.
@@ -1169,21 +1170,26 @@
psa_reset_key_attributes( attributes );
- status = psa_get_transparent_key( handle, &slot, 0, 0 );
+ status = psa_get_key_from_slot( handle, &slot, 0, 0 );
if( status != PSA_SUCCESS )
return( status );
psa_get_key_slot_attributes( slot, attributes );
- attributes->bits = psa_get_key_slot_bits( slot );
switch( slot->type )
{
#if defined(MBEDTLS_RSA_C)
case PSA_KEY_TYPE_RSA_KEY_PAIR:
case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ /* TOnogrepDO: reporting the public exponent for opaque keys
+ * is not yet implemented. */
+ if( psa_get_se_driver( slot->lifetime, NULL, NULL ) )
+ break;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_get_rsa_public_exponent( slot->data.rsa, attributes );
break;
-#endif
+#endif /* MBEDTLS_RSA_C */
default:
/* Nothing else to do. */
break;
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index e0b8d29..f6b480f 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -178,6 +178,41 @@
/* Other test helper functions */
/****************************************************************/
+/* Check that the attributes of a key reported by psa_get_key_attributes()
+ * are consistent with the attributes used when creating the key. */
+static int check_key_attributes(
+ psa_key_handle_t handle,
+ const psa_key_attributes_t *reference_attributes )
+{
+ int ok = 0;
+ psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) );
+
+ TEST_EQUAL( psa_get_key_id( &actual_attributes ),
+ psa_get_key_id( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ),
+ psa_get_key_lifetime( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_type( &actual_attributes ),
+ psa_get_key_type( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &actual_attributes ),
+ psa_get_key_usage_flags( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_algorithm( &actual_attributes ),
+ psa_get_key_algorithm( reference_attributes ) );
+ TEST_EQUAL( psa_get_key_enrollment_algorithm( &actual_attributes ),
+ psa_get_key_enrollment_algorithm( reference_attributes ) );
+ if( psa_get_key_bits( reference_attributes ) != 0 )
+ {
+ TEST_EQUAL( psa_get_key_bits( &actual_attributes ),
+ psa_get_key_bits( reference_attributes ) );
+ }
+
+ ok = 1;
+
+exit:
+ return( ok );
+}
+
/* Check that a function's return status is "smoke-free", i.e. that
* it's an acceptable error code when calling an API function that operates
* on a key with potentially bogus parameters. */
@@ -445,6 +480,9 @@
/* Test that the key was created in the expected slot. */
TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
+ /* Test the key attributes and the key data. */
+ if( ! check_key_attributes( handle, &attributes ) )
+ goto exit;
PSA_ASSERT( psa_export_key( handle,
exported, sizeof( exported ),
&exported_length ) );