aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorAntonio de Angelis <antonio.deangelis@arm.com>2019-10-14 12:12:52 +0100
committerSoby Mathew <soby.mathew@arm.com>2020-02-24 11:53:56 +0000
commit04debbd6e157d8ab9f80525e296303e830838c50 (patch)
treef9f6f70898661ee377943ea65c23d8560bca7e00 /test
parentdad6ca656729478d199434a090b55bb3d36d4e86 (diff)
downloadtrusted-firmware-m-04debbd6e157d8ab9f80525e296303e830838c50.tar.gz
Crypto: Align to Mbed Crypto 3.0.1
This patch upgrades the Crypto service to be able to use Mbed Crypto 3.0.1: - Updates the PSA crypto headers to latest available in mbed-crypto - Updates the service implementation - Updates the test suites where needed - Updates the SST and Attestation interfaces towards cryptographic functionalities - Updates documentation to reflect updated requirements, and changes in the integration guide This patch migrates the use of psa_asymmetric_sign() and psa_asymmetric_verify() to the non-deprecated versions of the API psa_sign_hash() and psa_verify_hash(). Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I7d8275def2336c1b5cfb8847b2842c305cfab116
Diffstat (limited to 'test')
-rw-r--r--test/suites/attestation/attest_public_key.c48
-rw-r--r--test/suites/crypto/crypto_tests_common.c294
-rw-r--r--test/suites/crypto/secure/crypto_sec_interface_testsuite.c20
3 files changed, 111 insertions, 251 deletions
diff --git a/test/suites/attestation/attest_public_key.c b/test/suites/attestation/attest_public_key.c
index f2ecc7e8d6..d6e5aca3e6 100644
--- a/test/suites/attestation/attest_public_key.c
+++ b/test/suites/attestation/attest_public_key.c
@@ -11,12 +11,12 @@
#include "attestation.h"
/*!
- * \def ECC_CURVE_SECP256R1_PULBIC_KEY_LENGTH
+ * \def ECC_CURVE_SECP256R1_PUBLIC_KEY_LENGTH
*
* \brief Calculates the size of ECC public key in bytes based on the bit size
* of the curve
*/
-#define ECC_CURVE_SECP256R1_PULBIC_KEY_LENGTH (1 + 2 * PSA_BITS_TO_BYTES(256))
+#define ECC_CURVE_SECP256R1_PUBLIC_KEY_LENGTH (1 + 2 * PSA_BITS_TO_BYTES(256))
/*!
* Byte string representation of ECC public key according to
@@ -38,11 +38,9 @@ static uint32_t public_key_registered = 0;
enum psa_attest_err_t
attest_register_initial_attestation_public_key(psa_key_handle_t *public_key)
{
- psa_key_type_t attest_key_type;
- enum psa_attest_err_t res = PSA_ATTEST_ERR_SUCCESS;
- psa_status_t crypto_res;
- psa_key_policy_t policy = psa_key_policy_init();
- uint8_t public_key_buff[ECC_CURVE_SECP256R1_PULBIC_KEY_LENGTH] = {0};
+ psa_status_t res;
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ uint8_t public_key_buff[ECC_CURVE_SECP256R1_PUBLIC_KEY_LENGTH] = {0};
size_t public_key_len;
psa_ecc_curve_t ecc_curve;
@@ -51,41 +49,29 @@ attest_register_initial_attestation_public_key(psa_key_handle_t *public_key)
return PSA_ATTEST_ERR_GENERAL;
}
- /* Allocate a transient key for the public key in the Crypto service */
- crypto_res = psa_allocate_key(public_key);
- if (crypto_res != PSA_SUCCESS) {
- return PSA_ATTEST_ERR_GENERAL;
- }
-
- /* Setup the key policy for public key */
- psa_key_policy_set_usage(&policy,
- PSA_KEY_USAGE_VERIFY,
- PSA_ALG_ECDSA(PSA_ALG_SHA_256));
- crypto_res = psa_set_key_policy(*public_key, &policy);
- if (crypto_res != PSA_SUCCESS) {
- return PSA_ATTEST_ERR_GENERAL;
- }
-
res = tfm_initial_attest_get_public_key(public_key_buff,
sizeof(public_key_buff),
&public_key_len,
&ecc_curve);
- if (res != PSA_ATTEST_ERR_SUCCESS) {
- return res;
+ if (res != PSA_SUCCESS) {
+ return PSA_ATTEST_ERR_GENERAL;
}
- /* Set key type for public key */
- attest_key_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY(ecc_curve);
+ /* Setup the key usage flags, algorithm and key type for public key */
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY);
+ psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(ecc_curve));
/* Register public key to Crypto service */
- crypto_res = psa_import_key(*public_key,
- attest_key_type,
- public_key_buff,
- public_key_len);
+ res = psa_import_key(&key_attributes,
+ (const uint8_t *)&public_key_buff,
+ public_key_len,
+ public_key);
- if (crypto_res != PSA_SUCCESS) {
+ if (res != PSA_SUCCESS) {
return PSA_ATTEST_ERR_GENERAL;
}
+
public_key_registered = 1;
return PSA_ATTEST_ERR_SUCCESS;
diff --git a/test/suites/crypto/crypto_tests_common.c b/test/suites/crypto/crypto_tests_common.c
index 7c5a265696..9cfbef1bb0 100644
--- a/test/suites/crypto/crypto_tests_common.c
+++ b/test/suites/crypto/crypto_tests_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,57 +17,42 @@ void psa_key_interface_test(const psa_key_type_t key_type,
{
psa_status_t status = PSA_SUCCESS;
uint32_t i = 0;
- psa_key_handle_t key_handle;
+ psa_key_handle_t key_handle = 0x0u;
const uint8_t data[] = "THIS IS MY KEY1";
- psa_key_type_t type = PSA_KEY_TYPE_NONE;
- size_t bits = 0;
uint8_t exported_data[sizeof(data)] = {0};
size_t exported_data_size = 0;
- psa_key_policy_t policy = psa_key_policy_init();
-
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ psa_key_attributes_t retrieved_attributes = psa_key_attributes_init();
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_EXPORT, 0);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- return;
- }
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&key_attributes, key_type);
- status = psa_get_key_information(key_handle, &type, &bits);
- if (status != PSA_ERROR_DOES_NOT_EXIST) {
- TEST_FAIL("Key handle does not yet contain key material");
- return;
- }
-
- status = psa_import_key(key_handle, key_type, data, sizeof(data));
+ status = psa_import_key(&key_attributes, data, sizeof(data),
+ &key_handle);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error importing a key");
return;
}
- status = psa_get_key_information(key_handle, &type, &bits);
+ status = psa_get_key_attributes(key_handle, &retrieved_attributes);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error getting key metadata");
return;
}
- if (bits != BIT_SIZE_TEST_KEY) {
+ if (psa_get_key_bits(&retrieved_attributes) != BIT_SIZE_TEST_KEY) {
TEST_FAIL("The number of key bits is different from expected");
return;
}
- if (type != key_type) {
+ if (psa_get_key_type(&retrieved_attributes) != key_type) {
TEST_FAIL("The type of the key is different from expected");
return;
}
+ psa_reset_key_attributes(&retrieved_attributes);
+
status = psa_export_key(key_handle,
exported_data,
sizeof(data),
@@ -97,12 +82,14 @@ void psa_key_interface_test(const psa_key_type_t key_type,
return;
}
- status = psa_get_key_information(key_handle, &type, &bits);
+ status = psa_get_key_attributes(key_handle, &retrieved_attributes);
if (status != PSA_ERROR_INVALID_HANDLE) {
TEST_FAIL("Key handle should be invalid now");
return;
}
+ psa_reset_key_attributes(&retrieved_attributes);
+
ret->val = TEST_PASSED;
}
@@ -115,8 +102,6 @@ void psa_cipher_test(const psa_key_type_t key_type,
psa_status_t status = PSA_SUCCESS;
psa_key_handle_t key_handle;
const uint8_t data[] = "THIS IS MY KEY1";
- psa_key_type_t type = PSA_KEY_TYPE_NONE;
- size_t bits = 0;
const size_t iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type);
const uint8_t iv[] = "012345678901234";
const uint8_t plain_text[BYTE_SIZE_CHUNK] = "Sixteen bytes!!";
@@ -124,7 +109,7 @@ void psa_cipher_test(const psa_key_type_t key_type,
size_t output_length = 0, total_output_length = 0;
uint8_t encrypted_data[ENC_DEC_BUFFER_SIZE] = {0};
uint32_t comp_result;
- psa_key_policy_t policy = psa_key_policy_init();
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
uint32_t i;
@@ -141,44 +126,36 @@ void psa_cipher_test(const psa_key_type_t key_type,
}
#endif /* CRYPTO_HW_ACCELERATOR_CC312 */
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, usage, alg);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- goto destroy_key;
- }
+ psa_set_key_usage_flags(&key_attributes, usage);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, key_type);
/* Import a key */
- status = psa_import_key(key_handle, key_type, data, sizeof(data));
+ status = psa_import_key(&key_attributes, data, sizeof(data), &key_handle);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error importing a key");
goto destroy_key;
}
- status = psa_get_key_information(key_handle, &type, &bits);
+ status = psa_get_key_attributes(key_handle, &key_attributes);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error getting key metadata");
goto destroy_key;
}
- if (bits != BIT_SIZE_TEST_KEY) {
+ if (psa_get_key_bits(&key_attributes) != BIT_SIZE_TEST_KEY) {
TEST_FAIL("The number of key bits is different from expected");
goto destroy_key;
}
- if (type != key_type) {
+ if (psa_get_key_type(&key_attributes) != key_type) {
TEST_FAIL("The type of the key is different from expected");
goto destroy_key;
}
+ psa_reset_key_attributes(&key_attributes);
+
/* Setup the encryption object */
status = psa_cipher_encrypt_setup(&handle, key_handle, alg);
if (status != PSA_SUCCESS) {
@@ -341,23 +318,13 @@ void psa_invalid_cipher_test(const psa_key_type_t key_type,
psa_cipher_operation_t handle = psa_cipher_operation_init();
psa_key_handle_t key_handle;
uint8_t data[TEST_MAX_KEY_LENGTH];
- psa_key_policy_t policy = psa_key_policy_init();
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, usage, alg);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- return;
- }
+ psa_set_key_usage_flags(&key_attributes, usage);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, key_type);
#if DOMAIN_NS == 1U
/* Fill the key data */
@@ -367,7 +334,7 @@ void psa_invalid_cipher_test(const psa_key_type_t key_type,
#endif
/* Import a key */
- status = psa_import_key(key_handle, key_type, data, key_size);
+ status = psa_import_key(&key_attributes, data, key_size, &key_handle);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error importing a key");
return;
@@ -529,53 +496,37 @@ void psa_mac_test(const psa_algorithm_t alg,
psa_key_handle_t key_handle;
const uint8_t data[] = "THIS IS MY KEY1";
const uint8_t long_data[] = "THIS IS MY UNCOMMONLY LONG KEY1";
- psa_key_type_t type = PSA_KEY_TYPE_NONE;
- size_t bits = 0;
+ psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
size_t bit_size_test_key = 0;
psa_status_t status;
psa_mac_operation_t handle = psa_mac_operation_init();
- psa_key_policy_t policy = psa_key_policy_init();
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ psa_key_attributes_t retrieved_attributes = psa_key_attributes_init();
psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
ret->val = TEST_PASSED;
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, usage, alg);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- goto destroy_key_mac;
- }
+ psa_set_key_usage_flags(&key_attributes, usage);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, key_type);
/* Import key */
if (use_long_key == 1) {
- status = psa_import_key(key_handle,
- PSA_KEY_TYPE_HMAC,
+ status = psa_import_key(&key_attributes,
long_data,
- sizeof(long_data));
+ sizeof(long_data),
+ &key_handle);
} else {
- status = psa_import_key(key_handle,
- PSA_KEY_TYPE_HMAC,
+ status = psa_import_key(&key_attributes,
data,
- sizeof(data));
+ sizeof(data),
+ &key_handle);
}
if (status != PSA_SUCCESS) {
TEST_FAIL("Error importing a key");
- goto destroy_key_mac;
- }
-
- status = psa_get_key_information(key_handle, &type, &bits);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Error getting key metadata");
- goto destroy_key_mac;
+ return;
}
if (use_long_key == 1) {
@@ -584,16 +535,24 @@ void psa_mac_test(const psa_algorithm_t alg,
bit_size_test_key = BIT_SIZE_TEST_KEY;
}
- if (bits != bit_size_test_key) {
+ status = psa_get_key_attributes(key_handle, &retrieved_attributes);
+ if (status != PSA_SUCCESS) {
+ TEST_FAIL("Error getting key metadata");
+ goto destroy_key_mac;
+ }
+
+ if (psa_get_key_bits(&retrieved_attributes) != bit_size_test_key) {
TEST_FAIL("The number of key bits is different from expected");
goto destroy_key_mac;
}
- if (type != PSA_KEY_TYPE_HMAC) {
+ if (psa_get_key_type(&retrieved_attributes) != key_type) {
TEST_FAIL("The type of the key is different from expected");
goto destroy_key_mac;
}
+ psa_reset_key_attributes(&retrieved_attributes);
+
/* Setup the mac object for hmac */
status = psa_mac_verify_setup(&handle, key_handle, alg);
if (status != PSA_SUCCESS) {
@@ -655,52 +614,43 @@ void psa_aead_test(const psa_key_type_t key_type,
uint8_t decrypted_data[ENC_DEC_BUFFER_SIZE] = {0};
psa_status_t status;
const uint8_t data[] = "THIS IS MY KEY1";
- psa_key_type_t type = PSA_KEY_TYPE_NONE;
- size_t bits = 0;
uint32_t comp_result;
- psa_key_policy_t policy = psa_key_policy_init();
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ psa_key_attributes_t retrieved_attributes = psa_key_attributes_init();
psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
ret->val = TEST_PASSED;
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, usage, alg);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- goto destroy_key_aead;
- }
+ psa_set_key_usage_flags(&key_attributes, usage);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, key_type);
/* Import a key */
- status = psa_import_key(key_handle, key_type, data, sizeof(data));
+ status = psa_import_key(&key_attributes, data, sizeof(data), &key_handle);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error importing a key");
- goto destroy_key_aead;
+ return;
}
- status = psa_get_key_information(key_handle, &type, &bits);
+ status = psa_get_key_attributes(key_handle, &retrieved_attributes);
if (status != PSA_SUCCESS) {
TEST_FAIL("Error getting key metadata");
goto destroy_key_aead;
}
- if (bits != BIT_SIZE_TEST_KEY) {
+ if (psa_get_key_bits(&retrieved_attributes) != BIT_SIZE_TEST_KEY) {
TEST_FAIL("The number of key bits is different from expected");
goto destroy_key_aead;
}
- if (type != key_type) {
+ if (psa_get_key_type(&retrieved_attributes) != key_type) {
TEST_FAIL("The type of the key is different from expected");
goto destroy_key_aead;
}
+ psa_reset_key_attributes(&retrieved_attributes);
+
/* Perform AEAD encryption */
status = psa_aead_encrypt(key_handle, alg, nonce, nonce_length,
associated_data,
@@ -774,138 +724,74 @@ destroy_key_aead:
void psa_invalid_key_length_test(struct test_result_t *ret)
{
psa_status_t status;
- psa_key_policy_t policy = psa_key_policy_init();
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_key_handle_t key_handle;
const uint8_t data[19] = {0};
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT,
- PSA_ALG_CBC_NO_PADDING);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- return;
- }
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&key_attributes, PSA_ALG_CBC_NO_PADDING);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
/* AES does not support 152-bit keys */
- status = psa_import_key(key_handle, PSA_KEY_TYPE_AES, data, sizeof(data));
+ status = psa_import_key(&key_attributes, data, sizeof(data), &key_handle);
if (status != PSA_ERROR_INVALID_ARGUMENT) {
TEST_FAIL("Should not successfully import with an invalid key length");
return;
}
- /* Destroy the key */
- status = psa_destroy_key(key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Error destroying a key");
- return;
- }
-
ret->val = TEST_PASSED;
}
void psa_policy_key_interface_test(struct test_result_t *ret)
{
- psa_status_t status;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_algorithm_t alg_out;
psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
psa_key_lifetime_t lifetime_out;
- psa_key_policy_t policy = psa_key_policy_init();
- psa_key_policy_t policy_out = psa_key_policy_init();
- psa_key_handle_t key_handle;
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT;
psa_key_usage_t usage_out;
/* Verify that initialised policy forbids all usage */
- usage_out = psa_key_policy_get_usage(&policy);
+ usage_out = psa_get_key_usage_flags(&key_attributes);
if (usage_out != 0) {
TEST_FAIL("Unexpected usage value");
return;
}
- alg_out = psa_key_policy_get_algorithm(&policy);
+ alg_out = psa_get_key_algorithm(&key_attributes);
if (alg_out != 0) {
TEST_FAIL("Unexpected algorithm value");
return;
}
/* Set the key policy values */
- psa_key_policy_set_usage(&policy, usage, alg);
+ psa_set_key_usage_flags(&key_attributes, usage);
+ psa_set_key_algorithm(&key_attributes, alg);
/* Check that the key policy has the correct usage */
- usage_out = psa_key_policy_get_usage(&policy);
+ usage_out = psa_get_key_usage_flags(&key_attributes);
if (usage_out != usage) {
TEST_FAIL("Unexpected usage value");
return;
}
/* Check that the key policy has the correct algorithm */
- alg_out = psa_key_policy_get_algorithm(&policy);
- if (alg_out != alg) {
- TEST_FAIL("Unexpected algorithm value");
- return;
- }
-
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
- /* Set the key policy for the key handle */
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- return;
- }
-
- /* Check the key handle has the correct key policy */
- status = psa_get_key_policy(key_handle, &policy_out);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to get key policy");
- return;
- }
-
- usage_out = psa_key_policy_get_usage(&policy_out);
- if (usage_out != usage) {
- TEST_FAIL("Unexpected usage value");
- return;
- }
-
- alg_out = psa_key_policy_get_algorithm(&policy_out);
+ alg_out = psa_get_key_algorithm(&key_attributes);
if (alg_out != alg) {
TEST_FAIL("Unexpected algorithm value");
return;
}
/* Check the key handle has the correct key lifetime */
- status = psa_get_key_lifetime(key_handle, &lifetime_out);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to get key lifetime");
- return;
- }
+ lifetime_out = psa_get_key_lifetime(&key_attributes);
if (lifetime_out != lifetime) {
TEST_FAIL("Unexpected key lifetime value");
return;
}
- /* Destroy the key */
- status = psa_destroy_key(key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Error destroying a key");
- return;
- }
-
ret->val = TEST_PASSED;
}
@@ -914,7 +800,7 @@ void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
psa_status_t status;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_cipher_operation_t handle = psa_cipher_operation_init();
- psa_key_policy_t policy = psa_key_policy_init();
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_key_handle_t key_handle;
psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
size_t data_len;
@@ -923,26 +809,16 @@ void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
ret->val = TEST_PASSED;
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
-
/* Setup the key policy */
- psa_key_policy_set_usage(&policy, usage, alg);
- status = psa_set_key_policy(key_handle, &policy);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
- goto destroy_key;
- }
+ psa_set_key_usage_flags(&key_attributes, usage);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
/* Import a key to the key handle for which policy has been set */
- status = psa_import_key(key_handle, PSA_KEY_TYPE_AES, data, sizeof(data));
+ status = psa_import_key(&key_attributes, data, sizeof(data), &key_handle);
if (status != PSA_SUCCESS) {
TEST_FAIL("Failed to import a key");
- goto destroy_key;
+ return;
}
/* Setup a cipher permitted by the key policy */
diff --git a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
index f9762ec7f7..c80ee10aeb 100644
--- a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
+++ b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
@@ -214,20 +214,17 @@ static void tfm_crypto_test_5034(struct test_result_t *ret)
{
psa_status_t status;
psa_key_handle_t key_handle;
- psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
+ const uint8_t data[] = "THIS IS MY KEY1";
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
- /* Allocate a transient key */
- status = psa_allocate_key(&key_handle);
- if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to allocate key");
- return;
- }
+ /* Set key sage and type */
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
- /* Setup the key policy */
- psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_EXPORT, PSA_ALG_CTR);
- status = psa_set_key_policy(key_handle, &policy);
+ status = psa_import_key(&key_attributes, data, sizeof(data),
+ &key_handle);
if (status != PSA_SUCCESS) {
- TEST_FAIL("Failed to set key policy");
+ TEST_FAIL("Failed to import key");
return;
}
@@ -245,4 +242,5 @@ static void tfm_crypto_test_5034(struct test_result_t *ret)
if (status != PSA_SUCCESS) {
TEST_FAIL("Error destroying a key");
}
+ return;
}