Merge pull request #108 from gilles-peskine-arm/psa-copy_key-policy
Add policy usage flag to copy a key
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index e87892b..6a9fb1a 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -631,9 +631,9 @@
* results in this error code.
*/
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
- psa_key_handle_t *handle,
const uint8_t *data,
- size_t data_length);
+ size_t data_length,
+ psa_key_handle_t *handle);
/**
* \brief Destroy a key.
@@ -3086,9 +3086,9 @@
* The generator's capacity is decreased by the number of bytes read.
*
* \param[in] attributes The attributes for the new key.
+ * \param[in,out] generator The generator object to read from.
* \param[out] handle On success, a handle to the newly created key.
* \c 0 on failure.
- * \param[in,out] generator The generator object to read from.
*
* \retval #PSA_SUCCESS
* Success.
@@ -3117,8 +3117,8 @@
* results in this error code.
*/
psa_status_t psa_generate_derived_key(const psa_key_attributes_t *attributes,
- psa_key_handle_t *handle,
- psa_crypto_generator_t *generator);
+ psa_crypto_generator_t *generator,
+ psa_key_handle_t *handle);
/** Abort a generator.
*
@@ -3312,10 +3312,10 @@
* public key type corresponding to the type of
* private_key. That is, this function performs the
* equivalent of
- * #psa_import_key(`internal_public_key_handle`,
- * #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(`private_key_type`),
+ * #psa_import_key(...,
* `peer_key`, `peer_key_length`) where
- * `private_key_type` is the type of `private_key`.
+ * with key attributes indicating the public key
+ * type corresponding to the type of `private_key`.
* For example, for EC keys, this means that peer_key
* is interpreted as a point on the curve that the
* private key is on. The standard formats for public
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 5f6282c..39dbccb 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -187,6 +187,47 @@
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
#endif
+/** Bit size associated with an elliptic curve.
+ *
+ * \param curve An elliptic curve (value of type #psa_ecc_curve_t).
+ *
+ * \return The size associated with \p curve, in bits.
+ * This may be 0 if the implementation does not support
+ * the specified curve.
+ */
+#define PSA_ECC_CURVE_BITS(curve) \
+ ((curve) == PSA_ECC_CURVE_SECT163K1 ? 163 : \
+ (curve) == PSA_ECC_CURVE_SECT163R1 ? 163 : \
+ (curve) == PSA_ECC_CURVE_SECT163R2 ? 163 : \
+ (curve) == PSA_ECC_CURVE_SECT193R1 ? 193 : \
+ (curve) == PSA_ECC_CURVE_SECT193R2 ? 193 : \
+ (curve) == PSA_ECC_CURVE_SECT233K1 ? 233 : \
+ (curve) == PSA_ECC_CURVE_SECT233R1 ? 233 : \
+ (curve) == PSA_ECC_CURVE_SECT239K1 ? 239 : \
+ (curve) == PSA_ECC_CURVE_SECT283K1 ? 283 : \
+ (curve) == PSA_ECC_CURVE_SECT283R1 ? 283 : \
+ (curve) == PSA_ECC_CURVE_SECT409K1 ? 409 : \
+ (curve) == PSA_ECC_CURVE_SECT409R1 ? 409 : \
+ (curve) == PSA_ECC_CURVE_SECT571K1 ? 571 : \
+ (curve) == PSA_ECC_CURVE_SECT571R1 ? 571 : \
+ (curve) == PSA_ECC_CURVE_SECP160K1 ? 160 : \
+ (curve) == PSA_ECC_CURVE_SECP160R1 ? 160 : \
+ (curve) == PSA_ECC_CURVE_SECP160R2 ? 160 : \
+ (curve) == PSA_ECC_CURVE_SECP192K1 ? 192 : \
+ (curve) == PSA_ECC_CURVE_SECP192R1 ? 192 : \
+ (curve) == PSA_ECC_CURVE_SECP224K1 ? 224 : \
+ (curve) == PSA_ECC_CURVE_SECP224R1 ? 224 : \
+ (curve) == PSA_ECC_CURVE_SECP256K1 ? 256 : \
+ (curve) == PSA_ECC_CURVE_SECP256R1 ? 256 : \
+ (curve) == PSA_ECC_CURVE_SECP384R1 ? 384 : \
+ (curve) == PSA_ECC_CURVE_SECP521R1 ? 521 : \
+ (curve) == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
+ (curve) == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
+ (curve) == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
+ (curve) == PSA_ECC_CURVE_CURVE25519 ? 255 : \
+ (curve) == PSA_ECC_CURVE_CURVE448 ? 448 : \
+ 0)
+
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
*
* This macro returns the maximum length of the PSK supported
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6465c3a..54c1731 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -621,6 +621,9 @@
mbedtls_ecp_keypair *ecp = NULL;
mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve );
+ if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
*p_ecp = NULL;
ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
if( ecp == NULL )
@@ -1534,9 +1537,9 @@
}
psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
- psa_key_handle_t *handle,
const uint8_t *data,
- size_t data_length )
+ size_t data_length,
+ psa_key_handle_t *handle )
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -4412,8 +4415,8 @@
}
psa_status_t psa_generate_derived_key( const psa_key_attributes_t *attributes,
- psa_key_handle_t *handle,
- psa_crypto_generator_t *generator )
+ psa_crypto_generator_t *generator,
+ psa_key_handle_t *handle )
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 523668e..aded3bc 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -252,8 +252,8 @@
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_CHECK( psa_import_key( &attributes, master_key_handle,
- key_data, key_size ) );
+ PSA_CHECK( psa_import_key( &attributes, key_data, key_size,
+ master_key_handle ) );
exit:
if( key_file != NULL )
fclose( key_file );
@@ -306,8 +306,8 @@
*key_handle = 0;
/* Use the generator obtained from the parent key to create
* the next intermediate key. */
- PSA_CHECK( psa_generate_derived_key( &attributes, key_handle,
- &generator ) );
+ PSA_CHECK( psa_generate_derived_key( &attributes, &generator,
+ key_handle ) );
PSA_CHECK( psa_generator_abort( &generator ) );
}
@@ -343,8 +343,8 @@
WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
NULL, 0,
PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
- PSA_CHECK( psa_generate_derived_key( &attributes, wrapping_key_handle,
- &generator ) );
+ PSA_CHECK( psa_generate_derived_key( &attributes, &generator,
+ wrapping_key_handle ) );
exit:
psa_generator_abort( &generator );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index e901d84..cfe363f 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -243,6 +243,10 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
import:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
+PSA import EC keypair: too short
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+import:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
+
PSA import EC keypair: public key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
import:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):0:PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6002da0..52b92ca 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -216,7 +216,8 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle, key_bytes, key_length ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
+ &handle ) );
*status = psa_mac_sign_setup( operation, handle, alg );
/* Whether setup succeeded or failed, abort must succeed. */
@@ -250,7 +251,8 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle, key_bytes, key_length ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
+ &handle ) );
*status = psa_cipher_encrypt_setup( operation, handle, alg );
/* Whether setup succeeded or failed, abort must succeed. */
@@ -1220,7 +1222,7 @@
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, attr_bits );
- status = psa_import_key( &attributes, &handle, data->x, data->len );
+ status = psa_import_key( &attributes, data->x, data->len, &handle );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
@@ -1266,7 +1268,7 @@
/* Try importing the key */
psa_set_key_type( &attributes, type );
- status = psa_import_key( &attributes, &handle, p, length );
+ status = psa_import_key( &attributes, p, length, &handle );
TEST_EQUAL( status, expected_status );
if( status == PSA_SUCCESS )
PSA_ASSERT( psa_destroy_key( handle ) );
@@ -1311,7 +1313,7 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, &handle, data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
@@ -1346,8 +1348,8 @@
else
{
psa_key_handle_t handle2;
- PSA_ASSERT( psa_import_key( &attributes, &handle2,
- exported, exported_length ) );
+ PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
+ &handle2 ) );
PSA_ASSERT( psa_export_key( handle2,
reexported,
export_size,
@@ -1407,7 +1409,7 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, &handle, data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
/* Export the public key */
ASSERT_ALLOC( exported, export_size );
@@ -1456,7 +1458,7 @@
psa_set_key_type( &attributes, type );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, &handle, data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
@@ -1495,7 +1497,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle, key, sizeof( key ) ) );
+ PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
@@ -1563,8 +1565,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_mac_sign_setup( &operation, handle, exercise_alg );
if( policy_alg == exercise_alg &&
@@ -1607,8 +1609,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg );
if( policy_alg == exercise_alg &&
@@ -1659,8 +1661,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_aead_encrypt( handle, exercise_alg,
nonce, nonce_length,
@@ -1714,8 +1716,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
@@ -1782,8 +1784,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_asymmetric_sign( handle, exercise_alg,
payload, payload_length,
@@ -1827,8 +1829,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = psa_key_derivation( &generator, handle,
exercise_alg,
@@ -1867,8 +1869,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
status = key_agreement_with_self( &generator, handle );
@@ -1905,8 +1907,8 @@
psa_set_key_algorithm( &attributes, policy_alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
status = raw_key_agreement_with_self( exercise_alg, handle );
@@ -1944,8 +1946,9 @@
psa_set_key_usage_flags( &source_attributes, source_usage_arg );
psa_set_key_algorithm( &source_attributes, source_alg_arg );
psa_set_key_type( &source_attributes, type_arg );
- PSA_ASSERT( psa_import_key( &source_attributes, &source_handle,
- material->x, material->len ) );
+ PSA_ASSERT( psa_import_key( &source_attributes,
+ material->x, material->len,
+ &source_handle ) );
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
/* Prepare the target attributes. */
@@ -2011,8 +2014,9 @@
psa_set_key_usage_flags( &source_attributes, source_usage_arg );
psa_set_key_algorithm( &source_attributes, source_alg_arg );
psa_set_key_type( &source_attributes, type_arg );
- PSA_ASSERT( psa_import_key( &source_attributes, &source_handle,
- material->x, material->len ) );
+ PSA_ASSERT( psa_import_key( &source_attributes,
+ material->x, material->len,
+ &source_handle ) );
/* Prepare the target attributes. */
psa_set_key_type( &target_attributes, target_type_arg );
@@ -2420,8 +2424,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key, sizeof(key) ) );
+ PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
/* Call update without calling setup beforehand. */
TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
@@ -2547,8 +2550,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
/* Calculate the MAC. */
PSA_ASSERT( psa_mac_sign_setup( &operation,
@@ -2594,8 +2596,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_mac_verify_setup( &operation,
handle, alg ) );
@@ -2712,8 +2713,7 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key, sizeof(key) ) );
+ PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) );
/* Call encrypt setup twice in a row. */
@@ -2870,8 +2870,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
handle, alg ) );
@@ -2940,8 +2939,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
handle, alg ) );
@@ -3016,8 +3014,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
@@ -3090,8 +3087,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
@@ -3157,8 +3153,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
handle, alg ) );
@@ -3243,8 +3238,7 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key->x, key->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation1,
handle, alg ) );
@@ -3345,8 +3339,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_EQUAL( psa_aead_encrypt( handle, alg,
nonce->x, nonce->len,
@@ -3408,8 +3402,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_aead_encrypt( handle, alg,
nonce->x, nonce->len,
@@ -3456,8 +3450,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_EQUAL( psa_aead_decrypt( handle, alg,
nonce->x, nonce->len,
@@ -3514,8 +3508,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
@@ -3567,8 +3561,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
actual_status = psa_asymmetric_sign( handle, alg,
input_data->x, input_data->len,
@@ -3608,8 +3602,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
@@ -3674,8 +3668,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_asymmetric_verify( handle, alg,
hash_data->x, hash_data->len,
@@ -3707,8 +3701,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
actual_status = psa_asymmetric_verify( handle, alg,
hash_data->x, hash_data->len,
@@ -3751,8 +3745,8 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
/* Determine the maximum output length */
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
@@ -3818,8 +3812,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
/* Determine the maximum ciphertext length */
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
@@ -3883,8 +3877,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
PSA_ASSERT( psa_asymmetric_decrypt( handle, alg,
input_data->x, input_data->len,
@@ -3947,8 +3941,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
actual_status = psa_asymmetric_decrypt( handle, alg,
input_data->x, input_data->len,
@@ -4034,8 +4028,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
salt->x, salt->len,
@@ -4070,8 +4064,9 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data, sizeof( key_data ) ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ key_data, sizeof( key_data ),
+ &handle ) );
/* valid key derivation */
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
@@ -4164,8 +4159,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
/* Extraction phase. */
if( PSA_ALG_IS_HKDF( alg ) )
@@ -4260,8 +4255,8 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
/* Extraction phase. */
if( PSA_ALG_IS_HKDF( alg ) )
@@ -4346,8 +4341,8 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &attributes, &base_handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &base_handle ) );
/* Derive a key. */
PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
@@ -4358,8 +4353,8 @@
psa_set_key_algorithm( &attributes, derived_alg );
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
- PSA_ASSERT( psa_generate_derived_key( &attributes, &derived_handle,
- &generator ) );
+ PSA_ASSERT( psa_generate_derived_key( &attributes, &generator,
+ &derived_handle ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
@@ -4407,8 +4402,8 @@
psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &base_attributes, alg );
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &base_attributes, &base_handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
+ &base_handle ) );
/* Derive some material and output it. */
PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
@@ -4429,16 +4424,16 @@
psa_set_key_algorithm( &derived_attributes, 0 );
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
- PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &derived_handle,
- &generator ) );
+ PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &generator,
+ &derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer, bytes1,
&length ) );
TEST_EQUAL( length, bytes1 );
PSA_ASSERT( psa_destroy_key( derived_handle ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
- PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &derived_handle,
- &generator ) );
+ PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &generator,
+ &derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer + bytes1, bytes2,
&length ) );
@@ -4477,8 +4472,9 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes, &our_key,
- our_key_data->x, our_key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
/* The tests currently include inputs that should fail at either step.
* Test cases that fail at the setup step should be changed to call
@@ -4523,8 +4519,9 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes, &our_key,
- our_key_data->x, our_key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
PSA_ASSERT( psa_key_agreement_raw_shared_secret(
alg, our_key,
@@ -4559,8 +4556,9 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes, &our_key,
- our_key_data->x, our_key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
@@ -4619,8 +4617,9 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, our_key_type );
- PSA_ASSERT( psa_import_key( &attributes, &our_key,
- our_key_data->x, our_key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ our_key_data->x, our_key_data->len,
+ &our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
@@ -4893,8 +4892,8 @@
{
case IMPORT_KEY:
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
+ &handle ) );
break;
case GENERATE_KEY:
@@ -4911,8 +4910,9 @@
PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &base_attributes, derive_alg );
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
- PSA_ASSERT( psa_import_key( &base_attributes, &base_key,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &base_attributes,
+ data->x, data->len,
+ &base_key ) );
/* Derive a key. */
PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
@@ -4921,8 +4921,8 @@
PSA_ASSERT( psa_key_derivation_input_bytes(
&generator, PSA_KDF_STEP_INFO,
NULL, 0 ) );
- PSA_ASSERT( psa_generate_derived_key( &attributes, &handle,
- &generator ) );
+ PSA_ASSERT( psa_generate_derived_key( &attributes, &generator,
+ &handle ) );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = 0;
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index 9551e1a..f10a4b2 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -193,7 +193,7 @@
mbedtls_psa_crypto_free( );
}
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- status = psa_import_key( &attributes, &handle, data, sizeof( data ) );
+ status = psa_import_key( &attributes, data, sizeof( data ), &handle );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
TEST_EQUAL( handle, 0 );
}
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 1bc8d64..0b7e7ae 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -451,9 +451,7 @@
TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve );
TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve );
- /* Validate that the bit size is less than the maximum ECC bit size
- * in this implementation. There's no parameter that should be equal
- * to curve_bits and can be validated without creating a key. */
+ TEST_EQUAL( curve_bits, PSA_ECC_CURVE_BITS( curve ) );
TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index a2f4f77..d7f3f1c 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -99,8 +99,7 @@
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( psa_import_key( &attributes, &handle,
- data, data_length ),
+ TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ),
expected_status );
exit:
@@ -126,8 +125,8 @@
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
psa_set_key_type( &attributes, first_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- first_data->x, first_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len,
+ &handle ) );
if( restart )
{
@@ -155,8 +154,8 @@
/* Create another key in the same slot */
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
psa_set_key_type( &attributes, second_type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- second_data->x, second_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len,
+ &handle ) );
exit:
mbedtls_psa_crypto_free();
@@ -177,7 +176,7 @@
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
psa_set_key_type( &attributes, type );
- TEST_EQUAL( psa_import_key( &attributes, &handle, data->x, data->len ),
+ TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ),
expected_status );
if( expected_status != PSA_SUCCESS )
@@ -233,8 +232,7 @@
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
/* Import the key */
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- data->x, data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) );
if( restart )
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 03b7197..04aad68 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -75,8 +75,8 @@
psa_set_key_usage_flags( &attributes, usage_flags );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, type );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_ASSERT( handle != 0 );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
@@ -131,8 +131,8 @@
psa_set_key_type( &attributes, type );
psa_set_key_usage_flags( &attributes, usage_flags );
psa_set_key_algorithm( &attributes, alg );
- PSA_ASSERT( psa_import_key( &attributes, &handle,
- key_data->x, key_data->len ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &handle ) );
TEST_ASSERT( handle != 0 );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_EQUAL( read_type, type );
@@ -209,16 +209,16 @@
psa_set_key_type( &attributes, type1 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, 0 );
- PSA_ASSERT( psa_import_key( &attributes, &handle1,
- material1, sizeof( material1 ) ) );
+ PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
+ &handle1 ) );
TEST_ASSERT( handle1 != 0 );
if( reopen_policy == CLOSE_BEFORE )
PSA_ASSERT( psa_close_key( handle1 ) );
/* Attempt to create a new key in the same slot. */
- TEST_EQUAL( psa_import_key( &attributes, &handle2,
- material2, sizeof( material2 ) ),
+ TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
+ &handle2 ),
PSA_ERROR_ALREADY_EXISTS );
TEST_EQUAL( handle2, 0 );
@@ -285,8 +285,8 @@
psa_make_key_persistent( &attributes, id, lifetime );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
- TEST_EQUAL( psa_import_key( &attributes, &handle,
- material, sizeof( material ) ),
+ TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
+ &handle ),
expected_status );
TEST_EQUAL( handle, 0 );
@@ -335,8 +335,9 @@
psa_set_key_type( &source_attributes, source_type );
psa_set_key_usage_flags( &source_attributes, source_usage );
psa_set_key_algorithm( &source_attributes, source_alg );
- PSA_ASSERT( psa_import_key( &source_attributes, &source_handle,
- material->x, material->len ) );
+ PSA_ASSERT( psa_import_key( &source_attributes,
+ material->x, material->len,
+ &source_handle ) );
/* Update the attributes with the bit size. */
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
@@ -439,8 +440,9 @@
psa_set_key_type( &attributes, source_type );
psa_set_key_usage_flags( &attributes, source_usage );
psa_set_key_algorithm( &attributes, source_alg );
- PSA_ASSERT( psa_import_key( &attributes, &source_handle,
- source_material->x, source_material->len ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ source_material->x, source_material->len,
+ &source_handle ) );
/* Populate the target slot. */
if( target_id == source_id )
@@ -453,8 +455,9 @@
psa_set_key_type( &attributes1, target_type );
psa_set_key_usage_flags( &attributes1, target_usage );
psa_set_key_algorithm( &attributes1, target_alg );
- PSA_ASSERT( psa_import_key( &attributes1, &target_handle,
- target_material->x, target_material->len ) );
+ PSA_ASSERT( psa_import_key( &attributes1,
+ target_material->x, target_material->len,
+ &target_handle ) );
}
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
@@ -513,8 +516,9 @@
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_usage_flags( &attributes, 0 );
psa_set_key_algorithm( &attributes, 0 );
- PSA_ASSERT( psa_import_key( &attributes, &handle1,
- material, sizeof( material ) ) );
+ PSA_ASSERT( psa_import_key( &attributes,
+ material, sizeof( material ),
+ &handle1 ) );
TEST_ASSERT( handle1 != 0 );
/* Attempt to close and destroy some invalid handles. */
@@ -556,8 +560,9 @@
for( i = 0; i < max_handles; i++ )
{
- status = psa_import_key( &attributes, &handles[i],
- (uint8_t *) &i, sizeof( i ) );
+ status = psa_import_key( &attributes,
+ (uint8_t *) &i, sizeof( i ),
+ &handles[i] );
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
break;
PSA_ASSERT( status );