Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index d1650f1..0843e24 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -33,14 +33,14 @@
#include <test/psa_crypto_helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime )
+static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime)
{
- return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) !=
- PSA_KEY_LOCATION_LOCAL_STORAGE );
+ return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) !=
+ PSA_KEY_LOCATION_LOCAL_STORAGE;
}
#endif
-static int check_key_attributes_sanity( mbedtls_svc_key_id_t key )
+static int check_key_attributes_sanity(mbedtls_svc_key_id_t key)
{
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -49,58 +49,54 @@
psa_key_type_t type;
size_t bits;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- lifetime = psa_get_key_lifetime( &attributes );
- id = psa_get_key_id( &attributes );
- type = psa_get_key_type( &attributes );
- bits = psa_get_key_bits( &attributes );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ lifetime = psa_get_key_lifetime(&attributes);
+ id = psa_get_key_id(&attributes);
+ type = psa_get_key_type(&attributes);
+ bits = psa_get_key_bits(&attributes);
/* Persistence */
- if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
- {
+ if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
TEST_ASSERT(
- ( PSA_KEY_ID_VOLATILE_MIN <=
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
- ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <=
- PSA_KEY_ID_VOLATILE_MAX ) );
- }
- else
- {
+ (PSA_KEY_ID_VOLATILE_MIN <=
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
+ (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <=
+ PSA_KEY_ID_VOLATILE_MAX));
+ } else {
TEST_ASSERT(
- ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
- ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) );
+ (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
+ (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX));
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* randomly-generated 64-bit constant, should never appear in test data */
psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
- psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number );
- if( lifetime_is_dynamic_secure_element( lifetime ) )
- {
+ psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number);
+ if (lifetime_is_dynamic_secure_element(lifetime)) {
/* Mbed Crypto currently always exposes the slot number to
* applications. This is not mandated by the PSA specification
* and may change in future versions. */
- TEST_EQUAL( status, 0 );
- TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 );
- }
- else
- {
- TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL(status, 0);
+ TEST_ASSERT(slot_number != 0xec94d4a5058a1a21);
+ } else {
+ TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
}
#endif
/* Type and size */
- TEST_ASSERT( type != 0 );
- TEST_ASSERT( bits != 0 );
- TEST_ASSERT( bits <= PSA_MAX_KEY_BITS );
- if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
- TEST_ASSERT( bits % 8 == 0 );
+ TEST_ASSERT(type != 0);
+ TEST_ASSERT(bits != 0);
+ TEST_ASSERT(bits <= PSA_MAX_KEY_BITS);
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
+ TEST_ASSERT(bits % 8 == 0);
+ }
/* MAX macros concerning specific key types */
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
- else if( PSA_KEY_TYPE_IS_RSA( type ) )
- TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS );
- TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE );
+ if (PSA_KEY_TYPE_IS_ECC(type)) {
+ TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS);
+ } else if (PSA_KEY_TYPE_IS_RSA(type)) {
+ TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS);
+ }
+ TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE);
ok = 1;
@@ -109,410 +105,389 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- return( ok );
+ return ok;
}
-static int exercise_mac_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_mac_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
const unsigned char input[] = "foo";
- unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
- size_t mac_length = sizeof( mac );
+ unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 };
+ size_t mac_length = sizeof(mac);
/* Convert wildcard algorithm to exercisable algorithm */
- if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
- {
- alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) );
+ if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
+ alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg));
}
- if( usage & PSA_KEY_USAGE_SIGN_HASH )
- {
- PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input, sizeof( input ) ) );
- PSA_ASSERT( psa_mac_sign_finish( &operation,
- mac, sizeof( mac ),
- &mac_length ) );
+ if (usage & PSA_KEY_USAGE_SIGN_HASH) {
+ PSA_ASSERT(psa_mac_sign_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input, sizeof(input)));
+ PSA_ASSERT(psa_mac_sign_finish(&operation,
+ mac, sizeof(mac),
+ &mac_length));
}
- if( usage & PSA_KEY_USAGE_VERIFY_HASH )
- {
+ if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
- PSA_ASSERT( psa_mac_update( &operation,
- input, sizeof( input ) ) );
- TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ),
- verify_status );
+ (usage & PSA_KEY_USAGE_SIGN_HASH ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ PSA_ASSERT(psa_mac_verify_setup(&operation, key, alg));
+ PSA_ASSERT(psa_mac_update(&operation,
+ input, sizeof(input)));
+ TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length),
+ verify_status);
}
- return( 1 );
+ return 1;
exit:
- psa_mac_abort( &operation );
- return( 0 );
+ psa_mac_abort(&operation);
+ return 0;
}
-static int exercise_cipher_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_cipher_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = {0};
+ unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 };
size_t iv_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
const unsigned char plaintext[16] = "Hello, world...";
unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof( ciphertext );
- unsigned char decrypted[sizeof( ciphertext )];
+ size_t ciphertext_length = sizeof(ciphertext);
+ unsigned char decrypted[sizeof(ciphertext)];
size_t part_length;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_type = psa_get_key_type( &attributes );
- iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_type = psa_get_key_type(&attributes);
+ iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
- if( usage & PSA_KEY_USAGE_ENCRYPT )
- {
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- if( iv_length != 0 )
- {
- PSA_ASSERT( psa_cipher_generate_iv( &operation,
- iv, sizeof( iv ),
- &iv_length ) );
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
+ if (iv_length != 0) {
+ PSA_ASSERT(psa_cipher_generate_iv(&operation,
+ iv, sizeof(iv),
+ &iv_length));
}
- PSA_ASSERT( psa_cipher_update( &operation,
- plaintext, sizeof( plaintext ),
- ciphertext, sizeof( ciphertext ),
- &ciphertext_length ) );
- PSA_ASSERT( psa_cipher_finish( &operation,
- ciphertext + ciphertext_length,
- sizeof( ciphertext ) - ciphertext_length,
- &part_length ) );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ plaintext, sizeof(plaintext),
+ ciphertext, sizeof(ciphertext),
+ &ciphertext_length));
+ PSA_ASSERT(psa_cipher_finish(&operation,
+ ciphertext + ciphertext_length,
+ sizeof(ciphertext) - ciphertext_length,
+ &part_length));
ciphertext_length += part_length;
}
- if( usage & PSA_KEY_USAGE_DECRYPT )
- {
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
psa_status_t status;
int maybe_invalid_padding = 0;
- if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
- {
- maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
+ if (!(usage & PSA_KEY_USAGE_ENCRYPT)) {
+ maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg);
}
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- if( iv_length != 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation,
- iv, iv_length ) );
+ PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
+ if (iv_length != 0) {
+ PSA_ASSERT(psa_cipher_set_iv(&operation,
+ iv, iv_length));
}
- PSA_ASSERT( psa_cipher_update( &operation,
- ciphertext, ciphertext_length,
- decrypted, sizeof( decrypted ),
- &part_length ) );
- status = psa_cipher_finish( &operation,
- decrypted + part_length,
- sizeof( decrypted ) - part_length,
- &part_length );
+ PSA_ASSERT(psa_cipher_update(&operation,
+ ciphertext, ciphertext_length,
+ decrypted, sizeof(decrypted),
+ &part_length));
+ status = psa_cipher_finish(&operation,
+ decrypted + part_length,
+ sizeof(decrypted) - part_length,
+ &part_length);
/* For a stream cipher, all inputs are valid. For a block cipher,
* if the input is some arbitrary data rather than an actual
- ciphertext, a padding error is likely. */
- if( maybe_invalid_padding )
- TEST_ASSERT( status == PSA_SUCCESS ||
- status == PSA_ERROR_INVALID_PADDING );
- else
- PSA_ASSERT( status );
+ ciphertext, a padding error is likely. */
+ if (maybe_invalid_padding) {
+ TEST_ASSERT(status == PSA_SUCCESS ||
+ status == PSA_ERROR_INVALID_PADDING);
+ } else {
+ PSA_ASSERT(status);
+ }
}
- return( 1 );
+ return 1;
exit:
- psa_cipher_abort( &operation );
- psa_reset_key_attributes( &attributes );
- return( 0 );
+ psa_cipher_abort(&operation);
+ psa_reset_key_attributes(&attributes);
+ return 0;
}
-static int exercise_aead_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_aead_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
- unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = {0};
+ unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 };
size_t nonce_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
unsigned char plaintext[16] = "Hello, world...";
unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof( ciphertext );
- size_t plaintext_length = sizeof( ciphertext );
+ size_t ciphertext_length = sizeof(ciphertext);
+ size_t plaintext_length = sizeof(ciphertext);
/* Convert wildcard algorithm to exercisable algorithm */
- if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
- {
- alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) );
+ if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
+ alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg));
}
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- key_type = psa_get_key_type( &attributes );
- nonce_length = PSA_AEAD_NONCE_LENGTH( key_type, alg );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ key_type = psa_get_key_type(&attributes);
+ nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg);
- if( usage & PSA_KEY_USAGE_ENCRYPT )
- {
- PSA_ASSERT( psa_aead_encrypt( key, alg,
- nonce, nonce_length,
- NULL, 0,
- plaintext, sizeof( plaintext ),
- ciphertext, sizeof( ciphertext ),
- &ciphertext_length ) );
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ PSA_ASSERT(psa_aead_encrypt(key, alg,
+ nonce, nonce_length,
+ NULL, 0,
+ plaintext, sizeof(plaintext),
+ ciphertext, sizeof(ciphertext),
+ &ciphertext_length));
}
- if( usage & PSA_KEY_USAGE_DECRYPT )
- {
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_ENCRYPT ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_aead_decrypt( key, alg,
- nonce, nonce_length,
- NULL, 0,
- ciphertext, ciphertext_length,
- plaintext, sizeof( plaintext ),
- &plaintext_length ),
- verify_status );
+ (usage & PSA_KEY_USAGE_ENCRYPT ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ TEST_EQUAL(psa_aead_decrypt(key, alg,
+ nonce, nonce_length,
+ NULL, 0,
+ ciphertext, ciphertext_length,
+ plaintext, sizeof(plaintext),
+ &plaintext_length),
+ verify_status);
}
- return( 1 );
+ return 1;
exit:
- psa_reset_key_attributes( &attributes );
- return( 0 );
+ psa_reset_key_attributes(&attributes);
+ return 0;
}
-static int can_sign_or_verify_message( psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int can_sign_or_verify_message(psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
/* Sign-the-unspecified-hash algorithms can only be used with
* {sign,verify}_hash, not with {sign,verify}_message. */
- if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
- return( 0 );
- return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE ) );
+ if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
+ return 0;
+ }
+ return usage & (PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE);
}
-static int exercise_signature_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_signature_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
- if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) )
- {
- unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+ if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH)) {
+ unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
size_t payload_length = 16;
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
- size_t signature_length = sizeof( signature );
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
+ size_t signature_length = sizeof(signature);
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
/* If the policy allows signing with any hash, just pick one. */
- if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
- {
+ if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) {
#if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG)
hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG;
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
#else
- TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );
+ TEST_ASSERT(!"No hash algorithm for hash-and-sign testing");
#endif
}
/* Some algorithms require the payload to have the size of
* the hash encoded in the algorithm. Use this input size
* even for algorithms that allow other input sizes. */
- if( hash_alg != 0 )
- payload_length = PSA_HASH_LENGTH( hash_alg );
+ if (hash_alg != 0) {
+ payload_length = PSA_HASH_LENGTH(hash_alg);
+ }
- if( usage & PSA_KEY_USAGE_SIGN_HASH )
- {
- PSA_ASSERT( psa_sign_hash( key, alg,
+ if (usage & PSA_KEY_USAGE_SIGN_HASH) {
+ PSA_ASSERT(psa_sign_hash(key, alg,
+ payload, payload_length,
+ signature, sizeof(signature),
+ &signature_length));
+ }
+
+ if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
+ psa_status_t verify_status =
+ (usage & PSA_KEY_USAGE_SIGN_HASH ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ TEST_EQUAL(psa_verify_hash(key, alg,
payload, payload_length,
- signature, sizeof( signature ),
- &signature_length ) );
- }
-
- if( usage & PSA_KEY_USAGE_VERIFY_HASH )
- {
- psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_hash( key, alg,
- payload, payload_length,
- signature, signature_length ),
- verify_status );
+ signature, signature_length),
+ verify_status);
}
}
- if( can_sign_or_verify_message( usage, alg ) )
- {
+ if (can_sign_or_verify_message(usage, alg)) {
unsigned char message[256] = "Hello, world...";
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t message_length = 16;
- size_t signature_length = sizeof( signature );
+ size_t signature_length = sizeof(signature);
- if( usage & PSA_KEY_USAGE_SIGN_MESSAGE )
- {
- PSA_ASSERT( psa_sign_message( key, alg,
- message, message_length,
- signature, sizeof( signature ),
- &signature_length ) );
+ if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
+ PSA_ASSERT(psa_sign_message(key, alg,
+ message, message_length,
+ signature, sizeof(signature),
+ &signature_length));
}
- if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE )
- {
+ if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_message( key, alg,
- message, message_length,
- signature, signature_length ),
- verify_status );
+ (usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE);
+ TEST_EQUAL(psa_verify_message(key, alg,
+ message, message_length,
+ signature, signature_length),
+ verify_status);
}
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
unsigned char plaintext[256] = "Hello, world...";
unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof( ciphertext );
+ size_t ciphertext_length = sizeof(ciphertext);
size_t plaintext_length = 16;
- if( usage & PSA_KEY_USAGE_ENCRYPT )
- {
- PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
- plaintext, plaintext_length,
- NULL, 0,
- ciphertext, sizeof( ciphertext ),
- &ciphertext_length ) );
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ PSA_ASSERT(psa_asymmetric_encrypt(key, alg,
+ plaintext, plaintext_length,
+ NULL, 0,
+ ciphertext, sizeof(ciphertext),
+ &ciphertext_length));
}
- if( usage & PSA_KEY_USAGE_DECRYPT )
- {
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
psa_status_t status =
- psa_asymmetric_decrypt( key, alg,
- ciphertext, ciphertext_length,
- NULL, 0,
- plaintext, sizeof( plaintext ),
- &plaintext_length );
- TEST_ASSERT( status == PSA_SUCCESS ||
- ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
- ( status == PSA_ERROR_INVALID_ARGUMENT ||
- status == PSA_ERROR_INVALID_PADDING ) ) );
+ psa_asymmetric_decrypt(key, alg,
+ ciphertext, ciphertext_length,
+ NULL, 0,
+ plaintext, sizeof(plaintext),
+ &plaintext_length);
+ TEST_ASSERT(status == PSA_SUCCESS ||
+ ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 &&
+ (status == PSA_ERROR_INVALID_ARGUMENT ||
+ status == PSA_ERROR_INVALID_PADDING)));
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t* operation,
+ psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
- const unsigned char* input1, size_t input1_length,
- const unsigned char* input2, size_t input2_length,
- size_t capacity )
+ const unsigned char *input1, size_t input1_length,
+ const unsigned char *input2, size_t input2_length,
+ size_t capacity)
{
- PSA_ASSERT( psa_key_derivation_setup( operation, alg ) );
- if( PSA_ALG_IS_HKDF( alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input1, input1_length ) );
- PSA_ASSERT( psa_key_derivation_input_key( operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input2,
- input2_length ) );
- }
- else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- input1, input1_length ) );
- PSA_ASSERT( psa_key_derivation_input_key( operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( operation,
- PSA_KEY_DERIVATION_INPUT_LABEL,
- input2, input2_length ) );
- }
- else
- {
- TEST_ASSERT( ! "Key derivation algorithm not supported" );
+ PSA_ASSERT(psa_key_derivation_setup(operation, alg));
+ if (PSA_ALG_IS_HKDF(alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ input1, input1_length));
+ PSA_ASSERT(psa_key_derivation_input_key(operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key));
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ input2,
+ input2_length));
+ } else if (PSA_ALG_IS_TLS12_PRF(alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_SEED,
+ input1, input1_length));
+ PSA_ASSERT(psa_key_derivation_input_key(operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ key));
+ PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+ PSA_KEY_DERIVATION_INPUT_LABEL,
+ input2, input2_length));
+ } else {
+ TEST_ASSERT(!"Key derivation algorithm not supported");
}
- if( capacity != SIZE_MAX )
- PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) );
+ if (capacity != SIZE_MAX) {
+ PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity));
+ }
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-static int exercise_key_derivation_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_key_derivation_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input1[] = "Input 1";
- size_t input1_length = sizeof( input1 );
+ size_t input1_length = sizeof(input1);
unsigned char input2[] = "Input 2";
- size_t input2_length = sizeof( input2 );
+ size_t input2_length = sizeof(input2);
unsigned char output[1];
- size_t capacity = sizeof( output );
+ size_t capacity = sizeof(output);
- if( usage & PSA_KEY_USAGE_DERIVE )
- {
- if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
- input1, input1_length,
- input2, input2_length,
- capacity ) )
+ if (usage & PSA_KEY_USAGE_DERIVE) {
+ if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
+ input1, input1_length,
+ input2, input2_length,
+ capacity)) {
goto exit;
+ }
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output,
- capacity ) );
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output,
+ capacity));
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
}
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
psa_status_t mbedtls_test_psa_key_agreement_with_self(
psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key )
+ mbedtls_svc_key_id_t key)
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -525,34 +500,34 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- private_key_type = psa_get_key_type( &attributes );
- key_bits = psa_get_key_bits( &attributes );
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
- ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
- &public_key_length ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ private_key_type = psa_get_key_type(&attributes);
+ key_bits = psa_get_key_bits(&attributes);
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
+ public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
+ ASSERT_ALLOC(public_key, public_key_length);
+ PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length,
+ &public_key_length));
status = psa_key_derivation_key_agreement(
operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
- public_key, public_key_length );
+ public_key, public_key_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( public_key );
- return( status );
+ mbedtls_free(public_key);
+ return status;
}
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
psa_algorithm_t alg,
- mbedtls_svc_key_id_t key )
+ mbedtls_svc_key_id_t key)
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -567,26 +542,25 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- private_key_type = psa_get_key_type( &attributes );
- key_bits = psa_get_key_bits( &attributes );
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
- ASSERT_ALLOC( public_key, public_key_length );
- PSA_ASSERT( psa_export_public_key( key,
- public_key, public_key_length,
- &public_key_length ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ private_key_type = psa_get_key_type(&attributes);
+ key_bits = psa_get_key_bits(&attributes);
+ public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
+ public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
+ ASSERT_ALLOC(public_key, public_key_length);
+ PSA_ASSERT(psa_export_public_key(key,
+ public_key, public_key_length,
+ &public_key_length));
- status = psa_raw_key_agreement( alg, key,
- public_key, public_key_length,
- output, sizeof( output ), &output_length );
- if ( status == PSA_SUCCESS )
- {
- TEST_ASSERT( output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type,
- key_bits ) );
- TEST_ASSERT( output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
+ status = psa_raw_key_agreement(alg, key,
+ public_key, public_key_length,
+ output, sizeof(output), &output_length);
+ if (status == PSA_SUCCESS) {
+ TEST_ASSERT(output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type,
+ key_bits));
+ TEST_ASSERT(output_length <=
+ PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE);
}
exit:
@@ -594,93 +568,86 @@
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( public_key );
- return( status );
+ mbedtls_free(public_key);
+ return status;
}
-static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
int ok = 0;
- if( usage & PSA_KEY_USAGE_DERIVE )
- {
+ if (usage & PSA_KEY_USAGE_DERIVE) {
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) );
+ PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key));
}
ok = 1;
exit:
- return( ok );
+ return ok;
}
-static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+static int exercise_key_agreement_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char input[1];
unsigned char output[1];
int ok = 0;
- psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
+ psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
- if( usage & PSA_KEY_USAGE_DERIVE )
- {
+ if (usage & PSA_KEY_USAGE_DERIVE) {
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SEED,
- input, sizeof( input ) ) );
+ PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SEED,
+ input, sizeof(input)));
}
- PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) );
+ PSA_ASSERT(mbedtls_test_psa_key_agreement_with_self(&operation, key));
- if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
- input, sizeof( input ) ) );
+ if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
+ PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
+ input, sizeof(input)));
+ } else if (PSA_ALG_IS_HKDF(kdf_alg)) {
+ PSA_ASSERT(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ input, sizeof(input)));
}
- else if( PSA_ALG_IS_HKDF( kdf_alg ) )
- {
- PSA_ASSERT( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- input, sizeof( input ) ) );
- }
- PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
- output,
- sizeof( output ) ) );
- PSA_ASSERT( psa_key_derivation_abort( &operation ) );
+ PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
+ output,
+ sizeof(output)));
+ PSA_ASSERT(psa_key_derivation_abort(&operation));
}
ok = 1;
exit:
- return( ok );
+ return ok;
}
int mbedtls_test_psa_exported_key_sanity_check(
psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length )
+ const uint8_t *exported, size_t exported_length)
{
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
+ TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits));
- if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
- TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
- else
+ if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
+ TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
+ } else
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
- {
- uint8_t *p = (uint8_t*) exported;
+ if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
+ uint8_t *p = (uint8_t *) exported;
const uint8_t *end = exported + exported_length;
size_t len;
/* RSAPrivateKey ::= SEQUENCE {
@@ -695,140 +662,139 @@
* coefficient INTEGER, -- (inverse of q) mod p
* }
*/
- TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED ), 0 );
- TEST_EQUAL( len, end - p );
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) )
+ TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED), 0);
+ TEST_EQUAL(len, end - p);
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
goto exit;
+ }
/* Require d to be at least half the size of n. */
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) {
goto exit;
+ }
/* Require p and q to be at most half the size of n, rounded up. */
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
goto exit;
- TEST_EQUAL( p - end, 0 );
+ }
+ TEST_EQUAL(p - end, 0);
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
- }
- else
+ TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
+ } else
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
/* Just the secret value */
- TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
+ TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
- TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
- }
- else
+ TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
+ } else
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
- if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
- {
- uint8_t *p = (uint8_t*) exported;
+ if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
+ uint8_t *p = (uint8_t *) exported;
const uint8_t *end = exported + exported_length;
size_t len;
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
- TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED ),
- 0 );
- TEST_EQUAL( len, end - p );
- if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
+ TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
+ MBEDTLS_ASN1_SEQUENCE |
+ MBEDTLS_ASN1_CONSTRUCTED),
+ 0);
+ TEST_EQUAL(len, end - p);
+ if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
goto exit;
- if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
+ }
+ if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
goto exit;
- TEST_EQUAL( p - end, 0 );
+ }
+ TEST_EQUAL(p - end, 0);
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
- }
- else
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
+ } else
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ECP_C)
- if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
- {
+ if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
- TEST_ASSERT( exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY )
- {
+ if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) {
/* The representation of an ECC Montgomery public key is
* the raw compressed point */
- TEST_EQUAL( PSA_BITS_TO_BYTES( bits ), exported_length );
- }
- else
- {
+ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length);
+ } else {
/* The representation of an ECC Weierstrass public key is:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
* - where m is the bit size associated with the curve.
*/
- TEST_EQUAL( 1 + 2 * PSA_BITS_TO_BYTES( bits ), exported_length );
- TEST_EQUAL( exported[0], 4 );
+ TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
+ TEST_EQUAL(exported[0], 4);
}
- }
- else
+ } else
#endif /* MBEDTLS_ECP_C */
{
(void) exported;
- TEST_ASSERT( ! "Sanity check not implemented for this key type" );
+ TEST_ASSERT(!"Sanity check not implemented for this key type");
}
#if defined(MBEDTLS_DES_C)
- if( type == PSA_KEY_TYPE_DES )
- {
+ if (type == PSA_KEY_TYPE_DES) {
/* Check the parity bits. */
unsigned i;
- for( i = 0; i < bits / 8; i++ )
- {
+ for (i = 0; i < bits / 8; i++) {
unsigned bit_count = 0;
unsigned m;
- for( m = 1; m <= 0x100; m <<= 1 )
- {
- if( exported[i] & m )
+ for (m = 1; m <= 0x100; m <<= 1) {
+ if (exported[i] & m) {
++bit_count;
+ }
}
- TEST_ASSERT( bit_count % 2 != 0 );
+ TEST_ASSERT(bit_count % 2 != 0);
}
}
#endif
- return( 1 );
+ return 1;
exit:
- return( 0 );
+ return 0;
}
-static int exercise_export_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage )
+static int exercise_export_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *exported = NULL;
@@ -836,42 +802,41 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ) );
- ASSERT_ALLOC( exported, exported_size );
+ psa_get_key_type(&attributes),
+ psa_get_key_bits(&attributes));
+ ASSERT_ALLOC(exported, exported_size);
- if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
- ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
- {
- TEST_EQUAL( psa_export_key( key, exported,
- exported_size, &exported_length ),
- PSA_ERROR_NOT_PERMITTED );
+ if ((usage & PSA_KEY_USAGE_EXPORT) == 0 &&
+ !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) {
+ TEST_EQUAL(psa_export_key(key, exported,
+ exported_size, &exported_length),
+ PSA_ERROR_NOT_PERMITTED);
ok = 1;
goto exit;
}
- PSA_ASSERT( psa_export_key( key,
- exported, exported_size,
- &exported_length ) );
+ PSA_ASSERT(psa_export_key(key,
+ exported, exported_size,
+ &exported_length));
ok = mbedtls_test_psa_exported_key_sanity_check(
- psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ),
- exported, exported_length );
+ psa_get_key_type(&attributes), psa_get_key_bits(&attributes),
+ exported, exported_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( exported );
- return( ok );
+ mbedtls_free(exported);
+ return ok;
}
-static int exercise_export_public_key( mbedtls_svc_key_id_t key )
+static int exercise_export_public_key(mbedtls_svc_key_id_t key)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t public_type;
@@ -880,119 +845,113 @@
size_t exported_length = 0;
int ok = 0;
- PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
- if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
- {
+ PSA_ASSERT(psa_get_key_attributes(key, &attributes));
+ if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) {
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type( &attributes ),
- psa_get_key_bits( &attributes ) );
- ASSERT_ALLOC( exported, exported_size );
+ psa_get_key_type(&attributes),
+ psa_get_key_bits(&attributes));
+ ASSERT_ALLOC(exported, exported_size);
- TEST_EQUAL( psa_export_public_key( key, exported,
- exported_size, &exported_length ),
- PSA_ERROR_INVALID_ARGUMENT );
+ TEST_EQUAL(psa_export_public_key(key, exported,
+ exported_size, &exported_length),
+ PSA_ERROR_INVALID_ARGUMENT);
ok = 1;
goto exit;
}
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
- psa_get_key_type( &attributes ) );
- exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type,
- psa_get_key_bits( &attributes ) );
- ASSERT_ALLOC( exported, exported_size );
+ psa_get_key_type(&attributes));
+ exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type,
+ psa_get_key_bits(&attributes));
+ ASSERT_ALLOC(exported, exported_size);
- PSA_ASSERT( psa_export_public_key( key,
- exported, exported_size,
- &exported_length ) );
+ PSA_ASSERT(psa_export_public_key(key,
+ exported, exported_size,
+ &exported_length));
ok = mbedtls_test_psa_exported_key_sanity_check(
- public_type, psa_get_key_bits( &attributes ),
- exported, exported_length );
+ public_type, psa_get_key_bits(&attributes),
+ exported, exported_length);
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
*/
- psa_reset_key_attributes( &attributes );
+ psa_reset_key_attributes(&attributes);
- mbedtls_free( exported );
- return( ok );
+ mbedtls_free(exported);
+ return ok;
}
-int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
+int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
+ psa_key_usage_t usage,
+ psa_algorithm_t alg)
{
int ok = 0;
- if( ! check_key_attributes_sanity( key ) )
- return( 0 );
+ if (!check_key_attributes_sanity(key)) {
+ return 0;
+ }
- if( alg == 0 )
+ if (alg == 0) {
ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
- else if( PSA_ALG_IS_MAC( alg ) )
- ok = exercise_mac_key( key, usage, alg );
- else if( PSA_ALG_IS_CIPHER( alg ) )
- ok = exercise_cipher_key( key, usage, alg );
- else if( PSA_ALG_IS_AEAD( alg ) )
- ok = exercise_aead_key( key, usage, alg );
- else if( PSA_ALG_IS_SIGN( alg ) )
- ok = exercise_signature_key( key, usage, alg );
- else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
- ok = exercise_asymmetric_encryption_key( key, usage, alg );
- else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
- ok = exercise_key_derivation_key( key, usage, alg );
- else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
- ok = exercise_raw_key_agreement_key( key, usage, alg );
- else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- ok = exercise_key_agreement_key( key, usage, alg );
- else
- TEST_ASSERT( ! "No code to exercise this category of algorithm" );
+ } else if (PSA_ALG_IS_MAC(alg)) {
+ ok = exercise_mac_key(key, usage, alg);
+ } else if (PSA_ALG_IS_CIPHER(alg)) {
+ ok = exercise_cipher_key(key, usage, alg);
+ } else if (PSA_ALG_IS_AEAD(alg)) {
+ ok = exercise_aead_key(key, usage, alg);
+ } else if (PSA_ALG_IS_SIGN(alg)) {
+ ok = exercise_signature_key(key, usage, alg);
+ } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
+ ok = exercise_asymmetric_encryption_key(key, usage, alg);
+ } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
+ ok = exercise_key_derivation_key(key, usage, alg);
+ } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+ ok = exercise_raw_key_agreement_key(key, usage, alg);
+ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+ ok = exercise_key_agreement_key(key, usage, alg);
+ } else {
+ TEST_ASSERT(!"No code to exercise this category of algorithm");
+ }
- ok = ok && exercise_export_key( key, usage );
- ok = ok && exercise_export_public_key( key );
+ ok = ok && exercise_export_key(key, usage);
+ ok = ok && exercise_export_public_key(key);
exit:
- return( ok );
+ return ok;
}
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type,
- psa_algorithm_t alg )
+psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
+ psa_algorithm_t alg)
{
- if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
- {
- if( PSA_ALG_IS_SIGN_HASH( alg ) )
- {
- if( PSA_ALG_SIGN_GET_HASH( alg ) )
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
+ if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) {
+ if (PSA_ALG_IS_SIGN_HASH(alg)) {
+ if (PSA_ALG_SIGN_GET_HASH(alg)) {
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
+ } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) {
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
}
- else if( PSA_ALG_IS_SIGN_MESSAGE( alg) )
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY_HASH :
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
- }
- else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
- PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
- {
- return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_ENCRYPT :
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- }
- else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ||
- PSA_ALG_IS_KEY_AGREEMENT( alg ) )
- {
- return( PSA_KEY_USAGE_DERIVE );
- }
- else
- {
- return( 0 );
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_VERIFY_HASH :
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
+ } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) ||
+ PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
+ return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
+ PSA_KEY_USAGE_ENCRYPT :
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+ } else if (PSA_ALG_IS_KEY_DERIVATION(alg) ||
+ PSA_ALG_IS_KEY_AGREEMENT(alg)) {
+ return PSA_KEY_USAGE_DERIVE;
+ } else {
+ return 0;
}
}