Merge pull request #9639 from waleed-elmelegy-arm/add-iop-key-gen-setup
Add PSA interruptible key generation setup & abort APIs
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index 32a52de..5f44cc3 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -8098,6 +8098,112 @@
key);
}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+static psa_status_t psa_generate_key_iop_abort_internal(
+ psa_generate_key_iop_t *operation)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if (operation->id == 0) {
+ return PSA_SUCCESS;
+ }
+
+ status = mbedtls_psa_generate_key_iop_abort(&operation->ctx);
+
+ operation->id = 0;
+
+ return status;
+}
+#endif
+
+uint32_t psa_generate_key_iop_get_num_ops(
+ psa_generate_key_iop_t *operation)
+{
+ (void) operation;
+ return 0;
+}
+
+psa_status_t psa_generate_key_iop_setup(
+ psa_generate_key_iop_t *operation,
+ const psa_key_attributes_t *attributes)
+{
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t type;
+
+ if (operation->id != 0 || operation->error_occurred) {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
+
+ type = psa_get_key_type(attributes);
+
+ if (!PSA_KEY_TYPE_IS_ECC(type)) {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+
+ if (psa_get_key_bits(attributes) == 0) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ operation->attributes = *attributes;
+
+ operation->num_ops = 0;
+
+ /* We only support the builtin/Mbed TLS driver for now. */
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+ status = mbedtls_psa_generate_key_iop_setup(&operation->ctx, attributes);
+
+exit:
+ if (status != PSA_SUCCESS) {
+ operation->error_occurred = 1;
+ psa_generate_key_iop_abort_internal(operation);
+ }
+
+ return status;
+#else
+ (void) operation;
+ (void) attributes;
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif
+}
+
+psa_status_t psa_generate_key_iop_complete(
+ psa_generate_key_iop_t *operation,
+ psa_key_id_t *key)
+{
+ (void) operation;
+ (void) key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t psa_generate_key_iop_abort(
+ psa_generate_key_iop_t *operation)
+{
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ psa_status_t status;
+
+ status = psa_generate_key_iop_abort_internal(operation);
+
+ operation->error_occurred = 0;
+ operation->num_ops = 0;
+ return status;
+#else
+ (void) operation;
+ return PSA_SUCCESS;
+#endif
+}
+
+
/****************************************************************/
/* Module setup */
/****************************************************************/
diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h
index df0ee50..1753554 100644
--- a/tf-psa-crypto/core/psa_crypto_core.h
+++ b/tf-psa-crypto/core/psa_crypto_core.h
@@ -435,6 +435,40 @@
size_t key_buffer_size,
size_t *key_buffer_length);
+/**
+ * \brief Setup a new interruptible key generation operation.
+ *
+ * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to use.
+ * This must be initialized first.
+ * \param[in] attributes The desired attributes of the generated key.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation started successfully - call \c mbedtls_psa_generate_key_complete()
+ * with the same operation to complete the operation.
+ * * \retval #PSA_ERROR_NOT_SUPPORTED
+ * Either no internal interruptible operations are
+ * currently supported, or the key attributes are not unsupported.
+ * * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * There was insufficient memory to load the key representation.
+ *
+ */
+psa_status_t mbedtls_psa_generate_key_iop_setup(
+ mbedtls_psa_generate_key_iop_t *operation,
+ const psa_key_attributes_t *attributes);
+
+/**
+ * \brief Abort a key generation operation.
+ *
+ * \param[in] operation The \c mbedtls_psa_generate_key_iop_t to abort.
+ *
+ * \retval #PSA_SUCCESS
+ * The operation was aborted successfully.
+ *
+ */
+psa_status_t mbedtls_psa_generate_key_iop_abort(
+ mbedtls_psa_generate_key_iop_t *operation);
+
+
/** Sign a message with a private key. For hash-and-sign algorithms,
* this includes the hashing step.
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
index 8367cd3..22d5d84 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
@@ -238,6 +238,8 @@
}
mbedtls_mpi;
+#define MBEDTLS_MPI_INIT { 0, 0, 0 }
+
/**
* \brief Initialize an MPI context.
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
index 7b0a80d..b340614 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
@@ -162,6 +162,8 @@
}
mbedtls_ecp_point;
+#define MBEDTLS_ECP_POINT_INIT { MBEDTLS_MPI_INIT, MBEDTLS_MPI_INIT, MBEDTLS_MPI_INIT }
+
/**
* \brief The ECP group structure.
*
@@ -250,6 +252,9 @@
}
mbedtls_ecp_group;
+#define MBEDTLS_ECP_GROUP_INIT { MBEDTLS_ECP_DP_NONE, MBEDTLS_MPI_INIT, MBEDTLS_MPI_INIT, \
+ MBEDTLS_MPI_INIT, MBEDTLS_ECP_POINT_INIT, MBEDTLS_MPI_INIT, \
+ 0, 0, 0, NULL, NULL, NULL, NULL, NULL, 0 }
/**
* \name SECTION: Module settings
*
@@ -419,6 +424,9 @@
}
mbedtls_ecp_keypair;
+#define MBEDTLS_ECP_KEYPAIR_INIT { MBEDTLS_ECP_GROUP_INIT, MBEDTLS_MPI_INIT, \
+ MBEDTLS_ECP_POINT_INIT }
+
/**
* The uncompressed point format for Short Weierstrass curves
* (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_DP_BP_XXX).
diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
index 6a697bc..acb2482 100644
--- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
+++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
@@ -594,41 +594,38 @@
/* Interruptible ECC Key Generation */
/****************************************************************/
-uint32_t psa_generate_key_iop_get_num_ops(
- psa_generate_key_iop_t *operation)
-{
- (void) operation;
- return 0;
-}
+#if defined(MBEDTLS_ECP_RESTARTABLE)
-psa_status_t psa_generate_key_iop_setup(
- psa_generate_key_iop_t *operation,
+psa_status_t mbedtls_psa_generate_key_iop_setup(
+ mbedtls_psa_generate_key_iop_t *operation,
const psa_key_attributes_t *attributes)
{
- (void) operation;
- (void) attributes;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- return PSA_ERROR_NOT_SUPPORTED;
+ mbedtls_ecp_keypair_init(&operation->ecp);
+
+ psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
+ psa_get_key_type(attributes));
+ mbedtls_ecp_group_id grp_id =
+ mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(attributes));
+ if (grp_id == MBEDTLS_ECP_DP_NONE) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ status = mbedtls_ecp_group_load(&operation->ecp.grp, grp_id);
+
+ return mbedtls_to_psa_error(status);
}
-psa_status_t psa_generate_key_iop_complete(
- psa_generate_key_iop_t *operation,
- psa_key_id_t *key)
+psa_status_t mbedtls_psa_generate_key_iop_abort(
+ mbedtls_psa_generate_key_iop_t *operation)
{
- (void) operation;
- (void) key;
-
- return PSA_ERROR_NOT_SUPPORTED;
+ mbedtls_ecp_keypair_free(&operation->ecp);
+ operation->num_ops = 0;
+ return PSA_SUCCESS;
}
-psa_status_t psa_generate_key_iop_abort(
- psa_generate_key_iop_t *operation)
-{
- (void) operation;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
+#endif
/****************************************************************/
/* Interruptible ECC Key Agreement */
/****************************************************************/
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index aa58033..58b6887 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -4360,8 +4360,9 @@
* time. The only guarantee is that lower values
* for \p max_ops means functions will block for a
* lesser maximum amount of time. The functions
- * \c psa_sign_interruptible_get_num_ops() and
- * \c psa_verify_interruptible_get_num_ops() are
+ * \c psa_sign_interruptible_get_num_ops(),
+ * \c psa_verify_interruptible_get_num_ops() and
+ * \c psa_generate_key_iop_get_num_ops() are
* provided to help with tuning this value.
*
* \note This value defaults to
diff --git a/tf-psa-crypto/include/psa/crypto_builtin_composites.h b/tf-psa-crypto/include/psa/crypto_builtin_composites.h
index c14f5dd..c9c0c6b 100644
--- a/tf-psa-crypto/include/psa/crypto_builtin_composites.h
+++ b/tf-psa-crypto/include/psa/crypto_builtin_composites.h
@@ -211,4 +211,20 @@
#define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } }
+typedef struct {
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_ecp_keypair MBEDTLS_PRIVATE(ecp);
+ uint32_t num_ops;
+#else
+ /* Make the struct non-empty if algs not supported. */
+ unsigned MBEDTLS_PRIVATE(dummy);
+#endif
+} mbedtls_psa_generate_key_iop_t;
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PSA_GENERATE_KEY_IOP_INIT { MBEDTLS_ECP_KEYPAIR_INIT, 0 }
+#else
+#define MBEDTLS_PSA_GENERATE_KEY_IOP_INIT { 0 }
+#endif
+
#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h
index 2eec948..76ef5c4 100644
--- a/tf-psa-crypto/include/psa/crypto_struct.h
+++ b/tf-psa-crypto/include/psa/crypto_struct.h
@@ -542,14 +542,18 @@
* any driver (i.e. none of the driver contexts are active).
*/
unsigned int MBEDTLS_PRIVATE(id);
-
+ mbedtls_psa_generate_key_iop_t MBEDTLS_PRIVATE(ctx);
+ psa_key_attributes_t MBEDTLS_PRIVATE(attributes);
+ unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
+ uint32_t MBEDTLS_PRIVATE(num_ops);
#endif
};
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
#define PSA_GENERATE_KEY_IOP_INIT { 0 }
#else
-#define PSA_GENERATE_KEY_IOP_INIT { 0 }
+#define PSA_GENERATE_KEY_IOP_INIT { 0, MBEDTLS_PSA_GENERATE_KEY_IOP_INIT, PSA_KEY_ATTRIBUTES_INIT, \
+ 0, 0 }
#endif
static inline struct psa_generate_key_iop_s
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
index 87fec19..dab2ee7 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@@ -7496,12 +7496,44 @@
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+PSA generate key: ECC, SECP384R1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, SECP521R1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, SECP192K1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, SECP256K1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, brainpool256r1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
+PSA generate key: ECC, brainpool384r1, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
+
PSA generate key: ECC, SECP256R1, incorrect bit size
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
# INVALID_ARGUMENT would make more sense, but our code as currently structured
# doesn't fully relate the curve with its size.
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED:0
+PSA generate key: ECC, SECP256R1, zero bit size
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
+generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT:0
+
+PSA generate key: ECC, SECP256R1, public key
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
+generate_key:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT:0
+
PSA generate key: ECC, Curve25519, good
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
@@ -7534,6 +7566,9 @@
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0
+PSA generate key interruptible object initializers zero properly
+generate_key_iop_init:
+
PSA generate key custom: RSA, flags=1
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index b1c662f..eaafd90 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -10096,6 +10096,7 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_generate_key_iop_t operation = PSA_GENERATE_KEY_IOP_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -10111,21 +10112,46 @@
TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY);
}
TEST_EQUAL(status, expected_status);
- if (expected_status != PSA_SUCCESS) {
- goto exit;
+ if (expected_status == PSA_SUCCESS) {
+ /* Test the key information */
+ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
+ TEST_EQUAL(psa_get_key_type(&got_attributes), type);
+ TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
+
+ /* Do something with the key according to its type and permitted usage. */
+ TEST_EQUAL(mbedtls_test_psa_exercise_key(key, usage, alg, 0), 1);
}
- /* Test the key information */
- PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
- TEST_EQUAL(psa_get_key_type(&got_attributes), type);
- TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
+ /* Adjust expected_status for interruptible key generation.
+ * Interruptible key generation is only supported for ECC key pairs and even
+ * for those only when MBEDTLS_ECP_RESTARTABLE is on.
+ */
- /* Do something with the key according to its type and permitted usage. */
- if (!mbedtls_test_psa_exercise_key(key, usage, alg, 0)) {
- goto exit;
+ if (!PSA_KEY_TYPE_IS_ECC(type)) {
+ expected_status = PSA_ERROR_NOT_SUPPORTED;
}
+#if !defined(MBEDTLS_ECP_RESTARTABLE)
+ expected_status = PSA_ERROR_NOT_SUPPORTED;
+#endif
+
+ status = psa_generate_key_iop_setup(&operation, &attributes);
+ TEST_EQUAL(status, expected_status);
+
+ /* Test that calling setup 2 time consecutively fails */
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ status = psa_generate_key_iop_setup(&operation, &attributes);
+ TEST_EQUAL(status, PSA_ERROR_BAD_STATE);
+#endif
+
+ PSA_ASSERT(psa_generate_key_iop_abort(&operation));
+
+ /* Test that after calling abort operation is reset to it's fresh state */
+ status = psa_generate_key_iop_setup(&operation, &attributes);
+ TEST_EQUAL(status, expected_status);
+
exit:
+ psa_generate_key_iop_abort(&operation);
/*
* Key attributes may have been returned by psa_get_key_attributes()
* thus reset them as required.
@@ -10138,6 +10164,21 @@
/* END_CASE */
/* BEGIN_CASE */
+void generate_key_iop_init()
+{
+ psa_generate_key_iop_t init = PSA_GENERATE_KEY_IOP_INIT;
+ psa_generate_key_iop_t func = psa_generate_key_iop_init();
+ psa_generate_key_iop_t zero;
+
+ memset(&zero, 0, sizeof(zero));
+
+ PSA_ASSERT(psa_generate_key_iop_abort(&init));
+ PSA_ASSERT(psa_generate_key_iop_abort(&func));
+ PSA_ASSERT(psa_generate_key_iop_abort(&zero));
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void generate_key_custom(int type_arg,
int bits_arg,
int usage_arg,