exported_key_sanity_check: make checks slightly more systematic
Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check() somewhat. The resulting behavior changes are: * Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE, even for unstructured key types. * Always complain if a key type is not explicitly covered, not just for public keys. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
5c2665b164
commit
cc9db30851
1 changed files with 20 additions and 31 deletions
|
@ -578,30 +578,11 @@ int mbedtls_test_psa_exported_key_sanity_check(
|
||||||
psa_key_type_t type, size_t bits,
|
psa_key_type_t type, size_t bits,
|
||||||
const uint8_t *exported, size_t exported_length )
|
const uint8_t *exported, size_t exported_length )
|
||||||
{
|
{
|
||||||
if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
|
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
|
||||||
TEST_EQUAL( exported_length, ( bits + 7 ) / 8 );
|
|
||||||
else
|
|
||||||
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DES_C)
|
if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
|
||||||
if( type == PSA_KEY_TYPE_DES )
|
TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
|
||||||
{
|
|
||||||
/* Check the parity bits. */
|
|
||||||
unsigned i;
|
|
||||||
for( i = 0; i < bits / 8; i++ )
|
|
||||||
{
|
|
||||||
unsigned bit_count = 0;
|
|
||||||
unsigned m;
|
|
||||||
for( m = 1; m <= 0x100; m <<= 1 )
|
|
||||||
{
|
|
||||||
if( exported[i] & m )
|
|
||||||
++bit_count;
|
|
||||||
}
|
|
||||||
TEST_ASSERT( bit_count % 2 != 0 );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
else
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
|
||||||
if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||||
|
@ -707,20 +688,28 @@ int mbedtls_test_psa_exported_key_sanity_check(
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
|
|
||||||
{
|
{
|
||||||
char message[47];
|
TEST_ASSERT( ! "Sanity check not implemented for this key type" );
|
||||||
mbedtls_snprintf( message, sizeof( message ),
|
|
||||||
"No sanity check for public key type=0x%08lx",
|
|
||||||
(unsigned long) type );
|
|
||||||
mbedtls_test_fail( message, __LINE__, __FILE__ );
|
|
||||||
return( 0 );
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_DES_C)
|
||||||
|
if( type == PSA_KEY_TYPE_DES )
|
||||||
{
|
{
|
||||||
/* No sanity checks for other types */
|
/* Check the parity bits. */
|
||||||
|
unsigned i;
|
||||||
|
for( i = 0; i < bits / 8; i++ )
|
||||||
|
{
|
||||||
|
unsigned bit_count = 0;
|
||||||
|
unsigned m;
|
||||||
|
for( m = 1; m <= 0x100; m <<= 1 )
|
||||||
|
{
|
||||||
|
if( exported[i] & m )
|
||||||
|
++bit_count;
|
||||||
|
}
|
||||||
|
TEST_ASSERT( bit_count % 2 != 0 );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue