eden-emu/mbedtls
17
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

exported_key_sanity_check: make checks slightly more systematic

Browse source 
Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check()
somewhat. The resulting behavior changes are:

* Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE,
  even for unstructured key types.
* Always complain if a key type is not explicitly covered, not just
  for public keys.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-14 01:29:52 +01:00
parent 5c2665b164
commit cc9db30851
1 changed files with 20 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

51
tests/src/psa_exercise_key.c
View file

@ -578,30 +578,11 @@ int mbedtls_test_psa_exported_key_sanity_check(
psa_key_type_t type, size_t bits, psa_key_type_t type, size_t bits,
const uint8_t *exported, size_t exported_length ) const uint8_t *exported, size_t exported_length )
{ {
if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
TEST_EQUAL( exported_length, ( bits + 7 ) / 8 );
else
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
#if defined(MBEDTLS_DES_C) if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
if( type == PSA_KEY_TYPE_DES ) TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
{
/* Check the parity bits. */
unsigned i;
for( i = 0; i < bits / 8; i++ )
{
unsigned bit_count = 0;
unsigned m;
for( m = 1; m <= 0x100; m <<= 1 )
{
if( exported[i] & m )
++bit_count;
}
TEST_ASSERT( bit_count % 2 != 0 );
}
}
else else
#endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
@ -707,20 +688,28 @@ int mbedtls_test_psa_exported_key_sanity_check(
else else
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
{ {
char message[47]; TEST_ASSERT( ! "Sanity check not implemented for this key type" );
mbedtls_snprintf( message, sizeof( message ),
"No sanity check for public key type=0x%08lx",
(unsigned long) type );
mbedtls_test_fail( message, __LINE__, __FILE__ );
return( 0 );
} }
else
#if defined(MBEDTLS_DES_C)
if( type == PSA_KEY_TYPE_DES )
{ {
/* No sanity checks for other types */ /* Check the parity bits. */
unsigned i;
for( i = 0; i < bits / 8; i++ )
{
unsigned bit_count = 0;
unsigned m;
for( m = 1; m <= 0x100; m <<= 1 )
{
if( exported[i] & m )
++bit_count;
}
TEST_ASSERT( bit_count % 2 != 0 );
}
} }
#endif
return( 1 ); return( 1 );