AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement psa_get_key_attributes

Browse Source 
Implement attribute querying.

Test attribute getters and setters. Use psa_get_key_attributes instead
of the deprecated functions psa_get_key_policy or
psa_get_key_information in most tests.
This commit is contained in:
Gilles Peskine 2019-04-18 21:44:46 +02:00
parent dfea0a2510
commit 8c8f2ab66b
4 changed files with 198 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/psa/crypto.h
View File

@ -140,7 +140,7 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
psa_key_attributes_t *attributes);
psa_status_t psa_reset_key_attributes(psa_key_attributes_t *attributes);
void psa_reset_key_attributes(psa_key_attributes_t *attributes);
/**@}*/

68
library/psa_crypto.c
View File

@ -981,6 +981,31 @@ static size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
return( 0 );
}
void psa_reset_key_attributes( psa_key_attributes_t *attributes )
{
memset( attributes, 0, sizeof( *attributes ) );
}
psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
psa_key_attributes_t *attributes )
{
psa_key_slot_t *slot;
psa_status_t status;
psa_reset_key_attributes( attributes );
status = psa_get_key_slot( handle, &slot );
if( status != PSA_SUCCESS )
return( status );
attributes->id = slot->persistent_storage_id;
attributes->lifetime = slot->lifetime;
attributes->policy = slot->policy;
attributes->type = slot->type;
attributes->bits = psa_get_key_slot_bits( slot );
return( PSA_SUCCESS );
}
psa_status_t psa_get_key_information( psa_key_handle_t handle,
psa_key_type_t *type,
size_t *bits )
@ -1347,7 +1372,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
}
static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
psa_key_handle_t target )
psa_key_slot_t *target )
{
psa_status_t status;
uint8_t *buffer = NULL;
@ -1362,7 +1387,8 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 );
if( status != PSA_SUCCESS )
goto exit;
status = psa_import_key_to_handle( target, source->type, buffer, length );
target->type = source->type;
status = psa_import_key_into_slot( target, buffer, length );
exit:
if( buffer_size != 0 )
@ -1397,7 +1423,7 @@ psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
return( status );
}
status = psa_copy_key_material( source_slot, target_handle );
status = psa_copy_key_material( source_slot, target_slot );
if( status != PSA_SUCCESS )
return( status );
@ -1405,6 +1431,42 @@ psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle,
return( PSA_SUCCESS );
}
psa_status_t psa_copy_key( psa_key_handle_t source_handle,
const psa_key_attributes_t *specified_attributes,
psa_key_handle_t *target_handle )
{
psa_status_t status;
psa_key_slot_t *source_slot = NULL;
psa_key_slot_t *target_slot = NULL;
psa_key_attributes_t actual_attributes = *specified_attributes;
status = psa_get_key_from_slot( source_handle, &source_slot, 0, 0 );
if( status != PSA_SUCCESS )
goto exit;
status = psa_restrict_key_policy( &actual_attributes.policy,
&source_slot->policy );
if( status != PSA_SUCCESS )
goto exit;
status = psa_start_key_creation( &actual_attributes,
target_handle, &target_slot );
if( status != PSA_SUCCESS )
goto exit;
status = psa_copy_key_material( source_slot, target_slot );
exit:
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( target_slot );
if( status != PSA_SUCCESS )
{
psa_fail_key_creation( target_slot );
*target_handle = 0;
}
return( status );
}
/****************************************************************/

3
tests/suites/test_suite_psa_crypto.data
View File

@ -1,6 +1,9 @@
PSA compile-time sanity checks
static_checks:
PSA key attributes structure
attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES
PSA import/export raw: 0 bytes
import_export:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_SUCCESS:1

217
tests/suites/test_suite_psa_crypto.function
View File

@ -346,12 +346,16 @@ static int exercise_cipher_key( psa_key_handle_t handle,
if( usage & PSA_KEY_USAGE_DECRYPT )
{
psa_status_t status;
psa_key_type_t type = PSA_KEY_TYPE_NONE;
int maybe_invalid_padding = 0;
if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
{
size_t bits;
TEST_ASSERT( psa_get_key_information( handle, &type, &bits ) );
iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
/* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't
* have this macro yet. */
iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(
psa_get_key_type( &attributes ) );
maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
}
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
@ -368,12 +372,11 @@ static int exercise_cipher_key( psa_key_handle_t handle,
/* For a stream cipher, all inputs are valid. For a block cipher,
* if the input is some aribtrary data rather than an actual
ciphertext, a padding error is likely. */
if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
PSA_ASSERT( status );
else
if( maybe_invalid_padding )
TEST_ASSERT( status == PSA_SUCCESS ||
status == PSA_ERROR_INVALID_PADDING );
else
PSA_ASSERT( status );
}
return( 1 );
@ -579,10 +582,11 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
* psa_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_get_key_information( handle,
&private_key_type,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
@ -613,10 +617,11 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
* psa_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_get_key_information( handle,
&private_key_type,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
private_key_type = psa_get_key_type( &attributes );
key_bits = psa_get_key_bits( &attributes );
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
ASSERT_ALLOC( public_key, public_key_length );
@ -918,30 +923,32 @@ exit:
static int exercise_export_key( psa_key_handle_t handle,
psa_key_usage_t usage )
{
psa_key_type_t type;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *exported = NULL;
size_t exported_size = 0;
size_t exported_length = 0;
int ok = 0;
PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
{
TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ),
PSA_ERROR_NOT_PERMITTED );
return( 1 );
}
exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
exported_size = PSA_KEY_EXPORT_MAX_SIZE( psa_get_key_type( &attributes ),
psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
PSA_ASSERT( psa_export_key( handle,
exported, exported_size,
&exported_length ) );
ok = exported_key_sanity_check( type, bits, exported, exported_length );
ok = exported_key_sanity_check( psa_get_key_type( &attributes ),
psa_get_key_bits( &attributes ),
exported, exported_length );
exit:
mbedtls_free( exported );
@ -950,30 +957,32 @@ exit:
static int exercise_export_public_key( psa_key_handle_t handle )
{
psa_key_type_t type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t public_type;
size_t bits;
uint8_t *exported = NULL;
size_t exported_size = 0;
size_t exported_length = 0;
int ok = 0;
PSA_ASSERT( psa_get_key_information( handle, &type, &bits ) );
if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
{
TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ),
PSA_ERROR_INVALID_ARGUMENT );
return( 1 );
}
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(
psa_get_key_type( &attributes ) );
exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type,
psa_get_key_bits( &attributes ) );
ASSERT_ALLOC( exported, exported_size );
PSA_ASSERT( psa_export_public_key( handle,
exported, exported_size,
&exported_length ) );
ok = exported_key_sanity_check( public_type, bits,
ok = exported_key_sanity_check( public_type,
psa_get_key_bits( &attributes ),
exported, exported_length );
exit:
@ -1109,10 +1118,51 @@ void static_checks( )
/* END_CASE */
/* BEGIN_CASE */
void import( data_t *data, int type, int expected_status_arg )
void attributes_set_get( int id_arg, int lifetime_arg,
int usage_flags_arg, int alg_arg,
int type_arg )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t id = id_arg;
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
psa_key_type_t type = type_arg;
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
psa_make_key_persistent( &attributes, id, lifetime );
psa_set_key_usage_flags( &attributes, usage_flags );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, type );
TEST_EQUAL( psa_get_key_id( &attributes ), id );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
psa_reset_key_attributes( &attributes );
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void import( data_t *data, int type_arg, int expected_status_arg )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t handle = 0;
psa_key_type_t type = type_arg;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@ -1121,10 +1171,16 @@ void import( data_t *data, int type, int expected_status_arg )
psa_set_key_type( &attributes, type );
status = psa_import_key( &attributes, &handle, data->x, data->len );
TEST_EQUAL( status, expected_status );
if( status == PSA_SUCCESS )
PSA_ASSERT( psa_destroy_key( handle ) );
if( status != PSA_SUCCESS )
goto exit;
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
PSA_ASSERT( psa_destroy_key( handle ) );
exit:
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
@ -1225,9 +1281,8 @@ void import_export( data_t *data,
size_t export_size;
size_t exported_length = INVALID_EXPORT_LENGTH;
size_t reexported_length;
psa_key_type_t got_type;
size_t got_bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
export_size = (ptrdiff_t) data->len + export_size_delta;
ASSERT_ALLOC( exported, export_size );
@ -1243,11 +1298,9 @@ void import_export( data_t *data,
PSA_ASSERT( psa_import_key( &attributes, &handle, data->x, data->len ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_information( handle,
&got_type,
&got_bits ) );
TEST_EQUAL( got_type, type );
TEST_EQUAL( got_bits, (size_t) expected_bits );
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
/* Export the key */
status = psa_export_key( handle,
@ -1287,7 +1340,7 @@ void import_export( data_t *data,
reexported, reexported_length );
PSA_ASSERT( psa_close_key( handle2 ) );
}
TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
destroy:
/* Destroy the key */
@ -1539,7 +1592,8 @@ void import_export_public_key( data_t *data,
{
psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
size_t bits;
PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
bits = psa_get_key_bits( &attributes );
TEST_ASSERT( expected_public_key->len <=
PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
@ -1565,8 +1619,7 @@ void import_and_exercise_key( data_t *data,
psa_algorithm_t alg = alg_arg;
psa_key_usage_t usage = usage_to_exercise( type, alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t got_type;
size_t got_bits;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -1578,11 +1631,9 @@ void import_and_exercise_key( data_t *data,
PSA_ASSERT( psa_import_key( &attributes, &handle, data->x, data->len ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_information( handle,
&got_type,
&got_bits ) );
TEST_EQUAL( got_type, type );
TEST_EQUAL( got_bits, bits );
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
if( ! exercise_key( handle, usage, alg ) )
@ -1602,27 +1653,22 @@ void key_policy( int usage_arg, int alg_arg )
psa_key_usage_t usage = usage_arg;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
unsigned char key[32] = {0};
psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
memset( key, 0x2a, sizeof( key ) );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_allocate_key( &handle ) );
psa_key_policy_set_usage( &policy_set, usage, alg );
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
TEST_EQUAL( psa_key_policy_get_usage( &policy_set ), usage );
TEST_EQUAL( psa_key_policy_get_algorithm( &policy_set ), alg );
PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
PSA_ASSERT( psa_import_key( &attributes, &handle, key, sizeof( key ) ) );
PSA_ASSERT( psa_import_key_to_handle( handle, key_type,
key, sizeof( key ) ) );
PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
TEST_EQUAL( policy_get.usage, policy_set.usage );
TEST_EQUAL( policy_get.alg, policy_set.alg );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_type( &attributes ), key_type );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
exit:
psa_destroy_key( handle );
@ -1818,6 +1864,7 @@ void asymmetric_encryption_key_policy( int policy_usage,
size_t buffer_length;
unsigned char *buffer = NULL;
size_t output_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -1828,9 +1875,8 @@ void asymmetric_encryption_key_policy( int policy_usage,
PSA_ASSERT( psa_import_key_to_handle( handle, key_type,
key_data->x, key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle,
NULL,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
exercise_alg );
ASSERT_ALLOC( buffer, buffer_length );
@ -3671,6 +3717,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data,
size_t signature_size;
size_t signature_length = 0xdeadbeef;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -3681,9 +3728,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data,
PSA_ASSERT( psa_import_key_to_handle( handle, key_type,
key_data->x,
key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle,
NULL,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
* library. */
@ -3766,6 +3812,7 @@ void sign_verify( int key_type_arg, data_t *key_data,
size_t signature_size;
size_t signature_length = 0xdeadbeef;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -3778,9 +3825,8 @@ void sign_verify( int key_type_arg, data_t *key_data,
PSA_ASSERT( psa_import_key_to_handle( handle, key_type,
key_data->x,
key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle,
NULL,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
/* Allocate a buffer which has the size advertized by the
* library. */
@ -3912,6 +3958,7 @@ void asymmetric_encrypt( int key_type_arg,
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -3924,9 +3971,8 @@ void asymmetric_encrypt( int key_type_arg,
key_data->len ) );
/* Determine the maximum output length */
PSA_ASSERT( psa_get_key_information( handle,
NULL,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
@ -3980,6 +4026,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg,
size_t output2_size;
size_t output2_length = ~0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -3994,9 +4041,8 @@ void asymmetric_encrypt_decrypt( int key_type_arg,
key_data->len ) );
/* Determine the maximum ciphertext length */
PSA_ASSERT( psa_get_key_information( handle,
NULL,
&key_bits ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
ASSERT_ALLOC( output, output_size );
output2_size = input_data->len;
@ -4515,8 +4561,7 @@ void derive_key_exercise( int alg_arg,
size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t got_type;
size_t got_bits;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -4540,11 +4585,9 @@ void derive_key_exercise( int alg_arg,
&generator ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_information( derived_handle,
&got_type,
&got_bits ) );
TEST_EQUAL( got_type, derived_type );
TEST_EQUAL( got_bits, derived_bits );
PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
/* Exercise the derived key. */
if( ! exercise_key( derived_handle, derived_usage, derived_alg ) )
@ -4905,11 +4948,10 @@ void generate_key( int type_arg,
size_t bits = bits_arg;
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_type_t got_type;
size_t got_bits;
psa_status_t expected_info_status =
expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -4924,10 +4966,9 @@ void generate_key( int type_arg,
goto exit;
/* Test the key information */
TEST_EQUAL( psa_get_key_information( handle, &got_type, &got_bits ),
expected_info_status );
TEST_EQUAL( got_type, type );
TEST_EQUAL( got_bits, bits );
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
/* Do something with the key according to its type and permitted usage. */
if( ! exercise_key( handle, usage, alg ) )