New test suite for not-supported cases: key creation (import, generate)
To start with, test that key creation fails as intended when the key
type is not supported. This commit only covers psa_import_key and
psa_generate_key. A follow-up will cover psa_key_derivation_output_key.
My primary intent in creating this new test suite is to automatically
generate test cases by enumerating the key types and algorithms that
the library supports. But this commit only adds a few manually written
test cases, to get the ball rolling.
Move the relevant test cases of test_suite_psa_crypto.data that only
depend on generic knowledge about the API. Keep test cases that depend
more closely on the implementation, such as tests of non-supported key
sizes, in test_suite_psa_crypto.data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 6873dad..a05b243 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -146,6 +146,7 @@
add_test_suite(psa_crypto_hash)
add_test_suite(psa_crypto_init)
add_test_suite(psa_crypto_metadata)
+add_test_suite(psa_crypto_not_supported.misc)
add_test_suite(psa_crypto_persistent_key)
add_test_suite(psa_crypto_se_driver_hal)
add_test_suite(psa_crypto_se_driver_hal_mocks)
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index c981e98..ad34bad 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -25,12 +25,6 @@
PSA import: bad usage flag
import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
-PSA import: invalid type (0)
-import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED
-
-PSA import: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
-import_with_policy:PSA_KEY_TYPE_CATEGORY_MASK:0:0:PSA_ERROR_NOT_SUPPORTED
-
PSA import AES: bad key size
depends_on:MBEDTLS_AES_C
import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMENT
@@ -2809,12 +2803,6 @@
PSA generate random: 2*MBEDTLS_CTR_DRBG_MAX_REQUEST+1 bytes
generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
-PSA generate key: bad type (0)
-generate_key:PSA_KEY_TYPE_NONE:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
-
-PSA generate key: bad type (PSA_KEY_TYPE_CATEGORY_MASK)
-generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
-
PSA generate key: bad type (RSA public key)
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
new file mode 100644
index 0000000..ca62eee
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -0,0 +1,52 @@
+/* BEGIN_HEADER */
+
+#include "psa/crypto.h"
+#include "test/psa_crypto_helpers.h"
+
+#define INVALID_KEY_ID 0xfedcba98
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void import_not_supported( int key_type, data_t *key_material )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = INVALID_KEY_ID;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ psa_set_key_type( &attributes, key_type );
+ TEST_EQUAL( psa_import_key( &attributes,
+ key_material->x, key_material->len,
+ &key_id ),
+ PSA_ERROR_NOT_SUPPORTED );
+ TEST_EQUAL( key_id, 0 );
+
+exit:
+ psa_destroy_key( key_id );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void generate_not_supported( int key_type, int bits )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = INVALID_KEY_ID;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, bits );
+ TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
+ PSA_ERROR_NOT_SUPPORTED );
+ TEST_EQUAL( key_id, 0 );
+
+exit:
+ psa_destroy_key( key_id );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.misc.data b/tests/suites/test_suite_psa_crypto_not_supported.misc.data
new file mode 100644
index 0000000..2c3673e
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_not_supported.misc.data
@@ -0,0 +1,11 @@
+PSA import PSA_KEY_TYPE_NONE never supported
+import_not_supported:PSA_KEY_TYPE_NONE:"1234"
+
+PSA generate PSA_KEY_TYPE_NONE never supported
+generate_not_supported:PSA_KEY_TYPE_NONE:16
+
+PSA import PSA_KEY_TYPE_CATEGORY_SYMMETRIC never supported
+import_not_supported:PSA_KEY_TYPE_CATEGORY_SYMMETRIC:"1234"
+
+PSA generate PSA_KEY_TYPE_CATEGORY_SYMMETRIC never supported
+generate_not_supported:PSA_KEY_TYPE_CATEGORY_SYMMETRIC:16
