Add acl test - use other partitions' key - aead

itayzafrir · itayzafrir · commit db90606a341a · 2019-02-27T16:28:36.000+02:00
diff --git a/TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp b/TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp
@@ -301,6 +301,42 @@ void test_use_other_partition_key_cipher(void)
     TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
 }
 
+void test_use_other_partition_key_aead(void)
+{
+    static const psa_key_id_t key_id = 999;
+    static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
+    static const psa_algorithm_t key_alg = PSA_ALG_GCM;
+    static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+    static const size_t key_bits = 128;
+    static const unsigned char nonce[16] = { 0 };
+    unsigned char plain_text[] = "encrypt me!";
+    unsigned char cipher_text[PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_alg, sizeof(plain_text))] = { 0 };
+    psa_key_handle_t key_handle = 0;
+    size_t len;
+
+    /* via test partition - create a key, set key policy, generate key material and close */
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
+                                                                              key_bits, &key_handle, 1));
+
+    /* via test partition - reopen the key created by the test partition */
+    key_handle = 0;
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
+    TEST_ASSERT_NOT_EQUAL(0, key_handle);
+
+    /* try to aead encrypt using the key that was created by the test partition */
+    TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_aead_encrypt(key_handle, key_alg, nonce, sizeof(nonce), NULL, 0,
+                                                                 plain_text, sizeof(plain_text),
+                                                                 cipher_text, sizeof(cipher_text), &len));
+
+    /* try to aead decrypt using the key that was created by the test partition */
+    TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_aead_decrypt(key_handle, key_alg, nonce, sizeof(nonce), NULL, 0,
+                                                                 cipher_text, sizeof(cipher_text),
+                                                                 plain_text, sizeof(plain_text), &len));
+
+    /* via test partition - close the key created by the test partition */
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
+}
+
 utest::v1::status_t case_setup_handler(const Case *const source, const size_t index_of_case)
 {
     psa_status_t status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
@@ -344,6 +380,8 @@ Case cases[] = {
          case_setup_handler, test_use_other_partition_key_mac, case_teardown_handler),
     Case("use other partitions' key - cipher",
          case_setup_handler, test_use_other_partition_key_cipher, case_teardown_handler),
+    Case("use other partitions' key - aead",
+         case_setup_handler, test_use_other_partition_key_aead, case_teardown_handler),
 };
 
 Specification specification(test_setup, cases);
