From 203bcbbc47d824b12c95e7d8e3aa9cde3d0b410f Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Mar 2021 17:17:40 +0100 Subject: [PATCH] Style fixes (typos, whitespace, 80 column limit) Signed-off-by: Steven Cooreman --- include/psa/crypto_extra.h | 6 +- library/psa_crypto_driver_wrappers.c | 2 +- library/psa_crypto_slot_management.c | 99 ++++++++++--------- tests/src/drivers/key_management.c | 75 +++++++++----- tests/src/helpers.c | 21 ++-- ..._suite_psa_crypto_driver_wrappers.function | 6 +- 6 files changed, 123 insertions(+), 86 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f9a9aeeaf..34436e4d4 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -762,7 +762,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id ) /** Platform function to obtain the data of a built-in key. * * An application-specific implementation of this function must be provided if - * #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically provided + * #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided * as part of a platform's system image. * * Call psa_get_key_id(\p attributes) to obtain the key identifier \c key_id. @@ -780,7 +780,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id ) * On successful return, this function must set * the attributes of the key: lifetime, type, * bit-size, usage policy. - * \param[out] slot_number On successful return, this function must + * \param[out] slot_number On successful return, this function must set * this to the slot number known to the driver for * the lifetime location reported through * \p attributes which corresponds to the @@ -794,7 +794,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id ) * The requested key identifier is not a built-in key which is known * to this function. If a key exists in the key storage with this * identifier, the data from the storage will be used. - * \retval (any other error) + * \return (any other error) * Any other error is propagated to the function that requested the key. * Common errors include: * - #PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 28087de07..160076e15 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -263,7 +263,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) { - *key_buffer_size = sizeof(psa_drv_slot_number_t); + *key_buffer_size = sizeof( psa_drv_slot_number_t ); return( PSA_SUCCESS ); } #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index dfc03fd5a..7a01f80fd 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -280,58 +280,59 @@ exit: static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot ) { /* Load keys in the 'builtin' range through their own interface */ - if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) ) + if( ! psa_key_id_is_builtin( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) ) { - /* Check the platform function to see whether this key actually exists */ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_drv_slot_number_t slot_number; - - psa_set_key_id(&attributes, slot->attr.id); - psa_status_t status = mbedtls_psa_platform_get_builtin_key( - &attributes, &slot_number ); - if( status != PSA_SUCCESS ) - return( status ); - - /* If the key should exist according to the platform, load it through - * the driver interface. */ - uint8_t *key_buffer = NULL; - size_t key_buffer_length = 0; - - status = psa_driver_wrapper_get_key_buffer_size( &attributes, &key_buffer_length ); - if( status != PSA_SUCCESS ) - return( status ); - - key_buffer = mbedtls_calloc( 1, key_buffer_length ); - if( key_buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - status = psa_driver_wrapper_get_builtin_key( - slot_number, &attributes, - key_buffer, key_buffer_length, &key_buffer_length ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_copy_key_material_into_slot( slot, key_buffer, key_buffer_length ); - if( status != PSA_SUCCESS ) - goto exit; - - /* Copy core attributes into the slot on success. - * Use static allocations to make the compiler yell at us should one - * of the two structures change type. */ - psa_core_key_attributes_t* builtin_key_core_attributes = - &attributes.core; - psa_core_key_attributes_t* slot_core_attributes = - &slot->attr; - memcpy( slot_core_attributes, - builtin_key_core_attributes, - sizeof(psa_core_key_attributes_t) ); - -exit: - mbedtls_free( key_buffer ); - return( status ); - } else { return( PSA_ERROR_DOES_NOT_EXIST ); } + + /* Check the platform function to see whether this key actually exists */ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_drv_slot_number_t slot_number; + + psa_set_key_id( &attributes, slot->attr.id ); + psa_status_t status = mbedtls_psa_platform_get_builtin_key( + &attributes, &slot_number ); + if( status != PSA_SUCCESS ) + return( status ); + + /* If the key should exist according to the platform, load it through the + * driver interface. */ + uint8_t *key_buffer = NULL; + size_t key_buffer_length = 0; + + status = psa_driver_wrapper_get_key_buffer_size( &attributes, + &key_buffer_length ); + if( status != PSA_SUCCESS ) + return( status ); + + key_buffer = mbedtls_calloc( 1, key_buffer_length ); + if( key_buffer == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + + status = psa_driver_wrapper_get_builtin_key( + slot_number, &attributes, + key_buffer, key_buffer_length, &key_buffer_length ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_copy_key_material_into_slot( + slot, key_buffer, key_buffer_length ); + if( status != PSA_SUCCESS ) + goto exit; + + /* Copy core attributes into the slot on success. + * Use static allocations to make the compiler yell at us should one + * of the two structures change type. */ + psa_core_key_attributes_t* builtin_key_core_attributes = &attributes.core; + psa_core_key_attributes_t* slot_core_attributes = &slot->attr; + memcpy( slot_core_attributes, + builtin_key_core_attributes, + sizeof( psa_core_key_attributes_t ) ); + +exit: + mbedtls_free( key_buffer ); + return( status ); } #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index 77a217f06..ca00fe0e8 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -61,8 +61,10 @@ const uint8_t test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; -static const psa_drv_slot_number_t aes_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; -static const psa_drv_slot_number_t ecdsa_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; +static const psa_drv_slot_number_t aes_slot = + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; +static const psa_drv_slot_number_t ecdsa_slot = + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ psa_status_t test_transparent_generate_key( @@ -179,41 +181,49 @@ psa_status_t test_opaque_export_key( uint8_t *data, size_t data_size, size_t *data_length ) { #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + if( psa_key_id_is_builtin( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) { if( key_length != sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) { - /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + /* This is the ECDSA slot. Verify key attributes before returning + * the private key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_bits( attributes ) != 256 ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 ) + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( data_size < sizeof( test_driver_ecdsa_key ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_ecdsa_key, sizeof( test_driver_ecdsa_key ) ); + memcpy( data, test_driver_ecdsa_key, + sizeof( test_driver_ecdsa_key ) ); *data_length = sizeof( test_driver_ecdsa_key ); return( PSA_SUCCESS ); } if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) { - /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ + /* This is the AES slot. Verify key attributes before returning + * the key. */ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_bits( attributes ) != 128 ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 ) + if( ( psa_get_key_usage_flags( attributes ) & + PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( data_size < sizeof( test_driver_aes_key ) ) @@ -299,25 +309,30 @@ psa_status_t test_opaque_export_public_key( uint8_t *data, size_t data_size, size_t *data_length ) { #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) + if( psa_key_id_is_builtin( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) ) { if( key_length != sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 ) { - /* This is the ECDSA slot. Verify key attributes before returning pubkey. */ - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) + /* This is the ECDSA slot. Verify key attributes before returning + * the public key. */ + if( psa_get_key_type( attributes ) != + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( psa_get_key_bits( attributes ) != 256 ) return( PSA_ERROR_CORRUPTION_DETECTED ); - if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) + if( psa_get_key_algorithm( attributes ) != + PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ) return( PSA_ERROR_CORRUPTION_DETECTED ); if( data_size < sizeof( test_driver_ecdsa_pubkey ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy(data, test_driver_ecdsa_pubkey, sizeof( test_driver_ecdsa_pubkey ) ); + memcpy( data, test_driver_ecdsa_pubkey, + sizeof( test_driver_ecdsa_pubkey ) ); *data_length = sizeof( test_driver_ecdsa_pubkey ); return( PSA_SUCCESS ); } @@ -338,10 +353,13 @@ psa_status_t test_opaque_export_public_key( /* The opaque test driver exposes two built-in keys when builtin key support is * compiled in. - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 key which allows CTR mode - * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 private key which allows ECDSA sign & verify + * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 + * key which allows CTR mode. + * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 + * private key which allows ECDSA sign & verify. * The key buffer format for these is the raw format of psa_drv_slot_number_t - * (i.e. for an actual driver this would mean 'builtin_key_size' = sizeof(psa_drv_slot_number_t)) + * (i.e. for an actual driver this would mean 'builtin_key_size' = + * sizeof(psa_drv_slot_number_t)). */ psa_status_t test_opaque_get_builtin_key( psa_drv_slot_number_t slot_number, @@ -357,7 +375,11 @@ psa_status_t test_opaque_get_builtin_key( psa_set_key_type( attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( attributes, 128 ); - psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT ); + psa_set_key_usage_flags( + attributes, + PSA_KEY_USAGE_ENCRYPT | + PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( attributes, PSA_ALG_CTR ); *( (psa_drv_slot_number_t*) key_buffer ) = @@ -368,12 +390,19 @@ psa_status_t test_opaque_get_builtin_key( if( key_buffer_size < sizeof( psa_drv_slot_number_t ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); + psa_set_key_type( + attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); psa_set_key_bits( attributes, 256 ); - psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); + psa_set_key_usage_flags( + attributes, + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( + attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) ); - *( (psa_drv_slot_number_t*) key_buffer) = + *( (psa_drv_slot_number_t*) key_buffer ) = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; *key_buffer_length = sizeof( psa_drv_slot_number_t ); return( PSA_SUCCESS ); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index ee7fa209c..75f55e371 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -301,12 +301,18 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { #if defined(PSA_CRYPTO_DRIVER_TEST) /* For testing, assign the AES builtin key slot to the boundary values. * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */ - {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, - {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT }, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, + { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, + PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT}, #else {0, 0, 0} #endif @@ -318,7 +324,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes ); psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id ); - for( size_t i = 0; i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) + for( size_t i = 0; + i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ ) { if( builtin_keys[i].builtin_key_id == app_key_id ) { diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 449b52871..eb6dce941 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -952,7 +952,7 @@ void builtin_key_export( int builtin_key_id_arg, psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); + mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id ); uint8_t* output_buffer = NULL; size_t output_size = 0; psa_status_t actual_status; @@ -977,7 +977,7 @@ void builtin_key_export( int builtin_key_id_arg, else { if( actual_status != expected_status ) - fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status); + fprintf( stderr, "Expected %d but got %d\n", expected_status, actual_status ); TEST_EQUAL( actual_status, expected_status ); TEST_EQUAL( output_size, 0 ); } @@ -1005,7 +1005,7 @@ void builtin_pubkey_export( int builtin_key_id_arg, psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id); + mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id ); uint8_t* output_buffer = NULL; size_t output_size = 0; psa_status_t actual_status;