Add test to check that volatile external keys do not get persisted

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-06-08 18:30:20 +02:00
parent bbeaf18eac
commit 223f2877be
2 changed files with 86 additions and 19 deletions

View file

@ -24,17 +24,29 @@ register_twice:3
Register SE driver: maximum number of drivers
register_max:
SE key import-export (p_allocate allows all slots)
key_creation_import_export:0:0
SE key import-export persistent (p_allocate allows all slots)
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:0
SE key import-export (p_allocate allows 1 slot)
key_creation_import_export:ARRAY_LENGTH( ram_slots ) - 1:0
SE key import-export persistent (p_allocate allows 1 slot)
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0
SE key import-export, check after restart (slot 0)
key_creation_import_export:0:1
SE key import-export persistent, check after restart (slot 0)
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:1
SE key import-export, check after restart (slot 3)
key_creation_import_export:3:1
SE key import-export persistent, check after restart (slot 3)
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:3:1
SE key import-export volatile (p_allocate allows all slots)
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:0
SE key import-export volatile (p_allocate allows 1 slot)
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0
SE key import-export volatile, check after restart (slot 0)
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:1
SE key import-export volatile, check after restart (slot 3)
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:3:1
Key creation in a specific slot (0)
key_creation_in_chosen_slot:0:0:PSA_SUCCESS

View file

@ -27,6 +27,10 @@
( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
#define TEST_SE_VOLATILE_LIFETIME \
( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) )
/** The driver detected a condition that shouldn't happen.
* This is probably a bug in the library. */
#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 ))
@ -609,6 +613,20 @@ exit:
return( ok );
}
/* Check that no persistent data exists for the given location. */
static int check_no_persistent_data( psa_key_location_t location )
{
psa_storage_uid_t uid = file_uid_for_location( location );
struct psa_storage_info_t info;
int ok = 0;
TEST_ASSERT( psa_its_get_info( uid, &info ) == PSA_ERROR_DOES_NOT_EXIST );
ok = 1;
exit:
return( ok );
}
/* Check that a function's return status is "smoke-free", i.e. that
* it's an acceptable error code when calling an API function that operates
* on a key with potentially bogus parameters. */
@ -829,11 +847,11 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void key_creation_import_export( int min_slot, int restart )
void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
@ -864,10 +882,25 @@ void key_creation_import_export( int min_slot, int restart )
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
&handle ) );
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
/* For volatile keys, check no persistent data was created */
if( ! check_no_persistent_data( location ) )
goto exit;
}
else
{
/* For persistent keys, check persistent data */
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
}
/* Test that the key was created in the expected slot. */
TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
/* Maybe restart, to check that the information is saved correctly. */
if( restart )
@ -875,11 +908,33 @@ void key_creation_import_export( int min_slot, int restart )
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
/* Check that the PSA core has no knowledge of the volatile key */
TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST );
/* Drop data from our mockup driver */
ram_slots_reset();
ram_min_slot = min_slot;
/* Re-import key */
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
&handle ) );
}
else
{
/* Check we can re-open the persistent key */
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
/* Check that the PSA core still knows about the key */
PSA_ASSERT( psa_open_key( id, &handle ) );
}
}
/* Test that the key was created in the expected slot. */