mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
Add test to check that volatile external keys do not get persisted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
parent
bbeaf18eac
commit
223f2877be
|
@ -24,17 +24,29 @@ register_twice:3
|
|||
Register SE driver: maximum number of drivers
|
||||
register_max:
|
||||
|
||||
SE key import-export (p_allocate allows all slots)
|
||||
key_creation_import_export:0:0
|
||||
SE key import-export persistent (p_allocate allows all slots)
|
||||
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:0
|
||||
|
||||
SE key import-export (p_allocate allows 1 slot)
|
||||
key_creation_import_export:ARRAY_LENGTH( ram_slots ) - 1:0
|
||||
SE key import-export persistent (p_allocate allows 1 slot)
|
||||
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0
|
||||
|
||||
SE key import-export, check after restart (slot 0)
|
||||
key_creation_import_export:0:1
|
||||
SE key import-export persistent, check after restart (slot 0)
|
||||
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:1
|
||||
|
||||
SE key import-export, check after restart (slot 3)
|
||||
key_creation_import_export:3:1
|
||||
SE key import-export persistent, check after restart (slot 3)
|
||||
key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:3:1
|
||||
|
||||
SE key import-export volatile (p_allocate allows all slots)
|
||||
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:0
|
||||
|
||||
SE key import-export volatile (p_allocate allows 1 slot)
|
||||
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0
|
||||
|
||||
SE key import-export volatile, check after restart (slot 0)
|
||||
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:1
|
||||
|
||||
SE key import-export volatile, check after restart (slot 3)
|
||||
key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:3:1
|
||||
|
||||
Key creation in a specific slot (0)
|
||||
key_creation_in_chosen_slot:0:0:PSA_SUCCESS
|
||||
|
|
|
@ -27,6 +27,10 @@
|
|||
( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
|
||||
PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
|
||||
|
||||
#define TEST_SE_VOLATILE_LIFETIME \
|
||||
( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
|
||||
PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) )
|
||||
|
||||
/** The driver detected a condition that shouldn't happen.
|
||||
* This is probably a bug in the library. */
|
||||
#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 ))
|
||||
|
@ -609,6 +613,20 @@ exit:
|
|||
return( ok );
|
||||
}
|
||||
|
||||
/* Check that no persistent data exists for the given location. */
|
||||
static int check_no_persistent_data( psa_key_location_t location )
|
||||
{
|
||||
psa_storage_uid_t uid = file_uid_for_location( location );
|
||||
struct psa_storage_info_t info;
|
||||
int ok = 0;
|
||||
|
||||
TEST_ASSERT( psa_its_get_info( uid, &info ) == PSA_ERROR_DOES_NOT_EXIST );
|
||||
ok = 1;
|
||||
|
||||
exit:
|
||||
return( ok );
|
||||
}
|
||||
|
||||
/* Check that a function's return status is "smoke-free", i.e. that
|
||||
* it's an acceptable error code when calling an API function that operates
|
||||
* on a key with potentially bogus parameters. */
|
||||
|
@ -829,11 +847,11 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void key_creation_import_export( int min_slot, int restart )
|
||||
void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
|
||||
{
|
||||
psa_drv_se_t driver;
|
||||
psa_drv_se_key_management_t key_management;
|
||||
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
|
||||
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
|
||||
psa_key_id_t id = 1;
|
||||
psa_key_handle_t handle = 0;
|
||||
|
@ -864,10 +882,25 @@ void key_creation_import_export( int min_slot, int restart )
|
|||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
|
||||
|
||||
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
|
||||
{
|
||||
/* For volatile keys, check no persistent data was created */
|
||||
if( ! check_no_persistent_data( location ) )
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* For persistent keys, check persistent data */
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* Test that the key was created in the expected slot. */
|
||||
TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
|
||||
|
||||
/* Maybe restart, to check that the information is saved correctly. */
|
||||
if( restart )
|
||||
|
@ -875,11 +908,33 @@ void key_creation_import_export( int min_slot, int restart )
|
|||
mbedtls_psa_crypto_free( );
|
||||
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
|
||||
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
|
||||
{
|
||||
/* Check that the PSA core has no knowledge of the volatile key */
|
||||
TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST );
|
||||
|
||||
/* Drop data from our mockup driver */
|
||||
ram_slots_reset();
|
||||
ram_min_slot = min_slot;
|
||||
|
||||
/* Re-import key */
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
key_material, sizeof( key_material ),
|
||||
&handle ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
/* Check we can re-open the persistent key */
|
||||
if( ! check_persistent_data( location,
|
||||
&ram_shadow_slot_usage,
|
||||
sizeof( ram_shadow_slot_usage ) ) )
|
||||
goto exit;
|
||||
|
||||
/* Check that the PSA core still knows about the key */
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
}
|
||||
}
|
||||
|
||||
/* Test that the key was created in the expected slot. */
|
||||
|
|
Loading…
Reference in a new issue