Update key management tests to use attributes

Remove test cases which are no longer relevant because they involve a
slot which is allocated but not filled with key material.
This commit is contained in:
Gilles Peskine 2019-04-19 18:20:30 +02:00
parent d167b94b87
commit 4440688a69
2 changed files with 138 additions and 275 deletions

View file

@ -43,9 +43,6 @@ open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
Open failure: invalid lifetime Open failure: invalid lifetime
open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
Create failure: volatile lifetime
create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
Create failure: invalid lifetime Create failure: invalid lifetime
create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
@ -80,42 +77,17 @@ Copy persistent to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0 copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_USAGE_EXPORT:0
Copy empty volatile to volatile Copy volatile to occupied
copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
Copy empty volatile to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_from_empty:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0
Copy empty persistent to volatile
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0
Copy empty persistent to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_from_empty:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0
Copy volatile to occupied volatile
copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
Copy volatile to occupied persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f" copy_to_occupied:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
Copy persistent to occupied volatile Copy persistent to occupied
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
Copy persistent to occupied persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f" copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"606162636465666768696a6b6c6d6e6f"
Copy volatile to itself Copy persistent to same
copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
Copy persistent to itself
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_to_same:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f" copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
Close/destroy invalid handle Close/destroy invalid handle
invalid_handle: invalid_handle:

View file

@ -50,13 +50,6 @@ void psa_purge_key_storage( void )
#define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) ) #define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) )
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
static int psa_key_policy_equal( psa_key_policy_t *p1,
psa_key_policy_t *p2 )
{
return( psa_key_policy_get_usage( p1 ) == psa_key_policy_get_usage( p2 ) &&
psa_key_policy_get_algorithm( p1 ) == psa_key_policy_get_algorithm( p2 ) );
}
/* END_HEADER */ /* END_HEADER */
/* BEGIN_DEPENDENCIES /* BEGIN_DEPENDENCIES
@ -73,20 +66,20 @@ void transient_slot_lifecycle( int alg_arg, int usage_arg,
psa_key_usage_t usage_flags = usage_arg; psa_key_usage_t usage_flags = usage_arg;
psa_key_type_t type = type_arg; psa_key_type_t type = type_arg;
close_method_t close_method = close_method_arg; close_method_t close_method = close_method_arg;
psa_key_type_t read_type;
psa_key_handle_t handle = 0; psa_key_handle_t handle = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Get a handle and import a key. */ /* Import a key. */
PSA_ASSERT( psa_allocate_key( &handle ) ); psa_set_key_usage_flags( &attributes, usage_flags );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, type );
PSA_ASSERT( psa_import_key( &attributes, &handle,
key_data->x, key_data->len ) );
TEST_ASSERT( handle != 0 ); TEST_ASSERT( handle != 0 );
psa_key_policy_set_usage( &policy, usage_flags, alg ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type );
PSA_ASSERT( psa_import_key_to_handle( handle, type, key_data->x, key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_EQUAL( read_type, type );
/* Do something that invalidates the handle. */ /* Do something that invalidates the handle. */
switch( close_method ) switch( close_method )
@ -102,8 +95,9 @@ void transient_slot_lifecycle( int alg_arg, int usage_arg,
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
break; break;
} }
/* Test that the handle is now invalid. */ /* Test that the handle is now invalid. */
TEST_EQUAL( psa_get_key_information( handle, &read_type, NULL ), TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
PSA_ERROR_INVALID_HANDLE ); PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE ); TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
@ -126,18 +120,20 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
close_method_t close_method = close_method_arg; close_method_t close_method = close_method_arg;
psa_key_type_t read_type; psa_key_type_t read_type;
psa_key_handle_t handle = 0; psa_key_handle_t handle = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_MAX_KEY_ID( id ); TEST_MAX_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Get a handle and import a key. */ /* Get a handle and import a key. */
PSA_ASSERT( psa_create_key( lifetime, id, &handle ) ); psa_make_key_persistent( &attributes, id, lifetime );
psa_set_key_type( &attributes, type );
psa_set_key_usage_flags( &attributes, usage_flags );
psa_set_key_algorithm( &attributes, alg );
PSA_ASSERT( psa_import_key( &attributes, &handle,
key_data->x, key_data->len ) );
TEST_ASSERT( handle != 0 ); TEST_ASSERT( handle != 0 );
psa_key_policy_set_usage( &policy, usage_flags, alg );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
PSA_ASSERT( psa_import_key_to_handle( handle, type, key_data->x, key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) ); PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_EQUAL( read_type, type ); TEST_EQUAL( read_type, type );
@ -195,13 +191,11 @@ void create_existent( int lifetime_arg, int id_arg,
psa_key_lifetime_t lifetime = lifetime_arg; psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg; psa_key_id_t id = id_arg;
psa_key_handle_t handle1 = 0, handle2 = 0; psa_key_handle_t handle1 = 0, handle2 = 0;
psa_key_policy_t policy1 = PSA_KEY_POLICY_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_policy_t read_policy = PSA_KEY_POLICY_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
psa_key_type_t read_type; const uint8_t material1[5] = "a key";
const uint8_t material1[16] = "test material #1"; const uint8_t material2[5] = "b key";
size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) ); size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
size_t read_bits;
uint8_t reexported[sizeof( material1 )]; uint8_t reexported[sizeof( material1 )];
size_t reexported_length; size_t reexported_length;
reopen_policy_t reopen_policy = reopen_policy_arg; reopen_policy_t reopen_policy = reopen_policy_arg;
@ -211,18 +205,20 @@ void create_existent( int lifetime_arg, int id_arg,
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */ /* Create a key. */
PSA_ASSERT( psa_create_key( lifetime, id, &handle1 ) ); psa_make_key_persistent( &attributes, id, lifetime );
TEST_ASSERT( handle1 != 0 ); psa_set_key_type( &attributes, type1 );
psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) ); psa_set_key_algorithm( &attributes, 0 );
PSA_ASSERT( psa_import_key_to_handle( handle1, type1, PSA_ASSERT( psa_import_key( &attributes, &handle1,
material1, sizeof( material1 ) ) ); material1, sizeof( material1 ) ) );
TEST_ASSERT( handle1 != 0 );
if( reopen_policy == CLOSE_BEFORE ) if( reopen_policy == CLOSE_BEFORE )
PSA_ASSERT( psa_close_key( handle1 ) ); PSA_ASSERT( psa_close_key( handle1 ) );
/* Attempt to create a new key in the same slot. */ /* Attempt to create a new key in the same slot. */
TEST_EQUAL( psa_create_key( lifetime, id, &handle2 ), TEST_EQUAL( psa_import_key( &attributes, &handle2,
material2, sizeof( material2 ) ),
PSA_ERROR_ALREADY_EXISTS ); PSA_ERROR_ALREADY_EXISTS );
TEST_EQUAL( handle2, 0 ); TEST_EQUAL( handle2, 0 );
@ -232,11 +228,15 @@ void create_existent( int lifetime_arg, int id_arg,
PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) ); PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) );
/* Check that the original key hasn't changed. */ /* Check that the original key hasn't changed. */
PSA_ASSERT( psa_get_key_policy( handle1, &read_policy ) ); psa_reset_key_attributes( &attributes );
TEST_ASSERT( psa_key_policy_equal( &read_policy, &policy1 ) ); PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) ); TEST_EQUAL( psa_get_key_id( &attributes ), id );
TEST_EQUAL( read_type, type1 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_EQUAL( read_bits, bits1 ); TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
PSA_ASSERT( psa_export_key( handle1, PSA_ASSERT( psa_export_key( handle1,
reexported, sizeof( reexported ), reexported, sizeof( reexported ),
&reexported_length ) ); &reexported_length ) );
@ -274,14 +274,19 @@ void create_fail( int lifetime_arg, int id_arg,
{ {
psa_key_lifetime_t lifetime = lifetime_arg; psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg; psa_key_id_t id = id_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg; psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead; psa_key_handle_t handle = 0xdead;
uint8_t material[1] = {'k'};
TEST_MAX_KEY_ID( id ); TEST_MAX_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
TEST_EQUAL( psa_create_key( lifetime, id, &handle ), psa_make_key_persistent( &attributes, id, lifetime );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
TEST_EQUAL( psa_import_key( &attributes, &handle,
material, sizeof( material ) ),
expected_status ); expected_status );
TEST_EQUAL( handle, 0 ); TEST_EQUAL( handle, 0 );
@ -306,17 +311,14 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
psa_key_usage_t source_usage = source_usage_arg; psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg; psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0; psa_key_handle_t source_handle = 0;
psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t source_type = type_arg; psa_key_type_t source_type = type_arg;
size_t source_bits;
psa_key_lifetime_t target_lifetime = target_lifetime_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg; psa_key_id_t target_id = target_id_arg;
psa_key_usage_t target_usage = target_usage_arg; psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg; psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0; psa_key_handle_t target_handle = 0;
psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t target_type;
size_t target_bits;
psa_key_usage_t expected_usage = expected_usage_arg; psa_key_usage_t expected_usage = expected_usage_arg;
psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg = expected_alg_arg;
uint8_t *export_buffer = NULL; uint8_t *export_buffer = NULL;
@ -327,29 +329,27 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Populate the source slot. */ /* Populate the source slot. */
if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE ) if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
PSA_ASSERT( psa_allocate_key( &source_handle ) ); psa_make_key_persistent( &source_attributes,
else source_id, source_lifetime );
PSA_ASSERT( psa_create_key( source_lifetime, source_id, psa_set_key_type( &source_attributes, source_type );
&source_handle ) ); psa_set_key_usage_flags( &source_attributes, source_usage );
psa_key_policy_set_usage( &source_policy, source_usage, source_alg ); psa_set_key_algorithm( &source_attributes, source_alg );
PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) ); PSA_ASSERT( psa_import_key( &source_attributes, &source_handle,
PSA_ASSERT( psa_import_key_to_handle( source_handle, source_type,
material->x, material->len ) ); material->x, material->len ) );
PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) ); /* Update the attributes with the bit size. */
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
/* Prepare the target slot. */ /* Prepare the target slot. */
if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE ) if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
PSA_ASSERT( psa_allocate_key( &target_handle ) ); psa_make_key_persistent( &target_attributes,
else target_id, target_lifetime );
PSA_ASSERT( psa_create_key( target_lifetime, target_id, psa_set_key_usage_flags( &target_attributes, target_usage );
&target_handle ) ); psa_set_key_algorithm( &target_attributes, target_alg );
psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
target_policy = psa_key_policy_init();
/* Copy the key. */ /* Copy the key. */
PSA_ASSERT( psa_copy_key_to_handle( source_handle, target_handle, NULL ) ); PSA_ASSERT( psa_copy_key( source_handle,
&target_attributes, &target_handle ) );
/* Destroy the source to ensure that this doesn't affect the target. */ /* Destroy the source to ensure that this doesn't affect the target. */
PSA_ASSERT( psa_destroy_key( source_handle ) ); PSA_ASSERT( psa_destroy_key( source_handle ) );
@ -365,13 +365,15 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
} }
/* Test that the target slot has the expected content. */ /* Test that the target slot has the expected content. */
PSA_ASSERT( psa_get_key_information( target_handle, psa_reset_key_attributes( &target_attributes );
&target_type, &target_bits ) ); PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
TEST_EQUAL( source_type, target_type ); TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) );
TEST_EQUAL( source_bits, target_bits ); TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
PSA_ASSERT( psa_get_key_policy( target_handle, &target_policy ) ); TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
TEST_EQUAL( expected_usage, psa_key_policy_get_usage( &target_policy ) ); TEST_EQUAL( psa_get_key_bits( &source_attributes ),
TEST_EQUAL( expected_alg, psa_key_policy_get_algorithm( &target_policy ) ); psa_get_key_bits( &target_attributes ) );
TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
if( expected_usage & PSA_KEY_USAGE_EXPORT ) if( expected_usage & PSA_KEY_USAGE_EXPORT )
{ {
size_t length; size_t length;
@ -381,6 +383,14 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
ASSERT_COMPARE( material->x, material->len, ASSERT_COMPARE( material->x, material->len,
export_buffer, length ); export_buffer, length );
} }
else
{
size_t length;
/* Check that the key is actually non-exportable. */
TEST_EQUAL( psa_export_key( target_handle, export_buffer,
material->len, &length ),
PSA_ERROR_NOT_PERMITTED );
}
exit: exit:
mbedtls_psa_crypto_free( ); mbedtls_psa_crypto_free( );
@ -391,69 +401,6 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void copy_from_empty( int source_lifetime_arg, int source_id_arg,
int source_usage_arg, int source_alg_arg,
int target_lifetime_arg, int target_id_arg,
int target_usage_arg, int target_alg_arg )
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
psa_key_id_t source_id = source_id_arg;
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0;
psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg;
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0;
psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
psa_key_policy_t got_policy;
TEST_MAX_KEY_ID( source_id );
TEST_MAX_KEY_ID( target_id );
PSA_ASSERT( psa_crypto_init( ) );
/* Prepare the source slot. */
if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE )
PSA_ASSERT( psa_allocate_key( &source_handle ) );
else
PSA_ASSERT( psa_create_key( source_lifetime, source_id,
&source_handle ) );
psa_key_policy_set_usage( &source_policy, source_usage, source_alg );
PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) );
/* Prepare the target slot. */
if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE )
PSA_ASSERT( psa_allocate_key( &target_handle ) );
else
PSA_ASSERT( psa_create_key( target_lifetime, target_id,
&target_handle ) );
psa_key_policy_set_usage( &target_policy, target_usage, target_alg );
PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) );
/* Copy the key. */
TEST_EQUAL( psa_copy_key_to_handle( source_handle, target_handle, NULL ),
PSA_ERROR_DOES_NOT_EXIST );
/* Test that the slots are unaffected. */
PSA_ASSERT( psa_get_key_policy( source_handle, &got_policy ) );
TEST_EQUAL( source_usage, psa_key_policy_get_usage( &got_policy ) );
TEST_EQUAL( source_alg, psa_key_policy_get_algorithm( &got_policy ) );
PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) );
TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) );
TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) );
exit:
mbedtls_psa_crypto_free( );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_purge_key_storage( );
#endif
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void copy_to_occupied( int source_lifetime_arg, int source_id_arg, void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
int source_usage_arg, int source_alg_arg, int source_usage_arg, int source_alg_arg,
@ -467,21 +414,18 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
psa_key_usage_t source_usage = source_usage_arg; psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg; psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0; psa_key_handle_t source_handle = 0;
psa_key_policy_t source_policy = PSA_KEY_POLICY_INIT;
psa_key_type_t source_type = source_type_arg; psa_key_type_t source_type = source_type_arg;
size_t source_bits;
psa_key_lifetime_t target_lifetime = target_lifetime_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg; psa_key_id_t target_id = target_id_arg;
psa_key_usage_t target_usage = target_usage_arg; psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg; psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0; psa_key_handle_t target_handle = 0;
psa_key_policy_t target_policy = PSA_KEY_POLICY_INIT;
psa_key_type_t target_type = target_type_arg; psa_key_type_t target_type = target_type_arg;
size_t target_bits; psa_key_handle_t new_handle = 0xdead;
psa_key_policy_t got_policy;
psa_key_type_t got_type;
size_t got_bits;
uint8_t *export_buffer = NULL; uint8_t *export_buffer = NULL;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
TEST_MAX_KEY_ID( source_id ); TEST_MAX_KEY_ID( source_id );
TEST_MAX_KEY_ID( target_id ); TEST_MAX_KEY_ID( target_id );
@ -489,41 +433,52 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Populate the source slot. */ /* Populate the source slot. */
if( source_lifetime == PSA_KEY_LIFETIME_VOLATILE ) if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
PSA_ASSERT( psa_allocate_key( &source_handle ) ); psa_make_key_persistent( &attributes,
else source_id, source_lifetime );
PSA_ASSERT( psa_create_key( source_lifetime, source_id, psa_set_key_type( &attributes, source_type );
&source_handle ) ); psa_set_key_usage_flags( &attributes, source_usage );
psa_key_policy_set_usage( &source_policy, source_usage, source_alg ); psa_set_key_algorithm( &attributes, source_alg );
PSA_ASSERT( psa_set_key_policy( source_handle, &source_policy ) ); PSA_ASSERT( psa_import_key( &attributes, &source_handle,
PSA_ASSERT( psa_import_key_to_handle( source_handle, source_type,
source_material->x, source_material->len ) ); source_material->x, source_material->len ) );
PSA_ASSERT( psa_get_key_information( source_handle, NULL, &source_bits ) );
/* Populate the target slot. */ /* Populate the target slot. */
if( target_lifetime == PSA_KEY_LIFETIME_VOLATILE ) if( target_id == source_id )
PSA_ASSERT( psa_allocate_key( &target_handle ) ); {
target_handle = source_handle;
}
else else
PSA_ASSERT( psa_create_key( target_lifetime, target_id, {
&target_handle ) ); psa_make_key_persistent( &attributes1, target_id, target_lifetime );
psa_key_policy_set_usage( &target_policy, target_usage, target_alg ); psa_set_key_type( &attributes1, target_type );
PSA_ASSERT( psa_set_key_policy( target_handle, &target_policy ) ); psa_set_key_usage_flags( &attributes1, target_usage );
PSA_ASSERT( psa_import_key_to_handle( target_handle, target_type, psa_set_key_algorithm( &attributes1, target_alg );
target_material->x, target_material->len ) ); PSA_ASSERT( psa_import_key( &attributes1, &target_handle,
PSA_ASSERT( psa_get_key_information( target_handle, NULL, &target_bits ) ); target_material->x, target_material->len ) );
}
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
/* Copy the key. */ /* Make a copy attempt. */
TEST_EQUAL( psa_copy_key_to_handle( source_handle, target_handle, NULL ), psa_make_key_persistent( &attributes, target_id, target_lifetime );
TEST_EQUAL( psa_copy_key( source_handle,
&attributes, &new_handle ),
PSA_ERROR_ALREADY_EXISTS ); PSA_ERROR_ALREADY_EXISTS );
TEST_EQUAL( new_handle , 0 );
/* Test that the target slot is unaffected. */ /* Test that the target slot is unaffected. */
PSA_ASSERT( psa_get_key_information( target_handle, PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
&got_type, &got_bits ) ); TEST_EQUAL( psa_get_key_id( &attributes1 ),
TEST_EQUAL( target_type, got_type ); psa_get_key_id( &attributes2 ) );
TEST_EQUAL( target_bits, got_bits ); TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
PSA_ASSERT( psa_get_key_policy( target_handle, &got_policy ) ); psa_get_key_lifetime( &attributes2 ) );
TEST_EQUAL( target_usage, psa_key_policy_get_usage( &got_policy ) ); TEST_EQUAL( psa_get_key_type( &attributes1 ),
TEST_EQUAL( target_alg, psa_key_policy_get_algorithm( &got_policy ) ); psa_get_key_type( &attributes2 ) );
TEST_EQUAL( psa_get_key_bits( &attributes1 ),
psa_get_key_bits( &attributes2 ) );
TEST_EQUAL( psa_get_key_usage_flags( &attributes1 ),
psa_get_key_usage_flags( &attributes2 ) );
TEST_EQUAL( psa_get_key_algorithm( &attributes1 ),
psa_get_key_algorithm( &attributes2 ) );
if( target_usage & PSA_KEY_USAGE_EXPORT ) if( target_usage & PSA_KEY_USAGE_EXPORT )
{ {
size_t length; size_t length;
@ -543,76 +498,11 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void copy_to_same( int lifetime_arg, int id_arg,
int usage_arg, int alg_arg,
int type_arg, data_t *material )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_key_usage_t usage = usage_arg;
psa_algorithm_t alg = alg_arg;
psa_key_handle_t handle = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_type_t type = type_arg;
size_t bits;
psa_key_policy_t got_policy;
psa_key_type_t got_type;
size_t got_bits;
uint8_t *export_buffer = NULL;
TEST_MAX_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
/* Populate the slot. */
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
PSA_ASSERT( psa_allocate_key( &handle ) );
else
PSA_ASSERT( psa_create_key( lifetime, id,
&handle ) );
psa_key_policy_set_usage( &policy, usage, alg );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
PSA_ASSERT( psa_import_key_to_handle( handle, type,
material->x, material->len ) );
PSA_ASSERT( psa_get_key_information( handle, NULL, &bits ) );
/* Copy the key. */
TEST_EQUAL( psa_copy_key_to_handle( handle, handle, NULL ),
PSA_ERROR_ALREADY_EXISTS );
/* Test that the slot is unaffected. */
PSA_ASSERT( psa_get_key_information( handle,
&got_type, &got_bits ) );
TEST_EQUAL( type, got_type );
TEST_EQUAL( bits, got_bits );
PSA_ASSERT( psa_get_key_policy( handle, &got_policy ) );
TEST_EQUAL( usage, psa_key_policy_get_usage( &got_policy ) );
TEST_EQUAL( alg, psa_key_policy_get_algorithm( &got_policy ) );
if( usage & PSA_KEY_USAGE_EXPORT )
{
size_t length;
ASSERT_ALLOC( export_buffer, material->len );
PSA_ASSERT( psa_export_key( handle, export_buffer,
material->len, &length ) );
ASSERT_COMPARE( material->x, material->len,
export_buffer, length );
}
exit:
mbedtls_psa_crypto_free( );
mbedtls_free( export_buffer );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_purge_key_storage( );
#endif
}
/* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void invalid_handle( ) void invalid_handle( )
{ {
psa_key_handle_t handle1 = 0; psa_key_handle_t handle1 = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t read_type; psa_key_type_t read_type;
size_t read_bits; size_t read_bits;
uint8_t material[1] = "a"; uint8_t material[1] = "a";
@ -620,12 +510,12 @@ void invalid_handle( )
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
/* Allocate a handle and store a key in it. */ /* Allocate a handle and store a key in it. */
PSA_ASSERT( psa_allocate_key( &handle1 ) ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
TEST_ASSERT( handle1 != 0 ); psa_set_key_usage_flags( &attributes, 0 );
psa_key_policy_set_usage( &policy, 0, 0 ); psa_set_key_algorithm( &attributes, 0 );
PSA_ASSERT( psa_set_key_policy( handle1, &policy ) ); PSA_ASSERT( psa_import_key( &attributes, &handle1,
PSA_ASSERT( psa_import_key_to_handle( handle1, PSA_KEY_TYPE_RAW_DATA,
material, sizeof( material ) ) ); material, sizeof( material ) ) );
TEST_ASSERT( handle1 != 0 );
/* Attempt to close and destroy some invalid handles. */ /* Attempt to close and destroy some invalid handles. */
TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE ); TEST_EQUAL( psa_close_key( 0 ), PSA_ERROR_INVALID_HANDLE );
@ -653,26 +543,27 @@ void many_transient_handles( int max_handles_arg )
size_t max_handles = max_handles_arg; size_t max_handles = max_handles_arg;
size_t i, j; size_t i, j;
psa_status_t status; psa_status_t status;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t exported[sizeof( size_t )]; uint8_t exported[sizeof( size_t )];
size_t exported_length; size_t exported_length;
ASSERT_ALLOC( handles, max_handles ); ASSERT_ALLOC( handles, max_handles );
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, 0 );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
for( i = 0; i < max_handles; i++ ) for( i = 0; i < max_handles; i++ )
{ {
status = psa_allocate_key( &handles[i] ); status = psa_import_key( &attributes, &handles[i],
(uint8_t *) &i, sizeof( i ) );
if( status == PSA_ERROR_INSUFFICIENT_MEMORY ) if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
break; break;
PSA_ASSERT( status ); PSA_ASSERT( status );
TEST_ASSERT( handles[i] != 0 ); TEST_ASSERT( handles[i] != 0 );
for( j = 0; j < i; j++ ) for( j = 0; j < i; j++ )
TEST_ASSERT( handles[i] != handles[j] ); TEST_ASSERT( handles[i] != handles[j] );
PSA_ASSERT( psa_set_key_policy( handles[i], &policy ) );
PSA_ASSERT( psa_import_key_to_handle( handles[i], PSA_KEY_TYPE_RAW_DATA,
(uint8_t *) &i, sizeof( i ) ) );
} }
max_handles = i; max_handles = i;