From 96c8f9e89dff4c9e44710c5907fa32d613bab878 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 4 Feb 2022 07:12:30 -0500 Subject: [PATCH 1/4] Add tests for import hooks in the driver wrappers Signed-off-by: Andrzej Kurek --- tests/include/test/drivers/key_management.h | 6 +++++- tests/src/drivers/test_driver_key_management.c | 3 +++ .../suites/test_suite_psa_crypto_driver_wrappers.data | 10 +++++----- .../test_suite_psa_crypto_driver_wrappers.function | 8 ++++++++ 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index bb08bf6b8..7533ebf24 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -42,9 +42,13 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Record the source of the function call. */ + psa_key_location_t source; } mbedtls_test_driver_key_management_hooks_t; -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } +/* 0x800000 is a vendor-specific location, unused by the PSA, overwritten + * in tests that expect a different value. */ +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init( void ) { diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 029fcdd9a..f7c557814 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -33,6 +33,8 @@ #include "mbedtls/error.h" #include "test/drivers/key_management.h" +#include "test/drivers/test_driver.h" + #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) @@ -168,6 +170,7 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.source = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index ea6c9b32c..127532404 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -83,23 +83,23 @@ generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS +validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS +validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 -validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 -validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR +validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 38c154e02..1ed72a2f6 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -314,10 +314,15 @@ exit: /* BEGIN_CASE */ void validate_key( int force_status_arg, + int location, + int owner_id_arg, + int id_arg, int key_type_arg, data_t *key_input, int expected_status_arg ) { + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, location); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_key_type_t key_type = key_type_arg; @@ -327,8 +332,10 @@ void validate_key( int force_status_arg, mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); + psa_set_key_id( &attributes, id ); psa_set_key_type( &attributes, key_type ); + psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_bits( &attributes, 0 ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); @@ -339,6 +346,7 @@ void validate_key( int force_status_arg, actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); + TEST_EQUAL( mbedtls_test_driver_key_management_hooks.source, location ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( key ); From 981a0ceeee72fe586873606a221c752cfddde26f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 09:42:47 -0500 Subject: [PATCH 2/4] Formatting and documentation fixes Signed-off-by: Andrzej Kurek --- tests/include/test/drivers/key_management.h | 6 ++++-- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 7533ebf24..38298ae36 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -46,8 +46,10 @@ typedef struct { psa_key_location_t source; } mbedtls_test_driver_key_management_hooks_t; -/* 0x800000 is a vendor-specific location, unused by the PSA, overwritten - * in tests that expect a different value. */ +/* The location is initialized to the invalid value 0x800000. Invalid in the + * sense that no PSA specification will assign a meaning to this location + * (stated first in version 1.0.1 of the specification) and that it is not + * used as a location of an opaque test drivers. */ #define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init( void ) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 1ed72a2f6..5e2c3e42f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -321,7 +321,9 @@ void validate_key( int force_status_arg, data_t *key_input, int expected_status_arg ) { - psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, location); + psa_key_lifetime_t lifetime = + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, location); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; From 28a7c0628109de06c93b23bde3463addb1d8c916 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 4 Feb 2022 09:04:20 -0500 Subject: [PATCH 3/4] Test drivers: rename import call source to driver location Signed-off-by: Andrzej Kurek --- tests/include/test/drivers/key_management.h | 4 ++-- tests/src/drivers/test_driver_key_management.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 38298ae36..c8dfbb374 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -42,8 +42,8 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; - /* Record the source of the function call. */ - psa_key_location_t source; + /* Location of the last key management driver called to import a key. */ + psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; /* The location is initialized to the invalid value 0x800000. Invalid in the diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index f7c557814..5b3bab616 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -170,7 +170,7 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.source = PSA_KEY_LOCATION_LOCAL_STORAGE; + mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 5e2c3e42f..2c229b389 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -348,7 +348,7 @@ void validate_key( int force_status_arg, actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); - TEST_EQUAL( mbedtls_test_driver_key_management_hooks.source, location ); + TEST_EQUAL( mbedtls_test_driver_key_management_hooks.location, location ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( key ); From d0c6a84dca35f1d0765c75ca526899b8e5140a1a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 4 Feb 2022 09:05:50 -0500 Subject: [PATCH 4/4] Test driver: keep variable declarations first Followed by hook calls, and sanity checks last. Signed-off-by: Andrzej Kurek --- tests/src/drivers/test_driver_key_management.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 5b3bab616..89cb8b909 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -169,14 +169,14 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *key_buffer_length, size_t *bits) { + psa_key_type_t type = psa_get_key_type( attributes ); + ++mbedtls_test_driver_key_management_hooks.hits; mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_key_type_t type = psa_get_key_type( attributes ); - if( PSA_KEY_TYPE_IS_ECC( type ) ) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -232,15 +232,15 @@ psa_status_t mbedtls_test_opaque_export_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { + /* Assume this is a builtin key based on the key material length. */ + psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); + if( key_length != sizeof( psa_drv_slot_number_t ) ) { /* Test driver does not support generic opaque key handling yet. */ return( PSA_ERROR_NOT_SUPPORTED ); } - /* Assume this is a builtin key based on the key material length. */ - psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key ); - switch( slot_number ) { case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: