From d98059d599dc4745d480b052626718d70bae8ad7 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 23 Oct 2020 18:00:55 +0200
Subject: [PATCH] psa: Fix tests/handling of lifetime incompatible with
 location

The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 include/psa/crypto_struct.h                        | 14 +++++++++++---
 library/psa_crypto.c                               |  2 +-
 library/psa_crypto_slot_management.c               |  2 +-
 tests/suites/test_suite_psa_crypto.data            |  6 ++++++
 .../test_suite_psa_crypto_se_driver_hal.function   |  7 ++++++-
 5 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index bf178ec6e..6a018e1f9 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -374,9 +374,17 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
 static inline void psa_set_key_id( psa_key_attributes_t *attributes,
                                    mbedtls_svc_key_id_t key )
 {
+    psa_key_lifetime_t lifetime = attributes->core.lifetime;
+
     attributes->core.id = key;
-    if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    {
+        attributes->core.lifetime =
+            PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+                PSA_KEY_LIFETIME_PERSISTENT,
+                PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
+    }
 }
 
 static inline mbedtls_svc_key_id_t psa_get_key_id(
@@ -397,7 +405,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
                                         psa_key_lifetime_t lifetime)
 {
     attributes->core.lifetime = lifetime;
-    if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
     {
 #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
         attributes->core.id.key_id = 0;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2f01bf25e..82e25499c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1342,7 +1342,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
     {
         status = psa_destroy_persistent_key( slot->attr.id );
         if( overall_status == PSA_SUCCESS )
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6f6ba07d2..7308f6fcc 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -348,7 +348,7 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
     if( status != PSA_SUCCESS )
         return( status );
 
-    if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
         return PSA_SUCCESS;
 
     return( psa_wipe_key_slot( slot ) );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 8ba9ec10a..44f11a6e2 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -13,12 +13,18 @@ persistence_attributes:-1:0:3:-1:0:0:0:3
 PSA key attributes: id then back to volatile
 persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE
 
+PSA key attributes: id then back to non local volatile
+persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1):-1:0:0:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1)
+
 PSA key attributes: id then lifetime
 persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3
 
 PSA key attributes: lifetime then id
 persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3
 
+PSA key attributes: non local volatile lifetime then id
+persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,3):0x1235:0x5679:0x1235:0x5679:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT,3)
+
 PSA key attributes: slot number
 slot_number_attribute:
 
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 28ab03f24..c9f9dbe7c 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -969,7 +969,12 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
     psa_set_key_bits( &attributes,
                       PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
     psa_set_key_slot_number( &attributes, min_slot );
-    psa_set_key_id( &attributes, returned_id );
+
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+        attributes.core.id = returned_id;
+    else
+        psa_set_key_id( &attributes, returned_id );
+
     if( ! check_key_attributes( returned_id, &attributes ) )
         goto exit;