psa: Fix tests/handling of lifetime incompatible with location

The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-10-23 18:00:55 +02:00
parent 4067d1c1e5
commit d98059d599
5 changed files with 25 additions and 6 deletions

View file

@ -374,9 +374,17 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
psa_key_lifetime_t lifetime = attributes->core.lifetime;
attributes->core.id = key;
if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
attributes->core.lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
}
}
static inline mbedtls_svc_key_id_t psa_get_key_id(
@ -397,7 +405,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
attributes->core.lifetime = lifetime;
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0;

View file

@ -1342,7 +1342,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE )
if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
{
status = psa_destroy_persistent_key( slot->attr.id );
if( overall_status == PSA_SUCCESS )

View file

@ -348,7 +348,7 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
if( status != PSA_SUCCESS )
return( status );
if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
return PSA_SUCCESS;
return( psa_wipe_key_slot( slot ) );

View file

@ -13,12 +13,18 @@ persistence_attributes:-1:0:3:-1:0:0:0:3
PSA key attributes: id then back to volatile
persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE
PSA key attributes: id then back to non local volatile
persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1):-1:0:0:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1)
PSA key attributes: id then lifetime
persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3
PSA key attributes: lifetime then id
persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3
PSA key attributes: non local volatile lifetime then id
persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,3):0x1235:0x5679:0x1235:0x5679:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT,3)
PSA key attributes: slot number
slot_number_attribute:

View file

@ -969,7 +969,12 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
psa_set_key_bits( &attributes,
PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
psa_set_key_slot_number( &attributes, min_slot );
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
attributes.core.id = returned_id;
else
psa_set_key_id( &attributes, returned_id );
if( ! check_key_attributes( returned_id, &attributes ) )
goto exit;