yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 04:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3527 from ronald-cron-arm/key-extended-id

Browse source 
PSA key identifiers rework
This commit is contained in:
Gilles Peskine 2020-09-15 16:06:06 +02:00 committed by GitHub
parent 7107e661b8 7424f0d998
commit dc57c25e30
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 472 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
configs/config-psa-crypto.h
View file

@ -1144,20 +1144,20 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
* In PSA key storage, encode the owner of the key.
* Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
* multi-client service. When you activate this option, you must provide
* an implementation of the type psa_key_owner_id_t and a translation
* from psa_key_file_id_t to file name in all the storage backends that
* multi-client service. When you activate this option, you must provide an
* implementation of the type mbedtls_key_owner_id_t and a translation from
* mbedtls_svc_key_id_t to file name in all the storage backends that you
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG

10
docs/architecture/mbed-crypto-storage-specification.md
View file

@ -107,14 +107,12 @@ Backward compatibility commitments: TBD
### Key names for 1.0.0
Information about each key is stored in a dedicated file designated by a _key file identifier_ (`psa_key_file_id_t`). The key file identifier is constructed from the 32-bit key identifier (`psa_key_id_t`) and, if applicable, an identifier of the owner of the key. In integrations where there is no concept of key owner (in particular, in library integrations), the key file identifier is exactly the key identifier. When the library is integrated into a service, the service determines the semantics of the owner identifier.
Information about each key is stored in a dedicated file designated by the key identifier. In integrations where there is no concept of key owner (in particular, in library integrations), the key identifier is exactly the key identifier as defined in the PSA Cryptography API specification (`psa_key_id_t`). In integrations where there is a concept of key owner (integration into a service for example), the key identifier is made of an owner identifier (its semantics and type are integration specific) and of the key identifier (`psa_key_id_t`) from the key owner point of view.
The way in which the file name is constructed from the key file identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0).
The way in which the file name is constructed from the key identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0).
The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid.
* Library integration: the key file name is just the key identifer. This is a 32-bit value.
* PSA service integration: the key file identifier is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier specified by the application and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value.
* Library integration: the key file name is just the key identifier as defined in the PSA crypto specification. This is a 32-bit value.
* PSA service integration: the key file name is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier from the owner point of view and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value.
### Key file format for 1.0.0

13
include/mbedtls/config.h
View file

@ -1258,20 +1258,17 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
* In PSA key storage, encode the owner of the key.
* Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
* multi-client service. When you activate this option, you must provide
* an implementation of the type psa_key_owner_id_t and a translation
* from psa_key_file_id_t to file name in all the storage backends that
* you wish to support.
* The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
* which is currently hard-coded to be int32_t.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG

23
include/psa/crypto.h
View file

@ -146,11 +146,11 @@ static psa_key_attributes_t psa_key_attributes_init(void);
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once.
*
* \param[out] attributes The attribute structure to write to.
* \param id The persistent identifier for the key.
* \param[out] attributes The attribute structure to write to.
* \param key The persistent identifier for the key.
*/
static void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t id);
static void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key );
/** Set the location of a persistent key.
*
@ -192,7 +192,8 @@ static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
* This value is unspecified if the attribute structure declares
* the key as volatile.
*/
static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
static mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes);
/** Retrieve the lifetime from key attributes.
*
@ -392,8 +393,9 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
* always has a nonzero key identifier, set with psa_set_key_id() when
* creating the key. Implementations may provide additional pre-provisioned
* keys that can be opened with psa_open_key(). Such keys have a key identifier
* in the vendor range, as documented in the description of #psa_key_id_t.
* keys that can be opened with psa_open_key(). Such keys have an application
* key identifier in the vendor range, as documented in the description of
* #psa_key_id_t.
*
* The application must eventually close the handle with psa_close_key() or
* psa_destroy_key() to release associated resources. If the application dies
@ -408,7 +410,7 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* portable to implementations that only permit a single key handle to be
* opened. See also :ref:\`key-handles\`.
*
* \param id The persistent identifier of the key.
* \param key The persistent identifier of the key.
* \param[out] handle On success, a handle to the key.
*
* \retval #PSA_SUCCESS
@ -436,9 +438,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_open_key(psa_key_id_t id,
psa_key_handle_t *handle);
psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
psa_key_handle_t *handle );
/** Close a key handle.
*

4
include/psa/crypto_extra.h
View file

@ -232,9 +232,9 @@ typedef struct mbedtls_psa_stats_s
/** Number of slots that are not used for anything. */
size_t empty_slots;
/** Largest key id value among open keys in internal persistent storage. */
psa_app_key_id_t max_open_internal_key_id;
psa_key_id_t max_open_internal_key_id;
/** Largest key id value among open keys in secure elements. */
psa_app_key_id_t max_open_external_key_id;
psa_key_id_t max_open_external_key_id;
} mbedtls_psa_stats_t;
/** \brief Get statistics about

71
include/psa/crypto_platform.h
View file

@ -44,57 +44,40 @@
/* PSA requires several types which C99 provides in stdint.h. */
#include <stdint.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Integral type representing a key handle. */
typedef uint16_t psa_key_handle_t;
/* This implementation distinguishes *application key identifiers*, which
* are the key identifiers specified by the application, from
* *key file identifiers*, which are the key identifiers that the library
* sees internally. The two types can be different if there is a remote
* call layer between the application and the library which supports
* multiple client applications that do not have access to each others'
* keys. The point of having different types is that the key file
* identifier may encode not only the key identifier specified by the
* application, but also the the identity of the application.
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
/* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA
* partition identifier.
*
* Note that this is an internal concept of the library and the remote
* call layer. The application itself never sees anything other than
* #psa_app_key_id_t with its standard definition.
* The function psa_its_identifier_of_slot() in psa_crypto_storage.c that
* translates a key identifier to a key storage file name assumes that
* mbedtls_key_owner_id_t is an 32 bits integer. This function thus needs
* reworking if mbedtls_key_owner_id_t is not defined as a 32 bits integer
* here anymore.
*/
typedef int32_t mbedtls_key_owner_id_t;
/* The application key identifier is always what the application sees as
* #psa_key_id_t. */
typedef uint32_t psa_app_key_id_t;
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
#if defined(PSA_CRYPTO_SECURE)
/* Building for the PSA Crypto service on a PSA platform. */
/* A key owner is a PSA partition identifier. */
typedef int32_t psa_key_owner_id_t;
#endif
typedef struct
/** Compare two key owner identifiers.
*
* \param id1 First key owner identifier.
* \param id2 Second key owner identifier.
*
* \return Non-zero if the two key owner identifiers are equal, zero otherwise.
*/
static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
mbedtls_key_owner_id_t id2 )
{
uint32_t key_id;
psa_key_owner_id_t owner;
} psa_key_file_id_t;
#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id )
return( id1 == id2 );
}
/* Since crypto.h is used as part of the PSA Cryptography API specification,
* it must use standard types for things like the argument of psa_open_key().
* If it wasn't for that constraint, psa_open_key() would take a
* `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an
* alias for `psa_key_file_id_t` when building for a multi-client service. */
typedef psa_key_file_id_t psa_key_id_t;
#define PSA_KEY_ID_INIT {0, 0}
#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
/* By default, a key file identifier is just the application key identifier. */
typedef psa_app_key_id_t psa_key_file_id_t;
#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id )
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#endif /* PSA_CRYPTO_PLATFORM_H */

15
include/psa/crypto_struct.h
View file

@ -342,12 +342,12 @@ typedef struct
psa_key_type_t type;
psa_key_bits_t bits;
psa_key_lifetime_t lifetime;
psa_key_id_t id;
mbedtls_svc_key_id_t id;
psa_key_policy_t policy;
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
struct psa_key_attributes_s
{
@ -371,15 +371,15 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void )
return( v );
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t id)
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
attributes->core.id = id;
attributes->core.id = key;
if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
}
static inline psa_key_id_t psa_get_key_id(
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
return( attributes->core.id );
@ -391,9 +391,8 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
attributes->core.lifetime = lifetime;
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
attributes->core.id.key_id = 0;
attributes->core.id.owner = 0;
#else
attributes->core.id = 0;
#endif

29
include/psa/crypto_types.h
View file

@ -33,6 +33,8 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
#include "crypto_platform.h"
#include <stdint.h>
/** \defgroup error Error codes
@ -123,7 +125,7 @@ typedef uint32_t psa_algorithm_t;
* implementation-specific device management event occurs (for example,
* a factory reset).
*
* Persistent keys have a key identifier of type #psa_key_id_t.
* Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
* This identifier remains valid throughout the lifetime of the key,
* even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
@ -226,15 +228,24 @@ typedef uint32_t psa_key_location_t;
* - 0 is reserved as an invalid key identifier.
* - Key identifiers outside these ranges are reserved for future use.
*/
/* Implementation-specific quirk: The Mbed Crypto library can be built as
* part of a multi-client service that exposes the PSA Crypto API in each
* client and encodes the client identity in the key id argument of functions
* such as psa_open_key(). In this build configuration, we define
* psa_key_id_t in crypto_platform.h instead of here. */
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
typedef uint32_t psa_key_id_t;
#define PSA_KEY_ID_INIT 0
#endif
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
typedef psa_key_id_t mbedtls_svc_key_id_t;
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/* Implementation-specific: The Mbed Cryptography library can be built as
* part of a multi-client service that exposes the PSA Cryptograpy API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
*/
typedef struct
{
psa_key_id_t key_id;
mbedtls_key_owner_id_t owner;
} mbedtls_svc_key_id_t;
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/**@}*/

75
include/psa/crypto_values.h
View file

@ -1656,16 +1656,83 @@
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
/** The maximum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff)
#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
/** The minimum value for a key identifier chosen by the implementation.
*/
#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000)
#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
/** The maximum value for a key identifier chosen by the implementation.
*/
#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff)
#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 )
/** Utility to initialize a key identifier at runtime.
*
* \param unused Unused parameter.
* \param key_id Identifier of the key.
*/
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
unsigned int unused, psa_key_id_t key_id )
{
(void)unused;
return( key_id );
}
/** Compare two key identifiers.
*
* \param id1 First key identifier.
* \param id2 Second key identifier.
*
* \return Non-zero if the two key identifier are equal, zero otherwise.
*/
static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2 )
{
return( id1 == id2 );
}
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
/** Utility to initialize a key identifier at runtime.
*
* \param owner_id Identifier of the key owner.
* \param key_id Identifier of the key.
*/
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
{
return( (mbedtls_svc_key_id_t){ .key_id = key_id,
.owner = owner_id } );
}
/** Compare two key identifiers.
*
* \param id1 First key identifier.
* \param id2 Second key identifier.
*
* \return Non-zero if the two key identifier are equal, zero otherwise.
*/
static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2 )
{
return( ( id1.key_id == id2.key_id ) &&
mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/**@}*/

2
library/psa_crypto_se.h
View file

@ -45,7 +45,7 @@
/** The base of the range of ITS file identifiers for secure element
* driver persistent data.
*
* We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
* We use a slice of the implementation reserved range 0xffff0000..0xffffffff,
* specifically the range 0xfffffe00..0xfffffeff. The length of this range
* drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is
* actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE

31
library/psa_crypto_slot_management.c
View file

@ -157,16 +157,15 @@ exit:
* past released version must remain valid, unless a migration path
* is provided.
*
* \param file_id The key identifier to check.
* \param vendor_ok Nonzero to allow key ids in the vendor range.
* 0 to allow only key ids in the application range.
* \param key The key identifier to check.
* \param vendor_ok Nonzero to allow key ids in the vendor range.
* 0 to allow only key ids in the application range.
*
* \return 1 if \p file_id is acceptable, otherwise 0.
* \return 1 if \p key is acceptable, otherwise 0.
*/
static int psa_is_key_id_valid( psa_key_file_id_t file_id,
int vendor_ok )
static int psa_is_key_id_valid( mbedtls_svc_key_id_t key, int vendor_ok )
{
psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id );
psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
return( 1 );
else if( vendor_ok &&
@ -204,7 +203,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
}
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
psa_key_id_t key_id )
mbedtls_svc_key_id_t key )
{
if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
@ -215,19 +214,19 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
if( psa_is_key_id_valid( key_id,
if( psa_is_key_id_valid( key,
psa_key_lifetime_is_external( lifetime ) ) )
return( PSA_SUCCESS );
else
return( PSA_ERROR_INVALID_ARGUMENT );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
(void) key_id;
(void) key;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
}
}
psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
{
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_status_t status;
@ -235,7 +234,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
*handle = 0;
if( ! psa_is_key_id_valid( id, 1 ) )
if( ! psa_is_key_id_valid( key, 1 ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( handle, &slot );
@ -243,7 +242,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
return( status );
slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
slot->attr.id = id;
slot->attr.id = key;
status = psa_load_persistent_key_into_slot( slot );
if( status != PSA_SUCCESS )
@ -254,7 +253,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
return( status );
#else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
(void) id;
(void) key;
*handle = 0;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
@ -291,14 +290,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
++stats->volatile_slots;
else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->persistent_slots;
if( id > stats->max_open_internal_key_id )
stats->max_open_internal_key_id = id;
}
else
{
psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id);
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->external_slots;
if( id > stats->max_open_external_key_id )
stats->max_open_external_key_id = id;

7
library/psa_crypto_slot_management.h
View file

@ -113,14 +113,13 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
* This function checks whether a key's declared persistence level and key ID
* attributes are valid and known to the PSA Core in its actual configuration.
*
* \param[in] lifetime The key lifetime attribute.
* \param[in] key_id The key ID attribute
* \param[in] lifetime The key lifetime attribute.
* \param[in] key The key identifier.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
*/
psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime,
psa_key_id_t key_id );
mbedtls_svc_key_id_t key );
#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */

39
library/psa_crypto_storage.c
View file

@ -55,27 +55,27 @@
/* Key storage */
/****************************************************************/
/* Determine a file name (ITS file identifier) for the given key file
* identifier. The file name must be distinct from any file that is used
* for a purpose other than storing a key. Currently, the only such file
* is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID
* and whose value is 0xFFFFFF52. */
static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
/* Determine a file name (ITS file identifier) for the given key identifier.
* The file name must be distinct from any file that is used for a purpose
* other than storing a key. Currently, the only such file is the random seed
* file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
* 0xFFFFFF52. */
static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
{
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \
defined(PSA_CRYPTO_SECURE)
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
/* Encode the owner in the upper 32 bits. This means that if
* owner values are nonzero (as they are on a PSA platform),
* no key file will ever have a value less than 0x100000000, so
* the whole range 0..0xffffffff is available for non-key files. */
uint32_t unsigned_owner = (uint32_t) file_id.owner;
return( (uint64_t) unsigned_owner << 32 | file_id.key_id );
uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
return( ( (uint64_t) unsigned_owner_id << 32 ) |
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
#else
/* Use the key id directly as a file name.
* psa_is_key_file_id_valid() in psa_crypto_slot_management.c
* psa_is_key_id_valid() in psa_crypto_slot_management.c
* is responsible for ensuring that key identifiers do not have a
* value that is reserved for non-key files. */
return( file_id );
return( key );
#endif
}
@ -94,9 +94,8 @@ static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id )
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_DOES_NOT_EXIST
*/
static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
uint8_t *data,
size_t data_size )
static psa_status_t psa_crypto_storage_load(
const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
{
psa_status_t status;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@ -114,7 +113,7 @@ static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key,
return( status );
}
int psa_is_key_present_in_storage( const psa_key_file_id_t key )
int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
{
psa_status_t ret;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@ -143,7 +142,7 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key )
* \retval PSA_ERROR_STORAGE_FAILURE
* \retval PSA_ERROR_ALREADY_EXISTS
*/
static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key,
static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
const uint8_t *data,
size_t data_length )
{
@ -184,7 +183,7 @@ exit:
return( status );
}
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
{
psa_status_t ret;
psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
@ -215,7 +214,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key )
* \retval PSA_ERROR_STORAGE_FAILURE
*/
static psa_status_t psa_crypto_storage_get_data_length(
const psa_key_file_id_t key,
const mbedtls_svc_key_id_t key,
size_t *data_length )
{
psa_status_t status;
@ -394,7 +393,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
psa_status_t status = PSA_SUCCESS;
uint8_t *loaded_data;
size_t storage_data_length = 0;
psa_key_id_t key = attr->id;
mbedtls_svc_key_id_t key = attr->id;
status = psa_crypto_storage_get_data_length( key, &storage_data_length );
if( status != PSA_SUCCESS )

6
library/psa_crypto_storage.h
View file

@ -72,7 +72,7 @@ extern "C" {
* \retval 1
* Persistent data present for slot number
*/
int psa_is_key_present_in_storage( const psa_key_file_id_t key );
int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
/**
* \brief Format key data and metadata and save to a location for given key
@ -141,7 +141,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
* or the key did not exist.
* \retval PSA_ERROR_STORAGE_FAILURE
*/
psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key );
psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
/**
* \brief Free the temporary buffer allocated by psa_load_persistent_key().
@ -292,7 +292,7 @@ typedef union
uint16_t unused1;
psa_key_lifetime_t lifetime;
psa_key_slot_number_t slot;
psa_key_id_t id;
mbedtls_svc_key_id_t id;
} key;
} psa_crypto_transaction_t;

6
library/version_features.c
View file

@ -417,9 +417,9 @@ static const char * const features[] = {
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
"MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER",
#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER",
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
"MBEDTLS_MEMORY_DEBUG",
#endif /* MBEDTLS_MEMORY_DEBUG */

8
programs/test/query_config.c
View file

@ -1168,13 +1168,13 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER)
if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 )
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER );
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER );
return( 0 );
}
#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 )

1
scripts/config.py
View file

@ -184,7 +184,6 @@ EXCLUDE_FROM_FULL = frozenset([
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time)
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature

12
tests/suites/test_suite_psa_crypto.data
View file

@ -2,22 +2,22 @@ PSA compile-time sanity checks
static_checks:
PSA key attributes structure
attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128
attributes_set_get:0xffff1234:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128
PSA key attributes: id only
persistence_attributes:0x1234:-1:-1:0x1234:PSA_KEY_LIFETIME_PERSISTENT
persistence_attributes:0x1234:0x5678:-1:-1:0:0x1234:0x5678:PSA_KEY_LIFETIME_PERSISTENT
PSA key attributes: lifetime=3 only
persistence_attributes:-1:3:-1:0:3
persistence_attributes:-1:0:3:-1:0:0:0:3
PSA key attributes: id then back to volatile
persistence_attributes:0x1234:PSA_KEY_LIFETIME_VOLATILE:-1:0:PSA_KEY_LIFETIME_VOLATILE
persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE
PSA key attributes: id then lifetime
persistence_attributes:0x1234:3:-1:0x1234:3
persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3
PSA key attributes: lifetime then id
persistence_attributes:0x1234:3:0x1235:0x1235:3
persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3
PSA key attributes: slot number
slot_number_attribute:

56
tests/suites/test_suite_psa_crypto.function
View file

@ -233,7 +233,7 @@ int check_key_attributes_sanity( psa_key_handle_t key )
int ok = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_lifetime_t lifetime;
psa_key_id_t id;
mbedtls_svc_key_id_t id;
psa_key_type_t type;
psa_key_type_t bits;
@ -245,12 +245,12 @@ int check_key_attributes_sanity( psa_key_handle_t key )
/* Persistence */
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
TEST_ASSERT( id == 0 );
TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) == 0 );
else
{
TEST_ASSERT(
( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) ||
( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) );
( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) );
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* randomly-generated 64-bit constant, should never appear in test data */
@ -1178,17 +1178,21 @@ static psa_key_usage_t usage_to_exercise( psa_key_type_t type,
static int test_operations_on_invalid_handle( psa_key_handle_t handle )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
uint8_t buffer[1];
size_t length;
int ok = 0;
psa_set_key_id( &attributes, 0x6964 );
psa_set_key_id( &attributes, key_id );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
@ -1321,19 +1325,22 @@ void static_checks( )
/* END_CASE */
/* BEGIN_CASE */
void attributes_set_get( int id_arg, int lifetime_arg,
void attributes_set_get( int owner_id_arg, int id_arg, int lifetime_arg,
int usage_flags_arg, int alg_arg,
int type_arg, int bits_arg )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t id = id_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
@ -1347,7 +1354,8 @@ void attributes_set_get( int id_arg, int lifetime_arg,
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
TEST_EQUAL( psa_get_key_id( &attributes ), id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
@ -1356,7 +1364,10 @@ void attributes_set_get( int id_arg, int lifetime_arg,
psa_reset_key_attributes( &attributes );
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
@ -1366,14 +1377,19 @@ void attributes_set_get( int id_arg, int lifetime_arg,
/* END_CASE */
/* BEGIN_CASE */
void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg,
int expected_id_arg, int expected_lifetime_arg )
void persistence_attributes( int id1_arg, int owner_id1_arg, int lifetime_arg,
int id2_arg, int owner_id2_arg,
int expected_id_arg, int expected_owner_id_arg,
int expected_lifetime_arg )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t id1 = id1_arg;
mbedtls_svc_key_id_t id1 =
mbedtls_svc_key_id_make( owner_id1_arg, id1_arg );
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id2 = id2_arg;
psa_key_id_t expected_id = expected_id_arg;
mbedtls_svc_key_id_t id2 =
mbedtls_svc_key_id_make( owner_id2_arg, id2_arg );
mbedtls_svc_key_id_t expected_id =
mbedtls_svc_key_id_make( expected_owner_id_arg, expected_id_arg );
psa_key_lifetime_t expected_lifetime = expected_lifetime_arg;
if( id1_arg != -1 )
@ -1383,7 +1399,8 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg,
if( id2_arg != -1 )
psa_set_key_id( &attributes, id2 );
TEST_EQUAL( psa_get_key_id( &attributes ), expected_id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), expected_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), expected_lifetime );
}
/* END_CASE */
@ -5612,7 +5629,7 @@ void persistent_key_load_key_from_storage( data_t *data,
int usage_flags_arg, int alg_arg,
int generation_method )
{
psa_key_id_t key_id = 1;
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t handle = 0;
psa_key_handle_t base_key = 0;
@ -5704,7 +5721,8 @@ void persistent_key_load_key_from_storage( data_t *data,
/* Check key slot still contains key data */
PSA_ASSERT( psa_open_key( key_id, &handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );

10
tests/suites/test_suite_psa_crypto_persistent_key.data
View file

@ -32,23 +32,23 @@ save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTE
Persistent key destroy
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Persistent key destroy after restart
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Persistent key import (RSA)
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS
persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS
Persistent key import with restart (RSA)
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS
persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS
Persistent key import garbage data, should fail
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT
import/export persistent raw key: 1 byte
import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0

22
tests/suites/test_suite_psa_crypto_persistent_key.function
View file

@ -112,7 +112,7 @@ exit:
/* BEGIN_CASE */
void save_large_persistent_key( int data_length_arg, int expected_status )
{
psa_key_id_t key_id = 42;
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
psa_key_handle_t handle = 0;
uint8_t *data = NULL;
size_t data_length = data_length_arg;
@ -139,11 +139,12 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_destroy( int key_id_arg, int restart,
void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart,
int first_type_arg, data_t *first_data,
int second_type_arg, data_t *second_data )
{
psa_key_id_t key_id = key_id_arg;
mbedtls_svc_key_id_t key_id =
mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
psa_key_handle_t handle = 0;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
@ -193,10 +194,11 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
int restart, int expected_status )
void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg,
data_t *data, int restart, int expected_status )
{
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
mbedtls_svc_key_id_t key_id =
mbedtls_svc_key_id_make( owner_id_arg, key_id_arg );
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -224,7 +226,8 @@ void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
psa_reset_key_attributes( &attributes );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
@ -245,7 +248,7 @@ void import_export_persistent_key( data_t *data, int type_arg,
int expected_bits,
int restart, int key_not_exist )
{
psa_key_id_t key_id = 42;
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 );
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
unsigned char *exported = NULL;
@ -276,7 +279,8 @@ void import_export_persistent_key( data_t *data, int type_arg,
/* Test the key information */
psa_reset_key_attributes( &attributes );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), key_id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );

16
tests/suites/test_suite_psa_crypto_se_driver_hal.data
View file

@ -130,28 +130,28 @@ Key generation smoke test: HMAC-SHA-256
generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
Key registration: smoke test
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:1:PSA_SUCCESS
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:1:PSA_SUCCESS
Key registration: invalid lifetime (volatile internal storage)
register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:1:PSA_ERROR_INVALID_ARGUMENT
register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:7:1:1:PSA_ERROR_INVALID_ARGUMENT
Key registration: invalid lifetime (internal storage)
register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:1:PSA_ERROR_INVALID_ARGUMENT
register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:7:1:1:PSA_ERROR_INVALID_ARGUMENT
Key registration: invalid lifetime (no registered driver)
register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:1:PSA_ERROR_INVALID_ARGUMENT
register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):7:1:1:PSA_ERROR_INVALID_ARGUMENT
Key registration: rejected
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:0:PSA_ERROR_NOT_PERMITTED
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:0:PSA_ERROR_NOT_PERMITTED
Key registration: not supported
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:-1:PSA_ERROR_NOT_SUPPORTED
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:-1:PSA_ERROR_NOT_SUPPORTED
Key registration: key id out of range
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT
Key registration: key id in vendor range
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS
Import-sign-verify: sign in driver, ECDSA
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED

79
tests/suites/test_suite_psa_crypto_se_driver_hal.function
View file

@ -532,8 +532,9 @@ static int check_key_attributes(
PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) );
TEST_EQUAL( psa_get_key_id( &actual_attributes ),
psa_get_key_id( reference_attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &actual_attributes ),
psa_get_key_id( reference_attributes ) ) );
TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ),
psa_get_key_lifetime( reference_attributes ) );
TEST_EQUAL( psa_get_key_type( &actual_attributes ),
@ -757,16 +758,41 @@ exit:
return( ok );
}
#define MAX_KEY_ID_FOR_TEST 10
static mbedtls_svc_key_id_t key_ids_used_in_test[10];
static size_t num_key_ids_used;
/* Record a key id as potentially used in a test case. */
static int test_uses_key_id( mbedtls_svc_key_id_t key_id )
{
size_t i;
for( i = 0; i < num_key_ids_used ; i++ )
{
if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) )
return( 1 );
}
if( num_key_ids_used >= ARRAY_LENGTH( key_ids_used_in_test ) )
return( 0 );
key_ids_used_in_test[num_key_ids_used] = key_id;
++num_key_ids_used;
return( 1 );
}
#define TEST_USES_KEY_ID( key_id ) \
TEST_ASSERT( test_uses_key_id( key_id ) )
static void psa_purge_storage( void )
{
psa_key_id_t id;
size_t i;
psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
psa_destroy_persistent_key( id );
for( i = 0; i < num_key_ids_used; i++ )
psa_destroy_persistent_key( key_ids_used_in_test[i] );
num_key_ids_used = 0;
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
@ -853,13 +879,15 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
uint8_t exported[sizeof( key_material )];
size_t exported_length;
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
memset( &key_management, 0, sizeof( key_management ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@ -985,11 +1013,13 @@ void key_creation_in_chosen_slot( int slot_arg,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
memset( &key_management, 0, sizeof( key_management ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@ -1067,10 +1097,12 @@ void import_key_smoke( int type_arg, int alg_arg,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
memset( &key_management, 0, sizeof( key_management ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@ -1139,10 +1171,12 @@ void generate_key_not_supported( int type_arg, int bits_arg )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
memset( &key_management, 0, sizeof( key_management ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@ -1178,10 +1212,12 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
memset( &key_management, 0, sizeof( key_management ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
@ -1258,7 +1294,7 @@ void sign_verify( int flow,
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t drv_handle = 0; /* key managed by the driver */
psa_key_handle_t sw_handle = 0; /* transparent key */
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1266,6 +1302,8 @@ void sign_verify( int flow,
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
memset( &key_management, 0, sizeof( key_management ) );
memset( &asymmetric, 0, sizeof( asymmetric ) );
@ -1410,6 +1448,7 @@ exit:
/* BEGIN_CASE */
void register_key_smoke_test( int lifetime_arg,
int owner_id_arg,
int id_arg,
int validate,
int expected_status_arg )
@ -1420,12 +1459,14 @@ void register_key_smoke_test( int lifetime_arg,
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t id = id_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
size_t bit_size = 48;
psa_key_slot_number_t wanted_slot = 0x123456789;
psa_key_handle_t handle = 0;
psa_status_t status;
TEST_USES_KEY_ID( id );
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
memset( &key_management, 0, sizeof( key_management ) );
@ -1462,6 +1503,12 @@ void register_key_smoke_test( int lifetime_arg,
goto exit;
PSA_ASSERT( psa_close_key( handle ) );
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_svc_key_id_t invalid_id =
mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST );
#endif
/* Restart and try again. */
PSA_DONE( );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );

48
tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
View file

@ -91,11 +91,13 @@ static void psa_purge_storage( void )
{
psa_key_id_t id;
psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ )
psa_destroy_persistent_key( id );
psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) );
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
@ -330,7 +332,7 @@ void mock_import( int mock_alloc_return_value,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -360,8 +362,20 @@ void mock_import( int mock_alloc_return_value,
TEST_ASSERT( mock_allocate_data.called == 1 );
TEST_ASSERT( mock_import_data.called ==
( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
TEST_ASSERT( mock_import_data.attributes.core.id ==
( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) );
if( mock_alloc_return_value == PSA_SUCCESS )
{
TEST_ASSERT( mbedtls_svc_key_id_equal(
mock_import_data.attributes.core.id, id ) );
}
else
{
TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
mock_import_data.attributes.core.id ) == 0 );
TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
mock_import_data.attributes.core.id ) == 0 );
}
TEST_ASSERT( mock_import_data.attributes.core.lifetime ==
( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) );
TEST_ASSERT( mock_import_data.attributes.core.policy.usage ==
@ -387,7 +401,7 @@ void mock_export( int mock_export_return_value, int expected_result )
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -441,7 +455,7 @@ void mock_generate( int mock_alloc_return_value,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -467,8 +481,20 @@ void mock_generate( int mock_alloc_return_value,
TEST_ASSERT( mock_allocate_data.called == 1 );
TEST_ASSERT( mock_generate_data.called ==
( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) );
TEST_ASSERT( mock_generate_data.attributes.core.id ==
( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) );
if( mock_alloc_return_value == PSA_SUCCESS )
{
TEST_ASSERT( mbedtls_svc_key_id_equal(
mock_generate_data.attributes.core.id, id ) );
}
else
{
TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
mock_generate_data.attributes.core.id ) == 0 );
TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
mock_generate_data.attributes.core.id ) == 0 );
}
TEST_ASSERT( mock_generate_data.attributes.core.lifetime ==
( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) );
TEST_ASSERT( mock_generate_data.attributes.core.policy.usage ==
@ -496,7 +522,7 @@ void mock_export_public( int mock_export_public_return_value,
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -546,7 +572,7 @@ void mock_sign( int mock_sign_return_value, int expected_result )
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
@ -607,7 +633,7 @@ void mock_verify( int mock_verify_return_value, int expected_result )
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 );
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};

48
tests/suites/test_suite_psa_crypto_slot_management.data
View file

@ -14,61 +14,61 @@ Transient slot, check after restart with live handles
transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
Persistent slot, check after closing, id=min
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
Persistent slot, check after closing and restarting, id=min
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
Persistent slot, check after destroying, id=min
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
Persistent slot, check after destroying and restarting, id=min
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
Persistent slot, check after restart with live handle, id=min
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
Persistent slot, check after closing, id=max
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:129:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
Persistent slot, check after destroying, id=max
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:130:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
Persistent slot, check after restart, id=max
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:131:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
Persistent slot: ECP keypair (ECDSA, exportable), close
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
Persistent slot: ECP keypair (ECDSA, exportable), close+restart
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:133:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
Persistent slot: ECP keypair (ECDSA, exportable), restart
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:134:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:136:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
Attempt to overwrite: close before
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE
create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x1736:1:CLOSE_BEFORE
Attempt to overwrite: close after
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_AFTER
create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x7361:1:CLOSE_AFTER
Attempt to overwrite: keep open
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:KEEP_OPEN
create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x3617:1:KEEP_OPEN
Open failure: invalid identifier (0)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
@ -118,23 +118,27 @@ depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
Copy volatile to volatile
copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0x10:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0x10:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy volatile to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0x100:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x100:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to volatile
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x1000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0x1000:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to persistent
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10000:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to persistent, same id but different owner
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10001:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0
Copy persistent to persistent with enrollment algorithm
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x100000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0x100000:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
Copy volatile to occupied
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C

112
tests/suites/test_suite_psa_crypto_slot_management.function
View file

@ -34,21 +34,22 @@ typedef enum
* code. */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
static psa_key_id_t key_ids_used_in_test[9];
static mbedtls_svc_key_id_t key_ids_used_in_test[9];
static size_t num_key_ids_used;
/* Record a key id as potentially used in a test case. */
static int test_uses_key_id( psa_key_id_t key_id )
static int test_uses_key_id( mbedtls_svc_key_id_t key_id )
{
size_t i;
if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) >
PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
{
/* Don't touch key id values that designate non-key files. */
return( 1 );
}
for( i = 0; i < num_key_ids_used ; i++ )
{
if( key_id == key_ids_used_in_test[i] )
if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) )
return( 1 );
}
if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) )
@ -172,13 +173,13 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
int usage_arg, int alg_arg, int alg2_arg,
int type_arg, data_t *key_data,
int close_method_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
psa_algorithm_t alg = alg_arg;
psa_algorithm_t alg2 = alg2_arg;
psa_key_usage_t usage_flags = usage_arg;
@ -190,6 +191,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
uint8_t *reexported = NULL;
size_t reexported_length = -1;
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
mbedtls_svc_key_id_t wrong_owner_id =
mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
psa_key_handle_t invalid_handle = 0;
#endif
TEST_USES_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
@ -204,9 +211,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
TEST_ASSERT( handle != 0 );
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
PSA_ERROR_DOES_NOT_EXIST );
#endif
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_EQUAL( psa_get_key_id( &attributes ), id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
@ -214,10 +228,17 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
/* Close the key and reopen it. */
PSA_ASSERT( psa_close_key( handle ) );
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
PSA_ERROR_DOES_NOT_EXIST );
#endif
PSA_ASSERT( psa_open_key( id, &handle ) );
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_EQUAL( psa_get_key_id( &attributes ), id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
@ -247,8 +268,9 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
psa_get_key_lifetime( &read_attributes ) );
TEST_EQUAL( psa_get_key_id( &attributes ),
psa_get_key_id( &read_attributes ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ),
psa_get_key_id( &read_attributes ) ) );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
TEST_EQUAL( psa_get_key_algorithm( &attributes ),
psa_get_key_algorithm( &read_attributes ) );
@ -292,11 +314,11 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void create_existent( int lifetime_arg, int id_arg,
void create_existent( int lifetime_arg, int owner_id_arg, int id_arg,
int reopen_policy_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
psa_key_handle_t handle1 = 0, handle2 = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
@ -338,7 +360,8 @@ void create_existent( int lifetime_arg, int id_arg,
/* Check that the original key hasn't changed. */
psa_reset_key_attributes( &attributes );
PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
TEST_EQUAL( psa_get_key_id( &attributes ), id );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
@ -363,7 +386,7 @@ exit:
void open_fail( int id_arg,
int expected_status_arg )
{
psa_key_id_t id = id_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
@ -382,7 +405,7 @@ void create_fail( int lifetime_arg, int id_arg,
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
@ -409,25 +432,27 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
int source_usage_arg,
void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
int source_id_arg, int source_usage_arg,
int source_alg_arg, int source_alg2_arg,
int type_arg, data_t *material,
int target_lifetime_arg, int target_id_arg,
int target_usage_arg,
int target_lifetime_arg, int target_owner_id_arg,
int target_id_arg, int target_usage_arg,
int target_alg_arg, int target_alg2_arg,
int expected_usage_arg,
int expected_alg_arg, int expected_alg2_arg )
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
psa_key_id_t source_id = source_id_arg;
mbedtls_svc_key_id_t source_id =
mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg );
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0;
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t source_type = type_arg;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg;
mbedtls_svc_key_id_t target_id =
mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg );
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0;
@ -443,11 +468,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
PSA_ASSERT( psa_crypto_init( ) );
/* Populate the source slot. */
if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
psa_set_key_id( &source_attributes, source_id );
psa_set_key_lifetime( &source_attributes, source_lifetime );
}
psa_set_key_id( &source_attributes, source_id );
psa_set_key_lifetime( &source_attributes, source_lifetime );
psa_set_key_type( &source_attributes, source_type );
psa_set_key_usage_flags( &source_attributes, source_usage );
psa_set_key_algorithm( &source_attributes, source_alg );
@ -459,11 +482,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
/* Prepare the target slot. */
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
psa_set_key_id( &target_attributes, target_id );
psa_set_key_lifetime( &target_attributes, target_lifetime );
}
psa_set_key_id( &target_attributes, target_id );
psa_set_key_lifetime( &target_attributes, target_lifetime );
psa_set_key_usage_flags( &target_attributes, target_usage );
psa_set_key_algorithm( &target_attributes, target_alg );
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
@ -487,7 +508,21 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg,
/* Test that the target slot has the expected content. */
psa_reset_key_attributes( &target_attributes );
PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) );
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
{
TEST_ASSERT( mbedtls_svc_key_id_equal(
target_id, psa_get_key_id( &target_attributes ) ) );
}
else
{
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ),
target_owner_id_arg );
#endif
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 );
}
TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
TEST_EQUAL( psa_get_key_bits( &source_attributes ),
@ -534,13 +569,15 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
int target_type_arg, data_t *target_material )
{
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
psa_key_id_t source_id = source_id_arg;
mbedtls_svc_key_id_t source_id =
mbedtls_svc_key_id_make( 1, source_id_arg );
psa_key_usage_t source_usage = source_usage_arg;
psa_algorithm_t source_alg = source_alg_arg;
psa_key_handle_t source_handle = 0;
psa_key_type_t source_type = source_type_arg;
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
psa_key_id_t target_id = target_id_arg;
mbedtls_svc_key_id_t target_id =
mbedtls_svc_key_id_make( 1, target_id_arg );
psa_key_usage_t target_usage = target_usage_arg;
psa_algorithm_t target_alg = target_alg_arg;
psa_key_handle_t target_handle = 0;
@ -570,7 +607,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
&source_handle ) );
/* Populate the target slot. */
if( target_id == source_id )
if( mbedtls_svc_key_id_equal( target_id, source_id ) )
{
target_handle = source_handle;
}
@ -597,8 +634,9 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
/* Test that the target slot is unaffected. */
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
TEST_EQUAL( psa_get_key_id( &attributes1 ),
psa_get_key_id( &attributes2 ) );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes1 ),
psa_get_key_id( &attributes2 ) ) );
TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
psa_get_key_lifetime( &attributes2 ) );
TEST_EQUAL( psa_get_key_type( &attributes1 ),