diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt new file mode 100644 index 000000000..6ac02bc61 --- /dev/null +++ b/ChangeLog.d/psa-lifetime-locations.txt @@ -0,0 +1,8 @@ +Default behavior changes + * In the experimental PSA secure element interface, change the encoding of + key lifetimes to encode a persistence level and the location. Although C + prototypes do not effectively change, code calling + psa_register_se_driver() must be modified to pass the driver's location + instead of the keys' lifetime. If the library is upgraded on an existing + device, keys created with the old lifetime value will not be readable or + removable through Mbed TLS after the upgrade. diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 7ac1ed1c4..0c28579db 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -119,8 +119,10 @@ typedef struct { * \param[in,out] drv_context The driver context structure. * \param[in,out] persistent_data A pointer to the persistent data * that allows writing. - * \param lifetime The lifetime value for which this driver - * is registered. + * \param location The location value for which this driver + * is registered. The driver will be invoked + * for all keys whose lifetime is in this + * location. * * \retval #PSA_SUCCESS * The driver is operational. @@ -132,7 +134,7 @@ typedef struct { */ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, void *persistent_data, - psa_key_lifetime_t lifetime); + psa_key_location_t location); #if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Mbed Crypto with secure element support enabled defines this type in @@ -1341,17 +1343,19 @@ typedef struct { * after psa_crypto_init(). * * \note Implementations store metadata about keys including the lifetime - * value. Therefore, from one instantiation of the PSA Cryptography + * value, which contains the driver's location indicator. Therefore, + * from one instantiation of the PSA Cryptography * library to the next one, if there is a key in storage with a certain * lifetime value, you must always register the same driver (or an * updated version that communicates with the same secure element) - * with the same lifetime value. + * with the same location value. * - * \param lifetime The lifetime value through which this driver will + * \param location The location value through which this driver will * be exposed to applications. - * The values #PSA_KEY_LIFETIME_VOLATILE and - * #PSA_KEY_LIFETIME_PERSISTENT are reserved and - * may not be used for drivers. Implementations + * This driver will be used for all keys such that + * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`. + * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved + * and may not be used for drivers. Implementations * may reserve other values. * \param[in] methods The method table of the driver. This structure must * remain valid for as long as the cryptography @@ -1376,7 +1380,7 @@ typedef struct { * \return PSA_ERROR_NOT_PERMITTED */ psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, + psa_key_location_t location, const psa_drv_se_t *methods); /**@}*/ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index d96c66e5c..41f1bea77 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -108,18 +108,117 @@ typedef uint32_t psa_algorithm_t; * The lifetime of a key indicates where it is stored and what system actions * may create and destroy it. * - * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically - * destroyed when the application terminates or on a power reset. + * Lifetime values have the following structure: + * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)): + * persistence level. This value indicates what device management + * actions can cause it to be destroyed. In particular, it indicates + * whether the key is _volatile_ or _persistent_. + * See ::psa_key_persistence_t for more information. + * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)): + * location indicator. This value indicates where the key is stored + * and where operations on the key are performed. + * See ::psa_key_location_t for more information. + * + * Volatile keys are automatically destroyed when the application instance + * terminates or on a power reset of the device. Persistent keys are + * preserved until the application explicitly destroys them or until an + * implementation-specific device management event occurs (for example, + * a factory reset). * - * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said - * to be _persistent_. - * Persistent keys are preserved if the application or the system restarts. * Persistent keys have a key identifier of type #psa_key_id_t. + * This identifier remains valid throughout the lifetime of the key, + * even if the application instance that created the key terminates. * The application can call psa_open_key() to open a persistent key that * it created previously. + * + * This specification defines two basic lifetime values: + * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile. + * All implementations should support this lifetime. + * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent. + * All implementations that have access to persistent storage with + * appropriate security guarantees should support this lifetime. */ typedef uint32_t psa_key_lifetime_t; +/** Encoding of key persistence levels. + * + * What distinguishes different persistence levels is what device management + * events may cause keys to be destroyed. _Volatile_ keys are destroyed + * by a power reset. Persistent keys may be destroyed by events such as + * a transfer of ownership or a factory reset. What management events + * actually affect persistent keys at different levels is outside the + * scope of the PSA Cryptography specification. + * + * This specification defines the following values of persistence levels: + * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key. + * A volatile key is automatically destroyed by the implementation when + * the application instance terminates. In particular, a volatile key + * is automatically destroyed on a power reset of the device. + * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT: + * persistent key with a default lifetime. + * Implementations should support this value if they support persistent + * keys at all. + * Applications should use this value if they have no specific needs that + * are only met by implementation-specific features. + * - \c 2-127: persistent key with a PSA-specified lifetime. + * The PSA Cryptography specification does not define the meaning of these + * values, but other PSA specifications may do so. + * - \c 128-254: persistent key with a vendor-specified lifetime. + * No PSA specification will define the meaning of these values, so + * implementations may choose the meaning freely. + * As a guideline, higher persistence levels should cause a key to survive + * more management events than lower levels. + * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY: + * read-only or write-once key. + * A key with this persistence level cannot be destroyed. + * Implementations that support such keys may either allow their creation + * through the PSA Cryptography API, preferably only to applications with + * the appropriate privilege, or only expose keys created through + * implementation-specific means such as a factory ROM engraving process. + * Note that keys that are read-only due to policy restrictions + * rather than due to physical limitations should not have this + * persistence levels. + * + * \note Key persistence levels are 8-bit values. Key management + * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which + * encode the persistence as the lower 8 bits of a 32-bit value. + */ +typedef uint8_t psa_key_persistence_t; + +/** Encoding of key location indicators. + * + * If an implementation of this API can make calls to external + * cryptoprocessors such as secure elements, the location of a key + * indicates which secure element performs the operations on the key. + * If an implementation offers multiple physical locations for persistent + * storage, the location indicator reflects at which physical location + * the key is stored. + * + * This specification defines the following values of location indicators: + * - \c 0: primary local storage. + * All implementations should support this value. + * The primary local storage is typically the same storage area that + * contains the key metadata. + * - \c 1: primary secure element. + * Implementations should support this value if there is a secure element + * attached to the operating environment. + * As a guideline, secure elements may provide higher resistance against + * side channel and physical attacks than the primary local storage, but may + * have restrictions on supported key types, sizes, policies and operations + * and may have different performance characteristics. + * - \c 2-0x7fffff: other locations defined by a PSA specification. + * The PSA Cryptography API does not currently assign any meaning to these + * locations, but future versions of this specification or other PSA + * specifications may do so. + * - \c 0x800000-0xffffff: vendor-defined locations. + * No PSA specification will assign a meaning to locations in this range. + * + * \note Key location indicators are 24-bit values. Key management + * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which + * encode the location as the upper 24 bits of a 32-bit value. + */ +typedef uint32_t psa_key_location_t; + /** Encoding of identifiers of persistent keys. * * - Applications may freely choose key identifiers in the range diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index baaabff1e..18b2d5ad1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1539,12 +1539,20 @@ * @{ */ -/** A volatile key only exists as long as the handle to it is not closed. +/** The default lifetime for volatile keys. + * + * A volatile key only exists as long as the handle to it is not closed. * The key material is guaranteed to be erased on a power reset. + * + * A key with this lifetime is typically stored in the RAM area of the + * PSA Crypto subsystem. However this is an implementation choice. + * If an implementation stores data about the key in a non-volatile memory, + * it must release all the resources associated with the key and erase the + * key material if the calling application terminates. */ #define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000) -/** The default storage area for persistent keys. +/** The default lifetime for persistent keys. * * A persistent key remains in storage until it is explicitly destroyed or * until the corresponding storage area is wiped. This specification does @@ -1555,9 +1563,77 @@ * This lifetime value is the default storage area for the calling * application. Implementations may offer other storage areas designated * by other lifetime values as implementation-specific extensions. + * See ::psa_key_lifetime_t for more information. */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001) +/** The persistence level of volatile keys. + * + * See ::psa_key_persistence_t for more information. + */ +#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00) + +/** The default persistence level for persistent keys. + * + * See ::psa_key_persistence_t for more information. + */ +#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01) + +/** A persistence level indicating that a key is never destroyed. + * + * See ::psa_key_persistence_t for more information. + */ +#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff) + +#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \ + ((psa_key_persistence_t)((lifetime) & 0x000000ff)) + +#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \ + ((psa_key_location_t)((lifetime) >> 8)) + +/** Whether a key lifetime indicates that the key is volatile. + * + * A volatile key is automatically destroyed by the implementation when + * the application instance terminates. In particular, a volatile key + * is automatically destroyed on a power reset of the device. + * + * A key that is not volatile is persistent. Persistent keys are + * preserved until the application explicitly destroys them or until an + * implementation-specific device management event occurs (for example, + * a factory reset). + * + * \param lifetime The lifetime value to query (value of type + * ::psa_key_lifetime_t). + * + * \return \c 1 if the key is volatile, otherwise \c 0. + */ +#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \ + (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ + PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) + +/** Construct a lifetime from a persistence level and a location. + * + * \param persistence The persistence level + * (value of type ::psa_key_persistence_t). + * \param location The location indicator + * (value of type ::psa_key_location_t). + * + * \return The constructed lifetime value. + */ +#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \ + ((location) << 8 | (persistence)) + +/** The local storage area for persistent keys. + * + * This storage area is available on all systems that can store persistent + * keys without delegating the storage to a third-party cryptoprocessor. + * + * See ::psa_key_location_t for more information. + */ +#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000) + +#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000) + /** The minimum value for a key identifier chosen by the application. */ #define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index b9f186a96..087c768f4 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -66,7 +66,7 @@ typedef struct struct psa_se_drv_table_entry_s { - psa_key_lifetime_t lifetime; + psa_key_location_t location; const psa_drv_se_t *methods; union { @@ -81,15 +81,16 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry( psa_key_lifetime_t lifetime ) { size_t i; - /* In the driver table, lifetime=0 means an entry that isn't used. - * No driver has a lifetime of 0 because it's a reserved value - * (which designates volatile keys). Make sure we never return - * a driver entry for lifetime 0. */ - if( lifetime == 0 ) + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); + /* In the driver table, location=0 means an entry that isn't used. + * No driver has a location of 0 because it's a reserved value + * (which designates transparent keys). Make sure we never return + * a driver entry for location 0. */ + if( location == 0 ) return( NULL ); for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].lifetime == lifetime ) + if( driver_table[i].location == location ) return( &driver_table[i] ); } return( NULL ); @@ -129,7 +130,7 @@ static psa_status_t psa_get_se_driver_its_file_uid( const psa_se_drv_table_entry_t *driver, psa_storage_uid_t *uid ) { - if( driver->lifetime > PSA_MAX_SE_LIFETIME ) + if( driver->location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); #if SIZE_MAX > UINT32_MAX @@ -139,7 +140,7 @@ static psa_status_t psa_get_se_driver_its_file_uid( #endif /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ - *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime; + *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location; return( PSA_SUCCESS ); } @@ -186,12 +187,12 @@ psa_status_t psa_save_se_persistent_data( 0 ) ); } -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ) +psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ) { psa_storage_uid_t uid; - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); - uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime; + uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location; return( psa_its_remove( uid ) ); } @@ -202,9 +203,11 @@ psa_status_t psa_find_se_slot_for_key( psa_key_slot_number_t *slot_number ) { psa_status_t status; + psa_key_location_t key_location = + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); - /* If the lifetime is wrong, it's a bug in the library. */ - if( driver->lifetime != psa_get_key_lifetime( attributes ) ) + /* If the location is wrong, it's a bug in the library. */ + if( driver->location != key_location ) return( PSA_ERROR_CORRUPTION_DETECTED ); /* If the driver doesn't support key creation in any way, give up now. */ @@ -278,7 +281,7 @@ psa_status_t psa_init_all_se_drivers( void ) for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { psa_se_drv_table_entry_t *driver = &driver_table[i]; - if( driver->lifetime == 0 ) + if( driver->location == 0 ) continue; /* skipping unused entry */ const psa_drv_se_t *methods = psa_get_se_driver_methods( driver ); if( methods->p_init != NULL ) @@ -286,7 +289,7 @@ psa_status_t psa_init_all_se_drivers( void ) psa_status_t status = methods->p_init( &driver->u.context, driver->u.internal.persistent_data, - driver->lifetime ); + driver->location ); if( status != PSA_SUCCESS ) return( status ); status = psa_save_se_persistent_data( driver ); @@ -304,7 +307,7 @@ psa_status_t psa_init_all_se_drivers( void ) /****************************************************************/ psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, + psa_key_location_t location, const psa_drv_se_t *methods) { size_t i; @@ -313,33 +316,30 @@ psa_status_t psa_register_se_driver( if( methods->hal_version != PSA_DRV_SE_HAL_VERSION ) return( PSA_ERROR_NOT_SUPPORTED ); /* Driver table entries are 0-initialized. 0 is not a valid driver - * lifetime because it means a volatile key. */ + * location because it means a transparent key. */ #if defined(static_assert) - static_assert( PSA_KEY_LIFETIME_VOLATILE == 0, - "Secure element support requires 0 to mean a volatile key" ); + static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0, + "Secure element support requires 0 to mean a local key" ); #endif - if( lifetime == PSA_KEY_LIFETIME_VOLATILE || - lifetime == PSA_KEY_LIFETIME_PERSISTENT ) - { + if( location == PSA_KEY_LOCATION_LOCAL_STORAGE ) return( PSA_ERROR_INVALID_ARGUMENT ); - } - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( PSA_ERROR_NOT_SUPPORTED ); for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) { - if( driver_table[i].lifetime == 0 ) + if( driver_table[i].location == 0 ) break; - /* Check that lifetime isn't already in use up to the first free + /* Check that location isn't already in use up to the first free * entry. Since entries are created in order and never deleted, * there can't be a used entry after the first free entry. */ - if( driver_table[i].lifetime == lifetime ) + if( driver_table[i].location == location ) return( PSA_ERROR_ALREADY_EXISTS ); } if( i == PSA_MAX_SE_DRIVERS ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - driver_table[i].lifetime = lifetime; + driver_table[i].location = location; driver_table[i].methods = methods; driver_table[i].u.internal.persistent_data_size = methods->persistent_data_size; diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 86bf7a7b1..c1450656c 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -31,31 +31,30 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" -/** The maximum lifetime value that this implementation supports +/** The maximum location value that this implementation supports * for a secure element. * * This is not a characteristic that each PSA implementation has, but a * limitation of the current implementation due to the constraints imposed * by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. * - * The minimum lifetime value for a secure element is 2, like on any - * PSA implementation (0=volatile and 1=internal-storage are taken). + * The minimum location value for a secure element is 1, like on any + * PSA implementation (0 means a transparent key). */ -#define PSA_MAX_SE_LIFETIME 255 +#define PSA_MAX_SE_LOCATION 255 /** The base of the range of ITS file identifiers for secure element * driver persistent data. * * We use a slice of the implemenation reserved range 0xffff0000..0xffffffff, * specifically the range 0xfffffe00..0xfffffeff. The length of this range - * drives the value of #PSA_MAX_SE_LIFETIME. - * The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since - * they correspond to #PSA_KEY_LIFETIME_VOLATILE and - * #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver. + * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is + * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE + * which doesn't have a driver. */ #define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 ) -/** The maximum number of registered secure element driver lifetimes. */ +/** The maximum number of registered secure element driver locations. */ #define PSA_MAX_SE_DRIVERS 4 /** Unregister all secure element drivers. @@ -173,10 +172,10 @@ psa_status_t psa_save_se_persistent_data( * * This is currently only used for testing. * - * \param[in] lifetime The driver lifetime whose persistent data should - * be erased. + * \param[in] location The location identifier for the driver whose + * persistent data is to be erased. */ -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ); +psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ); /** The storage representation of a key whose data is in a secure element. diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 0c2411b34..55c34266b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -6,14 +6,11 @@ register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS Register SE driver: good, again register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS -Register SE driver: invalid lifetime (0) +Register SE driver: invalid location (0) register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT -Register SE driver: invalid lifetime (VOLATILE) -register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT - -Register SE driver: invalid lifetime (PERSISTENT) -register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT +Register SE driver: invalid location (local) +register_one:PSA_KEY_LOCATION_LOCAL_STORAGE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT Register SE driver: invalid version (ancient) register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED @@ -121,7 +118,7 @@ Key generation smoke test: HMAC-SHA-256 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test -register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS Key registration: invalid lifetime (volatile) register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT @@ -130,13 +127,13 @@ Key registration: invalid lifetime (internal storage) register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (no registered driver) -register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT Key registration: rejected -register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED Key registration: not supported -register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index b468d5e5c..f95f7e526 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -18,8 +18,14 @@ /* Test driver helpers */ /****************************************************************/ -/** The minimum valid lifetime value for a secure element driver. */ -#define MIN_DRIVER_LIFETIME 2 +/** The minimum valid location value for a secure element driver. */ +#define MIN_DRIVER_LOCATION 1 + +/** The location and lifetime used for tests that use a single driver. */ +#define TEST_DRIVER_LOCATION 1 +#define TEST_SE_PERSISTENT_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) /** The driver detected a condition that shouldn't happen. * This is probably a bug in the library. */ @@ -547,7 +553,7 @@ static int check_key_attributes( psa_get_key_lifetime( &actual_attributes ); psa_status_t status = psa_get_key_slot_number( &actual_attributes, &actual_slot_number ); - if( lifetime < MIN_DRIVER_LIFETIME ) + if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION ) { /* The key is not in a secure element. */ TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); @@ -571,23 +577,23 @@ exit: return( ok ); } -/* Get the file UID corresponding to the specified lifetime. +/* Get the file UID corresponding to the specified location. * If this changes, the storage format version must change. * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. */ -psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime ) +psa_storage_uid_t file_uid_for_location( psa_key_location_t location ) { - if( lifetime > PSA_MAX_SE_LIFETIME ) + if( location > PSA_MAX_SE_LOCATION ) return( 0 ); - return( 0xfffffe00 + lifetime ); + return( 0xfffffe00 + location ); } /* Check that the persistent data of a driver has its expected content. */ -static int check_persistent_data( psa_key_lifetime_t lifetime, +static int check_persistent_data( psa_key_location_t location, const void *expected_data, size_t size ) { - psa_storage_uid_t uid = file_uid_for_lifetime( lifetime ); + psa_storage_uid_t uid = file_uid_for_location( location ); struct psa_storage_info_t info; uint8_t *loaded = NULL; int ok = 0; @@ -737,7 +743,7 @@ exit: static void psa_purge_storage( void ) { psa_key_id_t id; - psa_key_lifetime_t lifetime; + psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ @@ -746,8 +752,8 @@ static void psa_purge_storage( void ) /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ - for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ ) - psa_destroy_se_persistent_data( lifetime ); + for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) + psa_destroy_se_persistent_data( location ); } /* END_HEADER */ @@ -758,7 +764,7 @@ static void psa_purge_storage( void ) */ /* BEGIN_CASE */ -void register_one( int lifetime, int version, int expected_status_arg ) +void register_one( int location, int version, int expected_status_arg ) { psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; @@ -766,7 +772,7 @@ void register_one( int lifetime, int version, int expected_status_arg ) memset( &driver, 0, sizeof( driver ) ); driver.hal_version = version; - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), expected_status ); PSA_ASSERT( psa_crypto_init( ) ); @@ -780,16 +786,16 @@ exit: void register_twice( int count ) { psa_drv_se_t driver; - psa_key_lifetime_t lifetime; - psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count; + psa_key_location_t location; + psa_key_location_t max = MIN_DRIVER_LOCATION + count; memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + TEST_EQUAL( psa_register_se_driver( location, &driver ), PSA_ERROR_ALREADY_EXISTS ); PSA_ASSERT( psa_crypto_init( ) ); @@ -803,16 +809,16 @@ exit: void register_max( ) { psa_drv_se_t driver; - psa_key_lifetime_t lifetime; - psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS; + psa_key_location_t location; + psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS; memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ ) - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + for( location = MIN_DRIVER_LOCATION; location < max; location++ ) + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), PSA_ERROR_INSUFFICIENT_MEMORY ); PSA_ASSERT( psa_crypto_init( ) ); @@ -827,7 +833,8 @@ void key_creation_import_export( int min_slot, int restart ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -846,7 +853,7 @@ void key_creation_import_export( int min_slot, int restart ) key_management.p_export = ram_export; ram_min_slot = min_slot; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -857,7 +864,7 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -866,9 +873,9 @@ void key_creation_import_export( int min_slot, int restart ) if( restart ) { mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -894,7 +901,7 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -921,7 +928,8 @@ void key_creation_in_chosen_slot( int slot_arg, psa_status_t status; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -937,7 +945,7 @@ void key_creation_in_chosen_slot( int slot_arg, key_management.p_destroy = ram_destroy; key_management.p_export = ram_export; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -953,7 +961,7 @@ void key_creation_in_chosen_slot( int slot_arg, if( status != PSA_SUCCESS ) goto exit; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -962,9 +970,9 @@ void key_creation_in_chosen_slot( int slot_arg, if( restart ) { mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -980,7 +988,7 @@ void key_creation_in_chosen_slot( int slot_arg, PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; @@ -1002,7 +1010,8 @@ void import_key_smoke( int type_arg, int alg_arg, psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1016,7 +1025,7 @@ void import_key_smoke( int type_arg, int alg_arg, key_management.p_import = null_import; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -1031,7 +1040,7 @@ void import_key_smoke( int type_arg, int alg_arg, PSA_ASSERT( psa_import_key( &attributes, key_material->x, key_material->len, &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1041,9 +1050,9 @@ void import_key_smoke( int type_arg, int alg_arg, /* Restart and try again. */ mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; PSA_ASSERT( psa_open_key( id, &handle ) ); @@ -1053,7 +1062,7 @@ void import_key_smoke( int type_arg, int alg_arg, /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; TEST_EQUAL( psa_open_key( id, &handle ), @@ -1073,7 +1082,8 @@ void generate_key_not_supported( int type_arg, int bits_arg ) size_t bits = bits_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1086,7 +1096,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) key_management.p_allocate = counter_allocate; /* No p_generate method */ - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -1111,7 +1121,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1125,7 +1136,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) key_management.p_generate = null_generate; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Create a key. */ @@ -1139,7 +1150,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1149,9 +1160,9 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* Restart and try again. */ mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; PSA_ASSERT( psa_open_key( id, &handle ) ); @@ -1161,7 +1172,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); handle = 0; - if( ! check_persistent_data( lifetime, + if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; TEST_EQUAL( psa_open_key( id, &handle ), @@ -1190,7 +1201,8 @@ void sign_verify( int flow, psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t drv_handle = 0; /* key managed by the driver */ psa_key_handle_t sw_handle = 0; /* transparent key */ @@ -1229,7 +1241,7 @@ void sign_verify( int flow, } asymmetric.p_verify = ram_verify; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); /* Prepare to create two keys with the same key material: a transparent @@ -1347,6 +1359,7 @@ void register_key_smoke_test( int lifetime_arg, int expected_status_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; @@ -1371,7 +1384,7 @@ void register_key_smoke_test( int lifetime_arg, ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED ); } - PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) ); + PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -1395,7 +1408,7 @@ void register_key_smoke_test( int lifetime_arg, /* Restart and try again. */ PSA_DONE( ); - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_open_key( id, &handle ) ); if( ! check_key_attributes( handle, &attributes ) ) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data index f60bd7602..23e035a41 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data @@ -1,11 +1,14 @@ SE init mock test: success -mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 +mock_init:1:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 SE init mock test: failure -mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1 +mock_init:1:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1 -SE init mock test: invalid lifetime -mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 +SE init mock test: invalid location (0) +mock_init:0:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 + +SE init mock test: location not supported (INT_MAX) +mock_init:INT_MAX:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0 SE key importing mock test mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 9f17b84f1..f6acb0727 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -5,10 +5,16 @@ #include "psa_crypto_se.h" #include "psa_crypto_storage.h" +/** The location and lifetime used for tests that use a single driver. */ +#define TEST_DRIVER_LOCATION 1 +#define TEST_SE_PERSISTENT_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) + static struct { uint16_t called; - psa_key_lifetime_t lifetime; + psa_key_location_t location; psa_status_t return_value; } mock_init_data; @@ -84,7 +90,7 @@ static struct static void psa_purge_storage( void ) { psa_key_id_t id; - psa_key_lifetime_t lifetime; + psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ @@ -93,8 +99,8 @@ static void psa_purge_storage( void ) /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ - for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ ) - psa_destroy_se_persistent_data( lifetime ); + for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) + psa_destroy_se_persistent_data( location ); } static void mock_teardown( void ) @@ -113,13 +119,13 @@ static void mock_teardown( void ) static psa_status_t mock_init( psa_drv_se_context_t *drv_context, void *persistent_data, - psa_key_lifetime_t lifetime ) + psa_key_location_t location ) { (void) drv_context; (void) persistent_data; mock_init_data.called++; - mock_init_data.lifetime = lifetime; + mock_init_data.location = location; return( mock_init_data.return_value ); } @@ -279,13 +285,13 @@ psa_status_t mock_destroy( psa_drv_se_context_t *context, */ /* BEGIN_CASE */ -void mock_init( int lifetime_arg, +void mock_init( int location_arg, int expected_register_status_arg, int driver_status_arg, int expected_psa_status_arg, int expected_called ) { - psa_key_lifetime_t lifetime = lifetime_arg; + psa_key_location_t location = location_arg; psa_status_t expected_register_status = expected_register_status_arg; psa_status_t driver_status = driver_status_arg; psa_status_t expected_psa_status = expected_psa_status_arg; @@ -297,7 +303,7 @@ void mock_init( int lifetime_arg, mock_init_data.return_value = driver_status; - TEST_EQUAL( psa_register_se_driver( lifetime, &driver ), + TEST_EQUAL( psa_register_se_driver( location, &driver ), expected_register_status ); psa_crypto_init_called = 1; @@ -305,7 +311,7 @@ void mock_init( int lifetime_arg, TEST_EQUAL( mock_init_data.called, expected_called ); if( expected_called ) - TEST_EQUAL( mock_init_data.lifetime, lifetime ); + TEST_EQUAL( mock_init_data.location, location ); exit: if( psa_crypto_init_called ) @@ -322,7 +328,8 @@ void mock_import( int mock_alloc_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -339,7 +346,7 @@ void mock_import( int mock_alloc_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -378,7 +385,8 @@ void mock_export( int mock_export_return_value, int expected_result ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -397,7 +405,7 @@ void mock_export( int mock_export_return_value, int expected_result ) key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -431,7 +439,8 @@ void mock_generate( int mock_alloc_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -446,7 +455,7 @@ void mock_generate( int mock_alloc_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -485,7 +494,8 @@ void mock_export_public( int mock_export_public_return_value, { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -503,7 +513,7 @@ void mock_export_public( int mock_export_public_return_value, key_management.p_destroy = mock_destroy; key_management.p_allocate = mock_allocate; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -534,7 +544,8 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -559,7 +570,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) driver.asymmetric = &asymmetric; asymmetric.p_sign = mock_sign; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id ); @@ -594,7 +605,8 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; - psa_key_lifetime_t lifetime = 2; + psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -618,7 +630,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) driver.asymmetric = &asymmetric; asymmetric.p_verify = mock_verify; - PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) ); + PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_id( &attributes, id );