yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-24 08:07:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add test driver implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS

Browse source 
As part of test_psa_crypto_drivers, define a builtin symmetric
plus an ECC key on the test driver lifetime.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-02-19 18:04:59 +01:00
parent 6801f08973
commit f9a55ffa2c
4 changed files with 109 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
library/psa_crypto_driver_wrappers.c
View file

@ -257,6 +257,16 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
{ {
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME: case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Emulate property 'builtin_key_size' */
if( psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
psa_get_key_id( attributes ) ) ) )
{
*key_buffer_size = sizeof(psa_drv_slot_number_t);
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION #ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
*key_buffer_size = test_size_function( key_type, key_bits ); *key_buffer_size = test_size_function( key_type, key_bits );
return( PSA_SUCCESS ); return( PSA_SUCCESS );
@ -582,6 +592,17 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location ) switch( location )
{ {
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
return( test_opaque_get_builtin_key(
slot_number,
attributes,
key_buffer, key_buffer_size, key_buffer_length ) );
#else
return( PSA_ERROR_DOES_NOT_EXIST );
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#endif /* PSA_CRYPTO_DRIVER_TEST */
default: default:
(void) slot_number; (void) slot_number;
(void) key_buffer; (void) key_buffer;

10
tests/include/test/drivers/key_management.h
View file

@ -29,6 +29,11 @@
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h> #include <psa/crypto_driver_common.h>
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
#endif
typedef struct { typedef struct {
/* If non-null, on success, copy this to the output. */ /* If non-null, on success, copy this to the output. */
void *forced_output; void *forced_output;
@ -82,5 +87,10 @@ psa_status_t test_transparent_import_key(
size_t *key_buffer_length, size_t *key_buffer_length,
size_t *bits); size_t *bits);
psa_status_t test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */

59
tests/src/drivers/key_management.c
View file

@ -232,4 +232,63 @@ psa_status_t test_opaque_export_public_key(
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
} }
/* The opaque test driver exposes two built-in keys when builtin key support is
* compiled in.
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 key which allows CTR mode
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 private key which allows ECDSA sign & verify
* The key buffer format for these is the raw format of psa_drv_slot_number_t
* (i.e. for an actual driver this would mean 'builtin_key_size' = sizeof(psa_drv_slot_number_t))
*/
psa_status_t test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
switch( slot_number )
{
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( attributes, 128 );
psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( attributes, PSA_ALG_CTR );
*( (psa_drv_slot_number_t*) key_buffer ) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
*key_buffer_length = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) );
psa_set_key_bits( attributes, 256 );
psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
*( (psa_drv_slot_number_t*) key_buffer) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
*key_buffer_length = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );
default:
(void) slot_number;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
#else
(void) slot_number;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
return( PSA_ERROR_DOES_NOT_EXIST );
#endif
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */

21
tests/src/helpers.c
View file

@ -285,16 +285,33 @@ void mbedtls_param_failed( const char *failure_condition,
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
#include <psa/crypto.h> #include <psa/crypto.h>
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "test/drivers/test_driver.h"
#endif
typedef struct typedef struct
{ {
psa_key_id_t builtin_key_id; psa_key_id_t builtin_key_id;
psa_key_location_t location; psa_key_location_t location;
psa_drv_slot_number_t slot_number; psa_drv_slot_number_t slot_number;
} mbedtls_psa_builtin_key_description_t; } mbedtls_psa_builtin_key_description_t;
static const mbedtls_psa_builtin_key_description_t builtin_keys[] = { static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
// TODO: declare some keys #if defined(PSA_CRYPTO_DRIVER_TEST)
{0, 0, 0}, /* For testing, assign the AES builtin key slot to the boundary values.
* ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
{MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
#else
{0, 0, 0}
#endif
}; };
psa_status_t mbedtls_psa_platform_get_builtin_key( psa_status_t mbedtls_psa_platform_get_builtin_key(
psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number ) psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number )
{ {