mbedtls/tests/suites/test_suite_psa_crypto_persistent_key.function

/* BEGIN_HEADER */
#include <stdint.h>
#include "psa/crypto.h"
#include "psa_crypto_storage.h"
#include "psa_crypto_storage_backend.h"
#include "mbedtls/md.h"

#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )

typedef struct {
    uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
    uint8_t version[4];
    uint8_t type[sizeof( psa_key_type_t )];
    uint8_t policy[sizeof( psa_key_policy_t )];
    uint8_t data_len[4];
    uint8_t key_data[];
} psa_persistent_key_storage_format;

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void format_storage_data_check( data_t *key_data,
                                data_t *expected_file_data,
                                int key_type, int key_usage, int key_alg )
{
    uint8_t *file_data;
    size_t file_data_length;
    psa_key_policy_t key_policy;

    key_policy.usage = (psa_key_usage_t) key_usage;
    key_policy.alg = (psa_algorithm_t) key_alg;

    file_data_length = key_data->len + sizeof( psa_persistent_key_storage_format );
    file_data = mbedtls_calloc( 1, file_data_length );
    psa_format_key_data_for_storage( key_data->x, key_data->len,
                                     (psa_key_type_t) key_type, &key_policy,
                                     file_data );

    ASSERT_COMPARE( expected_file_data->x, expected_file_data->len,
                    file_data, file_data_length );
    mbedtls_free( file_data );
}
/* END_CASE */

/* BEGIN_CASE */
void parse_storage_data_check( data_t *file_data,
                               data_t *expected_key_data,
                               int expected_key_type,
                               int expected_key_usage,
                               int expected_key_alg,
                               int expected_status )
{
    uint8_t *key_data = NULL;
    size_t key_data_length = 0;
    psa_key_type_t key_type = 0;
    psa_key_policy_t key_policy;
    psa_status_t status;

    status = psa_parse_key_data_from_storage( file_data->x, file_data->len,
                                              &key_data, &key_data_length,
                                              &key_type, &key_policy );

    TEST_EQUAL( status, expected_status );
    if( status != PSA_SUCCESS )
        goto exit;

    TEST_EQUAL( key_type, (psa_key_type_t) expected_key_type );
    TEST_EQUAL( key_policy.usage, (uint32_t) expected_key_usage );
    TEST_EQUAL( key_policy.alg, (uint32_t) expected_key_alg );
    ASSERT_COMPARE( expected_key_data->x, expected_key_data->len,
                    key_data, key_data_length );

exit:
    mbedtls_free( key_data );
}
/* END_CASE */

/* BEGIN_CASE */
void save_large_persistent_key( int data_too_large, int expected_status )
{
    psa_key_id_t key_id = 42;
    psa_key_handle_t handle = 0;
    uint8_t *data = NULL;
    size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;

    if( data_too_large )
        data_length += 1;

    ASSERT_ALLOC( data, data_length );

    PSA_ASSERT( psa_crypto_init() );

    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
                                &handle ) );

    TEST_EQUAL( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
                                data, data_length ),
                expected_status );

exit:
    mbedtls_free( data );
    mbedtls_psa_crypto_free();
    psa_destroy_persistent_key( key_id );
}
/* END_CASE */

/* BEGIN_CASE */
void persistent_key_destroy( int key_id_arg, int should_store,
                             int first_type_arg, data_t *first_data,
                             int second_type_arg, data_t *second_data )
{
    psa_key_id_t key_id = key_id_arg;
    psa_key_handle_t handle = 0;
    psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
    psa_key_type_t second_type = (psa_key_type_t) second_type_arg;

    PSA_ASSERT( psa_crypto_init() );

    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
                                &handle ) );

    if( should_store == 1 )
    {
        PSA_ASSERT( psa_import_key(
                        handle, first_type,
                        first_data->x, first_data->len ) );
    }

    /* Destroy the key */
    PSA_ASSERT( psa_destroy_key( handle ) );

    /* Check key slot storage is removed */
    TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
    TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
                PSA_ERROR_EMPTY_SLOT );
    TEST_EQUAL( handle, 0 );

    /* Shutdown and restart */
    mbedtls_psa_crypto_free();
    PSA_ASSERT( psa_crypto_init() );

    /* Create another key in the same slot */
    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
                                &handle ) );
    PSA_ASSERT( psa_import_key(
                    handle, second_type,
                    second_data->x, second_data->len ) );

exit:
    mbedtls_psa_crypto_free();
    psa_destroy_persistent_key( key_id );
}
/* END_CASE */

/* BEGIN_CASE */
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
                            int expected_status )
{
    psa_key_lifetime_t lifetime;
    psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
    psa_key_type_t type = (psa_key_type_t) type_arg;
    psa_key_handle_t handle = 0;

    PSA_ASSERT( psa_crypto_init() );

    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
                                &handle ) );
    TEST_EQUAL( psa_import_key( handle, type, data->x, data->len ),
                expected_status );

    if( expected_status != PSA_SUCCESS )
    {
        TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
        goto exit;
    }

    PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime ) );
    TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );

exit:
    psa_destroy_persistent_key( key_id );
    mbedtls_psa_crypto_free();
}
/* END_CASE */

/* BEGIN_CASE */
void import_export_persistent_key( data_t *data, int type_arg,
                                   int expected_bits, int key_not_exist )
{
    psa_key_id_t key_id = 42;
    psa_key_type_t type = (psa_key_type_t) type_arg;
    psa_key_handle_t handle = 0;
    unsigned char *exported = NULL;
    size_t export_size = data->len;
    size_t exported_length;
    psa_key_type_t got_type;
    size_t got_bits;
    psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
    psa_key_lifetime_t lifetime_get;

    ASSERT_ALLOC( exported, export_size );

    PSA_ASSERT( psa_crypto_init( ) );

    PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
                                &handle ) );

    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
                              PSA_ALG_VENDOR_FLAG );
    PSA_ASSERT( psa_set_key_policy( handle, &policy ) );

    /* Import the key */
    PSA_ASSERT( psa_import_key( handle, type,
                                data->x, data->len ) );

    PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) );
    TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );

    /* Test the key information */
    PSA_ASSERT( psa_get_key_information(
                    handle, &got_type, &got_bits ) );
    TEST_EQUAL( got_type, type );
    TEST_EQUAL( got_bits, (size_t) expected_bits );

    TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );

    if( key_not_exist )
    {
        psa_destroy_persistent_key( key_id );
    }
    /* Export the key */
    PSA_ASSERT( psa_export_key( handle, exported, export_size,
                                &exported_length ) );

    ASSERT_COMPARE( data->x, data->len, exported, exported_length );

    /* Destroy the key */
    PSA_ASSERT( psa_destroy_key( handle ) );
    TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );

exit:
    mbedtls_free( exported );
    mbedtls_psa_crypto_free( );
    psa_destroy_persistent_key( key_id );
}
/* END_CASE */