mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 13:21:06 +00:00
1df83d4f5b
For a key in a secure element, persist the key slot. This is implemented in the nominal case. Failures may not be handled properly.
268 lines
8.6 KiB
Plaintext
268 lines
8.6 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "psa_crypto_helpers.h"
|
|
#include "psa/crypto_se_driver.h"
|
|
|
|
#include "psa_crypto_se.h"
|
|
#include "psa_crypto_storage.h"
|
|
|
|
/** The minimum valid lifetime value for a secure element driver. */
|
|
#define MIN_DRIVER_LIFETIME 2
|
|
|
|
/** The driver detected a condition that shouldn't happen.
|
|
* This is probably a bug in the library. */
|
|
#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 ))
|
|
|
|
/** Like #TEST_ASSERT for use in a driver method.
|
|
*
|
|
* Use this macro to assert on guarantees provided by the core.
|
|
*/
|
|
#define DRIVER_ASSERT( TEST ) \
|
|
do { \
|
|
if( ! (TEST) ) \
|
|
{ \
|
|
test_fail( #TEST, __LINE__, __FILE__ ); \
|
|
return( PSA_ERROR_DETECTED_BY_DRIVER ); \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#define RAM_MAX_KEY_SIZE 64
|
|
typedef struct
|
|
{
|
|
psa_key_lifetime_t lifetime;
|
|
psa_key_type_t type;
|
|
size_t bits;
|
|
uint8_t content[RAM_MAX_KEY_SIZE];
|
|
} ram_slot_t;
|
|
static ram_slot_t ram_slots[16];
|
|
|
|
/* A type with at least ARRAY_LENGTH(ram_slots) bits, containing a
|
|
* bit vector indicating which slots are in use. */
|
|
typedef uint16_t ram_slot_usage_t;
|
|
|
|
static uint8_t ram_min_slot = 0;
|
|
|
|
static void ram_slots_reset( void )
|
|
{
|
|
memset( ram_slots, 0, sizeof( ram_slots ) );
|
|
ram_min_slot = 0;
|
|
}
|
|
|
|
static psa_status_t ram_import( psa_drv_se_context_t *context,
|
|
psa_key_slot_number_t slot_number,
|
|
psa_key_lifetime_t lifetime,
|
|
psa_key_type_t type,
|
|
psa_algorithm_t algorithm,
|
|
psa_key_usage_t usage,
|
|
const uint8_t *p_data,
|
|
size_t data_length )
|
|
{
|
|
(void) context;
|
|
DRIVER_ASSERT( slot_number < ARRAY_LENGTH( ram_slots ) );
|
|
if( data_length > sizeof( ram_slots[slot_number].content ) )
|
|
return( PSA_ERROR_INSUFFICIENT_STORAGE );
|
|
ram_slots[slot_number].lifetime = lifetime;
|
|
ram_slots[slot_number].type = type;
|
|
ram_slots[slot_number].bits = PSA_BYTES_TO_BITS( data_length );
|
|
(void) algorithm;
|
|
(void) usage;
|
|
memcpy( ram_slots[slot_number].content, p_data, data_length );
|
|
return( PSA_SUCCESS );
|
|
}
|
|
|
|
psa_status_t ram_export( psa_drv_se_context_t *context,
|
|
psa_key_slot_number_t slot_number,
|
|
uint8_t *p_data,
|
|
size_t data_size,
|
|
size_t *p_data_length )
|
|
{
|
|
size_t actual_size;
|
|
(void) context;
|
|
DRIVER_ASSERT( slot_number < ARRAY_LENGTH( ram_slots ) );
|
|
actual_size = PSA_BITS_TO_BYTES( ram_slots[slot_number].bits );
|
|
if( actual_size > data_size )
|
|
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
|
*p_data_length = actual_size;
|
|
memcpy( p_data, ram_slots[slot_number].content, actual_size );
|
|
return( PSA_SUCCESS );
|
|
}
|
|
|
|
psa_status_t ram_destroy( psa_drv_se_context_t *context,
|
|
void *persistent_data,
|
|
psa_key_slot_number_t slot_number )
|
|
{
|
|
ram_slot_usage_t *slot_usage = persistent_data;
|
|
DRIVER_ASSERT( context->persistent_data_size == sizeof( ram_slot_usage_t ) );
|
|
DRIVER_ASSERT( slot_number < ARRAY_LENGTH( ram_slots ) );
|
|
memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
|
|
*slot_usage &= ~(ram_slot_usage_t)( 1 << slot_number );
|
|
return( PSA_SUCCESS );
|
|
}
|
|
|
|
psa_status_t ram_allocate( psa_drv_se_context_t *context,
|
|
void *persistent_data,
|
|
const psa_key_attributes_t *attributes,
|
|
psa_key_slot_number_t *slot_number )
|
|
{
|
|
ram_slot_usage_t *slot_usage = persistent_data;
|
|
(void) attributes;
|
|
DRIVER_ASSERT( context->persistent_data_size == sizeof( ram_slot_usage_t ) );
|
|
for( *slot_number = ram_min_slot;
|
|
*slot_number < ARRAY_LENGTH( ram_slots );
|
|
++( *slot_number ) )
|
|
{
|
|
if( ! ( *slot_usage & 1 << *slot_number ) )
|
|
return( PSA_SUCCESS );
|
|
}
|
|
return( PSA_ERROR_INSUFFICIENT_STORAGE );
|
|
}
|
|
|
|
#define MAX_KEY_ID_FOR_TEST 10
|
|
void psa_purge_storage( void )
|
|
{
|
|
psa_key_id_t i;
|
|
/* The tests may have potentially created key ids from 1 to
|
|
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
|
|
* 0, which file-based storage uses as a temporary file. */
|
|
for( i = 0; i <= MAX_KEY_ID_FOR_TEST; i++ )
|
|
psa_destroy_persistent_key( i );
|
|
psa_crypto_stop_transaction( );
|
|
}
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PSA_CRYPTO_SE_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void register_one( int lifetime, int version, int expected_status_arg )
|
|
{
|
|
psa_status_t expected_status = expected_status_arg;
|
|
psa_drv_se_t driver;
|
|
|
|
memset( &driver, 0, sizeof( driver ) );
|
|
driver.hal_version = version;
|
|
|
|
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
|
|
expected_status );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void register_twice( int count )
|
|
{
|
|
psa_drv_se_t driver;
|
|
psa_key_lifetime_t lifetime;
|
|
psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count;
|
|
|
|
memset( &driver, 0, sizeof( driver ) );
|
|
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
|
|
|
|
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
|
|
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
|
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
|
|
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
|
|
PSA_ERROR_ALREADY_EXISTS );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void register_max( )
|
|
{
|
|
psa_drv_se_t driver;
|
|
psa_key_lifetime_t lifetime;
|
|
psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS;
|
|
|
|
memset( &driver, 0, sizeof( driver ) );
|
|
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
|
|
|
|
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
|
|
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
|
|
|
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
|
|
PSA_ERROR_INSUFFICIENT_MEMORY );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void key_creation_import_export( int min_slot, int restart )
|
|
{
|
|
psa_drv_se_t driver;
|
|
psa_drv_se_key_management_t key_management;
|
|
psa_key_lifetime_t lifetime = 2;
|
|
psa_key_id_t id = 1;
|
|
psa_key_handle_t handle = 0;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
const uint8_t key_material[3] = {0xfa, 0xca, 0xde};
|
|
uint8_t exported[sizeof( key_material )];
|
|
size_t exported_length;
|
|
|
|
memset( &driver, 0, sizeof( driver ) );
|
|
memset( &key_management, 0, sizeof( key_management ) );
|
|
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
|
|
driver.key_management = &key_management;
|
|
driver.persistent_data_size = sizeof( ram_slot_usage_t );
|
|
key_management.p_allocate = ram_allocate;
|
|
key_management.p_import = ram_import;
|
|
key_management.p_destroy = ram_destroy;
|
|
key_management.p_export = ram_export;
|
|
ram_min_slot = min_slot;
|
|
|
|
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Create a key. */
|
|
psa_set_key_id( &attributes, id );
|
|
psa_set_key_lifetime( &attributes, lifetime );
|
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
|
PSA_ASSERT( psa_import_key( &attributes,
|
|
key_material, sizeof( key_material ),
|
|
&handle ) );
|
|
|
|
/* Maybe restart, to check that the information is saved correctly. */
|
|
if( restart )
|
|
{
|
|
mbedtls_psa_crypto_free( );
|
|
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
PSA_ASSERT( psa_open_key( id, &handle ) );
|
|
}
|
|
|
|
/* Test that the key was created in the expected slot. */
|
|
TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
|
|
|
|
PSA_ASSERT( psa_export_key( handle,
|
|
exported, sizeof( exported ),
|
|
&exported_length ) );
|
|
ASSERT_COMPARE( key_material, sizeof( key_material ),
|
|
exported, exported_length );
|
|
|
|
PSA_ASSERT( psa_destroy_key( handle ) );
|
|
|
|
/* Test that the key has been erased from the designated slot. */
|
|
TEST_ASSERT( ram_slots[min_slot].type == 0 );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
ram_slots_reset( );
|
|
psa_purge_storage( );
|
|
}
|
|
/* END_CASE */
|