mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-10-19 11:21:47 +00:00
c4d1b514ab
Define psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Make the handle of a persistent key be equal to its key identifier. For volatile keys, make the key handle equal to the volatile key identifier of the created volatile key. The unit tests are modified just to make them compile not to make them run successfully. They are fixed in the subsequent commits. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
807 lines
30 KiB
Plaintext
807 lines
30 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include <stdint.h>
|
|
|
|
#include "test/psa_crypto_helpers.h"
|
|
#include "psa_crypto_slot_management.h"
|
|
#include "psa_crypto_storage.h"
|
|
|
|
typedef enum
|
|
{
|
|
CLOSE_BY_CLOSE, /**< Close the handle(s). */
|
|
CLOSE_BY_DESTROY, /**< Destroy the handle(s). */
|
|
CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */
|
|
CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */
|
|
CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */
|
|
} close_method_t;
|
|
|
|
typedef enum
|
|
{
|
|
KEEP_OPEN,
|
|
CLOSE_BEFORE,
|
|
CLOSE_AFTER,
|
|
} reopen_policy_t;
|
|
|
|
typedef enum
|
|
{
|
|
INVALID_HANDLE_0,
|
|
INVALID_HANDLE_UNOPENED,
|
|
INVALID_HANDLE_CLOSED,
|
|
INVALID_HANDLE_HUGE,
|
|
} invalid_handle_construction_t;
|
|
|
|
/* All test functions that create persistent keys must call
|
|
* `TEST_USES_KEY_ID( key_id )` before creating a persistent key with this
|
|
* identifier, and must call psa_purge_key_storage() in their cleanup
|
|
* code. */
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
|
static mbedtls_svc_key_id_t key_ids_used_in_test[9];
|
|
static size_t num_key_ids_used;
|
|
|
|
/* Record a key id as potentially used in a test case. */
|
|
static int test_uses_key_id( mbedtls_svc_key_id_t key_id )
|
|
{
|
|
size_t i;
|
|
if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) >
|
|
PSA_MAX_PERSISTENT_KEY_IDENTIFIER )
|
|
{
|
|
/* Don't touch key id values that designate non-key files. */
|
|
return( 1 );
|
|
}
|
|
for( i = 0; i < num_key_ids_used ; i++ )
|
|
{
|
|
if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) )
|
|
return( 1 );
|
|
}
|
|
if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) )
|
|
return( 0 );
|
|
key_ids_used_in_test[num_key_ids_used] = key_id;
|
|
++num_key_ids_used;
|
|
return( 1 );
|
|
}
|
|
#define TEST_USES_KEY_ID( key_id ) \
|
|
TEST_ASSERT( test_uses_key_id( key_id ) )
|
|
|
|
/* Destroy all key ids that may have been created by the current test case. */
|
|
static void psa_purge_key_storage( void )
|
|
{
|
|
size_t i;
|
|
for( i = 0; i < num_key_ids_used; i++ )
|
|
psa_destroy_persistent_key( key_ids_used_in_test[i] );
|
|
num_key_ids_used = 0;
|
|
}
|
|
#else
|
|
#define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) )
|
|
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
|
|
|
/** Apply \p close_method to invalidate the specified handles:
|
|
* close it, destroy it, or do nothing;
|
|
*/
|
|
static int invalidate_handle( close_method_t close_method,
|
|
psa_key_handle_t handle )
|
|
{
|
|
switch( close_method )
|
|
{
|
|
case CLOSE_BY_CLOSE:
|
|
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
|
|
PSA_ASSERT( psa_close_key( handle ) );
|
|
break;
|
|
case CLOSE_BY_DESTROY:
|
|
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
|
|
PSA_ASSERT( psa_destroy_key( handle ) );
|
|
break;
|
|
case CLOSE_BY_SHUTDOWN:
|
|
break;
|
|
}
|
|
return( 1 );
|
|
exit:
|
|
return( 0 );
|
|
}
|
|
|
|
/** Restart the PSA subsystem if \p close_method says so. */
|
|
static int invalidate_psa( close_method_t close_method )
|
|
{
|
|
switch( close_method )
|
|
{
|
|
case CLOSE_BY_CLOSE:
|
|
case CLOSE_BY_DESTROY:
|
|
return( 1 );
|
|
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
|
|
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
|
|
/* All keys must have been closed. */
|
|
PSA_DONE( );
|
|
break;
|
|
case CLOSE_BY_SHUTDOWN:
|
|
/* Some keys may remain behind, and we're testing that this
|
|
* properly closes them. */
|
|
mbedtls_psa_crypto_free( );
|
|
break;
|
|
}
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
ASSERT_PSA_PRISTINE( );
|
|
return( 1 );
|
|
|
|
exit:
|
|
return( 0 );
|
|
}
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_PSA_CRYPTO_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void transient_slot_lifecycle( int usage_arg, int alg_arg,
|
|
int type_arg, data_t *key_data,
|
|
int close_method_arg )
|
|
{
|
|
psa_algorithm_t alg = alg_arg;
|
|
psa_key_usage_t usage_flags = usage_arg;
|
|
psa_key_type_t type = type_arg;
|
|
close_method_t close_method = close_method_arg;
|
|
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Import a key. */
|
|
psa_set_key_usage_flags( &attributes, usage_flags );
|
|
psa_set_key_algorithm( &attributes, alg );
|
|
psa_set_key_type( &attributes, type );
|
|
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
|
&handle ) );
|
|
TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
|
|
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
|
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
|
|
|
/* Do something that invalidates the handle. */
|
|
if( ! invalidate_handle( close_method, handle ) )
|
|
goto exit;
|
|
if( ! invalidate_psa( close_method ) )
|
|
goto exit;
|
|
|
|
/* Test that the handle is now invalid. */
|
|
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
|
|
PSA_ERROR_INVALID_HANDLE );
|
|
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
|
void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
|
int usage_arg, int alg_arg, int alg2_arg,
|
|
int type_arg, data_t *key_data,
|
|
int close_method_arg )
|
|
{
|
|
psa_key_lifetime_t lifetime = lifetime_arg;
|
|
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
|
|
psa_algorithm_t alg = alg_arg;
|
|
psa_algorithm_t alg2 = alg2_arg;
|
|
psa_key_usage_t usage_flags = usage_arg;
|
|
psa_key_type_t type = type_arg;
|
|
close_method_t close_method = close_method_arg;
|
|
psa_key_handle_t handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
uint8_t *reexported = NULL;
|
|
size_t reexported_length = -1;
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
|
mbedtls_svc_key_id_t wrong_owner_id =
|
|
mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg );
|
|
psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT;
|
|
#endif
|
|
|
|
TEST_USES_KEY_ID( id );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Get a handle and import a key. */
|
|
psa_set_key_id( &attributes, id );
|
|
psa_set_key_lifetime( &attributes, lifetime );
|
|
psa_set_key_type( &attributes, type );
|
|
psa_set_key_usage_flags( &attributes, usage_flags );
|
|
psa_set_key_algorithm( &attributes, alg );
|
|
psa_set_key_enrollment_algorithm( &attributes, alg2 );
|
|
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
|
&handle ) );
|
|
TEST_ASSERT( ! psa_key_handle_is_null( handle ) );
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
|
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
|
|
PSA_ERROR_DOES_NOT_EXIST );
|
|
#endif
|
|
|
|
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
|
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
|
psa_get_key_id( &attributes ), id ) );
|
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
|
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
|
|
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
|
|
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
|
|
|
/* Close the key and reopen it. */
|
|
PSA_ASSERT( psa_close_key( handle ) );
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
|
TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ),
|
|
PSA_ERROR_DOES_NOT_EXIST );
|
|
#endif
|
|
|
|
PSA_ASSERT( psa_open_key( id, &handle ) );
|
|
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
|
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
|
psa_get_key_id( &attributes ), id ) );
|
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
|
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
|
|
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
|
|
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
|
|
|
/* Do something that invalidates the handle. */
|
|
if( ! invalidate_handle( close_method, handle ) )
|
|
goto exit;
|
|
if( ! invalidate_psa( close_method ) )
|
|
goto exit;
|
|
|
|
/* Test that the handle is now invalid. */
|
|
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
|
|
PSA_ERROR_INVALID_HANDLE );
|
|
psa_reset_key_attributes( &read_attributes );
|
|
TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
|
|
|
|
/* Try to reopen the key. If we destroyed it, check that it doesn't
|
|
* exist. Otherwise check that it still exists and has the expected
|
|
* content. */
|
|
switch( close_method )
|
|
{
|
|
case CLOSE_BY_CLOSE:
|
|
case CLOSE_BY_CLOSE_WITH_SHUTDOWN:
|
|
case CLOSE_BY_SHUTDOWN:
|
|
PSA_ASSERT( psa_open_key( id, &handle ) );
|
|
PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) );
|
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
|
psa_get_key_lifetime( &read_attributes ) );
|
|
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
|
psa_get_key_id( &attributes ),
|
|
psa_get_key_id( &read_attributes ) ) );
|
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
|
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ),
|
|
psa_get_key_algorithm( &read_attributes ) );
|
|
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ),
|
|
psa_get_key_enrollment_algorithm( &read_attributes ) );
|
|
TEST_EQUAL( psa_get_key_type( &attributes ),
|
|
psa_get_key_type( &read_attributes ) );
|
|
TEST_EQUAL( psa_get_key_bits( &attributes ),
|
|
psa_get_key_bits( &read_attributes ) );
|
|
if( usage_flags & PSA_KEY_USAGE_EXPORT )
|
|
{
|
|
ASSERT_ALLOC( reexported, key_data->len );
|
|
PSA_ASSERT( psa_export_key( handle,
|
|
reexported, key_data->len,
|
|
&reexported_length ) );
|
|
ASSERT_COMPARE( key_data->x, key_data->len,
|
|
reexported, reexported_length );
|
|
}
|
|
else
|
|
{
|
|
TEST_EQUAL( psa_export_key( handle,
|
|
NULL, 0,
|
|
&reexported_length ),
|
|
PSA_ERROR_NOT_PERMITTED );
|
|
}
|
|
PSA_ASSERT( psa_close_key( handle ) );
|
|
break;
|
|
|
|
case CLOSE_BY_DESTROY:
|
|
case CLOSE_BY_DESTROY_WITH_SHUTDOWN:
|
|
TEST_EQUAL( psa_open_key( id, &handle ),
|
|
PSA_ERROR_DOES_NOT_EXIST );
|
|
break;
|
|
}
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
psa_purge_key_storage( );
|
|
mbedtls_free( reexported );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
|
void create_existent( int lifetime_arg, int owner_id_arg, int id_arg,
|
|
int reopen_policy_arg )
|
|
{
|
|
psa_key_lifetime_t lifetime = lifetime_arg;
|
|
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg );
|
|
psa_key_handle_t handle1 = PSA_KEY_HANDLE_INIT;
|
|
psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
|
|
const uint8_t material1[5] = "a key";
|
|
const uint8_t material2[5] = "b key";
|
|
size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
|
|
uint8_t reexported[sizeof( material1 )];
|
|
size_t reexported_length;
|
|
reopen_policy_t reopen_policy = reopen_policy_arg;
|
|
|
|
TEST_USES_KEY_ID( id );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Create a key. */
|
|
psa_set_key_id( &attributes, id );
|
|
psa_set_key_lifetime( &attributes, lifetime );
|
|
psa_set_key_type( &attributes, type1 );
|
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
|
psa_set_key_algorithm( &attributes, 0 );
|
|
PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ),
|
|
&handle1 ) );
|
|
TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) );
|
|
|
|
if( reopen_policy == CLOSE_BEFORE )
|
|
PSA_ASSERT( psa_close_key( handle1 ) );
|
|
|
|
/* Attempt to create a new key in the same slot. */
|
|
TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ),
|
|
&handle2 ),
|
|
PSA_ERROR_ALREADY_EXISTS );
|
|
TEST_ASSERT( psa_key_handle_is_null( handle2 ) );
|
|
|
|
if( reopen_policy == CLOSE_AFTER )
|
|
PSA_ASSERT( psa_close_key( handle1 ) );
|
|
if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
|
|
PSA_ASSERT( psa_open_key( id, &handle1 ) );
|
|
|
|
/* Check that the original key hasn't changed. */
|
|
psa_reset_key_attributes( &attributes );
|
|
PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) );
|
|
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
|
psa_get_key_id( &attributes ), id ) );
|
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
|
|
TEST_EQUAL( psa_get_key_type( &attributes ), type1 );
|
|
TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 );
|
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
|
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
|
|
|
PSA_ASSERT( psa_export_key( handle1,
|
|
reexported, sizeof( reexported ),
|
|
&reexported_length ) );
|
|
ASSERT_COMPARE( material1, sizeof( material1 ),
|
|
reexported, reexported_length );
|
|
|
|
PSA_ASSERT( psa_close_key( handle1 ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
psa_purge_key_storage( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void open_fail( int id_arg,
|
|
int expected_status_arg )
|
|
{
|
|
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
|
|
psa_status_t expected_status = expected_status_arg;
|
|
psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
TEST_EQUAL( psa_open_key( id, &handle ), expected_status );
|
|
TEST_ASSERT( psa_key_handle_is_null( handle ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void create_fail( int lifetime_arg, int id_arg,
|
|
int expected_status_arg )
|
|
{
|
|
psa_key_lifetime_t lifetime = lifetime_arg;
|
|
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_status_t expected_status = expected_status_arg;
|
|
psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
|
uint8_t material[1] = {'k'};
|
|
|
|
TEST_USES_KEY_ID( id );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
psa_set_key_id( &attributes, id );
|
|
psa_set_key_lifetime( &attributes, lifetime );
|
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
|
TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ),
|
|
&handle ),
|
|
expected_status );
|
|
TEST_ASSERT( psa_key_handle_is_null( handle ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
|
psa_purge_key_storage( );
|
|
#endif
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg,
|
|
int source_id_arg, int source_usage_arg,
|
|
int source_alg_arg, int source_alg2_arg,
|
|
int type_arg, data_t *material,
|
|
int target_lifetime_arg, int target_owner_id_arg,
|
|
int target_id_arg, int target_usage_arg,
|
|
int target_alg_arg, int target_alg2_arg,
|
|
int expected_usage_arg,
|
|
int expected_alg_arg, int expected_alg2_arg )
|
|
{
|
|
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
|
|
mbedtls_svc_key_id_t source_id =
|
|
mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg );
|
|
psa_key_usage_t source_usage = source_usage_arg;
|
|
psa_algorithm_t source_alg = source_alg_arg;
|
|
psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_key_type_t source_type = type_arg;
|
|
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
|
mbedtls_svc_key_id_t target_id =
|
|
mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg );
|
|
psa_key_usage_t target_usage = target_usage_arg;
|
|
psa_algorithm_t target_alg = target_alg_arg;
|
|
psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_key_usage_t expected_usage = expected_usage_arg;
|
|
psa_algorithm_t expected_alg = expected_alg_arg;
|
|
psa_algorithm_t expected_alg2 = expected_alg2_arg;
|
|
uint8_t *export_buffer = NULL;
|
|
|
|
TEST_USES_KEY_ID( source_id );
|
|
TEST_USES_KEY_ID( target_id );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Populate the source slot. */
|
|
psa_set_key_id( &source_attributes, source_id );
|
|
psa_set_key_lifetime( &source_attributes, source_lifetime );
|
|
|
|
psa_set_key_type( &source_attributes, source_type );
|
|
psa_set_key_usage_flags( &source_attributes, source_usage );
|
|
psa_set_key_algorithm( &source_attributes, source_alg );
|
|
psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
|
|
PSA_ASSERT( psa_import_key( &source_attributes,
|
|
material->x, material->len,
|
|
&source_handle ) );
|
|
/* Update the attributes with the bit size. */
|
|
PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) );
|
|
|
|
/* Prepare the target slot. */
|
|
psa_set_key_id( &target_attributes, target_id );
|
|
psa_set_key_lifetime( &target_attributes, target_lifetime );
|
|
|
|
psa_set_key_usage_flags( &target_attributes, target_usage );
|
|
psa_set_key_algorithm( &target_attributes, target_alg );
|
|
psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
|
|
|
|
/* Copy the key. */
|
|
PSA_ASSERT( psa_copy_key( source_handle,
|
|
&target_attributes, &target_handle ) );
|
|
|
|
/* Destroy the source to ensure that this doesn't affect the target. */
|
|
PSA_ASSERT( psa_destroy_key( source_handle ) );
|
|
|
|
/* If the target key is persistent, restart the system to make
|
|
* sure that the material is still alive. */
|
|
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
|
{
|
|
mbedtls_psa_crypto_free( );
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
PSA_ASSERT( psa_open_key( target_id, &target_handle ) );
|
|
}
|
|
|
|
/* Test that the target slot has the expected content. */
|
|
psa_reset_key_attributes( &target_attributes );
|
|
PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) );
|
|
|
|
if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
|
{
|
|
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
|
target_id, psa_get_key_id( &target_attributes ) ) );
|
|
}
|
|
else
|
|
{
|
|
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
|
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ),
|
|
target_owner_id_arg );
|
|
#endif
|
|
TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 );
|
|
}
|
|
|
|
TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) );
|
|
TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) );
|
|
TEST_EQUAL( psa_get_key_bits( &source_attributes ),
|
|
psa_get_key_bits( &target_attributes ) );
|
|
TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
|
|
TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
|
|
TEST_EQUAL( expected_alg2,
|
|
psa_get_key_enrollment_algorithm( &target_attributes ) );
|
|
if( expected_usage & PSA_KEY_USAGE_EXPORT )
|
|
{
|
|
size_t length;
|
|
ASSERT_ALLOC( export_buffer, material->len );
|
|
PSA_ASSERT( psa_export_key( target_handle, export_buffer,
|
|
material->len, &length ) );
|
|
ASSERT_COMPARE( material->x, material->len,
|
|
export_buffer, length );
|
|
}
|
|
else
|
|
{
|
|
size_t length;
|
|
/* Check that the key is actually non-exportable. */
|
|
TEST_EQUAL( psa_export_key( target_handle, export_buffer,
|
|
material->len, &length ),
|
|
PSA_ERROR_NOT_PERMITTED );
|
|
}
|
|
|
|
PSA_ASSERT( psa_destroy_key( target_handle ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
mbedtls_free( export_buffer );
|
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
|
psa_purge_key_storage( );
|
|
#endif
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void copy_to_occupied( int source_lifetime_arg, int source_id_arg,
|
|
int source_usage_arg, int source_alg_arg,
|
|
int source_type_arg, data_t *source_material,
|
|
int target_lifetime_arg, int target_id_arg,
|
|
int target_usage_arg, int target_alg_arg,
|
|
int target_type_arg, data_t *target_material )
|
|
{
|
|
psa_key_lifetime_t source_lifetime = source_lifetime_arg;
|
|
mbedtls_svc_key_id_t source_id =
|
|
mbedtls_svc_key_id_make( 1, source_id_arg );
|
|
psa_key_usage_t source_usage = source_usage_arg;
|
|
psa_algorithm_t source_alg = source_alg_arg;
|
|
psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_type_t source_type = source_type_arg;
|
|
psa_key_lifetime_t target_lifetime = target_lifetime_arg;
|
|
mbedtls_svc_key_id_t target_id =
|
|
mbedtls_svc_key_id_make( 1, target_id_arg );
|
|
psa_key_usage_t target_usage = target_usage_arg;
|
|
psa_algorithm_t target_alg = target_alg_arg;
|
|
psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_type_t target_type = target_type_arg;
|
|
psa_key_handle_t new_handle = mbedtls_svc_key_id_make( 0xdead, 0xdead );
|
|
uint8_t *export_buffer = NULL;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT;
|
|
psa_key_attributes_t attributes2 = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
TEST_USES_KEY_ID( source_id );
|
|
TEST_USES_KEY_ID( target_id );
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Populate the source slot. */
|
|
if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE )
|
|
{
|
|
psa_set_key_id( &attributes, source_id );
|
|
psa_set_key_lifetime( &attributes, source_lifetime );
|
|
}
|
|
psa_set_key_type( &attributes, source_type );
|
|
psa_set_key_usage_flags( &attributes, source_usage );
|
|
psa_set_key_algorithm( &attributes, source_alg );
|
|
PSA_ASSERT( psa_import_key( &attributes,
|
|
source_material->x, source_material->len,
|
|
&source_handle ) );
|
|
|
|
/* Populate the target slot. */
|
|
if( mbedtls_svc_key_id_equal( target_id, source_id ) )
|
|
{
|
|
target_handle = source_handle;
|
|
}
|
|
else
|
|
{
|
|
psa_set_key_id( &attributes1, target_id );
|
|
psa_set_key_lifetime( &attributes1, target_lifetime );
|
|
psa_set_key_type( &attributes1, target_type );
|
|
psa_set_key_usage_flags( &attributes1, target_usage );
|
|
psa_set_key_algorithm( &attributes1, target_alg );
|
|
PSA_ASSERT( psa_import_key( &attributes1,
|
|
target_material->x, target_material->len,
|
|
&target_handle ) );
|
|
}
|
|
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) );
|
|
|
|
/* Make a copy attempt. */
|
|
psa_set_key_id( &attributes, target_id );
|
|
psa_set_key_lifetime( &attributes, target_lifetime );
|
|
TEST_EQUAL( psa_copy_key( source_handle,
|
|
&attributes, &new_handle ),
|
|
PSA_ERROR_ALREADY_EXISTS );
|
|
TEST_ASSERT( psa_key_handle_is_null( new_handle ) );
|
|
|
|
/* Test that the target slot is unaffected. */
|
|
PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) );
|
|
TEST_ASSERT( mbedtls_svc_key_id_equal(
|
|
psa_get_key_id( &attributes1 ),
|
|
psa_get_key_id( &attributes2 ) ) );
|
|
TEST_EQUAL( psa_get_key_lifetime( &attributes1 ),
|
|
psa_get_key_lifetime( &attributes2 ) );
|
|
TEST_EQUAL( psa_get_key_type( &attributes1 ),
|
|
psa_get_key_type( &attributes2 ) );
|
|
TEST_EQUAL( psa_get_key_bits( &attributes1 ),
|
|
psa_get_key_bits( &attributes2 ) );
|
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes1 ),
|
|
psa_get_key_usage_flags( &attributes2 ) );
|
|
TEST_EQUAL( psa_get_key_algorithm( &attributes1 ),
|
|
psa_get_key_algorithm( &attributes2 ) );
|
|
if( target_usage & PSA_KEY_USAGE_EXPORT )
|
|
{
|
|
size_t length;
|
|
ASSERT_ALLOC( export_buffer, target_material->len );
|
|
PSA_ASSERT( psa_export_key( target_handle, export_buffer,
|
|
target_material->len, &length ) );
|
|
ASSERT_COMPARE( target_material->x, target_material->len,
|
|
export_buffer, length );
|
|
}
|
|
|
|
PSA_ASSERT( psa_destroy_key( source_handle ) );
|
|
if( ! psa_key_handle_equal( target_handle, source_handle ) )
|
|
PSA_ASSERT( psa_destroy_key( target_handle ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
mbedtls_free( export_buffer );
|
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
|
psa_purge_key_storage( );
|
|
#endif
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void invalid_handle( int handle_construction,
|
|
int close_status_arg, int usage_status_arg )
|
|
{
|
|
psa_key_handle_t valid_handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT;
|
|
psa_key_id_t key_id;
|
|
psa_status_t close_status = close_status_arg;
|
|
psa_status_t usage_status = usage_status_arg;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
uint8_t material[1] = "a";
|
|
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
/* Allocate a handle and store a key in it. */
|
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
|
psa_set_key_usage_flags( &attributes, 0 );
|
|
psa_set_key_algorithm( &attributes, 0 );
|
|
PSA_ASSERT( psa_import_key( &attributes,
|
|
material, sizeof( material ),
|
|
&valid_handle ) );
|
|
TEST_ASSERT( ! psa_key_handle_is_null( valid_handle ) );
|
|
|
|
/* Construct an invalid handle as specified in the test case data. */
|
|
switch( handle_construction )
|
|
{
|
|
case INVALID_HANDLE_0:
|
|
invalid_handle = PSA_KEY_HANDLE_INIT;
|
|
break;
|
|
case INVALID_HANDLE_UNOPENED:
|
|
|
|
/*
|
|
* MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) is a volatile
|
|
* key identifier as the imported key is a volatile key. Volatile
|
|
* key identifiers are in the range from PSA_KEY_ID_VOLATILE_MIN
|
|
* to PSA_KEY_ID_VOLATILE_MAX included. Thus pick a key identifier
|
|
* in the range from PSA_KEY_ID_VOLATILE_MIN to
|
|
* PSA_KEY_ID_VOLATILE_MAX different from
|
|
* MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) to build an
|
|
* unopened and thus invalid identifier.
|
|
*/
|
|
|
|
if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) ==
|
|
PSA_KEY_ID_VOLATILE_MIN )
|
|
key_id = PSA_KEY_ID_VOLATILE_MIN + 1;
|
|
else
|
|
key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) - 1;
|
|
|
|
invalid_handle =
|
|
mbedtls_svc_key_id_make( 0, key_id );
|
|
break;
|
|
case INVALID_HANDLE_CLOSED:
|
|
PSA_ASSERT( psa_import_key( &attributes,
|
|
material, sizeof( material ),
|
|
&invalid_handle ) );
|
|
PSA_ASSERT( psa_destroy_key( invalid_handle ) );
|
|
break;
|
|
case INVALID_HANDLE_HUGE:
|
|
invalid_handle =
|
|
mbedtls_svc_key_id_make( 0, PSA_KEY_ID_VENDOR_MAX + 1 );
|
|
break;
|
|
default:
|
|
TEST_ASSERT( ! "unknown handle construction" );
|
|
}
|
|
|
|
/* Attempt to use the invalid handle. */
|
|
TEST_EQUAL( psa_get_key_attributes( invalid_handle, &attributes ),
|
|
usage_status );
|
|
TEST_EQUAL( psa_close_key( invalid_handle ), close_status );
|
|
TEST_EQUAL( psa_destroy_key( invalid_handle ), close_status );
|
|
|
|
/* After all this, check that the original handle is intact. */
|
|
PSA_ASSERT( psa_get_key_attributes( valid_handle, &attributes ) );
|
|
TEST_EQUAL( psa_get_key_type( &attributes ), PSA_KEY_TYPE_RAW_DATA );
|
|
TEST_EQUAL( psa_get_key_bits( &attributes ),
|
|
PSA_BYTES_TO_BITS( sizeof( material ) ) );
|
|
PSA_ASSERT( psa_close_key( valid_handle ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void many_transient_handles( int max_handles_arg )
|
|
{
|
|
psa_key_handle_t *handles = NULL;
|
|
size_t max_handles = max_handles_arg;
|
|
size_t i, j;
|
|
psa_status_t status;
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
uint8_t exported[sizeof( size_t )];
|
|
size_t exported_length;
|
|
|
|
ASSERT_ALLOC( handles, max_handles );
|
|
PSA_ASSERT( psa_crypto_init( ) );
|
|
|
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
|
psa_set_key_algorithm( &attributes, 0 );
|
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
|
|
|
for( i = 0; i < max_handles; i++ )
|
|
{
|
|
status = psa_import_key( &attributes,
|
|
(uint8_t *) &i, sizeof( i ),
|
|
&handles[i] );
|
|
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
|
|
break;
|
|
PSA_ASSERT( status );
|
|
TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) );
|
|
for( j = 0; j < i; j++ )
|
|
TEST_ASSERT( ! psa_key_handle_equal( handles[i], handles[j] ) );
|
|
}
|
|
max_handles = i;
|
|
|
|
for( i = 1; i < max_handles; i++ )
|
|
{
|
|
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
|
|
PSA_ASSERT( psa_export_key( handles[i],
|
|
exported, sizeof( exported ),
|
|
&exported_length ) );
|
|
ASSERT_COMPARE( exported, exported_length,
|
|
(uint8_t *) &i, sizeof( i ) );
|
|
}
|
|
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
|
|
|
|
exit:
|
|
PSA_DONE( );
|
|
mbedtls_free( handles );
|
|
}
|
|
/* END_CASE */
|
|
|