lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge remote-tracking branch 'psa/pr/230' into feature-psa

Browse Source 
Implement a key handle mechanism
This commit is contained in:
Gilles Peskine
2018-12-12 16:15:34 +01:00
parent 0a0bd7b3d1 2e14bd3aaf
commit 1a76f3971c
25 changed files with 2203 additions and 1189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/CMakeLists.txt
View File

@ -116,6 +116,7 @@ add_test_suite(psa_crypto_hash)
add_test_suite(psa_crypto_init)
add_test_suite(psa_crypto_metadata)
add_test_suite(psa_crypto_persistent_key)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_crypto_storage_file)
add_test_suite(shax)
add_test_suite(ssl)

25
tests/suites/helpers.function
View File

@ -95,7 +95,7 @@ typedef struct data_tag
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free( pointer )` in the test's cleanup code.
*
* If \p size is zero, the resulting \p pointer will be \c NULL.
* If \p length is zero, the resulting \p pointer will be \c NULL.
* This is usually what we want in tests since API functions are
* supposed to accept null pointers when a buffer size is zero.
*
@ -105,20 +105,21 @@ typedef struct data_tag
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param size Buffer size to allocate in bytes.
* \param length Number of elements to allocate.
* This expression may be evaluated multiple times.
*
*/
#define ASSERT_ALLOC( pointer, size ) \
do \
{ \
TEST_ASSERT( ( pointer ) == NULL ); \
if( ( size ) != 0 ) \
{ \
( pointer ) = mbedtls_calloc( 1, ( size ) ); \
TEST_ASSERT( ( pointer ) != NULL ); \
} \
} \
#define ASSERT_ALLOC( pointer, length ) \
do \
{ \
TEST_ASSERT( ( pointer ) == NULL ); \
if( ( length ) != 0 ) \
{ \
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
( length ) ); \
TEST_ASSERT( ( pointer ) != NULL ); \
} \
} \
while( 0 )
/** Compare two buffers and fail the test case if they differ.

31
tests/suites/test_suite_psa_crypto.data
View File

@ -1,9 +1,6 @@
PSA compile-time sanity checks
static_checks:
PSA fill 250 slots
fill_slots:250
PSA import/export raw: 0 bytes
import_export:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_SUCCESS:1
@ -32,14 +29,14 @@ PSA import to non empty key slot
depends_on:MBEDTLS_AES_C
import_key_nonempty_slot
PSA export empty key slot
export_invalid_slot:1:PSA_ERROR_EMPTY_SLOT
PSA export invalid handle (0)
export_invalid_handle:0:PSA_ERROR_INVALID_HANDLE
PSA export out of range key slot - lower bound
export_invalid_slot:0:PSA_ERROR_INVALID_ARGUMENT
PSA export invalid handle (smallest plausible handle)
export_invalid_handle:1:PSA_ERROR_INVALID_HANDLE
PSA export out of range key slot - upper bound
export_invalid_slot:(psa_key_slot_t)(-1):PSA_ERROR_INVALID_ARGUMENT
PSA export invalid handle (largest plausible handle)
export_invalid_handle:-1:PSA_ERROR_INVALID_HANDLE
PSA export a slot where there was some activity but no key material creation
export_with_no_key_activity
@ -320,6 +317,10 @@ PSA import EC keypair: valid key but RSA
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C
import:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):PSA_ERROR_INVALID_ARGUMENT
PSA import failure preserves policy
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
import_twice:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_SUCCESS
PSA import RSA key pair: maximum size exceeded
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED
@ -467,18 +468,6 @@ PSA key policy: agreement, wrong algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH(PSA_ALG_SELECT_RAW)
PSA key lifetime: set and get volatile
key_lifetime:PSA_KEY_LIFETIME_VOLATILE
PSA key lifetime set: invalid key slot
key_lifetime_set_fail:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
PSA key lifetime set: cannot change write_once lifetime
key_lifetime_set_fail:1:PSA_KEY_LIFETIME_WRITE_ONCE:PSA_ERROR_NOT_SUPPORTED
PSA key lifetime set: invalid key lifetime value
key_lifetime_set_fail:1:PSA_KEY_LIFETIME_PERSISTENT+1:PSA_ERROR_INVALID_ARGUMENT
PSA hash setup: good, SHA-1
depends_on:MBEDTLS_SHA1_C
hash_setup:PSA_ALG_SHA_1:PSA_SUCCESS

995
tests/suites/test_suite_psa_crypto.function
View File

File diff suppressed because it is too large Load Diff

8
tests/suites/test_suite_psa_crypto_persistent_key.data
View File

@ -24,10 +24,6 @@ save_large_persistent_key:0:PSA_SUCCESS
Save larger than maximum size persistent raw key, should fail
save_large_persistent_key:1:PSA_ERROR_INSUFFICIENT_STORAGE
Persistent key is configurable
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_is_configurable:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24"
Persistent key destroy
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
@ -36,10 +32,6 @@ Persistent key destroy missing key
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Key lifetime defaults to volatile
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
default_volatile_lifetime:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24"
Persistent key import
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_import:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_SUCCESS

186
tests/suites/test_suite_psa_crypto_persistent_key.function
View File

@ -85,7 +85,8 @@ exit:
/* BEGIN_CASE */
void save_large_persistent_key( int data_too_large, int expected_status )
{
psa_key_slot_t slot = 1;
psa_key_id_t key_id = 42;
psa_key_handle_t handle = 0;
uint8_t *data = NULL;
size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
@ -96,180 +97,107 @@ void save_large_persistent_key( int data_too_large, int expected_status )
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime(
slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
TEST_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
PSA_KEY_TYPE_RAW_DATA,
PSA_BYTES_TO_BITS( data_length ),
&handle ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_RAW_DATA,
TEST_ASSERT( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
data, data_length ) == expected_status );
exit:
mbedtls_free( data );
psa_destroy_persistent_key( slot );
mbedtls_psa_crypto_free();
}
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_is_configurable( int slot_arg, int type_arg,
data_t *data )
{
psa_key_policy_t policy;
psa_key_lifetime_t lifetime;
psa_key_slot_t slot = (psa_key_slot_t) slot_arg;
psa_key_type_t type = (psa_key_type_t) type_arg;
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime(
slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, type,
data->x, data->len ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_lifetime( slot, &lifetime ) == PSA_SUCCESS );
TEST_ASSERT( lifetime == PSA_KEY_LIFETIME_PERSISTENT );
exit:
psa_destroy_persistent_key( slot );
mbedtls_psa_crypto_free();
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_destroy( int slot_arg, int should_store,
void persistent_key_destroy( int key_id_arg, int should_store,
int first_type_arg, data_t *first_data,
int second_type_arg, data_t *second_data )
{
psa_key_policy_t policy;
psa_key_slot_t slot = (psa_key_slot_t) slot_arg;
psa_key_id_t key_id = key_id_arg;
psa_key_handle_t handle = 0;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime(
slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
TEST_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
first_type,
PSA_BYTES_TO_BITS( first_data->len ),
&handle ) == PSA_SUCCESS );
if( should_store == 1 )
{
TEST_ASSERT( psa_import_key(
slot, first_type,
handle, first_type,
first_data->x, first_data->len ) == PSA_SUCCESS );
}
/* Destroy the key */
TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_information(
slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
TEST_ASSERT( psa_destroy_key( handle ) == PSA_SUCCESS );
/* Check key slot storage is removed */
TEST_ASSERT( psa_is_key_present_in_storage( slot ) == 0 );
/* Check destroying the key again doesn't report failure */
TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_information(
slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
TEST_ASSERT( psa_is_key_present_in_storage( key_id ) == 0 );
TEST_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) == PSA_ERROR_EMPTY_SLOT );
TEST_ASSERT( handle == 0 );
/* Shutdown and restart */
mbedtls_psa_crypto_free();
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
/* Mark slot as persistent again */
TEST_ASSERT( psa_set_key_lifetime(
slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
/* Check key slot is empty */
TEST_ASSERT( psa_get_key_information(
slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
/* Import different key data to ensure slot really was empty */
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
PSA_ALG_VENDOR_FLAG );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
/* Create another key in the same slot */
TEST_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
second_type,
PSA_BYTES_TO_BITS( second_data->len ),
&handle ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key(
slot, second_type,
handle, second_type,
second_data->x, second_data->len ) == PSA_SUCCESS );
exit:
psa_destroy_persistent_key( slot );
mbedtls_psa_crypto_free();
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
/* BEGIN_CASE */
void default_volatile_lifetime( int slot_arg, int type_arg, data_t *data )
{
psa_key_policy_t policy;
psa_key_slot_t slot = (psa_key_slot_t) slot_arg;
psa_key_type_t type = (psa_key_type_t) type_arg;
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
psa_key_policy_init( &policy );
TEST_ASSERT( psa_import_key( slot, type,
data->x, data->len ) == PSA_SUCCESS );
/* Shutdown and restart */
mbedtls_psa_crypto_free();
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
/* Check key slot is empty */
TEST_ASSERT( psa_get_key_information(
slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
exit:
psa_destroy_persistent_key( slot );
mbedtls_psa_crypto_free();
}
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_import( int slot_arg, int type_arg, data_t *data,
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
int expected_status )
{
psa_key_policy_t policy;
psa_key_lifetime_t lifetime;
psa_key_slot_t slot = (psa_key_slot_t) slot_arg;
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime(
slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
TEST_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
type,
PSA_BYTES_TO_BITS( data->len ),
&handle ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
TEST_ASSERT( psa_import_key( slot, type,
TEST_ASSERT( psa_import_key( handle, type,
data->x, data->len ) == expected_status );
if( expected_status != PSA_SUCCESS )
{
TEST_ASSERT( psa_is_key_present_in_storage( slot ) == 0 );
TEST_ASSERT( psa_is_key_present_in_storage( key_id ) == 0 );
goto exit;
}
TEST_ASSERT( psa_get_key_lifetime( slot, &lifetime ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_lifetime( handle, &lifetime ) == PSA_SUCCESS );
TEST_ASSERT( lifetime == PSA_KEY_LIFETIME_PERSISTENT );
exit:
psa_destroy_persistent_key( slot );
psa_destroy_persistent_key( key_id );
mbedtls_psa_crypto_free();
}
/* END_CASE */
@ -278,8 +206,9 @@ exit:
void import_export_persistent_key( data_t *data, int type_arg,
int expected_bits, int key_not_exist )
{
psa_key_slot_t slot = 1;
psa_key_id_t key_id = 42;
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
unsigned char *exported = NULL;
size_t export_size = data->len;
size_t exported_length;
@ -292,51 +221,48 @@ void import_export_persistent_key( data_t *data, int type_arg,
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_lifetime(
slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
TEST_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
type,
PSA_BYTES_TO_BITS( data->len ),
&handle ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
PSA_ALG_VENDOR_FLAG );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_set_key_policy( handle, &policy ) == PSA_SUCCESS );
/* Import the key */
TEST_ASSERT( psa_import_key( slot, type,
TEST_ASSERT( psa_import_key( handle, type,
data->x, data->len ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_lifetime(
slot, &lifetime_get ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) == PSA_SUCCESS );
TEST_ASSERT( lifetime_get == PSA_KEY_LIFETIME_PERSISTENT );
/* Test the key information */
TEST_ASSERT( psa_get_key_information(
slot, &got_type, &got_bits ) == PSA_SUCCESS );
handle, &got_type, &got_bits ) == PSA_SUCCESS );
TEST_ASSERT( got_type == type );
TEST_ASSERT( got_bits == (size_t) expected_bits );
TEST_ASSERT( psa_is_key_present_in_storage( slot ) == 1 );
TEST_ASSERT( psa_is_key_present_in_storage( key_id ) == 1 );
if( key_not_exist )
{
psa_destroy_persistent_key( slot );
psa_destroy_persistent_key( key_id );
}
/* Export the key */
TEST_ASSERT( psa_export_key( slot, exported, export_size,
TEST_ASSERT( psa_export_key( handle, exported, export_size,
&exported_length ) == PSA_SUCCESS );
ASSERT_COMPARE( data->x, data->len, exported, exported_length );
/* Destroy the key */
TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
TEST_ASSERT( psa_get_key_information(
slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
TEST_ASSERT( psa_is_key_present_in_storage( slot ) == 0 );
TEST_ASSERT( psa_destroy_key( handle ) == PSA_SUCCESS );
TEST_ASSERT( psa_is_key_present_in_storage( key_id ) == 0 );
exit:
mbedtls_free( exported );
psa_destroy_persistent_key( slot );
mbedtls_psa_crypto_free( );
psa_destroy_persistent_key( key_id );
}
/* END_CASE */

84
tests/suites/test_suite_psa_crypto_slot_management.data Normal file
View File

@ -0,0 +1,84 @@
Transient slot, check after closing
transient_slot_lifecycle:PSA_KEY_TYPE_RAW_DATA:128:0:0:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
Transient slot, check after destroying
transient_slot_lifecycle:PSA_KEY_TYPE_RAW_DATA:128:0:0:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
Transient slot, check after restart
transient_slot_lifecycle:PSA_KEY_TYPE_RAW_DATA:128:0:0:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
Persistent slot, check after closing
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:128:0:0:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE
Persistent slot, check after destroying
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:128:0:0:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY
Persistent slot, check after restart
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:128:0:0:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN
Attempt to overwrite: close before, same type
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:CLOSE_BEFORE
Attempt to overwrite: close before, different type
depends_on:MBEDTLS_AES_C
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_AES:CLOSE_BEFORE
Attempt to overwrite: close after, same type
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:CLOSE_AFTER
Attempt to overwrite: close after, different type
depends_on:MBEDTLS_AES_C
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_AES:CLOSE_AFTER
Attempt to overwrite: keep open, same type
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:KEEP_OPEN
Attempt to overwrite: keep open, different type
depends_on:MBEDTLS_AES_C
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_AES:KEEP_OPEN
Open failure: invalid identifier (0)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT
Open failure: invalid identifier (random seed UID)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT
Open failure: non-existent identifier
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_EMPTY_SLOT
Open failure: volatile lifetime
open_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
Open failure: invalid lifetime
open_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT
Create failure: volatile lifetime
create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
Create failure: invalid lifetime
create_fail:0x7fffffff:0:PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
Create failure: invalid key id (0)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
Create failure: invalid key id (random seed UID)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
Open not supported
depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED
Create not supported
depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C
create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_NOT_SUPPORTED
Close/destroy invalid handle
invalid_handle:
Open many transient handles
many_transient_handles:42

398
tests/suites/test_suite_psa_crypto_slot_management.function Normal file
View File

@ -0,0 +1,398 @@
/* BEGIN_HEADER */
#include <stdint.h>
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#include "spm/psa_defs.h"
#endif
#include "psa/crypto.h"
#include "psa_crypto_storage.h"
#define PSA_ASSERT( expr ) TEST_ASSERT( ( expr ) == PSA_SUCCESS )
typedef enum
{
CLOSE_BY_CLOSE,
CLOSE_BY_DESTROY,
CLOSE_BY_SHUTDOWN,
} close_method_t;
typedef enum
{
KEEP_OPEN,
CLOSE_BEFORE,
CLOSE_AFTER,
} reopen_policy_t;
/* All test functions that create persistent keys must call
* `TEST_MAX_KEY_ID( key_id )` before creating a persistent key with this
* identifier, and must call psa_purge_key_storage() in their cleanup
* code. */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
/* There is no API to purge all keys. For this test suite, require that
* all key IDs be less than a certain maximum, or a well-known value
* which corresponds to a file that does not contain a key. */
#define MAX_KEY_ID_FOR_TEST 32
#define KEY_ID_IS_WELL_KNOWN( key_id ) \
( ( key_id ) == PSA_CRYPTO_ITS_RANDOM_SEED_UID )
#define TEST_MAX_KEY_ID( key_id ) \
TEST_ASSERT( ( key_id ) <= MAX_KEY_ID_FOR_TEST || \
KEY_ID_IS_WELL_KNOWN( key_id ) )
void psa_purge_key_storage( void )
{
psa_key_id_t i;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
for( i = 0; i <= MAX_KEY_ID_FOR_TEST; i++ )
psa_destroy_persistent_key( i );
}
#else
#define TEST_MAX_KEY_ID( key_id ) ( (void) ( key_id ) )
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
static int psa_key_policy_equal( psa_key_policy_t *p1,
psa_key_policy_t *p2 )
{
return( psa_key_policy_get_usage( p1 ) == psa_key_policy_get_usage( p2 ) &&
psa_key_policy_get_algorithm( p1 ) == psa_key_policy_get_algorithm( p2 ) );
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void transient_slot_lifecycle( int type_arg, int max_bits_arg,
int alg_arg, int usage_arg,
data_t *key_data,
int close_method_arg )
{
psa_key_type_t type = type_arg;
size_t max_bits = max_bits_arg;
psa_algorithm_t alg = alg_arg;
psa_key_usage_t usage_flags = usage_arg;
close_method_t close_method = close_method_arg;
psa_key_type_t read_type;
psa_key_handle_t handle = 0;
psa_key_policy_t policy;
PSA_ASSERT( psa_crypto_init( ) );
/* Get a handle and import a key. */
PSA_ASSERT( psa_allocate_key( type, max_bits, &handle ) );
TEST_ASSERT( handle != 0 );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, usage_flags, alg );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_ASSERT( read_type == type );
/* Do something that invalidates the handle. */
switch( close_method )
{
case CLOSE_BY_CLOSE:
PSA_ASSERT( psa_close_key( handle ) );
break;
case CLOSE_BY_DESTROY:
PSA_ASSERT( psa_destroy_key( handle ) );
break;
case CLOSE_BY_SHUTDOWN:
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_crypto_init( ) );
break;
}
/* Test that the handle is now invalid. */
TEST_ASSERT( psa_get_key_information( handle, &read_type, NULL ) ==
PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_close_key( handle ) == PSA_ERROR_INVALID_HANDLE );
exit:
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void persistent_slot_lifecycle( int lifetime_arg, int id_arg,
int type_arg, int max_bits_arg,
int alg_arg, int usage_arg,
data_t *key_data,
int close_method_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_key_type_t type = type_arg;
size_t max_bits = max_bits_arg;
psa_algorithm_t alg = alg_arg;
psa_key_usage_t usage_flags = usage_arg;
close_method_t close_method = close_method_arg;
psa_key_type_t read_type;
psa_key_handle_t handle = 0;
psa_key_policy_t policy;
TEST_MAX_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
/* Get a handle and import a key. */
PSA_ASSERT( psa_create_key( lifetime, id, type, max_bits, &handle ) );
TEST_ASSERT( handle != 0 );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, usage_flags, alg );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
PSA_ASSERT( psa_import_key( handle, type, key_data->x, key_data->len ) );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_ASSERT( read_type == type );
/* Close the key and reopen it. */
PSA_ASSERT( psa_close_key( handle ) );
PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_ASSERT( read_type == type );
/* Do something that invalidates the handle. */
switch( close_method )
{
case CLOSE_BY_CLOSE:
PSA_ASSERT( psa_close_key( handle ) );
break;
case CLOSE_BY_DESTROY:
PSA_ASSERT( psa_destroy_key( handle ) );
break;
case CLOSE_BY_SHUTDOWN:
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_crypto_init( ) );
break;
}
/* Test that the handle is now invalid. */
TEST_ASSERT( psa_get_key_information( handle, &read_type, NULL ) ==
PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_close_key( handle ) == PSA_ERROR_INVALID_HANDLE );
/* Try to reopen the key. If we destroyed it, check that it doesn't
* exist, otherwise check that it still exists. */
switch( close_method )
{
case CLOSE_BY_CLOSE:
case CLOSE_BY_SHUTDOWN:
PSA_ASSERT( psa_open_key( lifetime, id, &handle ) );
PSA_ASSERT( psa_get_key_information( handle, &read_type, NULL ) );
TEST_ASSERT( read_type == type );
break;
case CLOSE_BY_DESTROY:
TEST_ASSERT( psa_open_key( lifetime, id, &handle ) ==
PSA_ERROR_EMPTY_SLOT );
break;
}
exit:
mbedtls_psa_crypto_free( );
psa_purge_key_storage( );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void create_existent( int lifetime_arg, int id_arg,
int new_type_arg,
int reopen_policy_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_key_handle_t handle1 = 0, handle2 = 0;
psa_key_policy_t policy1, read_policy;
psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
psa_key_type_t type2 = new_type_arg;
psa_key_type_t read_type;
const uint8_t material1[16] = "test material #1";
size_t bits1 = PSA_BYTES_TO_BITS( sizeof( material1 ) );
size_t read_bits;
uint8_t reexported[sizeof( material1 )];
size_t reexported_length;
reopen_policy_t reopen_policy = reopen_policy_arg;
TEST_MAX_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
PSA_ASSERT( psa_create_key( lifetime, id, type1, bits1, &handle1 ) );
TEST_ASSERT( handle1 != 0 );
psa_key_policy_init( &policy1 );
psa_key_policy_set_usage( &policy1, PSA_KEY_USAGE_EXPORT, 0 );
PSA_ASSERT( psa_set_key_policy( handle1, &policy1 ) );
PSA_ASSERT( psa_import_key( handle1, type1,
material1, sizeof( material1 ) ) );
if( reopen_policy == CLOSE_BEFORE )
PSA_ASSERT( psa_close_key( handle1 ) );
/* Attempt to create a new key in the same slot. */
TEST_ASSERT( psa_create_key( lifetime, id, type2, bits1, &handle2 ) ==
PSA_ERROR_OCCUPIED_SLOT );
TEST_ASSERT( handle2 == 0 );
if( reopen_policy == CLOSE_AFTER )
PSA_ASSERT( psa_close_key( handle1 ) );
if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER )
PSA_ASSERT( psa_open_key( lifetime, id, &handle1 ) );
/* Check that the original key hasn't changed. */
PSA_ASSERT( psa_get_key_policy( handle1, &read_policy ) );
TEST_ASSERT( psa_key_policy_equal( &read_policy, &policy1 ) );
PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
TEST_ASSERT( read_type == type1 );
TEST_ASSERT( read_bits == bits1 );
PSA_ASSERT( psa_export_key( handle1,
reexported, sizeof( reexported ),
&reexported_length ) );
ASSERT_COMPARE( material1, sizeof( material1 ),
reexported, reexported_length );
exit:
mbedtls_psa_crypto_free( );
psa_purge_key_storage( );
}
/* END_CASE */
/* BEGIN_CASE */
void open_fail( int lifetime_arg, int id_arg,
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
PSA_ASSERT( psa_crypto_init( ) );
TEST_ASSERT( psa_open_key( lifetime, id, &handle ) == expected_status );
TEST_ASSERT( handle == 0 );
exit:
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void create_fail( int lifetime_arg, int id_arg,
int type_arg, int max_bits_arg,
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_id_t id = id_arg;
psa_key_type_t type = type_arg;
size_t max_bits = max_bits_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_handle_t handle = 0xdead;
TEST_MAX_KEY_ID( id );
PSA_ASSERT( psa_crypto_init( ) );
TEST_ASSERT( psa_create_key( lifetime, id,
type, max_bits,
&handle ) == expected_status );
TEST_ASSERT( handle == 0 );
exit:
mbedtls_psa_crypto_free( );
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
psa_purge_key_storage( );
#endif
}
/* END_CASE */
/* BEGIN_CASE */
void invalid_handle( )
{
psa_key_handle_t handle1 = 0;
psa_key_policy_t policy;
psa_key_type_t read_type;
size_t read_bits;
uint8_t material[1] = "a";
PSA_ASSERT( psa_crypto_init( ) );
/* Allocate a handle and store a key in it. */
PSA_ASSERT( psa_allocate_key( PSA_KEY_TYPE_RAW_DATA, 1, &handle1 ) );
TEST_ASSERT( handle1 != 0 );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, 0, 0 );
PSA_ASSERT( psa_set_key_policy( handle1, &policy ) );
PSA_ASSERT( psa_import_key( handle1, PSA_KEY_TYPE_RAW_DATA,
material, sizeof( material ) ) );
/* Attempt to close and destroy some invalid handles. */
TEST_ASSERT( psa_close_key( 0 ) == PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_close_key( handle1 - 1 ) == PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_close_key( handle1 + 1 ) == PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_destroy_key( 0 ) == PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_destroy_key( handle1 - 1 ) == PSA_ERROR_INVALID_HANDLE );
TEST_ASSERT( psa_destroy_key( handle1 + 1 ) == PSA_ERROR_INVALID_HANDLE );
/* After all this, check that the original handle is intact. */
PSA_ASSERT( psa_get_key_information( handle1, &read_type, &read_bits ) );
TEST_ASSERT( read_type == PSA_KEY_TYPE_RAW_DATA );
TEST_ASSERT( read_bits == PSA_BYTES_TO_BITS( sizeof( material ) ) );
PSA_ASSERT( psa_close_key( handle1 ) );
exit:
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void many_transient_handles( int max_handles_arg )
{
psa_key_handle_t *handles = NULL;
size_t max_handles = max_handles_arg;
size_t i, j;
psa_status_t status;
psa_key_policy_t policy;
uint8_t exported[sizeof( size_t )];
size_t exported_length;
size_t max_bits = PSA_BITS_TO_BYTES( sizeof( exported ) );
ASSERT_ALLOC( handles, max_handles );
PSA_ASSERT( psa_crypto_init( ) );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
for( i = 0; i < max_handles; i++ )
{
status = psa_allocate_key( PSA_KEY_TYPE_RAW_DATA, max_bits,
&handles[i] );
if( status == PSA_ERROR_INSUFFICIENT_MEMORY )
break;
TEST_ASSERT( status == PSA_SUCCESS );
TEST_ASSERT( handles[i] != 0 );
for( j = 0; j < i; j++ )
TEST_ASSERT( handles[i] != handles[j] );
PSA_ASSERT( psa_set_key_policy( handles[i], &policy ) );
PSA_ASSERT( psa_import_key( handles[i], PSA_KEY_TYPE_RAW_DATA,
(uint8_t *) &i, sizeof( i ) ) );
}
max_handles = i;
for( i = 1; i < max_handles; i++ )
{
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
PSA_ASSERT( psa_export_key( handles[i],
exported, sizeof( exported ),
&exported_length ) );
ASSERT_COMPARE( exported, exported_length,
(uint8_t *) &i, sizeof( i ) );
}
PSA_ASSERT( psa_close_key( handles[i - 1] ) );
exit:
mbedtls_psa_crypto_free( );
mbedtls_free( handles );
}
/* END_CASE */

7
tests/suites/test_suite_psa_crypto_storage_file.function
View File

@ -11,9 +11,11 @@
*/
/* BEGIN_CASE */
void load_data_from_file( int slot_to_load, data_t *data, int should_make_file,
void load_data_from_file( int id_to_load_arg,
data_t *data, int should_make_file,
int capacity_arg, int expected_status )
{
psa_key_id_t id_to_load = id_to_load_arg;
char slot_location[] = "psa_key_slot_1";
psa_status_t status;
int ret;
@ -36,8 +38,7 @@ void load_data_from_file( int slot_to_load, data_t *data, int should_make_file,
/* Read from the file with psa_crypto_storage_load. */
loaded_data = mbedtls_calloc( 1, capacity );
TEST_ASSERT( loaded_data != NULL );
status = psa_crypto_storage_load( (psa_key_slot_t) slot_to_load, loaded_data,
file_size );
status = psa_crypto_storage_load( id_to_load, loaded_data, file_size );
/* Check we get the expected status. */
TEST_ASSERT( status == expected_status );