Add simple test coverage for builtin keys (PSA opaque driver export)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2025-09-02 16:01:16 +03:00 · 2021-02-22 12:44:15 +01:00
parent f9a55ffa2c
commit 437fcfc32e
4 changed files with 240 additions and 5 deletions
--- a/tests/src/drivers/key_management.c
+++ b/tests/src/drivers/key_management.c
@@ -41,6 +41,30 @@
 test_driver_key_management_hooks_t test_driver_key_management_hooks =
    TEST_DRIVER_KEY_MANAGEMENT_INIT;

+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+const uint8_t test_driver_aes_key[16] =
+    { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
+      0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
+const uint8_t test_driver_ecdsa_key[32] =
+    { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
+      0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
+      0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
+      0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
+const uint8_t test_driver_ecdsa_pubkey[65] =
+    { 0x04,
+      0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
+      0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
+      0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
+      0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
+      0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
+      0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
+      0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
+      0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
+
+static const psa_drv_slot_number_t aes_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
+static const psa_drv_slot_number_t ecdsa_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
 psa_status_t test_transparent_generate_key(
    const psa_key_attributes_t *attributes,
    uint8_t *key, size_t key_size, size_t *key_length )
@@ -154,6 +178,57 @@ psa_status_t test_opaque_export_key(
    const uint8_t *key, size_t key_length,
    uint8_t *data, size_t data_size, size_t *data_length )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+    if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
+    {
+        if( key_length != sizeof( psa_drv_slot_number_t ) )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+
+        if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
+        {
+            /* This is the ECDSA slot. Verify key attributes before returning pubkey. */
+            if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( psa_get_key_bits( attributes ) != 256 )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+
+            if( data_size < sizeof( test_driver_ecdsa_key ) )
+                return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+            memcpy( data, test_driver_ecdsa_key, sizeof( test_driver_ecdsa_key ) );
+            *data_length = sizeof( test_driver_ecdsa_key );
+            return( PSA_SUCCESS );
+        }
+
+        if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
+        {
+            /* This is the ECDSA slot. Verify key attributes before returning pubkey. */
+            if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( psa_get_key_bits( attributes ) != 128 )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+
+            if( data_size < sizeof( test_driver_aes_key ) )
+                return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+            memcpy( data, test_driver_aes_key, sizeof( test_driver_aes_key ) );
+            *data_length = sizeof( test_driver_aes_key );
+            return( PSA_SUCCESS );
+        }
+
+        /* Potentially add more slots here */
+
+        return( PSA_ERROR_DOES_NOT_EXIST );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
    (void) attributes;
    (void) key;
    (void) key_length;
@@ -223,6 +298,35 @@ psa_status_t test_opaque_export_public_key(
    const uint8_t *key, size_t key_length,
    uint8_t *data, size_t data_size, size_t *data_length )
 {
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+    if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
+    {
+        if( key_length != sizeof( psa_drv_slot_number_t ) )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+
+        if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
+        {
+            /* This is the ECDSA slot. Verify key attributes before returning pubkey. */
+            if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( psa_get_key_bits( attributes ) != 256 )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+            if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+                return( PSA_ERROR_CORRUPTION_DETECTED );
+
+            if( data_size < sizeof( test_driver_ecdsa_pubkey ) )
+                return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+            memcpy(data, test_driver_ecdsa_pubkey, sizeof( test_driver_ecdsa_pubkey ) );
+            *data_length = sizeof( test_driver_ecdsa_pubkey );
+            return( PSA_SUCCESS );
+        }
+
+        /* Potentially add more slots here */
+
+        return( PSA_ERROR_DOES_NOT_EXIST );
+    }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
    (void) attributes;
    (void) key;
    (void) key_length;
@@ -253,7 +357,7 @@ psa_status_t test_opaque_get_builtin_key(

            psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
            psa_set_key_bits( attributes, 128 );
-            psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+            psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT );
            psa_set_key_algorithm( attributes, PSA_ALG_CTR );

            *( (psa_drv_slot_number_t*) key_buffer ) =
@@ -264,9 +368,9 @@ psa_status_t test_opaque_get_builtin_key(
            if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
                return( PSA_ERROR_BUFFER_TOO_SMALL );

-            psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) );
+            psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
            psa_set_key_bits( attributes, 256 );
-            psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
+            psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT );
            psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );

            *( (psa_drv_slot_number_t*) key_buffer) =
@@ -281,14 +385,14 @@ psa_status_t test_opaque_get_builtin_key(
            (void) key_buffer_length;
            return( PSA_ERROR_INVALID_ARGUMENT );
    }
-#else
+#else /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
    (void) slot_number;
    (void) attributes;
    (void) key_buffer;
    (void) key_buffer_size;
    (void) key_buffer_length;
    return( PSA_ERROR_DOES_NOT_EXIST );
-#endif
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
 }

 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */