SE keys: implement and smoke-test p_generate
This commit is contained in:
Gilles Peskine
parent
f3801fff77
commit
11792086cc
3 changed files with 147 additions and 41 deletions
|
|
@ -5944,21 +5944,37 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
|
|||
psa_status_t status;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
psa_se_drv_table_entry_t *driver = NULL;
|
||||
|
||||
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE,
|
||||
attributes, handle, &slot, &driver );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if( driver != NULL )
|
||||
{
|
||||
/* Generating a key in a secure element is not implemented yet. */
|
||||
const psa_drv_se_t *drv = psa_get_se_driver_methods( driver );
|
||||
size_t pubkey_length = 0; /* We don't support this feature yet */
|
||||
if( drv->key_management == NULL ||
|
||||
drv->key_management->p_generate == NULL )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
status = drv->key_management->p_generate(
|
||||
psa_get_se_driver_context( driver ),
|
||||
slot->data.se.slot_number, attributes,
|
||||
NULL, 0, &pubkey_length );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
status = psa_generate_key_internal(
|
||||
slot, attributes->core.bits,
|
||||
attributes->domain_parameters, attributes->domain_parameters_size );
|
||||
}
|
||||
|
||||
exit:
|
||||
if( status == PSA_SUCCESS )
|
||||
status = psa_finish_key_creation( slot, driver );
|
||||
if( status != PSA_SUCCESS )
|
||||
|
|
|
|||
|
|
@ -54,63 +54,72 @@ key_creation_in_chosen_slot:ARRAY_LENGTH( ram_slots ) - 1:1:PSA_SUCCESS
|
|||
Key creation in a specific slot (too large)
|
||||
key_creation_in_chosen_slot:ARRAY_LENGTH( ram_slots ):0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
Key creation smoke test: AES-CTR
|
||||
key_creation_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: AES-CTR
|
||||
import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: AES-CBC
|
||||
key_creation_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: AES-CBC
|
||||
import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: AES-CMAC
|
||||
key_creation_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: AES-CMAC
|
||||
import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: AES-CCM
|
||||
key_creation_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: AES-CCM
|
||||
import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_CCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: AES-GCM
|
||||
key_creation_smoke:PSA_KEY_TYPE_AES:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: AES-GCM
|
||||
import_key_smoke:PSA_KEY_TYPE_AES:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: CAMELLIA-CTR
|
||||
key_creation_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: CAMELLIA-CTR
|
||||
import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CTR:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: CAMELLIA-CBC
|
||||
key_creation_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: CAMELLIA-CBC
|
||||
import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CBC_NO_PADDING:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: CAMELLIA-CMAC
|
||||
key_creation_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: CAMELLIA-CMAC
|
||||
import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_CMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: CAMELLIA-CCM
|
||||
key_creation_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: CAMELLIA-CCM
|
||||
import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: CAMELLIA-CCM
|
||||
key_creation_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: CAMELLIA-CCM
|
||||
import_key_smoke:PSA_KEY_TYPE_CAMELLIA:PSA_ALG_GCM:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: HMAC-SHA-256
|
||||
key_creation_smoke:PSA_KEY_TYPE_HMAC:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: HMAC-SHA-256
|
||||
import_key_smoke:PSA_KEY_TYPE_HMAC:PSA_ALG_HMAC( PSA_ALG_SHA_256 ):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: HKDF-SHA-256
|
||||
key_creation_smoke:PSA_KEY_TYPE_DERIVE:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
Key import smoke test: HKDF-SHA-256
|
||||
import_key_smoke:PSA_KEY_TYPE_DERIVE:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
|
||||
Key creation smoke test: RSA PKCS#1v1.5 signature
|
||||
key_creation_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
Key import smoke test: RSA PKCS#1v1.5 signature
|
||||
import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
|
||||
Key creation smoke test: RSA PKCS#1v1.5 encryption
|
||||
key_creation_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
Key import smoke test: RSA PKCS#1v1.5 encryption
|
||||
import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_CRYPT:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
|
||||
Key creation smoke test: RSA OAEP encryption
|
||||
key_creation_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
Key import smoke test: RSA OAEP encryption
|
||||
import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
|
||||
Key creation smoke test: ECDSA secp256r1
|
||||
key_creation_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
Key import smoke test: ECDSA secp256r1
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
|
||||
Key creation smoke test: ECDH secp256r1
|
||||
key_creation_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
Key import smoke test: ECDH secp256r1
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
|
||||
Key creation smoke test: ECDH secp256r1 with HKDF
|
||||
key_creation_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
Key import smoke test: ECDH secp256r1 with HKDF
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
|
||||
Generate key: not supported
|
||||
generate_key_not_supported:PSA_KEY_TYPE_AES:128
|
||||
|
||||
Key generation smoke test: AES-128-CTR
|
||||
generate_key_smoke:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR
|
||||
|
||||
Key generation smoke test: AES-256-CTR
|
||||
generate_key_smoke:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR
|
||||
|
||||
Key generation smoke test: HMAC-SHA-256
|
||||
generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
|
||||
|
||||
Key registration: smoke test
|
||||
register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_SUCCESS
|
||||
|
||||
|
|
|
|||
|
|
@ -96,6 +96,28 @@ static psa_status_t null_import( psa_drv_se_context_t *context,
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/* Null generate: do nothing, but pretend it worked. */
|
||||
static psa_status_t null_generate( psa_drv_se_context_t *context,
|
||||
psa_key_slot_number_t slot_number,
|
||||
const psa_key_attributes_t *attributes,
|
||||
uint8_t *pubkey,
|
||||
size_t pubkey_size,
|
||||
size_t *pubkey_length )
|
||||
{
|
||||
(void) context;
|
||||
(void) slot_number;
|
||||
(void) attributes;
|
||||
|
||||
DRIVER_ASSERT( *pubkey_length == 0 );
|
||||
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
|
||||
{
|
||||
DRIVER_ASSERT( pubkey == NULL );
|
||||
DRIVER_ASSERT( pubkey_size == 0 );
|
||||
}
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
|
|
@ -634,7 +656,7 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void key_creation_smoke( int type_arg, int alg_arg,
|
||||
void import_key_smoke( int type_arg, int alg_arg,
|
||||
data_t *key_material )
|
||||
{
|
||||
psa_key_type_t type = type_arg;
|
||||
|
|
@ -710,6 +732,7 @@ void generate_key_not_supported( int type_arg, int bits_arg )
|
|||
driver.key_management = &key_management;
|
||||
driver.persistent_data_size = sizeof( psa_key_slot_number_t );
|
||||
key_management.p_allocate = counter_allocate;
|
||||
/* No p_generate method */
|
||||
|
||||
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
|
@ -728,6 +751,64 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
|
||||
{
|
||||
psa_key_type_t type = type_arg;
|
||||
psa_key_bits_t bits = bits_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_drv_se_t driver;
|
||||
psa_drv_se_key_management_t key_management;
|
||||
psa_key_lifetime_t lifetime = 2;
|
||||
psa_key_id_t id = 1;
|
||||
psa_key_handle_t handle = 0;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
memset( &driver, 0, sizeof( driver ) );
|
||||
memset( &key_management, 0, sizeof( key_management ) );
|
||||
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
|
||||
driver.key_management = &key_management;
|
||||
driver.persistent_data_size = sizeof( psa_key_slot_number_t );
|
||||
key_management.p_allocate = counter_allocate;
|
||||
key_management.p_generate = null_generate;
|
||||
|
||||
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
/* Create a key. */
|
||||
psa_set_key_id( &attributes, id );
|
||||
psa_set_key_lifetime( &attributes, lifetime );
|
||||
psa_set_key_usage_flags( &attributes,
|
||||
PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY |
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT |
|
||||
PSA_KEY_USAGE_EXPORT );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, type );
|
||||
psa_set_key_bits( &attributes, bits );
|
||||
PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
|
||||
|
||||
/* Do stuff with the key. */
|
||||
if( ! smoke_test_key( handle ) )
|
||||
goto exit;
|
||||
|
||||
/* Restart and try again. */
|
||||
mbedtls_psa_crypto_free( );
|
||||
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
PSA_ASSERT( psa_open_key( id, &handle ) );
|
||||
if( ! smoke_test_key( handle ) )
|
||||
goto exit;
|
||||
|
||||
/* We're done. */
|
||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||
|
||||
exit:
|
||||
PSA_DONE( );
|
||||
ram_slots_reset( );
|
||||
psa_purge_storage( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void register_key_smoke_test( int lifetime_arg,
|
||||
int validate,
|
||||
|
|
|
|||
Loading…
Reference in a new issue