Style fixes (typos, whitespace, 80 column limit)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-03-18 17:17:40 +01:00
parent e5e30859b7
commit 203bcbbc47
6 changed files with 123 additions and 86 deletions

View file

@ -762,7 +762,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
/** Platform function to obtain the data of a built-in key.
*
* An application-specific implementation of this function must be provided if
* #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically provided
* #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided
* as part of a platform's system image.
*
* Call psa_get_key_id(\p attributes) to obtain the key identifier \c key_id.
@ -780,7 +780,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
* On successful return, this function must set
* the attributes of the key: lifetime, type,
* bit-size, usage policy.
* \param[out] slot_number On successful return, this function must
* \param[out] slot_number On successful return, this function must set
* this to the slot number known to the driver for
* the lifetime location reported through
* \p attributes which corresponds to the
@ -794,7 +794,7 @@ static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
* The requested key identifier is not a built-in key which is known
* to this function. If a key exists in the key storage with this
* identifier, the data from the storage will be used.
* \retval (any other error)
* \return (any other error)
* Any other error is propagated to the function that requested the key.
* Common errors include:
* - #PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner

View file

@ -263,7 +263,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
psa_get_key_id( attributes ) ) ) )
{
*key_buffer_size = sizeof(psa_drv_slot_number_t);
*key_buffer_size = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */

View file

@ -280,58 +280,59 @@ exit:
static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
{
/* Load keys in the 'builtin' range through their own interface */
if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
if( ! psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
{
/* Check the platform function to see whether this key actually exists */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_drv_slot_number_t slot_number;
psa_set_key_id(&attributes, slot->attr.id);
psa_status_t status = mbedtls_psa_platform_get_builtin_key(
&attributes, &slot_number );
if( status != PSA_SUCCESS )
return( status );
/* If the key should exist according to the platform, load it through
* the driver interface. */
uint8_t *key_buffer = NULL;
size_t key_buffer_length = 0;
status = psa_driver_wrapper_get_key_buffer_size( &attributes, &key_buffer_length );
if( status != PSA_SUCCESS )
return( status );
key_buffer = mbedtls_calloc( 1, key_buffer_length );
if( key_buffer == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_driver_wrapper_get_builtin_key(
slot_number, &attributes,
key_buffer, key_buffer_length, &key_buffer_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_copy_key_material_into_slot( slot, key_buffer, key_buffer_length );
if( status != PSA_SUCCESS )
goto exit;
/* Copy core attributes into the slot on success.
* Use static allocations to make the compiler yell at us should one
* of the two structures change type. */
psa_core_key_attributes_t* builtin_key_core_attributes =
&attributes.core;
psa_core_key_attributes_t* slot_core_attributes =
&slot->attr;
memcpy( slot_core_attributes,
builtin_key_core_attributes,
sizeof(psa_core_key_attributes_t) );
exit:
mbedtls_free( key_buffer );
return( status );
} else {
return( PSA_ERROR_DOES_NOT_EXIST );
}
/* Check the platform function to see whether this key actually exists */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_drv_slot_number_t slot_number;
psa_set_key_id( &attributes, slot->attr.id );
psa_status_t status = mbedtls_psa_platform_get_builtin_key(
&attributes, &slot_number );
if( status != PSA_SUCCESS )
return( status );
/* If the key should exist according to the platform, load it through the
* driver interface. */
uint8_t *key_buffer = NULL;
size_t key_buffer_length = 0;
status = psa_driver_wrapper_get_key_buffer_size( &attributes,
&key_buffer_length );
if( status != PSA_SUCCESS )
return( status );
key_buffer = mbedtls_calloc( 1, key_buffer_length );
if( key_buffer == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_driver_wrapper_get_builtin_key(
slot_number, &attributes,
key_buffer, key_buffer_length, &key_buffer_length );
if( status != PSA_SUCCESS )
goto exit;
status = psa_copy_key_material_into_slot(
slot, key_buffer, key_buffer_length );
if( status != PSA_SUCCESS )
goto exit;
/* Copy core attributes into the slot on success.
* Use static allocations to make the compiler yell at us should one
* of the two structures change type. */
psa_core_key_attributes_t* builtin_key_core_attributes = &attributes.core;
psa_core_key_attributes_t* slot_core_attributes = &slot->attr;
memcpy( slot_core_attributes,
builtin_key_core_attributes,
sizeof( psa_core_key_attributes_t ) );
exit:
mbedtls_free( key_buffer );
return( status );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */

View file

@ -61,8 +61,10 @@ const uint8_t test_driver_ecdsa_pubkey[65] =
0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
static const psa_drv_slot_number_t aes_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
static const psa_drv_slot_number_t ecdsa_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
static const psa_drv_slot_number_t aes_slot =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
static const psa_drv_slot_number_t ecdsa_slot =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
psa_status_t test_transparent_generate_key(
@ -179,41 +181,49 @@ psa_status_t test_opaque_export_key(
uint8_t *data, size_t data_size, size_t *data_length )
{
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
if( psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
{
if( key_length != sizeof( psa_drv_slot_number_t ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
{
/* This is the ECDSA slot. Verify key attributes before returning pubkey. */
if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
/* This is the ECDSA slot. Verify key attributes before returning
* the private key. */
if( psa_get_key_type( attributes ) !=
PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( psa_get_key_bits( attributes ) != 256 )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
if( psa_get_key_algorithm( attributes ) !=
PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 )
if( ( psa_get_key_usage_flags( attributes ) &
PSA_KEY_USAGE_EXPORT ) == 0 )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( data_size < sizeof( test_driver_ecdsa_key ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
memcpy( data, test_driver_ecdsa_key, sizeof( test_driver_ecdsa_key ) );
memcpy( data, test_driver_ecdsa_key,
sizeof( test_driver_ecdsa_key ) );
*data_length = sizeof( test_driver_ecdsa_key );
return( PSA_SUCCESS );
}
if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
{
/* This is the ECDSA slot. Verify key attributes before returning pubkey. */
/* This is the AES slot. Verify key attributes before returning
* the key. */
if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( psa_get_key_bits( attributes ) != 128 )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 )
if( ( psa_get_key_usage_flags( attributes ) &
PSA_KEY_USAGE_EXPORT ) == 0 )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( data_size < sizeof( test_driver_aes_key ) )
@ -299,25 +309,30 @@ psa_status_t test_opaque_export_public_key(
uint8_t *data, size_t data_size, size_t *data_length )
{
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
if( psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
{
if( key_length != sizeof( psa_drv_slot_number_t ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
{
/* This is the ECDSA slot. Verify key attributes before returning pubkey. */
if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
/* This is the ECDSA slot. Verify key attributes before returning
* the public key. */
if( psa_get_key_type( attributes ) !=
PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( psa_get_key_bits( attributes ) != 256 )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
if( psa_get_key_algorithm( attributes ) !=
PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
return( PSA_ERROR_CORRUPTION_DETECTED );
if( data_size < sizeof( test_driver_ecdsa_pubkey ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
memcpy(data, test_driver_ecdsa_pubkey, sizeof( test_driver_ecdsa_pubkey ) );
memcpy( data, test_driver_ecdsa_pubkey,
sizeof( test_driver_ecdsa_pubkey ) );
*data_length = sizeof( test_driver_ecdsa_pubkey );
return( PSA_SUCCESS );
}
@ -338,10 +353,13 @@ psa_status_t test_opaque_export_public_key(
/* The opaque test driver exposes two built-in keys when builtin key support is
* compiled in.
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 key which allows CTR mode
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 private key which allows ECDSA sign & verify
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
* key which allows CTR mode.
* The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
* private key which allows ECDSA sign & verify.
* The key buffer format for these is the raw format of psa_drv_slot_number_t
* (i.e. for an actual driver this would mean 'builtin_key_size' = sizeof(psa_drv_slot_number_t))
* (i.e. for an actual driver this would mean 'builtin_key_size' =
* sizeof(psa_drv_slot_number_t)).
*/
psa_status_t test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
@ -357,7 +375,11 @@ psa_status_t test_opaque_get_builtin_key(
psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( attributes, 128 );
psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT );
psa_set_key_usage_flags(
attributes,
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( attributes, PSA_ALG_CTR );
*( (psa_drv_slot_number_t*) key_buffer ) =
@ -368,12 +390,19 @@ psa_status_t test_opaque_get_builtin_key(
if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_type(
attributes,
PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_bits( attributes, 256 );
psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
psa_set_key_usage_flags(
attributes,
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH |
PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm(
attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
*( (psa_drv_slot_number_t*) key_buffer) =
*( (psa_drv_slot_number_t*) key_buffer ) =
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
*key_buffer_length = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );

View file

@ -301,12 +301,18 @@ static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
#if defined(PSA_CRYPTO_DRIVER_TEST)
/* For testing, assign the AES builtin key slot to the boundary values.
* ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
{MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
{ MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME,
PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
#else
{0, 0, 0}
#endif
@ -318,7 +324,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
mbedtls_svc_key_id_t svc_key_id = psa_get_key_id( attributes );
psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( svc_key_id );
for( size_t i = 0; i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ )
for( size_t i = 0;
i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ )
{
if( builtin_keys[i].builtin_key_id == app_key_id )
{

View file

@ -952,7 +952,7 @@ void builtin_key_export( int builtin_key_id_arg,
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id);
mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
uint8_t* output_buffer = NULL;
size_t output_size = 0;
psa_status_t actual_status;
@ -977,7 +977,7 @@ void builtin_key_export( int builtin_key_id_arg,
else
{
if( actual_status != expected_status )
fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status);
fprintf( stderr, "Expected %d but got %d\n", expected_status, actual_status );
TEST_EQUAL( actual_status, expected_status );
TEST_EQUAL( output_size, 0 );
}
@ -1005,7 +1005,7 @@ void builtin_pubkey_export( int builtin_key_id_arg,
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id);
mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
uint8_t* output_buffer = NULL;
size_t output_size = 0;
psa_status_t actual_status;