From 390f607f7f7efc98d61c678e9c835dbd91f1c656 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 16 Oct 2020 15:32:23 +0200 Subject: [PATCH] Add tests checking owner of volatile keys When key identifiers encode key owner, add tests checking that: . the key owner of an imported volatile key is the one specified. . a key identifier of a volatile key with a valid PSA key identifier but the wrong owner is rejected. Signed-off-by: Ronald Cron --- ...test_suite_psa_crypto_slot_management.data | 10 +++---- ..._suite_psa_crypto_slot_management.function | 26 ++++++++++++++++++- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index bf5a89ecd..4f31a23ec 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -1,17 +1,17 @@ Transient slot, check after closing -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING +transient_slot_lifecycle:0x1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Transient slot, check after closing and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN +transient_slot_lifecycle:0x13:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Transient slot, check after destroying -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING +transient_slot_lifecycle:0x135:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Transient slot, check after destroying and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN +transient_slot_lifecycle:0x1357:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN Transient slot, check after restart with live handles -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN +transient_slot_lifecycle:0x13579:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot, check after closing, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index b334257ba..75e1d8b82 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -157,7 +157,8 @@ exit: */ /* BEGIN_CASE */ -void transient_slot_lifecycle( int usage_arg, int alg_arg, +void transient_slot_lifecycle( int owner_id_arg, + int usage_arg, int alg_arg, int type_arg, data_t *key_data, int invalidate_method_arg ) { @@ -171,6 +172,14 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Import a key. */ + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_key_owner_id_t owner_id = owner_id_arg; + + mbedtls_set_key_owner_id( &attributes, owner_id ); + #else + (void)owner_id_arg; + #endif + psa_set_key_usage_flags( &attributes, usage_flags ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); @@ -181,6 +190,21 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, TEST_EQUAL( psa_get_key_type( &attributes ), type ); psa_reset_key_attributes( &attributes ); + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + { + psa_key_handle_t handle; + mbedtls_svc_key_id_t key_with_invalid_owner = + mbedtls_svc_key_id_make( owner_id + 1, + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) ); + + TEST_ASSERT( mbedtls_key_owner_id_equal( + owner_id, + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ) ) ); + TEST_EQUAL( psa_open_key( key_with_invalid_owner, &handle ), + PSA_ERROR_DOES_NOT_EXIST ); + } + #endif + /* * Purge the key and make sure that it is still valid, as purging a * volatile key shouldn't invalidate/destroy it.