Update persistent_key_load_key_from_storage to use attributes

Update persistent_key_load_key_from_storage to the new attribute-based
key creation interface. I tweaked the code a little to make it simpler
and more robust without changing the core logic.
This commit is contained in:
Gilles Peskine 2019-04-19 14:06:53 +02:00
parent ca25db91f5
commit 5c648abe44
4 changed files with 158 additions and 135 deletions

View file

@ -2036,34 +2036,42 @@ PSA generate key: ECC, SECP256R1, incorrect bit size
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
persistent key can be accessed after in-memory deletion: AES, 128 bits, CTR PSA import persistent key: raw data, 0 bits
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
PSA generate persistent key: raw data, 8 bits PSA import persistent key: AES, 128 bits, exportable
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY
PSA import persistent key: AES, 128 bits, non-exportable
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY
PSA generate persistent key: raw data, 8 bits, exportable
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY
PSA generate persistent key: AES, 128 bits, CTR PSA generate persistent key: AES, 128 bits, exportable
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
PSA generate persistent key: DES, 64 bits, CBC-nopad PSA generate persistent key: AES, 128 bits, non-exportable
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
PSA generate persistent key: DES, 64 bits, exportable
depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
PSA generate persistent key: RSA, 1024 bits, good, sign (PSS SHA-256) PSA generate persistent key: RSA, 1024 bits, exportable
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
PSA generate persistent key: ECC, SECP256R1, good PSA generate persistent key: ECC, SECP256R1, exportable
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY
PSA derive persistent key: HKDF SHA-256 PSA derive persistent key: HKDF SHA-256, exportable
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY:PSA_SUCCESS persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
PSA generate persistent key: AES, 128 bits, CTR
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_ERROR_NOT_PERMITTED

View file

@ -1098,7 +1098,7 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle )
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
PSA_ERROR_INVALID_HANDLE ); PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
TEST_EQUAL( psa_get_key_attributes_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
TEST_EQUAL( psa_get_key_type( &attributes ), 0 ); TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
@ -4715,22 +4715,19 @@ exit:
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void persistent_key_load_key_from_storage( data_t *data, int type_arg, void persistent_key_load_key_from_storage( data_t *data,
int bits, int usage_arg, int type_arg, int bits_arg,
int alg_arg, int generation_method, int usage_flags_arg, int alg_arg,
int export_status ) int generation_method )
{ {
psa_key_id_t key_id = 1;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_handle_t handle = 0; psa_key_handle_t handle = 0;
psa_key_handle_t base_key; psa_key_handle_t base_key = 0;
psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_type_t type = type_arg;
psa_key_type_t type_get; size_t bits = bits_arg;
size_t bits_get; psa_key_usage_t usage_flags = usage_flags_arg;
psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT; psa_algorithm_t alg = alg_arg;
psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
psa_key_policy_t base_policy_set = PSA_KEY_POLICY_INIT;
psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
unsigned char *first_export = NULL; unsigned char *first_export = NULL;
unsigned char *second_export = NULL; unsigned char *second_export = NULL;
@ -4738,102 +4735,115 @@ void persistent_key_load_key_from_storage( data_t *data, int type_arg,
size_t first_exported_length; size_t first_exported_length;
size_t second_exported_length; size_t second_exported_length;
if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
ASSERT_ALLOC( first_export, export_size ); ASSERT_ALLOC( first_export, export_size );
ASSERT_ALLOC( second_export, export_size ); ASSERT_ALLOC( second_export, export_size );
}
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, 1, psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
&handle ) ); psa_set_key_usage_flags( &attributes, usage_flags );
psa_key_policy_set_usage( &policy_set, policy_usage, psa_set_key_algorithm( &attributes, alg );
policy_alg ); psa_set_key_type( &attributes, type );
PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
switch( generation_method ) switch( generation_method )
{ {
case IMPORT_KEY: case IMPORT_KEY:
/* Import the key */ /* Import the key */
PSA_ASSERT( psa_import_key_to_handle( handle, type, PSA_ASSERT( psa_import_key( &attributes, &handle,
data->x, data->len ) ); data->x, data->len ) );
break; break;
case GENERATE_KEY: case GENERATE_KEY:
/* Generate a key */ /* Generate a key */
PSA_ASSERT( psa_generate_key_to_handle( handle, type, bits, PSA_ASSERT( psa_generate_key( &attributes, &handle,
NULL, 0 ) ); bits, NULL, 0 ) );
break; break;
case DERIVE_KEY: case DERIVE_KEY:
{
/* Create base key */ /* Create base key */
PSA_ASSERT( psa_allocate_key( &base_key ) ); psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE, psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
base_policy_alg ); psa_set_key_usage_flags( &base_attributes,
PSA_ASSERT( psa_set_key_policy( PSA_KEY_USAGE_DERIVE );
base_key, &base_policy_set ) ); psa_set_key_algorithm( &base_attributes, derive_alg );
PSA_ASSERT( psa_import_key_to_handle( base_key, PSA_KEY_TYPE_DERIVE, psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
PSA_ASSERT( psa_import_key( &base_attributes, &base_key,
data->x, data->len ) ); data->x, data->len ) );
/* Derive a key. */ /* Derive a key. */
PSA_ASSERT( psa_key_derivation( &generator, base_key, PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) );
base_policy_alg, PSA_ASSERT( psa_key_derivation_input_key( &generator,
NULL, 0, NULL, 0, PSA_KDF_STEP_SECRET,
export_size ) ); base_key ) );
PSA_ASSERT( psa_generator_import_key_to_handle( PSA_ASSERT( psa_key_derivation_input_bytes(
handle, PSA_KEY_TYPE_RAW_DATA, &generator, PSA_KDF_STEP_INFO,
NULL, 0 ) );
PSA_ASSERT( psa_generator_import_key( &attributes, &handle,
bits, &generator ) ); bits, &generator ) );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = 0;
}
break; break;
} }
psa_reset_key_attributes( &attributes );
/* Export the key */ /* Export the key if permitted by the key policy. */
TEST_EQUAL( psa_export_key( handle, if( usage_flags & PSA_KEY_USAGE_EXPORT )
{
PSA_ASSERT( psa_export_key( handle,
first_export, export_size, first_export, export_size,
&first_exported_length ), &first_exported_length ) );
export_status ); if( generation_method == IMPORT_KEY )
ASSERT_COMPARE( data->x, data->len,
first_export, first_exported_length );
}
/* Shutdown and restart */ /* Shutdown and restart */
mbedtls_psa_crypto_free(); mbedtls_psa_crypto_free();
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
/* Check key slot still contains key data */ /* Check key slot still contains key data */
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, 1, PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) ); &handle ) );
PSA_ASSERT( psa_get_key_information( PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
handle, &type_get, &bits_get ) ); TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
TEST_EQUAL( type_get, type ); TEST_EQUAL( psa_get_key_lifetime( &attributes ),
TEST_EQUAL( bits_get, (size_t) bits ); PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) ); /* Export the key again if permitted by the key policy. */
TEST_EQUAL( psa_key_policy_get_usage( &policy_get ), policy_usage ); if( usage_flags & PSA_KEY_USAGE_EXPORT )
TEST_EQUAL( psa_key_policy_get_algorithm( &policy_get ), policy_alg );
/* Export the key again */
TEST_EQUAL( psa_export_key( handle,
second_export, export_size,
&second_exported_length ),
export_status );
if( export_status == PSA_SUCCESS )
{ {
PSA_ASSERT( psa_export_key( handle,
second_export, export_size,
&second_exported_length ) );
ASSERT_COMPARE( first_export, first_exported_length, ASSERT_COMPARE( first_export, first_exported_length,
second_export, second_exported_length ); second_export, second_exported_length );
switch( generation_method )
{
case IMPORT_KEY:
ASSERT_COMPARE( data->x, data->len,
first_export, first_exported_length );
break;
default:
break;
}
} }
/* Do something with the key according to its type and permitted usage. */ /* Do something with the key according to its type and permitted usage. */
if( ! exercise_key( handle, policy_usage, policy_alg ) ) if( ! exercise_key( handle, usage_flags, alg ) )
goto exit; goto exit;
exit: exit:
mbedtls_free( first_export ); mbedtls_free( first_export );
mbedtls_free( second_export ); mbedtls_free( second_export );
psa_generator_abort( &generator );
psa_destroy_key( base_key );
if( handle == 0 )
{
/* In case there was a test failure after creating the persistent key
* but while it was not open, try to re-open the persistent key
* to delete it. */
psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle );
}
psa_destroy_key( handle ); psa_destroy_key( handle );
mbedtls_psa_crypto_free(); mbedtls_psa_crypto_free();
} }

View file

@ -26,11 +26,7 @@ save_large_persistent_key:1:PSA_ERROR_INSUFFICIENT_STORAGE
Persistent key destroy Persistent key destroy
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Persistent key destroy missing key
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
Persistent key import Persistent key import
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C

View file

@ -87,6 +87,7 @@ void save_large_persistent_key( int data_too_large, int expected_status )
psa_key_handle_t handle = 0; psa_key_handle_t handle = 0;
uint8_t *data = NULL; uint8_t *data = NULL;
size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE; size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
if( data_too_large ) if( data_too_large )
data_length += 1; data_length += 1;
@ -95,10 +96,10 @@ void save_large_persistent_key( int data_too_large, int expected_status )
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
&handle ) ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
TEST_EQUAL( psa_import_key_to_handle( handle, PSA_KEY_TYPE_RAW_DATA, TEST_EQUAL( psa_import_key( &attributes, &handle,
data, data_length ), data, data_length ),
expected_status ); expected_status );
@ -110,7 +111,7 @@ exit:
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void persistent_key_destroy( int key_id_arg, int should_store, void persistent_key_destroy( int key_id_arg, int restart,
int first_type_arg, data_t *first_data, int first_type_arg, data_t *first_data,
int second_type_arg, data_t *second_data ) int second_type_arg, data_t *second_data )
{ {
@ -118,18 +119,25 @@ void persistent_key_destroy( int key_id_arg, int should_store,
psa_key_handle_t handle = 0; psa_key_handle_t handle = 0;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
&handle ) ); psa_set_key_type( &attributes, first_type );
if( should_store == 1 ) PSA_ASSERT( psa_import_key( &attributes, &handle,
{
PSA_ASSERT( psa_import_key_to_handle(
handle, first_type,
first_data->x, first_data->len ) ); first_data->x, first_data->len ) );
if( restart )
{
psa_close_key( handle );
mbedtls_psa_crypto_free();
PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) );
} }
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
/* Destroy the key */ /* Destroy the key */
PSA_ASSERT( psa_destroy_key( handle ) ); PSA_ASSERT( psa_destroy_key( handle ) );
@ -145,10 +153,9 @@ void persistent_key_destroy( int key_id_arg, int should_store,
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
/* Create another key in the same slot */ /* Create another key in the same slot */
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
&handle ) ); psa_set_key_type( &attributes, second_type );
PSA_ASSERT( psa_import_key_to_handle( PSA_ASSERT( psa_import_key( &attributes, &handle,
handle, second_type,
second_data->x, second_data->len ) ); second_data->x, second_data->len ) );
exit: exit:
@ -161,16 +168,16 @@ exit:
void persistent_key_import( int key_id_arg, int type_arg, data_t *data, void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
int expected_status ) int expected_status )
{ {
psa_key_lifetime_t lifetime;
psa_key_id_t key_id = (psa_key_id_t) key_id_arg; psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0; psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init() ); PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
&handle ) ); psa_set_key_type( &attributes, type );
TEST_EQUAL( psa_import_key_to_handle( handle, type, data->x, data->len ), TEST_EQUAL( psa_import_key( &attributes, &handle, data->x, data->len ),
expected_status ); expected_status );
if( expected_status != PSA_SUCCESS ) if( expected_status != PSA_SUCCESS )
@ -179,8 +186,14 @@ void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
goto exit; goto exit;
} }
PSA_ASSERT( psa_get_key_lifetime_from_handle( handle, &lifetime ) ); psa_reset_key_attributes( &attributes );
TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
exit: exit:
psa_destroy_persistent_key( key_id ); psa_destroy_persistent_key( key_id );
@ -198,34 +211,30 @@ void import_export_persistent_key( data_t *data, int type_arg,
unsigned char *exported = NULL; unsigned char *exported = NULL;
size_t export_size = data->len; size_t export_size = data->len;
size_t exported_length; size_t exported_length;
psa_key_type_t got_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t got_bits;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_lifetime_t lifetime_get;
ASSERT_ALLOC( exported, export_size ); ASSERT_ALLOC( exported, export_size );
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
&handle ) ); psa_set_key_type( &attributes, type );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
PSA_ALG_VENDOR_FLAG );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
/* Import the key */ /* Import the key */
PSA_ASSERT( psa_import_key_to_handle( handle, type, PSA_ASSERT( psa_import_key( &attributes, &handle,
data->x, data->len ) ); data->x, data->len ) );
PSA_ASSERT( psa_get_key_lifetime_from_handle( handle, &lifetime_get ) );
TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
/* Test the key information */ /* Test the key information */
PSA_ASSERT( psa_get_key_information( psa_reset_key_attributes( &attributes );
handle, &got_type, &got_bits ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
TEST_EQUAL( got_type, type ); TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
TEST_EQUAL( got_bits, (size_t) expected_bits ); TEST_EQUAL( psa_get_key_lifetime( &attributes ),
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits );
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );