Update persistent_key_load_key_from_storage to use attributes
Update persistent_key_load_key_from_storage to the new attribute-based key creation interface. I tweaked the code a little to make it simpler and more robust without changing the core logic.
This commit is contained in:
parent
ca25db91f5
commit
5c648abe44
4 changed files with 158 additions and 135 deletions
|
@ -2036,34 +2036,42 @@ PSA generate key: ECC, SECP256R1, incorrect bit size
|
||||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
|
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
|
||||||
generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
|
generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
persistent key can be accessed after in-memory deletion: AES, 128 bits, CTR
|
PSA import persistent key: raw data, 0 bits
|
||||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
|
||||||
|
|
||||||
PSA generate persistent key: raw data, 8 bits
|
PSA import persistent key: AES, 128 bits, exportable
|
||||||
|
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY
|
||||||
|
|
||||||
|
PSA import persistent key: AES, 128 bits, non-exportable
|
||||||
|
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY
|
||||||
|
|
||||||
|
PSA generate persistent key: raw data, 8 bits, exportable
|
||||||
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY
|
||||||
|
|
||||||
PSA generate persistent key: AES, 128 bits, CTR
|
PSA generate persistent key: AES, 128 bits, exportable
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
|
||||||
|
|
||||||
PSA generate persistent key: DES, 64 bits, CBC-nopad
|
PSA generate persistent key: AES, 128 bits, non-exportable
|
||||||
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY
|
||||||
|
|
||||||
|
PSA generate persistent key: DES, 64 bits, exportable
|
||||||
depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_DES_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
|
||||||
|
|
||||||
PSA generate persistent key: RSA, 1024 bits, good, sign (PSS SHA-256)
|
PSA generate persistent key: RSA, 1024 bits, exportable
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
|
||||||
|
|
||||||
PSA generate persistent key: ECC, SECP256R1, good
|
PSA generate persistent key: ECC, SECP256R1, exportable
|
||||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:GENERATE_KEY
|
||||||
|
|
||||||
PSA derive persistent key: HKDF SHA-256
|
PSA derive persistent key: HKDF SHA-256, exportable
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY:PSA_SUCCESS
|
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
|
||||||
|
|
||||||
PSA generate persistent key: AES, 128 bits, CTR
|
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
|
||||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY:PSA_ERROR_NOT_PERMITTED
|
|
||||||
|
|
|
@ -1098,7 +1098,7 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle )
|
||||||
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
|
TEST_EQUAL( psa_get_key_attributes( handle, &attributes ),
|
||||||
PSA_ERROR_INVALID_HANDLE );
|
PSA_ERROR_INVALID_HANDLE );
|
||||||
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
|
TEST_EQUAL( psa_get_key_id( &attributes ), 0 );
|
||||||
TEST_EQUAL( psa_get_key_attributes_lifetime( &attributes ), 0 );
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
|
||||||
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
|
||||||
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||||
TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
|
TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
|
||||||
|
@ -4715,22 +4715,19 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||||
void persistent_key_load_key_from_storage( data_t *data, int type_arg,
|
void persistent_key_load_key_from_storage( data_t *data,
|
||||||
int bits, int usage_arg,
|
int type_arg, int bits_arg,
|
||||||
int alg_arg, int generation_method,
|
int usage_flags_arg, int alg_arg,
|
||||||
int export_status )
|
int generation_method )
|
||||||
{
|
{
|
||||||
|
psa_key_id_t key_id = 1;
|
||||||
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
psa_key_handle_t handle = 0;
|
psa_key_handle_t handle = 0;
|
||||||
psa_key_handle_t base_key;
|
psa_key_handle_t base_key = 0;
|
||||||
psa_key_type_t type = (psa_key_type_t) type_arg;
|
psa_key_type_t type = type_arg;
|
||||||
psa_key_type_t type_get;
|
size_t bits = bits_arg;
|
||||||
size_t bits_get;
|
psa_key_usage_t usage_flags = usage_flags_arg;
|
||||||
psa_key_policy_t policy_set = PSA_KEY_POLICY_INIT;
|
psa_algorithm_t alg = alg_arg;
|
||||||
psa_key_policy_t policy_get = PSA_KEY_POLICY_INIT;
|
|
||||||
psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
|
|
||||||
psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
|
|
||||||
psa_key_policy_t base_policy_set = PSA_KEY_POLICY_INIT;
|
|
||||||
psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
|
|
||||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||||
unsigned char *first_export = NULL;
|
unsigned char *first_export = NULL;
|
||||||
unsigned char *second_export = NULL;
|
unsigned char *second_export = NULL;
|
||||||
|
@ -4738,102 +4735,115 @@ void persistent_key_load_key_from_storage( data_t *data, int type_arg,
|
||||||
size_t first_exported_length;
|
size_t first_exported_length;
|
||||||
size_t second_exported_length;
|
size_t second_exported_length;
|
||||||
|
|
||||||
ASSERT_ALLOC( first_export, export_size );
|
if( usage_flags & PSA_KEY_USAGE_EXPORT )
|
||||||
ASSERT_ALLOC( second_export, export_size );
|
{
|
||||||
|
ASSERT_ALLOC( first_export, export_size );
|
||||||
|
ASSERT_ALLOC( second_export, export_size );
|
||||||
|
}
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init() );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
|
||||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
|
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
&handle ) );
|
psa_set_key_usage_flags( &attributes, usage_flags );
|
||||||
psa_key_policy_set_usage( &policy_set, policy_usage,
|
psa_set_key_algorithm( &attributes, alg );
|
||||||
policy_alg );
|
psa_set_key_type( &attributes, type );
|
||||||
PSA_ASSERT( psa_set_key_policy( handle, &policy_set ) );
|
|
||||||
|
|
||||||
switch( generation_method )
|
switch( generation_method )
|
||||||
{
|
{
|
||||||
case IMPORT_KEY:
|
case IMPORT_KEY:
|
||||||
/* Import the key */
|
/* Import the key */
|
||||||
PSA_ASSERT( psa_import_key_to_handle( handle, type,
|
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||||
data->x, data->len ) );
|
data->x, data->len ) );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case GENERATE_KEY:
|
case GENERATE_KEY:
|
||||||
/* Generate a key */
|
/* Generate a key */
|
||||||
PSA_ASSERT( psa_generate_key_to_handle( handle, type, bits,
|
PSA_ASSERT( psa_generate_key( &attributes, &handle,
|
||||||
NULL, 0 ) );
|
bits, NULL, 0 ) );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DERIVE_KEY:
|
case DERIVE_KEY:
|
||||||
/* Create base key */
|
{
|
||||||
PSA_ASSERT( psa_allocate_key( &base_key ) );
|
/* Create base key */
|
||||||
psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE,
|
psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
|
||||||
base_policy_alg );
|
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
PSA_ASSERT( psa_set_key_policy(
|
psa_set_key_usage_flags( &base_attributes,
|
||||||
base_key, &base_policy_set ) );
|
PSA_KEY_USAGE_DERIVE );
|
||||||
PSA_ASSERT( psa_import_key_to_handle( base_key, PSA_KEY_TYPE_DERIVE,
|
psa_set_key_algorithm( &base_attributes, derive_alg );
|
||||||
data->x, data->len ) );
|
psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
|
||||||
/* Derive a key. */
|
PSA_ASSERT( psa_import_key( &base_attributes, &base_key,
|
||||||
PSA_ASSERT( psa_key_derivation( &generator, base_key,
|
data->x, data->len ) );
|
||||||
base_policy_alg,
|
/* Derive a key. */
|
||||||
NULL, 0, NULL, 0,
|
PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) );
|
||||||
export_size ) );
|
PSA_ASSERT( psa_key_derivation_input_key( &generator,
|
||||||
PSA_ASSERT( psa_generator_import_key_to_handle(
|
PSA_KDF_STEP_SECRET,
|
||||||
handle, PSA_KEY_TYPE_RAW_DATA,
|
base_key ) );
|
||||||
bits, &generator ) );
|
PSA_ASSERT( psa_key_derivation_input_bytes(
|
||||||
|
&generator, PSA_KDF_STEP_INFO,
|
||||||
|
NULL, 0 ) );
|
||||||
|
PSA_ASSERT( psa_generator_import_key( &attributes, &handle,
|
||||||
|
bits, &generator ) );
|
||||||
|
PSA_ASSERT( psa_generator_abort( &generator ) );
|
||||||
|
PSA_ASSERT( psa_destroy_key( base_key ) );
|
||||||
|
base_key = 0;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
psa_reset_key_attributes( &attributes );
|
||||||
|
|
||||||
/* Export the key */
|
/* Export the key if permitted by the key policy. */
|
||||||
TEST_EQUAL( psa_export_key( handle,
|
if( usage_flags & PSA_KEY_USAGE_EXPORT )
|
||||||
first_export, export_size,
|
{
|
||||||
&first_exported_length ),
|
PSA_ASSERT( psa_export_key( handle,
|
||||||
export_status );
|
first_export, export_size,
|
||||||
|
&first_exported_length ) );
|
||||||
|
if( generation_method == IMPORT_KEY )
|
||||||
|
ASSERT_COMPARE( data->x, data->len,
|
||||||
|
first_export, first_exported_length );
|
||||||
|
}
|
||||||
|
|
||||||
/* Shutdown and restart */
|
/* Shutdown and restart */
|
||||||
mbedtls_psa_crypto_free();
|
mbedtls_psa_crypto_free();
|
||||||
PSA_ASSERT( psa_crypto_init() );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
|
||||||
/* Check key slot still contains key data */
|
/* Check key slot still contains key data */
|
||||||
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, 1,
|
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||||
&handle ) );
|
&handle ) );
|
||||||
PSA_ASSERT( psa_get_key_information(
|
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||||
handle, &type_get, &bits_get ) );
|
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
|
||||||
TEST_EQUAL( type_get, type );
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||||
TEST_EQUAL( bits_get, (size_t) bits );
|
PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
|
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||||
|
TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
|
||||||
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
|
||||||
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
|
||||||
|
|
||||||
PSA_ASSERT( psa_get_key_policy( handle, &policy_get ) );
|
/* Export the key again if permitted by the key policy. */
|
||||||
TEST_EQUAL( psa_key_policy_get_usage( &policy_get ), policy_usage );
|
if( usage_flags & PSA_KEY_USAGE_EXPORT )
|
||||||
TEST_EQUAL( psa_key_policy_get_algorithm( &policy_get ), policy_alg );
|
|
||||||
|
|
||||||
/* Export the key again */
|
|
||||||
TEST_EQUAL( psa_export_key( handle,
|
|
||||||
second_export, export_size,
|
|
||||||
&second_exported_length ),
|
|
||||||
export_status );
|
|
||||||
|
|
||||||
if( export_status == PSA_SUCCESS )
|
|
||||||
{
|
{
|
||||||
|
PSA_ASSERT( psa_export_key( handle,
|
||||||
|
second_export, export_size,
|
||||||
|
&second_exported_length ) );
|
||||||
ASSERT_COMPARE( first_export, first_exported_length,
|
ASSERT_COMPARE( first_export, first_exported_length,
|
||||||
second_export, second_exported_length );
|
second_export, second_exported_length );
|
||||||
|
|
||||||
switch( generation_method )
|
|
||||||
{
|
|
||||||
case IMPORT_KEY:
|
|
||||||
ASSERT_COMPARE( data->x, data->len,
|
|
||||||
first_export, first_exported_length );
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Do something with the key according to its type and permitted usage. */
|
/* Do something with the key according to its type and permitted usage. */
|
||||||
if( ! exercise_key( handle, policy_usage, policy_alg ) )
|
if( ! exercise_key( handle, usage_flags, alg ) )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_free( first_export );
|
mbedtls_free( first_export );
|
||||||
mbedtls_free( second_export );
|
mbedtls_free( second_export );
|
||||||
|
psa_generator_abort( &generator );
|
||||||
|
psa_destroy_key( base_key );
|
||||||
|
if( handle == 0 )
|
||||||
|
{
|
||||||
|
/* In case there was a test failure after creating the persistent key
|
||||||
|
* but while it was not open, try to re-open the persistent key
|
||||||
|
* to delete it. */
|
||||||
|
psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle );
|
||||||
|
}
|
||||||
psa_destroy_key( handle );
|
psa_destroy_key( handle );
|
||||||
mbedtls_psa_crypto_free();
|
mbedtls_psa_crypto_free();
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,11 +26,7 @@ save_large_persistent_key:1:PSA_ERROR_INSUFFICIENT_STORAGE
|
||||||
|
|
||||||
Persistent key destroy
|
Persistent key destroy
|
||||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||||
persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
|
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
|
||||||
|
|
||||||
Persistent key destroy missing key
|
|
||||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
|
||||||
persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEYPAIR:"":PSA_KEY_TYPE_RAW_DATA:"deadbeef"
|
|
||||||
|
|
||||||
Persistent key import
|
Persistent key import
|
||||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
|
||||||
|
|
|
@ -87,6 +87,7 @@ void save_large_persistent_key( int data_too_large, int expected_status )
|
||||||
psa_key_handle_t handle = 0;
|
psa_key_handle_t handle = 0;
|
||||||
uint8_t *data = NULL;
|
uint8_t *data = NULL;
|
||||||
size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
|
size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
|
||||||
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
if( data_too_large )
|
if( data_too_large )
|
||||||
data_length += 1;
|
data_length += 1;
|
||||||
|
@ -95,10 +96,10 @@ void save_large_persistent_key( int data_too_large, int expected_status )
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init() );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
|
||||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
&handle ) );
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||||
|
|
||||||
TEST_EQUAL( psa_import_key_to_handle( handle, PSA_KEY_TYPE_RAW_DATA,
|
TEST_EQUAL( psa_import_key( &attributes, &handle,
|
||||||
data, data_length ),
|
data, data_length ),
|
||||||
expected_status );
|
expected_status );
|
||||||
|
|
||||||
|
@ -110,7 +111,7 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void persistent_key_destroy( int key_id_arg, int should_store,
|
void persistent_key_destroy( int key_id_arg, int restart,
|
||||||
int first_type_arg, data_t *first_data,
|
int first_type_arg, data_t *first_data,
|
||||||
int second_type_arg, data_t *second_data )
|
int second_type_arg, data_t *second_data )
|
||||||
{
|
{
|
||||||
|
@ -118,18 +119,25 @@ void persistent_key_destroy( int key_id_arg, int should_store,
|
||||||
psa_key_handle_t handle = 0;
|
psa_key_handle_t handle = 0;
|
||||||
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
|
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
|
||||||
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
|
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
|
||||||
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init() );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
|
||||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
&handle ) );
|
psa_set_key_type( &attributes, first_type );
|
||||||
|
|
||||||
if( should_store == 1 )
|
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||||
|
first_data->x, first_data->len ) );
|
||||||
|
|
||||||
|
if( restart )
|
||||||
{
|
{
|
||||||
PSA_ASSERT( psa_import_key_to_handle(
|
psa_close_key( handle );
|
||||||
handle, first_type,
|
mbedtls_psa_crypto_free();
|
||||||
first_data->x, first_data->len ) );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
PSA_ASSERT( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
||||||
|
&handle ) );
|
||||||
}
|
}
|
||||||
|
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
|
||||||
|
|
||||||
/* Destroy the key */
|
/* Destroy the key */
|
||||||
PSA_ASSERT( psa_destroy_key( handle ) );
|
PSA_ASSERT( psa_destroy_key( handle ) );
|
||||||
|
@ -145,11 +153,10 @@ void persistent_key_destroy( int key_id_arg, int should_store,
|
||||||
PSA_ASSERT( psa_crypto_init() );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
|
||||||
/* Create another key in the same slot */
|
/* Create another key in the same slot */
|
||||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
&handle ) );
|
psa_set_key_type( &attributes, second_type );
|
||||||
PSA_ASSERT( psa_import_key_to_handle(
|
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||||
handle, second_type,
|
second_data->x, second_data->len ) );
|
||||||
second_data->x, second_data->len ) );
|
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_psa_crypto_free();
|
mbedtls_psa_crypto_free();
|
||||||
|
@ -161,16 +168,16 @@ exit:
|
||||||
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
|
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
|
||||||
int expected_status )
|
int expected_status )
|
||||||
{
|
{
|
||||||
psa_key_lifetime_t lifetime;
|
|
||||||
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
|
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
|
||||||
psa_key_type_t type = (psa_key_type_t) type_arg;
|
psa_key_type_t type = (psa_key_type_t) type_arg;
|
||||||
psa_key_handle_t handle = 0;
|
psa_key_handle_t handle = 0;
|
||||||
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init() );
|
PSA_ASSERT( psa_crypto_init() );
|
||||||
|
|
||||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
&handle ) );
|
psa_set_key_type( &attributes, type );
|
||||||
TEST_EQUAL( psa_import_key_to_handle( handle, type, data->x, data->len ),
|
TEST_EQUAL( psa_import_key( &attributes, &handle, data->x, data->len ),
|
||||||
expected_status );
|
expected_status );
|
||||||
|
|
||||||
if( expected_status != PSA_SUCCESS )
|
if( expected_status != PSA_SUCCESS )
|
||||||
|
@ -179,8 +186,14 @@ void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
PSA_ASSERT( psa_get_key_lifetime_from_handle( handle, &lifetime ) );
|
psa_reset_key_attributes( &attributes );
|
||||||
TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );
|
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||||
|
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
|
||||||
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||||
|
PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
|
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||||
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
|
||||||
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
psa_destroy_persistent_key( key_id );
|
psa_destroy_persistent_key( key_id );
|
||||||
|
@ -198,34 +211,30 @@ void import_export_persistent_key( data_t *data, int type_arg,
|
||||||
unsigned char *exported = NULL;
|
unsigned char *exported = NULL;
|
||||||
size_t export_size = data->len;
|
size_t export_size = data->len;
|
||||||
size_t exported_length;
|
size_t exported_length;
|
||||||
psa_key_type_t got_type;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
size_t got_bits;
|
|
||||||
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
|
|
||||||
psa_key_lifetime_t lifetime_get;
|
|
||||||
|
|
||||||
ASSERT_ALLOC( exported, export_size );
|
ASSERT_ALLOC( exported, export_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init( ) );
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
|
||||||
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
|
psa_make_key_persistent( &attributes, key_id, PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
&handle ) );
|
psa_set_key_type( &attributes, type );
|
||||||
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
|
||||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
|
|
||||||
PSA_ALG_VENDOR_FLAG );
|
|
||||||
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
|
|
||||||
|
|
||||||
/* Import the key */
|
/* Import the key */
|
||||||
PSA_ASSERT( psa_import_key_to_handle( handle, type,
|
PSA_ASSERT( psa_import_key( &attributes, &handle,
|
||||||
data->x, data->len ) );
|
data->x, data->len ) );
|
||||||
|
|
||||||
PSA_ASSERT( psa_get_key_lifetime_from_handle( handle, &lifetime_get ) );
|
|
||||||
TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
|
|
||||||
|
|
||||||
/* Test the key information */
|
/* Test the key information */
|
||||||
PSA_ASSERT( psa_get_key_information(
|
psa_reset_key_attributes( &attributes );
|
||||||
handle, &got_type, &got_bits ) );
|
PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) );
|
||||||
TEST_EQUAL( got_type, type );
|
TEST_EQUAL( psa_get_key_id( &attributes ), key_id );
|
||||||
TEST_EQUAL( got_bits, (size_t) expected_bits );
|
TEST_EQUAL( psa_get_key_lifetime( &attributes ),
|
||||||
|
PSA_KEY_LIFETIME_PERSISTENT );
|
||||||
|
TEST_EQUAL( psa_get_key_type( &attributes ), type );
|
||||||
|
TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits );
|
||||||
|
TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT );
|
||||||
|
TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
|
||||||
|
|
||||||
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
|
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue