1/* BEGIN_HEADER */ 2#include "psa/crypto_se_driver.h" 3 4#include "psa_crypto_se.h" 5#include "psa_crypto_slot_management.h" 6#include "psa_crypto_storage.h" 7 8/* Invasive peeking: check the persistent data */ 9#if defined(MBEDTLS_PSA_ITS_FILE_C) 10#include "psa_crypto_its.h" 11#else /* Native ITS implementation */ 12#include "psa/error.h" 13#include "psa/internal_trusted_storage.h" 14#endif 15 16 17/****************************************************************/ 18/* Test driver helpers */ 19/****************************************************************/ 20 21/** The minimum valid location value for a secure element driver. */ 22#define MIN_DRIVER_LOCATION 1 23 24/** The location and lifetime used for tests that use a single driver. */ 25#define TEST_DRIVER_LOCATION 1 26#define TEST_SE_PERSISTENT_LIFETIME \ 27 ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 28 PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) 29 30#define TEST_SE_VOLATILE_LIFETIME \ 31 ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ 32 PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) ) 33 34/** The driver detected a condition that shouldn't happen. 35 * This is probably a bug in the library. */ 36#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 )) 37 38/** Like #TEST_ASSERT for use in a driver method, with no cleanup. 39 * 40 * If an error happens, this macro returns from the calling function. 41 * 42 * Use this macro to assert on guarantees provided by the core. 43 */ 44#define DRIVER_ASSERT_RETURN( TEST ) \ 45 do { \ 46 if( ! (TEST) ) \ 47 { \ 48 mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ 49 return( PSA_ERROR_DETECTED_BY_DRIVER ); \ 50 } \ 51 } while( 0 ) 52 53/** Like #TEST_ASSERT for use in a driver method, with cleanup. 54 * 55 * In case of error, this macro sets `status` and jumps to the 56 * label `exit`. 57 * 58 * Use this macro to assert on guarantees provided by the core. 59 */ 60#define DRIVER_ASSERT( TEST ) \ 61 do { \ 62 if( ! (TEST) ) \ 63 { \ 64 mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ 65 status = PSA_ERROR_DETECTED_BY_DRIVER; \ 66 goto exit; \ 67 } \ 68 } while( 0 ) 69 70/** Like #PSA_ASSERT for a PSA API call that calls a driver underneath. 71 * 72 * Run the code \p expr. If this returns \p expected_status, 73 * do nothing. If this returns #PSA_ERROR_DETECTED_BY_DRIVER, 74 * jump directly to the `exit` label. If this returns any other 75 * status, call mbedtls_test_fail() then jump to `exit`. 76 * 77 * The special case for #PSA_ERROR_DETECTED_BY_DRIVER is because in this 78 * case, the test driver code is expected to have called mbedtls_test_fail() 79 * already, so we make sure not to overwrite the failure information. 80 */ 81#define PSA_ASSERT_VIA_DRIVER( expr, expected_status ) \ 82 do { \ 83 psa_status_t PSA_ASSERT_VIA_DRIVER_status = ( expr ); \ 84 if( PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER ) \ 85 goto exit; \ 86 if( PSA_ASSERT_VIA_DRIVER_status != ( expected_status ) ) \ 87 { \ 88 mbedtls_test_fail( #expr, __LINE__, __FILE__ ); \ 89 goto exit; \ 90 } \ 91 } while( 0 ) 92 93 94 95/****************************************************************/ 96/* Domain support functions */ 97/****************************************************************/ 98 99/* Return the exact bit size given a curve family and a byte length. */ 100static size_t ecc_curve_bits( psa_ecc_family_t curve, size_t data_length ) 101{ 102 switch( curve ) 103 { 104 case PSA_ECC_FAMILY_SECP_R1: 105 if( data_length == PSA_BYTES_TO_BITS( 521 ) ) 106 return( 521 ); 107 break; 108 case PSA_ECC_FAMILY_MONTGOMERY: 109 if( data_length == PSA_BYTES_TO_BITS( 255 ) ) 110 return( 255 ); 111 } 112 /* If not listed above, assume a multiple of 8 bits. */ 113 return( PSA_BYTES_TO_BITS( data_length ) ); 114} 115 116 117/****************************************************************/ 118/* Miscellaneous driver methods */ 119/****************************************************************/ 120 121typedef struct 122{ 123 psa_key_slot_number_t slot_number; 124 psa_key_creation_method_t method; 125 psa_status_t status; 126} validate_slot_number_directions_t; 127static validate_slot_number_directions_t validate_slot_number_directions; 128 129/* Validate a choice of slot number as directed. */ 130static psa_status_t validate_slot_number_as_directed( 131 psa_drv_se_context_t *context, 132 void *persistent_data, 133 const psa_key_attributes_t *attributes, 134 psa_key_creation_method_t method, 135 psa_key_slot_number_t slot_number ) 136{ 137 (void) context; 138 (void) persistent_data; 139 (void) attributes; 140 DRIVER_ASSERT_RETURN( slot_number == 141 validate_slot_number_directions.slot_number ); 142 DRIVER_ASSERT_RETURN( method == 143 validate_slot_number_directions.method ); 144 return( validate_slot_number_directions.status ); 145} 146 147/* Allocate slot numbers with a monotonic counter. */ 148static psa_key_slot_number_t shadow_counter; 149static void counter_reset( void ) 150{ 151 shadow_counter = 0; 152} 153static psa_status_t counter_allocate( psa_drv_se_context_t *context, 154 void *persistent_data, 155 const psa_key_attributes_t *attributes, 156 psa_key_creation_method_t method, 157 psa_key_slot_number_t *slot_number ) 158{ 159 psa_key_slot_number_t *p_counter = persistent_data; 160 (void) attributes; 161 (void) method; 162 if( context->persistent_data_size != sizeof( psa_key_slot_number_t ) ) 163 return( PSA_ERROR_DETECTED_BY_DRIVER ); 164 ++*p_counter; 165 if( *p_counter == 0 ) 166 return( PSA_ERROR_INSUFFICIENT_STORAGE ); 167 shadow_counter = *p_counter; 168 *slot_number = *p_counter; 169 return( PSA_SUCCESS ); 170} 171 172/* Null import: do nothing, but pretend it worked. */ 173static psa_status_t null_import( psa_drv_se_context_t *context, 174 psa_key_slot_number_t slot_number, 175 const psa_key_attributes_t *attributes, 176 const uint8_t *data, 177 size_t data_length, 178 size_t *bits ) 179{ 180 (void) context; 181 (void) slot_number; 182 (void) attributes; 183 (void) data; 184 /* We're supposed to return a key size. Return one that's correct for 185 * plain data keys. */ 186 *bits = PSA_BYTES_TO_BITS( data_length ); 187 return( PSA_SUCCESS ); 188} 189 190/* Null generate: do nothing, but pretend it worked. */ 191static psa_status_t null_generate( psa_drv_se_context_t *context, 192 psa_key_slot_number_t slot_number, 193 const psa_key_attributes_t *attributes, 194 uint8_t *pubkey, 195 size_t pubkey_size, 196 size_t *pubkey_length ) 197{ 198 (void) context; 199 (void) slot_number; 200 (void) attributes; 201 202 DRIVER_ASSERT_RETURN( *pubkey_length == 0 ); 203 if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) 204 { 205 DRIVER_ASSERT_RETURN( pubkey == NULL ); 206 DRIVER_ASSERT_RETURN( pubkey_size == 0 ); 207 } 208 209 return( PSA_SUCCESS ); 210} 211 212/* Null destroy: do nothing, but pretend it worked. */ 213static psa_status_t null_destroy( psa_drv_se_context_t *context, 214 void *persistent_data, 215 psa_key_slot_number_t slot_number ) 216{ 217 (void) context; 218 (void) persistent_data; 219 (void) slot_number; 220 return( PSA_SUCCESS ); 221} 222 223 224 225/****************************************************************/ 226/* RAM-based test driver */ 227/****************************************************************/ 228 229#define RAM_MAX_KEY_SIZE 64 230typedef struct 231{ 232 psa_key_lifetime_t lifetime; 233 psa_key_type_t type; 234 size_t bits; 235 uint8_t content[RAM_MAX_KEY_SIZE]; 236} ram_slot_t; 237static ram_slot_t ram_slots[16]; 238 239/* A type with at least ARRAY_LENGTH(ram_slots) bits, containing a 240 * bit vector indicating which slots are in use. */ 241typedef uint16_t ram_slot_usage_t; 242 243static ram_slot_usage_t ram_shadow_slot_usage; 244 245static uint8_t ram_min_slot = 0; 246 247static void ram_slots_reset( void ) 248{ 249 memset( ram_slots, 0, sizeof( ram_slots ) ); 250 ram_min_slot = 0; 251 ram_shadow_slot_usage = 0; 252} 253 254/* Common parts of key creation. 255 * 256 * In case of error, zero out ram_slots[slot_number]. But don't 257 * do that if the error is PSA_ERROR_DETECTED_BY_DRIVER: in this case 258 * you don't need to clean up (ram_slot_reset() will take care of it 259 * in the test case function's cleanup code) and it might be wrong 260 * (if slot_number is invalid). 261 */ 262static psa_status_t ram_create_common( psa_drv_se_context_t *context, 263 psa_key_slot_number_t slot_number, 264 const psa_key_attributes_t *attributes, 265 size_t required_storage ) 266{ 267 (void) context; 268 DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); 269 270 ram_slots[slot_number].lifetime = psa_get_key_lifetime( attributes ); 271 ram_slots[slot_number].type = psa_get_key_type( attributes ); 272 ram_slots[slot_number].bits = psa_get_key_bits( attributes ); 273 274 if( required_storage > sizeof( ram_slots[slot_number].content ) ) 275 { 276 memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) ); 277 return( PSA_ERROR_INSUFFICIENT_STORAGE ); 278 } 279 280 return( PSA_SUCCESS ); 281} 282 283/* This function does everything except actually generating key material. 284 * After calling it, you must copy the desired key material to 285 * ram_slots[slot_number].content. */ 286static psa_status_t ram_fake_generate( psa_drv_se_context_t *context, 287 psa_key_slot_number_t slot_number, 288 const psa_key_attributes_t *attributes, 289 uint8_t *pubkey, 290 size_t pubkey_size, 291 size_t *pubkey_length ) 292{ 293 psa_status_t status; 294 size_t required_storage = 295 PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type( attributes ), 296 psa_get_key_bits( attributes ) ); 297 298 DRIVER_ASSERT_RETURN( *pubkey_length == 0 ); 299 if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) 300 { 301 DRIVER_ASSERT_RETURN( pubkey == NULL ); 302 DRIVER_ASSERT_RETURN( pubkey_size == 0 ); 303 } 304 305 status = ram_create_common( context, slot_number, attributes, 306 required_storage ); 307 return( status ); 308} 309 310static psa_status_t ram_import( psa_drv_se_context_t *context, 311 psa_key_slot_number_t slot_number, 312 const psa_key_attributes_t *attributes, 313 const uint8_t *data, 314 size_t data_length, 315 size_t *bits ) 316{ 317 psa_key_type_t type = psa_get_key_type( attributes ); 318 psa_status_t status = ram_create_common( context, slot_number, attributes, 319 data_length ); 320 if( status != PSA_SUCCESS ) 321 return( status ); 322 323 /* The RAM driver only works for certain key types: raw keys, 324 * and ECC key pairs. This is true in particular of the bit-size 325 * calculation here. */ 326 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) 327 *bits = PSA_BYTES_TO_BITS( data_length ); 328 else if ( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) 329 { 330 *bits = ecc_curve_bits( PSA_KEY_TYPE_ECC_GET_FAMILY( type ), data_length ); 331 if( *bits == 0 ) 332 return( PSA_ERROR_DETECTED_BY_DRIVER ); 333 } 334 else 335 { 336 memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) ); 337 return( PSA_ERROR_NOT_SUPPORTED ); 338 } 339 340 ram_slots[slot_number].bits = *bits; 341 memcpy( ram_slots[slot_number].content, data, data_length ); 342 343 return( PSA_SUCCESS ); 344} 345 346static psa_status_t ram_export( psa_drv_se_context_t *context, 347 psa_key_slot_number_t slot_number, 348 uint8_t *data, 349 size_t data_size, 350 size_t *data_length ) 351{ 352 size_t actual_size; 353 (void) context; 354 DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); 355 actual_size = PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ); 356 if( actual_size > data_size ) 357 return( PSA_ERROR_BUFFER_TOO_SMALL ); 358 *data_length = actual_size; 359 memcpy( data, ram_slots[slot_number].content, actual_size ); 360 return( PSA_SUCCESS ); 361} 362 363static psa_status_t ram_export_public( psa_drv_se_context_t *context, 364 psa_key_slot_number_t slot_number, 365 uint8_t *data, 366 size_t data_size, 367 size_t *data_length ) 368{ 369 psa_status_t status; 370 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 371 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 372 373 (void) context; 374 DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); 375 DRIVER_ASSERT_RETURN( 376 PSA_KEY_TYPE_IS_KEY_PAIR( ram_slots[slot_number].type ) ); 377 378 psa_set_key_type( &attributes, ram_slots[slot_number].type ); 379 status = psa_import_key( &attributes, 380 ram_slots[slot_number].content, 381 PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ), 382 &key ); 383 if( status != PSA_SUCCESS ) 384 return( status ); 385 status = psa_export_public_key( key, data, data_size, data_length ); 386 psa_destroy_key( key ); 387 return( PSA_SUCCESS ); 388} 389 390static psa_status_t ram_destroy( psa_drv_se_context_t *context, 391 void *persistent_data, 392 psa_key_slot_number_t slot_number ) 393{ 394 ram_slot_usage_t *slot_usage = persistent_data; 395 DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) ); 396 DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); 397 memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) ); 398 *slot_usage &= ~(ram_slot_usage_t)( 1 << slot_number ); 399 ram_shadow_slot_usage = *slot_usage; 400 return( PSA_SUCCESS ); 401} 402 403static psa_status_t ram_allocate( psa_drv_se_context_t *context, 404 void *persistent_data, 405 const psa_key_attributes_t *attributes, 406 psa_key_creation_method_t method, 407 psa_key_slot_number_t *slot_number ) 408{ 409 ram_slot_usage_t *slot_usage = persistent_data; 410 (void) attributes; 411 (void) method; 412 DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) ); 413 for( *slot_number = ram_min_slot; 414 *slot_number < ARRAY_LENGTH( ram_slots ); 415 ++( *slot_number ) ) 416 { 417 if( ! ( *slot_usage & 1 << *slot_number ) ) 418 { 419 ram_shadow_slot_usage = *slot_usage; 420 return( PSA_SUCCESS ); 421 } 422 } 423 return( PSA_ERROR_INSUFFICIENT_STORAGE ); 424} 425 426static psa_status_t ram_validate_slot_number( 427 psa_drv_se_context_t *context, 428 void *persistent_data, 429 const psa_key_attributes_t *attributes, 430 psa_key_creation_method_t method, 431 psa_key_slot_number_t slot_number ) 432{ 433 (void) context; 434 (void) persistent_data; 435 (void) attributes; 436 (void) method; 437 if( slot_number >= ARRAY_LENGTH( ram_slots ) ) 438 return( PSA_ERROR_INVALID_ARGUMENT ); 439 return( PSA_SUCCESS ); 440} 441 442static psa_status_t ram_sign( psa_drv_se_context_t *context, 443 psa_key_slot_number_t slot_number, 444 psa_algorithm_t alg, 445 const uint8_t *hash, 446 size_t hash_length, 447 uint8_t *signature, 448 size_t signature_size, 449 size_t *signature_length ) 450{ 451 ram_slot_t *slot; 452 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 453 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 454 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 455 456 (void) context; 457 DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); 458 slot = &ram_slots[slot_number]; 459 460 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 461 psa_set_key_algorithm( &attributes, alg ); 462 psa_set_key_type( &attributes, slot->type ); 463 DRIVER_ASSERT( psa_import_key( &attributes, 464 slot->content, 465 PSA_BITS_TO_BYTES( slot->bits ), 466 &key ) == PSA_SUCCESS ); 467 status = psa_sign_hash( key, alg, 468 hash, hash_length, 469 signature, signature_size, signature_length ); 470 471exit: 472 psa_destroy_key( key ); 473 return( status ); 474} 475 476static psa_status_t ram_verify( psa_drv_se_context_t *context, 477 psa_key_slot_number_t slot_number, 478 psa_algorithm_t alg, 479 const uint8_t *hash, 480 size_t hash_length, 481 const uint8_t *signature, 482 size_t signature_length ) 483{ 484 ram_slot_t *slot; 485 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 486 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 487 psa_status_t status = PSA_ERROR_GENERIC_ERROR; 488 489 (void) context; 490 DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); 491 slot = &ram_slots[slot_number]; 492 493 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); 494 psa_set_key_algorithm( &attributes, alg ); 495 psa_set_key_type( &attributes, slot->type ); 496 DRIVER_ASSERT( psa_import_key( &attributes, 497 slot->content, 498 PSA_BITS_TO_BYTES( slot->bits ), 499 &key ) == 500 PSA_SUCCESS ); 501 status = psa_verify_hash( key, alg, 502 hash, hash_length, 503 signature, signature_length ); 504 505exit: 506 psa_destroy_key( key ); 507 return( status ); 508} 509 510 511/****************************************************************/ 512/* Other test helper functions */ 513/****************************************************************/ 514 515typedef enum 516{ 517 SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION, 518 SIGN_IN_DRIVER_AND_PARALLEL_CREATION, 519 SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC, 520} sign_verify_method_t; 521 522/* Check that the attributes of a key reported by psa_get_key_attributes() 523 * are consistent with the attributes used when creating the key. */ 524static int check_key_attributes( 525 mbedtls_svc_key_id_t key, 526 const psa_key_attributes_t *reference_attributes ) 527{ 528 int ok = 0; 529 psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; 530 531 PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) ); 532 533 TEST_ASSERT( mbedtls_svc_key_id_equal( 534 psa_get_key_id( &actual_attributes ), 535 psa_get_key_id( reference_attributes ) ) ); 536 TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ), 537 psa_get_key_lifetime( reference_attributes ) ); 538 TEST_EQUAL( psa_get_key_type( &actual_attributes ), 539 psa_get_key_type( reference_attributes ) ); 540 TEST_EQUAL( psa_get_key_usage_flags( &actual_attributes ), 541 psa_get_key_usage_flags( reference_attributes ) ); 542 TEST_EQUAL( psa_get_key_algorithm( &actual_attributes ), 543 psa_get_key_algorithm( reference_attributes ) ); 544 TEST_EQUAL( psa_get_key_enrollment_algorithm( &actual_attributes ), 545 psa_get_key_enrollment_algorithm( reference_attributes ) ); 546 if( psa_get_key_bits( reference_attributes ) != 0 ) 547 { 548 TEST_EQUAL( psa_get_key_bits( &actual_attributes ), 549 psa_get_key_bits( reference_attributes ) ); 550 } 551 552 { 553 psa_key_slot_number_t actual_slot_number = 0xdeadbeef; 554 psa_key_slot_number_t desired_slot_number = 0xb90cc011; 555 psa_key_lifetime_t lifetime = 556 psa_get_key_lifetime( &actual_attributes ); 557 psa_status_t status = psa_get_key_slot_number( &actual_attributes, 558 &actual_slot_number ); 559 if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION ) 560 { 561 /* The key is not in a secure element. */ 562 TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); 563 } 564 else 565 { 566 /* The key is in a secure element. If it had been created 567 * in a specific slot, check that it is reported there. */ 568 PSA_ASSERT( status ); 569 status = psa_get_key_slot_number( reference_attributes, 570 &desired_slot_number ); 571 if( status == PSA_SUCCESS ) 572 { 573 TEST_EQUAL( desired_slot_number, actual_slot_number ); 574 } 575 } 576 } 577 ok = 1; 578 579exit: 580 /* 581 * Actual key attributes may have been returned by psa_get_key_attributes() 582 * thus reset them as required. 583 */ 584 psa_reset_key_attributes( &actual_attributes ); 585 586 return( ok ); 587} 588 589/* Get the file UID corresponding to the specified location. 590 * If this changes, the storage format version must change. 591 * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. 592 */ 593psa_storage_uid_t file_uid_for_location( psa_key_location_t location ) 594{ 595 if( location > PSA_MAX_SE_LOCATION ) 596 return( 0 ); 597 return( 0xfffffe00 + location ); 598} 599 600/* Check that the persistent data of a driver has its expected content. */ 601static int check_persistent_data( psa_key_location_t location, 602 const void *expected_data, 603 size_t size ) 604{ 605 psa_storage_uid_t uid = file_uid_for_location( location ); 606 struct psa_storage_info_t info; 607 uint8_t *loaded = NULL; 608 int ok = 0; 609 610 PSA_ASSERT( psa_its_get_info( uid, &info ) ); 611 ASSERT_ALLOC( loaded, info.size ); 612 PSA_ASSERT( psa_its_get( uid, 0, info.size, loaded, NULL ) ); 613 ASSERT_COMPARE( expected_data, size, loaded, info.size ); 614 ok = 1; 615 616exit: 617 mbedtls_free( loaded ); 618 return( ok ); 619} 620 621/* Check that no persistent data exists for the given location. */ 622static int check_no_persistent_data( psa_key_location_t location ) 623{ 624 psa_storage_uid_t uid = file_uid_for_location( location ); 625 struct psa_storage_info_t info; 626 int ok = 0; 627 628 TEST_EQUAL( psa_its_get_info( uid, &info ), PSA_ERROR_DOES_NOT_EXIST ); 629 ok = 1; 630 631exit: 632 return( ok ); 633} 634 635/* Check that a function's return status is "smoke-free", i.e. that 636 * it's an acceptable error code when calling an API function that operates 637 * on a key with potentially bogus parameters. */ 638static int is_status_smoke_free( psa_status_t status ) 639{ 640 switch( status ) 641 { 642 case PSA_SUCCESS: 643 case PSA_ERROR_NOT_SUPPORTED: 644 case PSA_ERROR_NOT_PERMITTED: 645 case PSA_ERROR_BUFFER_TOO_SMALL: 646 case PSA_ERROR_INVALID_ARGUMENT: 647 case PSA_ERROR_INVALID_SIGNATURE: 648 case PSA_ERROR_INVALID_PADDING: 649 return( 1 ); 650 default: 651 return( 0 ); 652 } 653} 654#define SMOKE_ASSERT( expr ) \ 655 TEST_ASSERT( is_status_smoke_free( expr ) ) 656 657/* Smoke test a key. There are mostly no wrong answers here since we pass 658 * mostly bogus parameters: the goal is to ensure that there is no memory 659 * corruption or crash. This test function is most useful when run under 660 * an environment with sanity checks such as ASan or MSan. */ 661static int smoke_test_key( mbedtls_svc_key_id_t key ) 662{ 663 int ok = 0; 664 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 665 psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT; 666 psa_cipher_operation_t cipher_operation = PSA_CIPHER_OPERATION_INIT; 667 psa_key_derivation_operation_t derivation_operation = 668 PSA_KEY_DERIVATION_OPERATION_INIT; 669 uint8_t buffer[80]; /* large enough for a public key for ECDH */ 670 size_t length; 671 mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; 672 673 SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) ); 674 675 SMOKE_ASSERT( psa_export_key( key, 676 buffer, sizeof( buffer ), &length ) ); 677 SMOKE_ASSERT( psa_export_public_key( key, 678 buffer, sizeof( buffer ), &length ) ); 679 680 SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) ); 681 if( ! mbedtls_svc_key_id_is_null( key2 ) ) 682 PSA_ASSERT( psa_destroy_key( key2 ) ); 683 684 SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) ); 685 PSA_ASSERT( psa_mac_abort( &mac_operation ) ); 686 SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key, 687 PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) ); 688 PSA_ASSERT( psa_mac_abort( &mac_operation ) ); 689 690 SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key, 691 PSA_ALG_CTR ) ); 692 PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); 693 SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key, 694 PSA_ALG_CTR ) ); 695 PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); 696 697 SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM, 698 buffer, sizeof( buffer ), 699 NULL, 0, 700 buffer, sizeof( buffer), 701 buffer, sizeof( buffer), &length ) ); 702 SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM, 703 buffer, sizeof( buffer ), 704 NULL, 0, 705 buffer, sizeof( buffer), 706 buffer, sizeof( buffer), &length ) ); 707 708 SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY, 709 buffer, 32, 710 buffer, sizeof( buffer ), &length ) ); 711 SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY, 712 buffer, 32, 713 buffer, sizeof( buffer ) ) ); 714 715 SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, 716 buffer, 10, NULL, 0, 717 buffer, sizeof( buffer ), &length ) ); 718 SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, 719 buffer, sizeof( buffer ), NULL, 0, 720 buffer, sizeof( buffer ), &length ) ); 721 722#if defined(MBEDTLS_SHA256_C) 723 /* Try the key in a plain key derivation. */ 724 PSA_ASSERT( psa_key_derivation_setup( &derivation_operation, 725 PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) ); 726 PSA_ASSERT( psa_key_derivation_input_bytes( &derivation_operation, 727 PSA_KEY_DERIVATION_INPUT_SALT, 728 NULL, 0 ) ); 729 SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation, 730 PSA_KEY_DERIVATION_INPUT_SECRET, 731 key ) ); 732 PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); 733 734 /* If the key is asymmetric, try it in a key agreement, both as 735 * part of a derivation operation and standalone. */ 736 if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) == 737 PSA_SUCCESS ) 738 { 739 psa_algorithm_t alg = 740 PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, 741 PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ); 742 PSA_ASSERT( psa_key_derivation_setup( &derivation_operation, alg ) ); 743 PSA_ASSERT( psa_key_derivation_input_bytes( 744 &derivation_operation, PSA_KEY_DERIVATION_INPUT_SALT, 745 NULL, 0 ) ); 746 SMOKE_ASSERT( psa_key_derivation_key_agreement( 747 &derivation_operation, 748 PSA_KEY_DERIVATION_INPUT_SECRET, 749 key, buffer, length ) ); 750 PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); 751 752 SMOKE_ASSERT( psa_raw_key_agreement( 753 alg, key, buffer, length, 754 buffer, sizeof( buffer ), &length ) ); 755 } 756#endif /* MBEDTLS_SHA256_C */ 757 758 ok = 1; 759 760exit: 761 /* 762 * Key attributes may have been returned by psa_get_key_attributes() 763 * thus reset them as required. 764 */ 765 psa_reset_key_attributes( &attributes ); 766 767 return( ok ); 768} 769 770static void psa_purge_storage( void ) 771{ 772 /* The generic code in mbedtls_test_psa_purge_key_storage() 773 * (which is called by PSA_DONE()) doesn't take care of things that are 774 * specific to dynamic secure elements. */ 775 psa_key_location_t location; 776 /* Purge the transaction file. */ 777 psa_crypto_stop_transaction( ); 778 /* Purge driver persistent data. */ 779 for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) 780 psa_destroy_se_persistent_data( location ); 781} 782 783/* END_HEADER */ 784 785/* BEGIN_DEPENDENCIES 786 * depends_on:MBEDTLS_PSA_CRYPTO_SE_C 787 * END_DEPENDENCIES 788 */ 789 790/* BEGIN_CASE */ 791void register_one( int location, int version, int expected_status_arg ) 792{ 793 psa_status_t expected_status = expected_status_arg; 794 psa_drv_se_t driver; 795 796 memset( &driver, 0, sizeof( driver ) ); 797 driver.hal_version = version; 798 799 TEST_EQUAL( psa_register_se_driver( location, &driver ), 800 expected_status ); 801 802 PSA_ASSERT( psa_crypto_init( ) ); 803 804exit: 805 PSA_DONE( ); 806} 807/* END_CASE */ 808 809/* BEGIN_CASE */ 810void register_twice( int count ) 811{ 812 psa_drv_se_t driver; 813 psa_key_location_t location; 814 psa_key_location_t max = MIN_DRIVER_LOCATION + count; 815 816 memset( &driver, 0, sizeof( driver ) ); 817 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 818 819 for( location = MIN_DRIVER_LOCATION; location < max; location++ ) 820 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 821 for( location = MIN_DRIVER_LOCATION; location < max; location++ ) 822 TEST_EQUAL( psa_register_se_driver( location, &driver ), 823 PSA_ERROR_ALREADY_EXISTS ); 824 825 PSA_ASSERT( psa_crypto_init( ) ); 826 827exit: 828 PSA_DONE( ); 829} 830/* END_CASE */ 831 832/* BEGIN_CASE */ 833void register_max( ) 834{ 835 psa_drv_se_t driver; 836 psa_key_location_t location; 837 psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS; 838 839 memset( &driver, 0, sizeof( driver ) ); 840 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 841 842 for( location = MIN_DRIVER_LOCATION; location < max; location++ ) 843 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 844 845 TEST_EQUAL( psa_register_se_driver( location, &driver ), 846 PSA_ERROR_INSUFFICIENT_MEMORY ); 847 848 PSA_ASSERT( psa_crypto_init( ) ); 849 850exit: 851 PSA_DONE( ); 852} 853/* END_CASE */ 854 855/* BEGIN_CASE */ 856void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) 857{ 858 psa_drv_se_t driver; 859 psa_drv_se_key_management_t key_management; 860 psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; 861 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 862 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); 863 mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; 864 psa_key_handle_t handle; 865 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 866 const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; 867 uint8_t exported[sizeof( key_material )]; 868 size_t exported_length; 869 870 TEST_USES_KEY_ID( id ); 871 872 memset( &driver, 0, sizeof( driver ) ); 873 memset( &key_management, 0, sizeof( key_management ) ); 874 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 875 driver.key_management = &key_management; 876 driver.persistent_data_size = sizeof( ram_slot_usage_t ); 877 key_management.p_allocate = ram_allocate; 878 key_management.p_import = ram_import; 879 key_management.p_destroy = ram_destroy; 880 key_management.p_export = ram_export; 881 ram_min_slot = min_slot; 882 883 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 884 PSA_ASSERT( psa_crypto_init( ) ); 885 886 /* Create a key. */ 887 psa_set_key_id( &attributes, id ); 888 psa_set_key_lifetime( &attributes, lifetime ); 889 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 890 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); 891 PSA_ASSERT( psa_import_key( &attributes, 892 key_material, sizeof( key_material ), 893 &returned_id ) ); 894 895 if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) 896 { 897 /* For volatile keys, check no persistent data was created */ 898 if( ! check_no_persistent_data( location ) ) 899 goto exit; 900 } 901 else 902 { 903 /* For persistent keys, check persistent data */ 904 if( ! check_persistent_data( location, 905 &ram_shadow_slot_usage, 906 sizeof( ram_shadow_slot_usage ) ) ) 907 goto exit; 908 } 909 910 /* Test that the key was created in the expected slot. */ 911 TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA ); 912 913 /* Maybe restart, to check that the information is saved correctly. */ 914 if( restart ) 915 { 916 mbedtls_psa_crypto_free( ); 917 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 918 PSA_ASSERT( psa_crypto_init( ) ); 919 920 if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) 921 { 922 /* Check that the PSA core has no knowledge of the volatile key */ 923 TEST_ASSERT( psa_open_key( returned_id, &handle ) == 924 PSA_ERROR_DOES_NOT_EXIST ); 925 926 /* Drop data from our mockup driver */ 927 ram_slots_reset(); 928 ram_min_slot = min_slot; 929 930 /* Re-import key */ 931 PSA_ASSERT( psa_import_key( &attributes, 932 key_material, sizeof( key_material ), 933 &returned_id ) ); 934 } 935 else 936 { 937 /* Check the persistent key file */ 938 if( ! check_persistent_data( location, 939 &ram_shadow_slot_usage, 940 sizeof( ram_shadow_slot_usage ) ) ) 941 goto exit; 942 } 943 } 944 945 /* Test that the key was created in the expected slot. */ 946 TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA ); 947 948 /* Test the key attributes, including the reported slot number. */ 949 psa_set_key_bits( &attributes, 950 PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); 951 psa_set_key_slot_number( &attributes, min_slot ); 952 953 if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) 954 attributes.core.id = returned_id; 955 else 956 psa_set_key_id( &attributes, returned_id ); 957 958 if( ! check_key_attributes( returned_id, &attributes ) ) 959 goto exit; 960 961 /* Test the key data. */ 962 PSA_ASSERT( psa_export_key( returned_id, 963 exported, sizeof( exported ), 964 &exported_length ) ); 965 ASSERT_COMPARE( key_material, sizeof( key_material ), 966 exported, exported_length ); 967 968 PSA_ASSERT( psa_destroy_key( returned_id ) ); 969 if( ! check_persistent_data( location, 970 &ram_shadow_slot_usage, 971 sizeof( ram_shadow_slot_usage ) ) ) 972 goto exit; 973 TEST_EQUAL( psa_open_key( returned_id, &handle ), 974 PSA_ERROR_DOES_NOT_EXIST ); 975 976 /* Test that the key has been erased from the designated slot. */ 977 TEST_EQUAL( ram_slots[min_slot].type, 0 ); 978 979exit: 980 PSA_DONE( ); 981 ram_slots_reset( ); 982 psa_purge_storage( ); 983} 984/* END_CASE */ 985 986/* BEGIN_CASE */ 987void key_creation_in_chosen_slot( int slot_arg, 988 int restart, 989 int expected_status_arg ) 990{ 991 psa_key_slot_number_t wanted_slot = slot_arg; 992 psa_status_t expected_status = expected_status_arg; 993 psa_status_t status; 994 psa_drv_se_t driver; 995 psa_drv_se_key_management_t key_management; 996 psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; 997 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 998 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); 999 mbedtls_svc_key_id_t returned_id; 1000 psa_key_handle_t handle; 1001 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1002 const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; 1003 1004 TEST_USES_KEY_ID( id ); 1005 1006 memset( &driver, 0, sizeof( driver ) ); 1007 memset( &key_management, 0, sizeof( key_management ) ); 1008 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 1009 driver.key_management = &key_management; 1010 driver.persistent_data_size = sizeof( ram_slot_usage_t ); 1011 key_management.p_validate_slot_number = ram_validate_slot_number; 1012 key_management.p_import = ram_import; 1013 key_management.p_destroy = ram_destroy; 1014 key_management.p_export = ram_export; 1015 1016 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1017 PSA_ASSERT( psa_crypto_init( ) ); 1018 1019 /* Create a key. */ 1020 psa_set_key_id( &attributes, id ); 1021 psa_set_key_lifetime( &attributes, lifetime ); 1022 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 1023 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); 1024 psa_set_key_slot_number( &attributes, wanted_slot ); 1025 status = psa_import_key( &attributes, 1026 key_material, sizeof( key_material ), 1027 &returned_id ); 1028 TEST_EQUAL( status, expected_status ); 1029 1030 if( status != PSA_SUCCESS ) 1031 goto exit; 1032 if( ! check_persistent_data( location, 1033 &ram_shadow_slot_usage, 1034 sizeof( ram_shadow_slot_usage ) ) ) 1035 goto exit; 1036 1037 /* Maybe restart, to check that the information is saved correctly. */ 1038 if( restart ) 1039 { 1040 mbedtls_psa_crypto_free( ); 1041 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1042 PSA_ASSERT( psa_crypto_init( ) ); 1043 if( ! check_persistent_data( location, 1044 &ram_shadow_slot_usage, 1045 sizeof( ram_shadow_slot_usage ) ) ) 1046 goto exit; 1047 } 1048 1049 /* Test that the key was created in the expected slot. */ 1050 TEST_EQUAL( ram_slots[wanted_slot].type, PSA_KEY_TYPE_RAW_DATA ); 1051 1052 /* Test that the key is reported with the correct attributes, 1053 * including the expected slot. */ 1054 PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); 1055 1056 PSA_ASSERT( psa_destroy_key( id ) ); 1057 if( ! check_persistent_data( location, 1058 &ram_shadow_slot_usage, 1059 sizeof( ram_shadow_slot_usage ) ) ) 1060 goto exit; 1061 TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); 1062 1063exit: 1064 /* 1065 * Key attributes may have been returned by psa_get_key_attributes() 1066 * thus reset them as required. 1067 */ 1068 psa_reset_key_attributes( &attributes ); 1069 1070 PSA_DONE( ); 1071 ram_slots_reset( ); 1072 psa_purge_storage( ); 1073} 1074/* END_CASE */ 1075 1076/* BEGIN_CASE */ 1077void import_key_smoke( int type_arg, int alg_arg, 1078 data_t *key_material ) 1079{ 1080 psa_key_type_t type = type_arg; 1081 psa_algorithm_t alg = alg_arg; 1082 psa_drv_se_t driver; 1083 psa_drv_se_key_management_t key_management; 1084 psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; 1085 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 1086 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); 1087 mbedtls_svc_key_id_t returned_id; 1088 psa_key_handle_t handle; 1089 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1090 1091 TEST_USES_KEY_ID( id ); 1092 1093 memset( &driver, 0, sizeof( driver ) ); 1094 memset( &key_management, 0, sizeof( key_management ) ); 1095 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 1096 driver.key_management = &key_management; 1097 driver.persistent_data_size = sizeof( psa_key_slot_number_t ); 1098 key_management.p_allocate = counter_allocate; 1099 key_management.p_import = null_import; 1100 key_management.p_destroy = null_destroy; 1101 1102 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1103 PSA_ASSERT( psa_crypto_init( ) ); 1104 1105 /* Create a key. */ 1106 psa_set_key_id( &attributes, id ); 1107 psa_set_key_lifetime( &attributes, lifetime ); 1108 psa_set_key_usage_flags( &attributes, 1109 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | 1110 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | 1111 PSA_KEY_USAGE_EXPORT ); 1112 psa_set_key_algorithm( &attributes, alg ); 1113 psa_set_key_type( &attributes, type ); 1114 PSA_ASSERT( psa_import_key( &attributes, 1115 key_material->x, key_material->len, 1116 &returned_id ) ); 1117 if( ! check_persistent_data( location, 1118 &shadow_counter, sizeof( shadow_counter ) ) ) 1119 goto exit; 1120 1121 /* Do stuff with the key. */ 1122 if( ! smoke_test_key( id ) ) 1123 goto exit; 1124 1125 /* Restart and try again. */ 1126 mbedtls_psa_crypto_free( ); 1127 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1128 PSA_ASSERT( psa_crypto_init( ) ); 1129 if( ! check_persistent_data( location, 1130 &shadow_counter, sizeof( shadow_counter ) ) ) 1131 goto exit; 1132 if( ! smoke_test_key( id ) ) 1133 goto exit; 1134 1135 /* We're done. */ 1136 PSA_ASSERT( psa_destroy_key( id ) ); 1137 if( ! check_persistent_data( location, 1138 &shadow_counter, sizeof( shadow_counter ) ) ) 1139 goto exit; 1140 TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); 1141 1142exit: 1143 PSA_DONE( ); 1144 counter_reset( ); 1145 psa_purge_storage( ); 1146} 1147/* END_CASE */ 1148 1149/* BEGIN_CASE */ 1150void generate_key_not_supported( int type_arg, int bits_arg ) 1151{ 1152 psa_key_type_t type = type_arg; 1153 size_t bits = bits_arg; 1154 psa_drv_se_t driver; 1155 psa_drv_se_key_management_t key_management; 1156 psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; 1157 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 1158 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); 1159 mbedtls_svc_key_id_t returned_id; 1160 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1161 1162 TEST_USES_KEY_ID( id ); 1163 1164 memset( &driver, 0, sizeof( driver ) ); 1165 memset( &key_management, 0, sizeof( key_management ) ); 1166 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 1167 driver.key_management = &key_management; 1168 driver.persistent_data_size = sizeof( psa_key_slot_number_t ); 1169 key_management.p_allocate = counter_allocate; 1170 /* No p_generate method */ 1171 1172 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1173 PSA_ASSERT( psa_crypto_init( ) ); 1174 1175 psa_set_key_id( &attributes, id ); 1176 psa_set_key_lifetime( &attributes, lifetime ); 1177 psa_set_key_type( &attributes, type ); 1178 psa_set_key_bits( &attributes, bits ); 1179 TEST_EQUAL( psa_generate_key( &attributes, &returned_id ), 1180 PSA_ERROR_NOT_SUPPORTED ); 1181 1182exit: 1183 PSA_DONE( ); 1184 counter_reset( ); 1185 psa_purge_storage( ); 1186} 1187/* END_CASE */ 1188 1189/* BEGIN_CASE */ 1190void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) 1191{ 1192 psa_key_type_t type = type_arg; 1193 psa_key_bits_t bits = bits_arg; 1194 psa_algorithm_t alg = alg_arg; 1195 psa_drv_se_t driver; 1196 psa_drv_se_key_management_t key_management; 1197 psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; 1198 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 1199 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); 1200 mbedtls_svc_key_id_t returned_id; 1201 psa_key_handle_t handle; 1202 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1203 1204 TEST_USES_KEY_ID( id ); 1205 1206 memset( &driver, 0, sizeof( driver ) ); 1207 memset( &key_management, 0, sizeof( key_management ) ); 1208 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 1209 driver.key_management = &key_management; 1210 driver.persistent_data_size = sizeof( psa_key_slot_number_t ); 1211 key_management.p_allocate = counter_allocate; 1212 key_management.p_generate = null_generate; 1213 key_management.p_destroy = null_destroy; 1214 1215 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1216 PSA_ASSERT( psa_crypto_init( ) ); 1217 1218 /* Create a key. */ 1219 psa_set_key_id( &attributes, id ); 1220 psa_set_key_lifetime( &attributes, lifetime ); 1221 psa_set_key_usage_flags( &attributes, 1222 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | 1223 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | 1224 PSA_KEY_USAGE_EXPORT ); 1225 psa_set_key_algorithm( &attributes, alg ); 1226 psa_set_key_type( &attributes, type ); 1227 psa_set_key_bits( &attributes, bits ); 1228 PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) ); 1229 if( ! check_persistent_data( location, 1230 &shadow_counter, sizeof( shadow_counter ) ) ) 1231 goto exit; 1232 1233 /* Do stuff with the key. */ 1234 if( ! smoke_test_key( id ) ) 1235 goto exit; 1236 1237 /* Restart and try again. */ 1238 mbedtls_psa_crypto_free( ); 1239 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1240 PSA_ASSERT( psa_crypto_init( ) ); 1241 if( ! check_persistent_data( location, 1242 &shadow_counter, sizeof( shadow_counter ) ) ) 1243 goto exit; 1244 if( ! smoke_test_key( id ) ) 1245 goto exit; 1246 1247 /* We're done. */ 1248 PSA_ASSERT( psa_destroy_key( id ) ); 1249 if( ! check_persistent_data( location, 1250 &shadow_counter, sizeof( shadow_counter ) ) ) 1251 goto exit; 1252 TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); 1253 1254exit: 1255 PSA_DONE( ); 1256 counter_reset( ); 1257 psa_purge_storage( ); 1258} 1259/* END_CASE */ 1260 1261/* BEGIN_CASE */ 1262void sign_verify( int flow, 1263 int type_arg, int alg_arg, 1264 int bits_arg, data_t *key_material, 1265 data_t *input ) 1266{ 1267 psa_key_type_t type = type_arg; 1268 psa_algorithm_t alg = alg_arg; 1269 size_t bits = bits_arg; 1270 /* Pass bits=0 to import, bits>0 to fake-generate */ 1271 int generating = ( bits != 0 ); 1272 1273 psa_drv_se_t driver; 1274 psa_drv_se_key_management_t key_management; 1275 psa_drv_se_asymmetric_t asymmetric; 1276 1277 psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; 1278 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 1279 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); 1280 mbedtls_svc_key_id_t returned_id; 1281 mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT; 1282 psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; 1283 psa_key_attributes_t drv_attributes; 1284 uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; 1285 size_t signature_length; 1286 1287 TEST_USES_KEY_ID( id ); 1288 1289 memset( &driver, 0, sizeof( driver ) ); 1290 memset( &key_management, 0, sizeof( key_management ) ); 1291 memset( &asymmetric, 0, sizeof( asymmetric ) ); 1292 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 1293 driver.key_management = &key_management; 1294 driver.asymmetric = &asymmetric; 1295 driver.persistent_data_size = sizeof( ram_slot_usage_t ); 1296 key_management.p_allocate = ram_allocate; 1297 key_management.p_destroy = ram_destroy; 1298 if( generating ) 1299 key_management.p_generate = ram_fake_generate; 1300 else 1301 key_management.p_import = ram_import; 1302 switch( flow ) 1303 { 1304 case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: 1305 break; 1306 case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: 1307 asymmetric.p_sign = ram_sign; 1308 break; 1309 case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: 1310 asymmetric.p_sign = ram_sign; 1311 key_management.p_export_public = ram_export_public; 1312 break; 1313 default: 1314 TEST_ASSERT( ! "unsupported flow (should be SIGN_IN_xxx)" ); 1315 break; 1316 } 1317 asymmetric.p_verify = ram_verify; 1318 1319 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1320 PSA_ASSERT( psa_crypto_init( ) ); 1321 1322 /* Prepare to create two keys with the same key material: a transparent 1323 * key, and one that goes through the driver. */ 1324 psa_set_key_usage_flags( &sw_attributes, 1325 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); 1326 psa_set_key_algorithm( &sw_attributes, alg ); 1327 psa_set_key_type( &sw_attributes, type ); 1328 drv_attributes = sw_attributes; 1329 psa_set_key_id( &drv_attributes, id ); 1330 psa_set_key_lifetime( &drv_attributes, lifetime ); 1331 1332 /* Create the key in the driver. */ 1333 if( generating ) 1334 { 1335 psa_set_key_bits( &drv_attributes, bits ); 1336 PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) ); 1337 /* Since we called a generate method that does not actually 1338 * generate material, store the desired result of generation in 1339 * the mock secure element storage. */ 1340 PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) ); 1341 TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) ); 1342 memcpy( ram_slots[ram_min_slot].content, key_material->x, 1343 key_material->len ); 1344 } 1345 else 1346 { 1347 PSA_ASSERT( psa_import_key( &drv_attributes, 1348 key_material->x, key_material->len, 1349 &returned_id ) ); 1350 } 1351 1352 /* Either import the same key in software, or export the driver's 1353 * public key and import that. */ 1354 switch( flow ) 1355 { 1356 case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: 1357 case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: 1358 PSA_ASSERT( psa_import_key( &sw_attributes, 1359 key_material->x, key_material->len, 1360 &sw_key ) ); 1361 break; 1362 case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: 1363 { 1364 uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )]; 1365 size_t public_key_length; 1366 PSA_ASSERT( psa_export_public_key( id, 1367 public_key, sizeof( public_key ), 1368 &public_key_length ) ); 1369 psa_set_key_type( &sw_attributes, 1370 PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) ); 1371 PSA_ASSERT( psa_import_key( &sw_attributes, 1372 public_key, public_key_length, 1373 &sw_key ) ); 1374 break; 1375 } 1376 } 1377 1378 /* Sign with the chosen key. */ 1379 switch( flow ) 1380 { 1381 case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: 1382 case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: 1383 PSA_ASSERT_VIA_DRIVER( 1384 psa_sign_hash( id, alg, 1385 input->x, input->len, 1386 signature, sizeof( signature ), 1387 &signature_length ), 1388 PSA_SUCCESS ); 1389 break; 1390 case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: 1391 PSA_ASSERT( psa_sign_hash( sw_key, alg, 1392 input->x, input->len, 1393 signature, sizeof( signature ), 1394 &signature_length ) ); 1395 break; 1396 } 1397 1398 /* Verify with both keys. */ 1399 PSA_ASSERT( psa_verify_hash( sw_key, alg, 1400 input->x, input->len, 1401 signature, signature_length ) ); 1402 PSA_ASSERT_VIA_DRIVER( 1403 psa_verify_hash( id, alg, 1404 input->x, input->len, 1405 signature, signature_length ), 1406 PSA_SUCCESS ); 1407 1408 /* Change the signature and verify again. */ 1409 signature[0] ^= 1; 1410 TEST_EQUAL( psa_verify_hash( sw_key, alg, 1411 input->x, input->len, 1412 signature, signature_length ), 1413 PSA_ERROR_INVALID_SIGNATURE ); 1414 PSA_ASSERT_VIA_DRIVER( 1415 psa_verify_hash( id, alg, 1416 input->x, input->len, 1417 signature, signature_length ), 1418 PSA_ERROR_INVALID_SIGNATURE ); 1419 1420exit: 1421 /* 1422 * Driver key attributes may have been returned by psa_get_key_attributes() 1423 * thus reset them as required. 1424 */ 1425 psa_reset_key_attributes( &drv_attributes ); 1426 1427 psa_destroy_key( id ); 1428 psa_destroy_key( sw_key ); 1429 PSA_DONE( ); 1430 ram_slots_reset( ); 1431 psa_purge_storage( ); 1432} 1433/* END_CASE */ 1434 1435/* BEGIN_CASE */ 1436void register_key_smoke_test( int lifetime_arg, 1437 int owner_id_arg, 1438 int id_arg, 1439 int validate, 1440 int expected_status_arg ) 1441{ 1442 psa_key_lifetime_t lifetime = lifetime_arg; 1443 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); 1444 psa_status_t expected_status = expected_status_arg; 1445 psa_drv_se_t driver; 1446 psa_drv_se_key_management_t key_management; 1447 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1448 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); 1449 psa_key_handle_t handle; 1450 size_t bit_size = 48; 1451 psa_key_slot_number_t wanted_slot = 0x123456789; 1452 psa_status_t status; 1453 1454 TEST_USES_KEY_ID( id ); 1455 1456 memset( &driver, 0, sizeof( driver ) ); 1457 driver.hal_version = PSA_DRV_SE_HAL_VERSION; 1458 memset( &key_management, 0, sizeof( key_management ) ); 1459 driver.key_management = &key_management; 1460 key_management.p_destroy = null_destroy; 1461 if( validate >= 0 ) 1462 { 1463 key_management.p_validate_slot_number = validate_slot_number_as_directed; 1464 validate_slot_number_directions.slot_number = wanted_slot; 1465 validate_slot_number_directions.method = PSA_KEY_CREATION_REGISTER; 1466 validate_slot_number_directions.status = 1467 ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED ); 1468 } 1469 1470 mbedtls_test_set_step( 1 ); 1471 PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) ); 1472 PSA_ASSERT( psa_crypto_init( ) ); 1473 1474 psa_set_key_id( &attributes, id ); 1475 psa_set_key_lifetime( &attributes, lifetime ); 1476 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 1477 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); 1478 psa_set_key_bits( &attributes, bit_size ); 1479 psa_set_key_slot_number( &attributes, wanted_slot ); 1480 1481 status = mbedtls_psa_register_se_key( &attributes ); 1482 TEST_EQUAL( status, expected_status ); 1483 1484 if( status != PSA_SUCCESS ) 1485 goto exit; 1486 1487 /* Test that the key exists and has the expected attributes. */ 1488 if( ! check_key_attributes( id, &attributes ) ) 1489 goto exit; 1490 1491#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) 1492 mbedtls_svc_key_id_t invalid_id = 1493 mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); 1494 TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); 1495#endif 1496 1497 PSA_ASSERT( psa_purge_key( id ) ); 1498 1499 /* Restart and try again. */ 1500 mbedtls_test_set_step( 2 ); 1501 PSA_SESSION_DONE( ); 1502 PSA_ASSERT( psa_register_se_driver( location, &driver ) ); 1503 PSA_ASSERT( psa_crypto_init( ) ); 1504 if( ! check_key_attributes( id, &attributes ) ) 1505 goto exit; 1506 /* This time, destroy the key. */ 1507 PSA_ASSERT( psa_destroy_key( id ) ); 1508 TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); 1509 1510exit: 1511 psa_reset_key_attributes( &attributes ); 1512 psa_destroy_key( id ); 1513 PSA_DONE( ); 1514 psa_purge_storage( ); 1515 memset( &validate_slot_number_directions, 0, 1516 sizeof( validate_slot_number_directions ) ); 1517} 1518/* END_CASE */ 1519