mbedtls/tests/suites/test_suite_psa_crypto_persistent_key.function
Gilles Peskine d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00

253 lines
7.8 KiB
Plaintext

/* BEGIN_HEADER */
#include <stdint.h>
#include "psa/crypto.h"
#include "psa_crypto_storage.h"
#include "psa_crypto_storage_backend.h"
#include "mbedtls/md.h"
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
typedef struct {
uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
uint8_t version[4];
uint8_t type[sizeof( psa_key_type_t )];
uint8_t policy[sizeof( psa_key_policy_t )];
uint8_t data_len[4];
uint8_t key_data[];
} psa_persistent_key_storage_format;
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void format_storage_data_check( data_t *key_data,
data_t *expected_file_data,
int key_type, int key_usage, int key_alg )
{
uint8_t *file_data;
size_t file_data_length;
psa_key_policy_t key_policy;
key_policy.usage = (psa_key_usage_t) key_usage;
key_policy.alg = (psa_algorithm_t) key_alg;
file_data_length = key_data->len + sizeof( psa_persistent_key_storage_format );
file_data = mbedtls_calloc( 1, file_data_length );
psa_format_key_data_for_storage( key_data->x, key_data->len,
(psa_key_type_t) key_type, &key_policy,
file_data );
ASSERT_COMPARE( expected_file_data->x, expected_file_data->len,
file_data, file_data_length );
mbedtls_free( file_data );
}
/* END_CASE */
/* BEGIN_CASE */
void parse_storage_data_check( data_t *file_data,
data_t *expected_key_data,
int expected_key_type,
int expected_key_usage,
int expected_key_alg,
int expected_status )
{
uint8_t *key_data = NULL;
size_t key_data_length = 0;
psa_key_type_t key_type = 0;
psa_key_policy_t key_policy;
psa_status_t status;
status = psa_parse_key_data_from_storage( file_data->x, file_data->len,
&key_data, &key_data_length,
&key_type, &key_policy );
TEST_EQUAL( status, expected_status );
if( status != PSA_SUCCESS )
goto exit;
TEST_EQUAL( key_type, (psa_key_type_t) expected_key_type );
TEST_EQUAL( key_policy.usage, (uint32_t) expected_key_usage );
TEST_EQUAL( key_policy.alg, (uint32_t) expected_key_alg );
ASSERT_COMPARE( expected_key_data->x, expected_key_data->len,
key_data, key_data_length );
exit:
mbedtls_free( key_data );
}
/* END_CASE */
/* BEGIN_CASE */
void save_large_persistent_key( int data_too_large, int expected_status )
{
psa_key_id_t key_id = 42;
psa_key_handle_t handle = 0;
uint8_t *data = NULL;
size_t data_length = PSA_CRYPTO_MAX_STORAGE_SIZE;
if( data_too_large )
data_length += 1;
ASSERT_ALLOC( data, data_length );
PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) );
TEST_EQUAL( psa_import_key( handle, PSA_KEY_TYPE_RAW_DATA,
data, data_length ),
expected_status );
exit:
mbedtls_free( data );
mbedtls_psa_crypto_free();
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_destroy( int key_id_arg, int should_store,
int first_type_arg, data_t *first_data,
int second_type_arg, data_t *second_data )
{
psa_key_id_t key_id = key_id_arg;
psa_key_handle_t handle = 0;
psa_key_type_t first_type = (psa_key_type_t) first_type_arg;
psa_key_type_t second_type = (psa_key_type_t) second_type_arg;
PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) );
if( should_store == 1 )
{
PSA_ASSERT( psa_import_key(
handle, first_type,
first_data->x, first_data->len ) );
}
/* Destroy the key */
PSA_ASSERT( psa_destroy_key( handle ) );
/* Check key slot storage is removed */
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
TEST_EQUAL( psa_open_key( PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle ),
PSA_ERROR_EMPTY_SLOT );
TEST_EQUAL( handle, 0 );
/* Shutdown and restart */
mbedtls_psa_crypto_free();
PSA_ASSERT( psa_crypto_init() );
/* Create another key in the same slot */
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) );
PSA_ASSERT( psa_import_key(
handle, second_type,
second_data->x, second_data->len ) );
exit:
mbedtls_psa_crypto_free();
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
/* BEGIN_CASE */
void persistent_key_import( int key_id_arg, int type_arg, data_t *data,
int expected_status )
{
psa_key_lifetime_t lifetime;
psa_key_id_t key_id = (psa_key_id_t) key_id_arg;
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
PSA_ASSERT( psa_crypto_init() );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) );
TEST_EQUAL( psa_import_key( handle, type, data->x, data->len ),
expected_status );
if( expected_status != PSA_SUCCESS )
{
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
goto exit;
}
PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime ) );
TEST_EQUAL( lifetime, PSA_KEY_LIFETIME_PERSISTENT );
exit:
psa_destroy_persistent_key( key_id );
mbedtls_psa_crypto_free();
}
/* END_CASE */
/* BEGIN_CASE */
void import_export_persistent_key( data_t *data, int type_arg,
int expected_bits, int key_not_exist )
{
psa_key_id_t key_id = 42;
psa_key_type_t type = (psa_key_type_t) type_arg;
psa_key_handle_t handle = 0;
unsigned char *exported = NULL;
size_t export_size = data->len;
size_t exported_length;
psa_key_type_t got_type;
size_t got_bits;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_lifetime_t lifetime_get;
ASSERT_ALLOC( exported, export_size );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_create_key( PSA_KEY_LIFETIME_PERSISTENT, key_id,
&handle ) );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT,
PSA_ALG_VENDOR_FLAG );
PSA_ASSERT( psa_set_key_policy( handle, &policy ) );
/* Import the key */
PSA_ASSERT( psa_import_key( handle, type,
data->x, data->len ) );
PSA_ASSERT( psa_get_key_lifetime( handle, &lifetime_get ) );
TEST_EQUAL( lifetime_get, PSA_KEY_LIFETIME_PERSISTENT );
/* Test the key information */
PSA_ASSERT( psa_get_key_information(
handle, &got_type, &got_bits ) );
TEST_EQUAL( got_type, type );
TEST_EQUAL( got_bits, (size_t) expected_bits );
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 );
if( key_not_exist )
{
psa_destroy_persistent_key( key_id );
}
/* Export the key */
PSA_ASSERT( psa_export_key( handle, exported, export_size,
&exported_length ) );
ASSERT_COMPARE( data->x, data->len, exported, exported_length );
/* Destroy the key */
PSA_ASSERT( psa_destroy_key( handle ) );
TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 );
exit:
mbedtls_free( exported );
mbedtls_psa_crypto_free( );
psa_destroy_persistent_key( key_id );
}
/* END_CASE */