diff --git a/TESTS/mbed_drivers/device_key/main.cpp b/TESTS/mbed_drivers/device_key/main.cpp index eac7dafeb1..ee7a38ee90 100644 --- a/TESTS/mbed_drivers/device_key/main.cpp +++ b/TESTS/mbed_drivers/device_key/main.cpp @@ -20,6 +20,10 @@ #include "greentea-client/test_env.h" #include "nvstore.h" +#if !NVSTORE_ENABLED +#error [NOT_SUPPORTED] NVSTORE needs to be enabled for this test +#endif + using namespace utest::v1; #define MSG_VALUE_DUMMY "0" @@ -34,8 +38,8 @@ using namespace utest::v1; #define MSG_KEY_DEVICE_TEST_STEP4 "check_consistency_step4" #define MSG_KEY_DEVICE_TEST_SUITE_ENDED "Test suite ended" -void device_key_derived_key_consistency_16_byte_key_reset_test(char *key); -void device_key_derived_key_consistency_32_byte_key_reset_test(char *key); +void generate_derived_key_consistency_16_byte_key_reset_test(char *key); +void generate_derived_key_consistency_32_byte_key_reset_test(char *key); /* * Injection of a dummy key when there is no TRNG @@ -55,7 +59,7 @@ int inject_dummy_rot_key() #endif } -void device_key_derived_key_reset_test() +void generate_derived_key_reset_test() { greentea_send_kv(MSG_KEY_DEVICE_READY, MSG_VALUE_DUMMY); @@ -67,12 +71,12 @@ void device_key_derived_key_reset_test() greentea_parse_kv(key, value, MSG_KEY_LEN, MSG_VALUE_LEN); if (strcmp(key, MSG_KEY_DEVICE_TEST_STEP1) == 0 || strcmp(key, MSG_KEY_DEVICE_TEST_STEP2) == 0) { - device_key_derived_key_consistency_16_byte_key_reset_test(key); - return device_key_derived_key_reset_test(); + generate_derived_key_consistency_16_byte_key_reset_test(key); + return generate_derived_key_reset_test(); } if (strcmp(key, MSG_KEY_DEVICE_TEST_STEP3) == 0 || strcmp(key, MSG_KEY_DEVICE_TEST_STEP4) == 0) { - return device_key_derived_key_consistency_32_byte_key_reset_test(key); + return generate_derived_key_consistency_32_byte_key_reset_test(key); } TEST_ASSERT_MESSAGE(false, key); //Indicates error!!! @@ -81,7 +85,7 @@ void device_key_derived_key_reset_test() /* * Test the consistency of derived 16 byte key result after device reset. */ -void device_key_derived_key_consistency_16_byte_key_reset_test(char *key) +void generate_derived_key_consistency_16_byte_key_reset_test(char *key) { unsigned char output1[DEVICE_KEY_16BYTE]; unsigned char output2[DEVICE_KEY_16BYTE]; @@ -104,7 +108,7 @@ void device_key_derived_key_consistency_16_byte_key_reset_test(char *key) TEST_ASSERT_EQUAL_INT(DEVICEKEY_SUCCESS, ret); memset(output1, 0, sizeof(output1)); - ret = devkey.device_key_derived_key(salt, salt_size, output1, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output1, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); bool is_empty = !memcmp(empty_buffer, output1, sizeof(output1)); TEST_ASSERT_FALSE(is_empty); @@ -125,7 +129,7 @@ void device_key_derived_key_consistency_16_byte_key_reset_test(char *key) for (int i = 0; i < 100; i++) { memset(output2, 0, sizeof(output2)); - ret = devkey.device_key_derived_key(salt, salt_size, output2, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output2, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); TEST_ASSERT_EQUAL_UINT8_ARRAY(output1, output2, DEVICE_KEY_16BYTE); } @@ -142,7 +146,7 @@ void device_key_derived_key_consistency_16_byte_key_reset_test(char *key) /* * Test the consistency of derived 32 byte key result after device reset. */ -void device_key_derived_key_consistency_32_byte_key_reset_test(char *key) +void generate_derived_key_consistency_32_byte_key_reset_test(char *key) { unsigned char output1[DEVICE_KEY_32BYTE]; unsigned char output2[DEVICE_KEY_32BYTE]; @@ -165,7 +169,7 @@ void device_key_derived_key_consistency_32_byte_key_reset_test(char *key) TEST_ASSERT_EQUAL_INT(DEVICEKEY_SUCCESS, ret); memset(output1, 0, sizeof(output1)); - ret = devkey.device_key_derived_key(salt, salt_size, output1, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output1, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); bool is_empty = !memcmp(empty_buffer, output1, sizeof(output1)); TEST_ASSERT_FALSE(is_empty); @@ -186,7 +190,7 @@ void device_key_derived_key_consistency_32_byte_key_reset_test(char *key) for (int i = 0; i < 100; i++) { memset(output2, 0, sizeof(output2)); - ret = devkey.device_key_derived_key(salt, salt_size, output2, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output2, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); TEST_ASSERT_EQUAL_UINT8_ARRAY(output1, output2, DEVICE_KEY_32BYTE); } @@ -299,7 +303,7 @@ void device_inject_root_of_trust_several_times_test() /* * Test the consistency of derived 16 byte key result. */ -void device_key_derived_key_consistency_16_byte_key_test() +void generate_derived_key_consistency_16_byte_key_test() { unsigned char output1[DEVICE_KEY_16BYTE]; unsigned char output2[DEVICE_KEY_16BYTE]; @@ -317,14 +321,14 @@ void device_key_derived_key_consistency_16_byte_key_test() size_t salt_size = sizeof(salt); memset(output1, 0, sizeof(output1)); - ret = devkey.device_key_derived_key(salt, salt_size, output1, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output1, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); bool is_empty = !memcmp(empty_buffer, output1, sizeof(output1)); TEST_ASSERT_FALSE(is_empty); for (int i = 0; i < 100; i++) { memset(output2, 0, sizeof(output2)); - ret = devkey.device_key_derived_key(salt, salt_size, output2, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output2, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); TEST_ASSERT_EQUAL_UINT8_ARRAY(output1, output2, DEVICE_KEY_16BYTE); } @@ -333,7 +337,7 @@ void device_key_derived_key_consistency_16_byte_key_test() /* * Test the consistency of derived 32 byte key result. */ -void device_key_derived_key_consistency_32_byte_key_test() +void generate_derived_key_consistency_32_byte_key_test() { unsigned char output1[DEVICE_KEY_32BYTE]; unsigned char output2[DEVICE_KEY_32BYTE]; @@ -351,14 +355,14 @@ void device_key_derived_key_consistency_32_byte_key_test() size_t salt_size = sizeof(salt); memset(output1, 0, sizeof(output1)); - ret = devkey.device_key_derived_key(salt, salt_size, output1, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output1, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); bool is_empty = !memcmp(empty_buffer, output1, sizeof(output1)); TEST_ASSERT_FALSE(is_empty); for (int i = 0; i < 100; i++) { memset(output2, 0, sizeof(output2)); - ret = devkey.device_key_derived_key(salt, salt_size, output2, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output2, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); TEST_ASSERT_EQUAL_UINT8_ARRAY(output1, output2, DEVICE_KEY_32BYTE); } @@ -367,7 +371,7 @@ void device_key_derived_key_consistency_32_byte_key_test() /* * Test request for 16 byte key is returning a correct key size. */ -void device_key_derived_key_key_type_16_test() +void generate_derived_key_key_type_16_test() { unsigned char output[DEVICE_KEY_16BYTE * 2]; unsigned char salt[] = "The quick brown fox jumps over the lazy dog"; @@ -387,7 +391,7 @@ void device_key_derived_key_key_type_16_test() memcpy(output + DEVICE_KEY_16BYTE - sizeof(expectedString), expectedString, sizeof(expectedString)); memcpy(output + DEVICE_KEY_16BYTE + 1, expectedString, sizeof(expectedString)); - ret = devkey.device_key_derived_key(salt, salt_size, output, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); //Test that we didn't override the buffer after the 16 byte size TEST_ASSERT_EQUAL_UINT8_ARRAY(output + DEVICE_KEY_16BYTE + 1, expectedString, sizeof(expectedString)); @@ -398,7 +402,7 @@ void device_key_derived_key_key_type_16_test() /* * Test request for 32 byte key is returning a correct key size. */ -void device_key_derived_key_key_type_32_test() +void generate_derived_key_key_type_32_test() { unsigned char output[DEVICE_KEY_32BYTE * 2]; unsigned char salt[] = "The quick brown fox jumps over the lazy dog"; @@ -418,7 +422,7 @@ void device_key_derived_key_key_type_32_test() memcpy(output + DEVICE_KEY_32BYTE - sizeof(expectedString), expectedString, sizeof(expectedString)); memcpy(output + DEVICE_KEY_32BYTE + 1, expectedString, sizeof(expectedString)); - ret = devkey.device_key_derived_key(salt, salt_size, output, key_type); + ret = devkey.generate_derived_key(salt, salt_size, output, key_type); TEST_ASSERT_EQUAL_INT32(0, ret); //Test that we didn't override the buffer after the 32 byte size TEST_ASSERT_EQUAL_UINT8_ARRAY(output + DEVICE_KEY_32BYTE + 1, expectedString, sizeof(expectedString)); @@ -429,7 +433,7 @@ void device_key_derived_key_key_type_32_test() /* * Test request for unknown key size returns an error */ -void device_key_derived_key_wrong_key_type_test() +void generate_derived_key_wrong_key_type_test() { unsigned char output[DEVICE_KEY_16BYTE]; unsigned char salt[] = "The quick brown fox jumps over the lazy dog"; @@ -445,7 +449,7 @@ void device_key_derived_key_wrong_key_type_test() TEST_ASSERT_EQUAL_INT(DEVICEKEY_SUCCESS, ret); memset(output, 0, DEVICE_KEY_32BYTE); - ret = devkey.device_key_derived_key(salt, salt_size, output, 12);//96 bit key type is not supported + ret = devkey.generate_derived_key(salt, salt_size, output, 12);//96 bit key type is not supported TEST_ASSERT_EQUAL_INT32(DEVICEKEY_INVALID_KEY_TYPE, ret); } @@ -458,16 +462,16 @@ utest::v1::status_t greentea_failure_handler(const Case *const source, const fai //Currently there can be only one test that contains reset and it has to be the first test! Case cases[] = { - Case("Device Key - derived key reset", device_key_derived_key_reset_test, greentea_failure_handler), - Case("Device Key - inject value wrong size", device_inject_root_of_trust_wrong_size_test, greentea_failure_handler), - Case("Device Key - inject value 16 byte size", device_inject_root_of_trust_16_byte_size_test, greentea_failure_handler), - Case("Device Key - inject value 32 byte size", device_inject_root_of_trust_32_byte_size_test, greentea_failure_handler), - Case("Device Key - inject value several times", device_inject_root_of_trust_several_times_test, greentea_failure_handler), - Case("Device Key - derived key consistency 16 byte key", device_key_derived_key_consistency_16_byte_key_test, greentea_failure_handler), - Case("Device Key - derived key consistency 32 byte key", device_key_derived_key_consistency_32_byte_key_test, greentea_failure_handler), - Case("Device Key - derived key key type 16", device_key_derived_key_key_type_16_test, greentea_failure_handler), - Case("Device Key - derived key key type 32", device_key_derived_key_key_type_32_test, greentea_failure_handler), - Case("Device Key - derived key wrong key type", device_key_derived_key_wrong_key_type_test, greentea_failure_handler) + Case("Device Key - derived key reset", generate_derived_key_reset_test, greentea_failure_handler), + Case("Device Key - inject value wrong size", device_inject_root_of_trust_wrong_size_test, greentea_failure_handler), + Case("Device Key - inject value 16 byte size", device_inject_root_of_trust_16_byte_size_test, greentea_failure_handler), + Case("Device Key - inject value 32 byte size", device_inject_root_of_trust_32_byte_size_test, greentea_failure_handler), + Case("Device Key - inject value several times", device_inject_root_of_trust_several_times_test, greentea_failure_handler), + Case("Device Key - derived key consistency 16 byte key", generate_derived_key_consistency_16_byte_key_test, greentea_failure_handler), + Case("Device Key - derived key consistency 32 byte key", generate_derived_key_consistency_32_byte_key_test, greentea_failure_handler), + Case("Device Key - derived key key type 16", generate_derived_key_key_type_16_test, greentea_failure_handler), + Case("Device Key - derived key key type 32", generate_derived_key_key_type_32_test, greentea_failure_handler), + Case("Device Key - derived key wrong key type", generate_derived_key_wrong_key_type_test, greentea_failure_handler) }; utest::v1::status_t greentea_test_setup(const size_t number_of_cases) diff --git a/drivers/DeviceKey.cpp b/drivers/DeviceKey.cpp index 6efa9f0265..fd12dc0631 100644 --- a/drivers/DeviceKey.cpp +++ b/drivers/DeviceKey.cpp @@ -24,6 +24,8 @@ #error [NOT_SUPPORTED] MBEDTLS_CMAC_C needs to be enabled for this driver #else +#if NVSTORE_ENABLED + namespace mbed { DeviceKey::DeviceKey() @@ -36,8 +38,8 @@ DeviceKey::~DeviceKey() return; } -int DeviceKey::device_key_derived_key(const unsigned char *salt, size_t isalt_size, unsigned char *output, - uint16_t ikey_type) +int DeviceKey::generate_derived_key(const unsigned char *salt, size_t isalt_size, unsigned char *output, + uint16_t ikey_type) { uint32_t key_buff[DEVICE_KEY_32BYTE / sizeof(uint32_t)]; size_t actual_size = DEVICE_KEY_32BYTE; @@ -135,8 +137,8 @@ int DeviceKey::read_key_from_nvstore(uint32_t *output, size_t& size) } // Calculate CMAC functions - wrapper for mbedtls start/update and finish -int DeviceKey::calc_cmac(const unsigned char *input, size_t isize, uint32_t *ikey_buff, int ikey_size, - unsigned char *output) +int DeviceKey::calculate_cmac(const unsigned char *input, size_t isize, uint32_t *ikey_buff, int ikey_size, + unsigned char *output) { int ret; mbedtls_cipher_context_t ctx; @@ -183,14 +185,14 @@ int DeviceKey::get_derived_key(uint32_t *ikey_buff, size_t ikey_size, const unsi unsigned char *double_size_salt = NULL; if (DEVICE_KEY_16BYTE == ikey_type) { - ret = calc_cmac(isalt, isalt_size, ikey_buff, ikey_size, output); + ret = calculate_cmac(isalt, isalt_size, ikey_buff, ikey_size, output); if (DEVICEKEY_SUCCESS != ret) { goto finish; } } if (DEVICE_KEY_32BYTE == ikey_type) { - ret = this->calc_cmac(isalt, isalt_size, ikey_buff, ikey_size, output); + ret = this->calculate_cmac(isalt, isalt_size, ikey_buff, ikey_size, output); if (DEVICEKEY_SUCCESS != ret) { goto finish; } @@ -200,7 +202,7 @@ int DeviceKey::get_derived_key(uint32_t *ikey_buff, size_t ikey_size, const unsi memcpy(double_size_salt, isalt, isalt_size); memcpy(double_size_salt + isalt_size, isalt, isalt_size); - ret = this->calc_cmac(double_size_salt, isalt_size * 2, ikey_buff, ikey_size, output + 16); + ret = this->calculate_cmac(double_size_salt, isalt_size * 2, ikey_buff, ikey_size, output + 16); } finish: @@ -247,6 +249,7 @@ int DeviceKey::generate_key_by_trng(uint32_t *output, size_t& size) } // namespace mbed +#endif //NVSTORE_ENABLED #endif diff --git a/drivers/DeviceKey.h b/drivers/DeviceKey.h index e04c1034cf..e4aaddcf61 100644 --- a/drivers/DeviceKey.h +++ b/drivers/DeviceKey.h @@ -20,6 +20,8 @@ #include "stdint.h" #include "platform/NonCopyable.h" +#if (NVSTORE_ENABLED) + namespace mbed { /** \addtogroup drivers */ @@ -44,8 +46,7 @@ enum DeviceKeyStatus { /** Use this singleton if you need to derive a new key from the device root of trust. * - * - * @endcode + * @note Synchronization level: Thread safe * @ingroup drivers */ @@ -69,7 +70,7 @@ public: return instance; } - virtual ~DeviceKey(); + ~DeviceKey(); /** Derive a new key based on the salt string. key type can be with values 16 bytes and 32 bytes * @param isalt input buffer used to create the new key. Same input will generate always the same key @@ -79,7 +80,7 @@ public: * @param ikey_type type of the required key. Type must be 16 bytes or 32 bytes. * @return 0 on success, negative error code on failure */ - int device_key_derived_key(const unsigned char *isalt, size_t isalt_size, unsigned char *output, uint16_t ikey_type); + int generate_derived_key(const unsigned char *isalt, size_t isalt_size, unsigned char *output, uint16_t ikey_type); /** Set a device key into the NVStore. In case TRNG support is missing, Call this method * before calling device_key_derived_key. This method should be called only once! @@ -101,7 +102,7 @@ private: * @param output buffer for the CMAC result. * @return 0 on success, negative error code on failure */ - int calc_cmac(const unsigned char *input, size_t isize, uint32_t *ikey_buff, int ikey_size, unsigned char *output); + int calculate_cmac(const unsigned char *input, size_t isize, uint32_t *ikey_buff, int ikey_size, unsigned char *output); /** Read a device key from the NVStore * @param output buffer for the returned key. @@ -145,4 +146,5 @@ private: } +#endif //NVSTORE_ENABLED #endif