ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use PSA Crypto API 1.0b3 

The PSA Crypto API has moved on from 1.0b2 to 1.0b3, bringing along with
it some breaking changes. Update Mbed OS to use the 1.0b3 API.
pull/11315/head
Jaeden Amero 2019-08-16 15:46:57 +01:00 committed by Darryl Green
parent 3e53118727
commit 3d1b8363db
13 changed files with 364 additions and 518 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
TESTS/mbed-crypto/sanity/main.cpp
View File

@ -86,26 +86,24 @@ void test_crypto_random(void)
void test_crypto_asymmetric_encrypt_decrypt(void)
{
psa_status_t status = PSA_SUCCESS;
psa_key_handle_t key_handle = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
psa_key_handle_t key_handle;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
size_t key_bits = 512, got_bits = 0, output_length;
psa_key_policy_t policy;
size_t key_bits = 512, output_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
static const unsigned char input[] = "encrypt me!";
unsigned char encrypted[64];
unsigned char decrypted[sizeof(input)];
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key(&attributes, &key_handle);
TEST_SKIP_UNLESS_MESSAGE(status != PSA_ERROR_NOT_SUPPORTED, "RSA key generation is not supported");
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle, NULL, &got_bits));
TEST_ASSERT_EQUAL(key_bits, got_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle, &attributes));
TEST_ASSERT_EQUAL(key_bits, psa_get_key_bits(&attributes));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_encrypt(key_handle, alg, input, sizeof(input), NULL, 0,
encrypted, sizeof(encrypted), &output_length));
TEST_ASSERT_EQUAL(sizeof(encrypted), output_length);
@ -135,11 +133,11 @@ void test_crypto_hash_verify(void)
void test_crypto_symmetric_cipher_encrypt_decrypt(void)
{
psa_key_handle_t key_handle = 0;
psa_key_handle_t key_handle;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_cipher_operation_t operation;
psa_key_policy_t policy;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t output_len;
static const unsigned char key[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@ -155,13 +153,12 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
};
unsigned char encrypted[sizeof(input)], decrypted[sizeof(input)], iv[16];
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
memset(iv, 0x2a, sizeof(iv));
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, 128);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
operation = psa_cipher_operation_init();
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_cipher_encrypt_setup(&operation, key_handle, alg));
@ -187,10 +184,10 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
void test_crypto_asymmetric_sign_verify(void)
{
psa_key_handle_t key_handle = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
psa_key_handle_t key_handle;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
psa_key_policy_t policy;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
static const unsigned char key[] = {
0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf,
0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1,
@ -261,12 +258,10 @@ void test_crypto_asymmetric_sign_verify(void)
unsigned char signature[sizeof(expected_signature)];
size_t signature_len;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
signature, sizeof(signature), &signature_len));
TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
@ -279,31 +274,43 @@ void test_crypto_asymmetric_sign_verify(void)
void test_crypto_key_derivation(void)
{
psa_key_handle_t key_handle = 0, derived_key_handle = 0;
psa_key_handle_t key_handle, derived_key_handle;
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256), derived_alg = PSA_ALG_CTR;
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES, got_type;
psa_key_policy_t policy;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
size_t key_bits = 512, derived_key_bits = 256, got_bits;
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation =
PSA_KEY_DERIVATION_OPERATION_INIT;
size_t key_bits = 512, derived_key_bits = 256;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation(&generator, key_handle, alg, NULL, 0, NULL, 0,
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, key_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, alg));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_set_capacity(&operation,
PSA_BITS_TO_BYTES(derived_key_bits)));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_input_bytes(&operation,
PSA_KEY_DERIVATION_INPUT_SALT, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_input_key(&operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_input_bytes(&operation,
PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&derived_key_handle));
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, derived_alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(derived_key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(derived_key_handle, derived_key_type,
derived_key_bits, &generator));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(derived_key_handle, &got_type, &got_bits));
TEST_ASSERT_EQUAL(derived_key_type, got_type);
TEST_ASSERT_EQUAL(derived_key_bits, got_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_abort(&generator));
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
psa_set_key_algorithm(&attributes, derived_alg);
psa_set_key_type(&attributes, derived_key_type);
psa_set_key_bits(&attributes, derived_key_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_output_key(&attributes, &operation, &derived_key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(derived_key_handle, &attributes));
TEST_ASSERT_EQUAL(derived_key_type, psa_get_key_type(&attributes));
TEST_ASSERT_EQUAL(derived_key_bits, psa_get_key_bits(&attributes));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_abort(&operation));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(derived_key_handle));
}
@ -316,42 +323,45 @@ void test_crypto_key_handles(void)
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_key_handle_t key_handle;
psa_key_policy_t policy;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
psa_set_key_id(&attributes, id);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(id, &key_handle));
}
void test_crypto_hash_clone(void)

7
TESTS/psa/attestation/main.cpp
View File

@ -94,7 +94,7 @@ static void check_initial_attestation_get_token()
TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
status = psa_attestation_inject_key(private_key_data,
sizeof(private_key_data),
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
exported,
sizeof(exported),
&exported_length);
@ -119,9 +119,8 @@ static void check_initial_attestation_get_token()
utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason)
{
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
psa_key_handle_t handle = 0;
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
psa_key_handle_t handle;
psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
psa_destroy_key(handle);
mbedtls_psa_crypto_free();
return greentea_case_teardown_handler(source, passed, failed, reason);

352
TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp
View File

@ -52,15 +52,15 @@ void inject_entropy()
}
#endif // defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
static psa_status_t create_and_generate_key_via_test_partition(psa_key_id_t key_id, psa_key_type_t key_type,
psa_algorithm_t key_alg, psa_key_usage_t key_usage,
size_t key_bits, psa_key_handle_t *key_handle,
unsigned char close_key)
static psa_status_t create_and_generate_key_via_test_partition(
const psa_key_attributes_t *attributes,
psa_key_handle_t *key_handle,
uint8_t close_key)
{
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
test_partition_crypto_generate_key(attributes,
key_handle));
TEST_ASSERT_NOT_EQUAL(0, *key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(*key_handle, key_usage, key_alg));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(*key_handle, key_type, key_bits));
if (close_key) {
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(*key_handle));
}
@ -75,25 +75,31 @@ void test_open_other_partition_key(void)
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const size_t key_bits = 128;
psa_key_handle_t key_handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - create a key, generate key material and close */
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
create_and_generate_key_via_test_partition(&attributes, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
/* try to open the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(key_id, &key_handle));
/* via test partition - reopen the key created by the test partition and keep it open */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - destroy the key created by the test partition */
@ -111,61 +117,54 @@ void test_create_key_same_id_different_partitions(void)
key_bits_local = 256;
psa_key_handle_t key_handle_remote = 0,
key_handle_local = 0;
psa_key_type_t got_key_type_remote = 0,
got_key_type_local = 0;
size_t got_key_bits_remote = 0,
got_key_bits_local = 0;
psa_key_usage_t got_key_usage_remote = 0;
psa_algorithm_t got_key_alg_remote = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg,
key_usage_remote, key_bits_remote,
&key_handle_remote, 1));
/* via test partition - create a key, generate key material and close */
psa_set_key_usage_flags(&attributes, key_usage_remote);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits_remote);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
create_and_generate_key_via_test_partition(&attributes, &key_handle_remote, 1));
psa_reset_key_attributes(&attributes);
/* create a key, set key policy, generate key material and close from current partition (i.e. NSPE) */
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle_local));
/* create a key, generate key material and close from current partition (i.e. NSPE) */
psa_set_key_usage_flags(&attributes, key_usage_local);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits_local);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle_local));
TEST_ASSERT_NOT_EQUAL(0, key_handle_local);
psa_key_policy_set_usage(&policy, key_usage_local, key_alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle_local, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle_local, key_type, key_bits_local, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle_local));
/* via test partition - reopen the key created by the test partition */
key_handle_remote = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle_remote));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle_remote));
TEST_ASSERT_NOT_EQUAL(0, key_handle_remote);
/* reopen the key created from the current partition (NSPE) */
key_handle_local = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle_local));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(key_id, &key_handle_local));
TEST_ASSERT_NOT_EQUAL(0, key_handle_local);
/* via test partition - get key info for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_get_key_information(key_handle_remote,
&got_key_type_remote,
&got_key_bits_remote));
TEST_ASSERT_EQUAL(key_type, got_key_type_remote);
TEST_ASSERT_EQUAL(key_bits_remote, got_key_bits_remote);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
test_partition_crypto_get_key_attributes(key_handle_remote,
&attributes));
TEST_ASSERT_EQUAL(key_type, psa_get_key_type(&attributes));
TEST_ASSERT_EQUAL(key_bits_remote, psa_get_key_bits(&attributes));
TEST_ASSERT_EQUAL(key_usage_remote, psa_get_key_usage_flags(&attributes));
TEST_ASSERT_EQUAL(key_alg, psa_get_key_algorithm(&attributes));
/* via test partition - get key policy for key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_get_key_policy(key_handle_remote,
&got_key_usage_remote,
&got_key_alg_remote));
TEST_ASSERT_EQUAL(key_usage_remote, got_key_usage_remote);
TEST_ASSERT_EQUAL(key_alg, got_key_alg_remote);
/* get key info for key created by the current partition (NSPE) */
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle_local, &got_key_type_local, &got_key_bits_local));
TEST_ASSERT_EQUAL(key_type, got_key_type_local);
TEST_ASSERT_EQUAL(key_bits_local, got_key_bits_local);
/* get key policy for key created by the current partition (NSPE) */
policy = psa_key_policy_init();
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_policy(key_handle_local, &policy));
TEST_ASSERT_EQUAL(key_usage_local, policy.usage);
TEST_ASSERT_EQUAL(key_alg, policy.alg);
/* get key attributes for key created by the current partition (NSPE) */
attributes = psa_key_attributes_init();
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle_local, &attributes));
TEST_ASSERT_EQUAL(key_type, psa_get_key_type(&attributes));
TEST_ASSERT_EQUAL(key_bits_local, psa_get_key_bits(&attributes));
TEST_ASSERT_EQUAL(key_usage_local, psa_get_key_usage_flags(&attributes));
TEST_ASSERT_EQUAL(key_alg, psa_get_key_algorithm(&attributes));
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle_remote));
@ -181,68 +180,50 @@ void test_use_other_partition_key_manage_key(void)
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_EXPORT;
static const size_t key_bits = 128;
static const unsigned char key_data[] = {
static const uint8_t key_data[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
psa_key_handle_t key_handle = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
unsigned char output[sizeof(key_data)] = { 0 };
size_t len, got_key_bits;
psa_key_type_t got_key_type;
psa_key_lifetime_t got_lifetime;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t output[sizeof(key_data)] = { 0 };
size_t len;
/* via test partition - create a key without generating any key material */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to set the key policy for the key that was created by the test partition */
psa_key_policy_set_usage(&policy, key_usage, key_alg);
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_set_key_policy(key_handle, &policy));
/* via test partition - set key policy */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
/* try to generate key data for the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
/* via test partition - generate key material and close the key */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(key_handle, key_type, key_bits));
/* via test partition - generate a persistent key and close the key */
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(&attributes, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
/* via test partition - reopen the key created by the test partition and keep it open */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to work with the handle created for a key created by the test partition */
got_key_type = 0;
got_key_bits = 0;
got_lifetime = 0;
policy = psa_key_policy_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_lifetime(key_handle, &got_lifetime));
attributes = psa_key_attributes_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_attributes(key_handle, &attributes));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_close_key(key_handle));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_destroy_key(key_handle));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_information(key_handle, &got_key_type, &got_key_bits));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_export_key(key_handle, output, sizeof(output), &len));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_export_public_key(key_handle, output, sizeof(output), &len));
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));
/* via test partition - create a key, set key policy but no key material */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
/* try to import key data into the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_import_key(key_handle, key_type,
key_data, sizeof(key_data)));
/* via test partition - import key data for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data)));
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
test_partition_crypto_import_key(
&attributes, key_data, sizeof(key_data), &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));
@ -257,14 +238,20 @@ void test_use_other_partition_key_mac(void)
static const size_t key_bits = 128;
psa_key_handle_t key_handle = 0;
psa_mac_operation_t operation;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - create a key, generate key material and close */
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
create_and_generate_key_via_test_partition(&attributes, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to setup mac sign operation using the key that was created by the test partition */
@ -288,17 +275,23 @@ void test_use_other_partition_key_cipher(void)
static const size_t key_bits = 128;
psa_key_handle_t key_handle = 0;
psa_cipher_operation_t operation;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - create a key, generate key material and close */
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
create_and_generate_key_via_test_partition(&attributes, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to setup cipher encrypt sign operation using the key that was created by the test partition */
/* try to setup cipher encrypt operation using the key that was created by the test partition */
operation = psa_cipher_operation_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_cipher_encrypt_setup(&operation, key_handle, key_alg));
@ -317,19 +310,25 @@ void test_use_other_partition_key_aead(void)
static const psa_algorithm_t key_alg = PSA_ALG_GCM;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
static const size_t key_bits = 128;
static const unsigned char nonce[16] = { 0 };
unsigned char plain_text[] = "encrypt me!";
unsigned char cipher_text[PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_alg, sizeof(plain_text))] = { 0 };
static const uint8_t nonce[16] = { 0 };
uint8_t plain_text[] = "encrypt me!";
uint8_t cipher_text[PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_alg, sizeof(plain_text))] = { 0 };
psa_key_handle_t key_handle = 0;
size_t len;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - create a key, generate key material and close */
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
create_and_generate_key_via_test_partition(&attributes, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to aead encrypt using the key that was created by the test partition */
@ -349,22 +348,28 @@ void test_use_other_partition_key_aead(void)
void test_use_other_partition_key_asymmetric_sign_verify(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1);
static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1);
static const psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
static const size_t key_bits = 256;
static const unsigned char input[] = "hello world!";
unsigned char signature[PSA_ECDSA_SIGNATURE_SIZE(key_bits)] = { 0 };
static const uint8_t input[] = "hello world!";
uint8_t signature[PSA_ECDSA_SIGNATURE_SIZE(key_bits)] = { 0 };
psa_key_handle_t key_handle = 0;
size_t len;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - create a key, generate key material and close */
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, key_bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
create_and_generate_key_via_test_partition(&attributes, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to asymmetric sign using the key that was created by the test partition */
@ -382,11 +387,11 @@ void test_use_other_partition_key_asymmetric_sign_verify(void)
void test_use_other_partition_key_asymmetric_encrypt_decrypt(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
static const psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
static const psa_algorithm_t key_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
static const unsigned char input[] = "encrypt me!";
static const unsigned char key_data[] = {
static const uint8_t input[] = "encrypt me!";
static const uint8_t key_data[] = {
0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xee, 0x2b,
0x13, 0x1d, 0x6b, 0x18, 0x18, 0xa9, 0x4c, 0xa8, 0xe9, 0x1c, 0x42, 0x38,
0x7e, 0xb1, 0x5a, 0x7c, 0x27, 0x1f, 0x57, 0xb8, 0x9e, 0x73, 0x36, 0xb1,
@ -415,27 +420,29 @@ void test_use_other_partition_key_asymmetric_encrypt_decrypt(void)
0xd8, 0xfb, 0x93, 0x0a, 0xfc, 0xf4, 0x6f, 0x36, 0x60, 0x6e, 0x3a, 0xa0,
0xeb, 0x7a, 0x93, 0xad, 0x88, 0xc1, 0x0c
};
unsigned char encrypted[64] = { 0 };
unsigned char decrypted[sizeof(input)] = { 0 };
uint8_t encrypted[64] = { 0 };
uint8_t decrypted[sizeof(input)] = { 0 };
psa_key_handle_t key_handle = 0;
size_t len;
/* via test partition - create a key without generating any key material */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - set key policy */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - import key data for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data)));
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, 512);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
test_partition_crypto_import_key(
&attributes, key_data, sizeof(key_data), &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
/* via test partition - reopen the key created by the test partition and keep it open */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to asymmetric encrypt using the key that was created by the test partition */
@ -457,79 +464,32 @@ void test_use_other_partition_key_derivation_setup(void)
static const psa_algorithm_t key_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_DERIVE;
static const psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE;
static const unsigned char key_data[] = {
static const uint8_t key_data[] = {
0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xee, 0x2b,
0x13, 0x1d, 0x6b, 0x18, 0x18, 0xa9, 0x4c, 0xa8, 0xe9, 0x1c, 0x42, 0x38
};
static const unsigned char salt[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c
};
static const unsigned char label[] = {
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9
};
psa_key_handle_t key_handle = 0;
psa_crypto_generator_t generator = psa_crypto_generator_init();
size_t bits = 128;
/* via test partition - create a key without generating any key material */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - set key policy */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
size_t bits = 192;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
/* via test partition - import key data for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data)));
psa_set_key_usage_flags(&attributes, key_usage);
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_bits(&attributes, bits);
psa_set_key_type(&attributes, key_type);
psa_set_key_id(&attributes, key_id);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
test_partition_crypto_import_key(
&attributes, key_data, sizeof(key_data), &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to setup key derivation using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_key_derivation(&generator, key_handle, key_alg,
(unsigned char *)salt, sizeof(salt),
(unsigned char *)label, sizeof(label),
PSA_BITS_TO_BYTES(bits)));
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));
}
void test_use_other_partition_key_agreement_setup(void)
{
static const psa_key_id_t key_id = 999;
static const psa_algorithm_t key_alg = PSA_ALG_ECDH(PSA_ALG_SELECT_RAW);
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_DERIVE;
static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1);
static const unsigned char key_data[] = {
0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda,
0xa2, 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49,
0xc6, 0x2a, 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33
};
static const unsigned char peer_key_data[] = {
0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7,
0x02, 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7,
0x4c, 0x73, 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3,
0xca, 0x36, 0x6c, 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d,
0x6a, 0xac, 0x23, 0xf0, 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f,
0x33, 0x03, 0x98, 0x72, 0xab
};
psa_key_handle_t key_handle = 0;
psa_crypto_generator_t generator = psa_crypto_generator_init();
/* via test partition - create a key without generating any key material */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - set key policy */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
/* via test partition - import key data for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data)));
/* try to setup key agreement using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_key_agreement(&generator, key_handle,
(unsigned char *)peer_key_data, sizeof(peer_key_data),
key_alg));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, key_alg));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE,
psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET, key_handle));
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));
@ -584,8 +544,6 @@ Case cases[] = {
case_setup_handler, test_use_other_partition_key_asymmetric_encrypt_decrypt, case_teardown_handler),
Case("use other partition's key - key derivation setup",
case_setup_handler, test_use_other_partition_key_derivation_setup, case_teardown_handler),
Case("use other partition's key - key agreement setup",
case_setup_handler, test_use_other_partition_key_agreement_setup, case_teardown_handler),
};
Specification specification(test_setup, cases);

103
TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c
View File

@ -37,66 +37,35 @@ static psa_status_t invoke_ipc_call(uint32_t sid, psa_invec *in_vec, size_t in_v
return (status);
}
psa_status_t test_partition_crypto_create_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle)
psa_status_t test_partition_crypto_get_key_attributes(
psa_key_handle_t key_handle, psa_key_attributes_t *attributes)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_outvec out_vec[1] = {
{ attributes, sizeof(*attributes) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_ATTRIBUTES, &in_vec, 1, out_vec, 1);
return (status);
}
psa_status_t test_partition_crypto_generate_key(
const psa_key_attributes_t *attributes, psa_key_handle_t *key_handle)
{
psa_invec in_vec[] = {
{ attributes, sizeof(*attributes) },
};
psa_outvec out_vec[] = {
{ key_handle, sizeof(*key_handle) },
};
psa_status_t status = invoke_ipc_call(CRYPTO_GENERATE_KEY, in_vec, 1, out_vec, 1);
return (status);
}
psa_status_t test_partition_crypto_open_key(psa_key_id_t key_id, psa_key_handle_t *key_handle)
{
psa_invec in_vec = { &key_id, sizeof(key_id) };
psa_outvec out_vec = { key_handle, sizeof(*key_handle) };
psa_status_t status = invoke_ipc_call(CRYPTO_CREATE_PERSISTENT_KEY, &in_vec, 1, &out_vec, 1);
return (status);
}
psa_status_t test_partition_crypto_set_key_policy(psa_key_handle_t key_handle, psa_key_usage_t key_usage,
psa_algorithm_t key_alg)
{
psa_invec in_vec[3] = {
{ &key_handle, sizeof(key_handle) },
{ &key_usage, sizeof(key_usage) },
{ &key_alg, sizeof(key_alg) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_SET_KEY_POLICY, in_vec, 3, NULL, 0);
return (status);
}
psa_status_t test_partition_crypto_get_key_policy(psa_key_handle_t key_handle, psa_key_usage_t *key_usage,
psa_algorithm_t *key_alg)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_outvec out_vec[2] = {
{ key_usage, sizeof(*key_usage) },
{ key_alg, sizeof(*key_alg) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_POLICY, &in_vec, 1, out_vec, 2);
return (status);
}
psa_status_t test_partition_crypto_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *key_type,
size_t *key_bits)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_outvec out_vec[2] = {
{ key_type, sizeof(*key_type) },
{ key_bits, sizeof(*key_bits) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_INFO, &in_vec, 1, out_vec, 2);
return (status);
}
psa_status_t test_partition_crypto_generate_key(psa_key_handle_t key_handle, psa_key_type_t key_type, size_t key_bits)
{
psa_invec in_vec[3] = {
{ &key_handle, sizeof(key_handle) },
{ &key_type, sizeof(key_type) },
{ &key_bits, sizeof(key_bits) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GENERATE_KEY, in_vec, 3, NULL, 0);
return (status);
}
psa_status_t test_partition_crypto_open_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle)
{
psa_invec in_vec = { &key_id, sizeof(key_id) };
psa_outvec out_vec = { key_handle, sizeof(*key_handle) };
psa_status_t status = invoke_ipc_call(CRYPTO_OPEN_PERSISTENT_KEY, &in_vec, 1, &out_vec, 1);
psa_status_t status = invoke_ipc_call(CRYPTO_OPEN_KEY, &in_vec, 1, &out_vec, 1);
return (status);
}
@ -114,15 +83,19 @@ psa_status_t test_partition_crypto_destroy_key(psa_key_handle_t key_handle)
return (status);
}
psa_status_t test_partition_crypto_import_key(psa_key_handle_t key_handle, psa_key_type_t key_type,
const unsigned char *key_data, size_t key_data_size)
psa_status_t test_partition_crypto_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_data,
size_t key_data_size,
psa_key_handle_t *key_handle)
{
psa_invec in_vec[4] = {
{ &key_handle, sizeof(key_handle) },
{ &key_type, sizeof(key_type) },
{ &key_data_size, sizeof(key_data_size) },
{ key_data, key_data_size }
psa_invec in_vec[] = {
{ attributes, sizeof(*attributes) },
{ key_data, key_data_size },
};
psa_status_t status = invoke_ipc_call(CRYPTO_IMPORT_KEY, in_vec, 4, NULL, 0);
psa_outvec out_vec[] = {
{ key_handle, sizeof(*key_handle) },
};
psa_status_t status = invoke_ipc_call(CRYPTO_IMPORT_KEY, in_vec, 2, out_vec, 1);
return (status);
}

25
TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.h
View File

@ -24,27 +24,24 @@
extern "C" {
#endif
psa_status_t test_partition_crypto_create_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle);
psa_status_t test_partition_crypto_get_key_attributes(
psa_key_handle_t key_handle, psa_key_attributes_t *attributes);
psa_status_t test_partition_crypto_set_key_policy(psa_key_handle_t key_handle, psa_key_usage_t key_usage,
psa_algorithm_t key_alg);
psa_status_t test_partition_crypto_generate_key(
const psa_key_attributes_t *attributes, psa_key_handle_t *key_handle);
psa_status_t test_partition_crypto_get_key_policy(psa_key_handle_t key_handle, psa_key_usage_t *key_usage,
psa_algorithm_t *key_alg);
psa_status_t test_partition_crypto_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *key_type,
size_t *key_bits);
psa_status_t test_partition_crypto_generate_key(psa_key_handle_t key_handle, psa_key_type_t key_type, size_t key_bits);
psa_status_t test_partition_crypto_open_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle);
psa_status_t test_partition_crypto_open_key(
psa_key_id_t key_id, psa_key_handle_t *key_handle);
psa_status_t test_partition_crypto_close_key(psa_key_handle_t key_handle);
psa_status_t test_partition_crypto_destroy_key(psa_key_handle_t key_handle);
psa_status_t test_partition_crypto_import_key(psa_key_handle_t key_handle, psa_key_type_t key_type,
const unsigned char *key_data, size_t key_data_size);
psa_status_t test_partition_crypto_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_data,
size_t key_data_size,
psa_key_handle_t *key_handle);
#ifdef __cplusplus
}

120
TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c
View File

@ -31,37 +31,24 @@ static void read_input_param_from_message(psa_msg_t *msg, uint8_t param_index, v
}
}
static psa_status_t crypto_create_persistent_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_id_t key_id = 0;
psa_key_handle_t key_handle = 0;
read_input_param_from_message(msg, 0, &key_id);
status = psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_handle, sizeof(key_handle));
}
return (status);
}
static psa_status_t crypto_generate_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle = 0;
psa_key_type_t key_type = 0;
size_t key_bits = 0;
psa_key_attributes_t attributes;
read_input_param_from_message(msg, 0, &key_handle);
read_input_param_from_message(msg, 1, &key_type);
read_input_param_from_message(msg, 2, &key_bits);
read_input_param_from_message(msg, 0, &attributes);
status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
status = psa_generate_key(&attributes, &key_handle);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_handle, sizeof(key_handle));
}
return (status);
}
static psa_status_t crypto_open_persistent_key(psa_msg_t *msg)
static psa_status_t crypto_open_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_id_t key_id;
@ -69,7 +56,7 @@ static psa_status_t crypto_open_persistent_key(psa_msg_t *msg)
read_input_param_from_message(msg, 0, &key_id);
status = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle);
status = psa_open_key(key_id, &key_handle);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_handle, sizeof(key_handle));
}
@ -87,23 +74,6 @@ static psa_status_t crypto_close_key(psa_msg_t *msg)
return (status);
}
static psa_status_t crypto_set_key_policy(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_usage_t key_usage;
psa_algorithm_t key_alg;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
read_input_param_from_message(msg, 0, &key_handle);
read_input_param_from_message(msg, 1, &key_usage);
read_input_param_from_message(msg, 2, &key_alg);
psa_key_policy_set_usage(&policy, key_usage, key_alg);
status = psa_set_key_policy(key_handle, &policy);
return (status);
}
static psa_status_t crypto_destroy_key(psa_msg_t *msg)
{
psa_status_t status;
@ -115,35 +85,17 @@ static psa_status_t crypto_destroy_key(psa_msg_t *msg)
return (status);
}
static psa_status_t crypto_get_key_info(psa_msg_t *msg)
static psa_status_t crypto_get_key_attributes(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_type_t key_type = 0;
size_t key_bits = 0;
psa_key_attributes_t attributes;
read_input_param_from_message(msg, 0, &key_handle);
status = psa_get_key_information(key_handle, &key_type, &key_bits);
status = psa_get_key_attributes(key_handle, &attributes);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_type, sizeof(key_type));
psa_write(msg->handle, 1, &key_bits, sizeof(key_bits));
}
return (status);
}
static psa_status_t crypto_get_key_policy(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
read_input_param_from_message(msg, 0, &key_handle);
status = psa_get_key_policy(key_handle, &policy);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &(policy.usage), sizeof(policy.usage));
psa_write(msg->handle, 1, &(policy.alg), sizeof(policy.alg));
psa_write(msg->handle, 0, &attributes, sizeof(attributes));
}
return (status);
}
@ -152,22 +104,22 @@ static psa_status_t crypto_import_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_type_t key_type;
size_t key_data_size;
unsigned char *key_data = NULL;
psa_key_attributes_t attributes;
uint8_t *key_data;
size_t key_data_size = msg->in_size[1];
read_input_param_from_message(msg, 0, &key_handle);
read_input_param_from_message(msg, 1, &key_type);
read_input_param_from_message(msg, 2, &key_data_size);
read_input_param_from_message(msg, 0, &attributes);
key_data = calloc(1, key_data_size);
if (key_data == NULL) {
return (PSA_ERROR_INSUFFICIENT_MEMORY);
}
read_input_param_from_message(msg, 1, key_data);
read_input_param_from_message(msg, 3, key_data);
status = psa_import_key(key_handle, key_type, key_data, key_data_size);
status = psa_import_key(&attributes, key_data, key_data_size, &key_handle);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_handle, sizeof(key_handle));
}
free(key_data);
return (status);
@ -201,23 +153,17 @@ void test_partition_main(void)
psa_msg_t msg = {0};
while (1) {
signal = psa_wait(CRYPTO_ACL_TEST_WAIT_ANY_SID_MSK, PSA_BLOCK);
if (signal & CRYPTO_CREATE_PERSISTENT_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_CREATE_PERSISTENT_KEY_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_create_persistent_key);
}
if (signal & CRYPTO_GENERATE_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_GENERATE_KEY_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_generate_key);
}
if (signal & CRYPTO_OPEN_PERSISTENT_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_OPEN_PERSISTENT_KEY_MSK, &msg)) {
if (signal & CRYPTO_OPEN_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_OPEN_KEY_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_open_persistent_key);
message_handler(&msg, crypto_open_key);
}
if (signal & CRYPTO_CLOSE_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_CLOSE_KEY_MSK, &msg)) {
@ -225,29 +171,17 @@ void test_partition_main(void)
}
message_handler(&msg, crypto_close_key);
}
if (signal & CRYPTO_SET_KEY_POLICY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_SET_KEY_POLICY_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_set_key_policy);
}
if (signal & CRYPTO_DESTROY_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_DESTROY_KEY_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_destroy_key);
}
if (signal & CRYPTO_GET_KEY_INFO_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_INFO_MSK, &msg)) {
if (signal & CRYPTO_GET_KEY_ATTRIBUTES_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_ATTRIBUTES_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_get_key_info);
}
if (signal & CRYPTO_GET_KEY_POLICY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_POLICY_MSK, &msg)) {
continue;
}
message_handler(&msg, crypto_get_key_policy);
message_handler(&msg, crypto_get_key_attributes);
}
if (signal & CRYPTO_IMPORT_KEY_MSK) {
if (PSA_SUCCESS != psa_get(CRYPTO_IMPORT_KEY_MSK, &msg)) {

32
TESTS/psa/crypto_access_control/crypto_acl_tests_partition_psa.json
View File

@ -7,14 +7,6 @@
"stack_size": "0x200",
"heap_size": "0x400",
"services": [
{
"name": "CRYPTO_CREATE_PERSISTENT_KEY",
"identifier": "0x00000200",
"signal": "CRYPTO_CREATE_PERSISTENT_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_GENERATE_KEY",
"identifier": "0x00000201",
@ -24,9 +16,9 @@
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_OPEN_PERSISTENT_KEY",
"name": "CRYPTO_OPEN_KEY",
"identifier": "0x00000202",
"signal": "CRYPTO_OPEN_PERSISTENT_KEY_MSK",
"signal": "CRYPTO_OPEN_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
@ -39,14 +31,6 @@
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_SET_KEY_POLICY",
"identifier": "0x00000204",
"signal": "CRYPTO_SET_KEY_POLICY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_DESTROY_KEY",
"identifier": "0x00000205",
@ -56,17 +40,9 @@
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_GET_KEY_INFO",
"name": "CRYPTO_GET_KEY_ATTRIBUTES",
"identifier": "0x00000206",
"signal": "CRYPTO_GET_KEY_INFO_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_GET_KEY_POLICY",
"identifier": "0x00000207",
"signal": "CRYPTO_GET_KEY_POLICY_MSK",
"signal": "CRYPTO_GET_KEY_ATTRIBUTES_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"

5
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c
View File

@ -45,15 +45,14 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id,
(void)key_select;
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
psa_key_handle_t handle = 0;
psa_key_handle_t handle;
if (sig_size > signature_buffer.len)
{
return T_COSE_ERR_SIG_BUFFER_SIZE;
}
crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
crypto_ret = psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
if (crypto_ret != PSA_SUCCESS)
{
return T_COSE_ERR_NO_KID;

12
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c
View File

@ -86,6 +86,7 @@ tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint8_t *public_key = NULL;
psa_key_type_t type;
psa_key_type_t public_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t bits;
size_t public_key_size = 0;
size_t public_key_length = 0;
@ -93,27 +94,28 @@ tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t initial_attestation_public_x_key_size = 0;
uint32_t initial_attestation_public_y_key_size = 0;
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
psa_key_handle_t handle = 0;
psa_key_handle_t handle;
crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
crypto_ret = psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
if (crypto_ret != PSA_SUCCESS)
{
return TFM_PLAT_ERR_SYSTEM_ERR;
}
crypto_ret = psa_get_key_information(handle, &type, &bits);
crypto_ret = psa_get_key_attributes(handle, &attributes);
if (crypto_ret != PSA_SUCCESS)
{
psa_close_key(handle);
return TFM_PLAT_ERR_SYSTEM_ERR;
}
type = psa_get_key_type(&attributes);
if (!PSA_KEY_TYPE_IS_ECC(type))
{
psa_close_key(handle);
return TFM_PLAT_ERR_SYSTEM_ERR;
}
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type);
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type);
bits = psa_get_key_bits(&attributes);
public_key_size = PSA_KEY_EXPORT_MAX_SIZE(public_type, bits);
public_key = (uint8_t *) malloc(public_key_size);
if (public_key == NULL)

10
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c
View File

@ -59,12 +59,12 @@ static enum tfm_security_lifecycle_t security_lifecycle_psa_to_tfm(void)
/* Hash of attestation public key */
static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf)
{
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
psa_key_handle_t handle = 0;
uint8_t *public_key = NULL;
psa_key_type_t type;
psa_key_type_t public_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t bits;
size_t public_key_size = 0;
size_t public_key_length = 0;
@ -73,21 +73,23 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf
enum tfm_plat_err_t status = TFM_PLAT_ERR_SUCCESS;
psa_hash_operation_t hash_handle = {0};
crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
crypto_ret = psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
if (crypto_ret != PSA_SUCCESS) {
return TFM_PLAT_ERR_SYSTEM_ERR;
}
crypto_ret = psa_get_key_information(handle, &type, &bits);
crypto_ret = psa_get_key_attributes(handle, &attributes);
if (crypto_ret != PSA_SUCCESS) {
status = TFM_PLAT_ERR_SYSTEM_ERR;
goto exit;
}
type = psa_get_key_type(&attributes);
if (!PSA_KEY_TYPE_IS_ECC(type)) {
status = TFM_PLAT_ERR_SYSTEM_ERR;
goto exit;
}
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type);
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type);
bits = psa_get_key_bits(&attributes);
public_key_size = PSA_KEY_EXPORT_MAX_SIZE(public_type, bits);
public_key = (uint8_t *) malloc(public_key_size);
if (public_key == NULL) {

35
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c
View File

@ -29,11 +29,11 @@ psa_attestation_inject_key_impl(const uint8_t *key_data,
size_t *public_key_data_length)
{
psa_status_t status = PSA_SUCCESS;
size_t key_data_bits = 0;
psa_key_handle_t handle = 1;
size_t key_data_bits = ECDSA_P256_KEY_SIZE_IN_BYTES * 8;
psa_key_handle_t handle = 0;
psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_PERSISTENT;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
psa_key_type_t public_type;
size_t bits;
@ -42,19 +42,14 @@ psa_attestation_inject_key_impl(const uint8_t *key_data,
#if defined(MBEDTLS_ECP_C)
status = psa_create_key(lifetime, key_id, &handle);
if (status != PSA_SUCCESS) {
return (status);
}
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, key_data_bits);
psa_set_key_lifetime(&attributes, lifetime);
psa_set_key_id(&attributes, key_id);
psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
status = psa_set_key_policy(handle, (const psa_key_policy_t *)&policy);
if (status != PSA_SUCCESS) {
return (status);
}
if (! PSA_KEY_TYPE_IS_ECC_KEYPAIR(type)) {
if (! PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
return (PSA_ERROR_INVALID_ARGUMENT);
}
@ -63,25 +58,27 @@ psa_attestation_inject_key_impl(const uint8_t *key_data,
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_import_key(handle, type, key_data, key_data_length);
status = psa_import_key(&attributes, key_data, key_data_length, &handle);
if (status != PSA_SUCCESS) {
goto exit;
}
} else {
/* generating key pair */
key_data_bits = ECDSA_P256_KEY_SIZE_IN_BYTES * 8;
status = psa_generate_key(handle, type, key_data_bits, NULL, 0);
status = psa_generate_key(&attributes, &handle);
if (status != PSA_SUCCESS) {
goto exit;
}
}
status = psa_get_key_information(handle, &type_key, &bits);
status = psa_get_key_attributes(handle, &attributes);
if (status != PSA_SUCCESS) {
goto exit;
}
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type_key);
type_key = psa_get_key_type(&attributes);
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type_key);
bits = psa_get_key_bits(&attributes);
exported_size = PSA_KEY_EXPORT_MAX_SIZE(public_type, bits);
status = psa_export_public_key(handle,

2
components/TARGET_PSA/services/attestation/attestation_partition_psa.json
View File

@ -38,7 +38,7 @@
"PSA_ASYMMETRIC_ID",
"PSA_KEY_MNG_ID",
"PSA_CRYPTO_FREE_ID",
"PSA_GENERATOR_ID",
"PSA_KEY_DERIVATION_ID",
"PSA_PLATFORM_LC_GET"
],
"source_files": [

13
features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp
View File

@ -50,9 +50,8 @@ static const uint8_t public_key_data[] = {
static void psa_attestation_destroy_key_for_test()
{
const psa_key_id_t key_id = TEST_KEY_ID_VALUE;
psa_key_handle_t handle = 0;
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
psa_open_key(TEST_KEY_ID_VALUE, &handle);
psa_destroy_key(handle);
}
@ -63,11 +62,11 @@ static void psa_attestation_inject_key_for_test(void)
psa_attestation_destroy_key_for_test();
psa_attestation_inject_key(private_key_data,
sizeof(private_key_data),
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
exported,
sizeof(exported),
&exported_length);
sizeof(private_key_data),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
exported,
sizeof(exported),
&exported_length);
}