diff --git a/TESTS/mbed-crypto/sanity/main.cpp b/TESTS/mbed-crypto/sanity/main.cpp index 2726919523..98cd169e47 100644 --- a/TESTS/mbed-crypto/sanity/main.cpp +++ b/TESTS/mbed-crypto/sanity/main.cpp @@ -86,26 +86,24 @@ void test_crypto_random(void) void test_crypto_asymmetric_encrypt_decrypt(void) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t key_handle = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR; + psa_key_handle_t key_handle; + psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_CRYPT; - size_t key_bits = 512, got_bits = 0, output_length; - psa_key_policy_t policy; + size_t key_bits = 512, output_length; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; static const unsigned char input[] = "encrypt me!"; unsigned char encrypted[64]; unsigned char decrypted[sizeof(input)]; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle)); - - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - - status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + psa_set_key_bits(&attributes, key_bits); + status = psa_generate_key(&attributes, &key_handle); TEST_SKIP_UNLESS_MESSAGE(status != PSA_ERROR_NOT_SUPPORTED, "RSA key generation is not supported"); TEST_ASSERT_EQUAL(PSA_SUCCESS, status); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle, NULL, &got_bits)); - TEST_ASSERT_EQUAL(key_bits, got_bits); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle, &attributes)); + TEST_ASSERT_EQUAL(key_bits, psa_get_key_bits(&attributes)); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_encrypt(key_handle, alg, input, sizeof(input), NULL, 0, encrypted, sizeof(encrypted), &output_length)); TEST_ASSERT_EQUAL(sizeof(encrypted), output_length); @@ -135,11 +133,11 @@ void test_crypto_hash_verify(void) void test_crypto_symmetric_cipher_encrypt_decrypt(void) { - psa_key_handle_t key_handle = 0; + psa_key_handle_t key_handle; psa_key_type_t key_type = PSA_KEY_TYPE_AES; psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING; psa_cipher_operation_t operation; - psa_key_policy_t policy; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t output_len; static const unsigned char key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, @@ -155,13 +153,12 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void) }; unsigned char encrypted[sizeof(input)], decrypted[sizeof(input)], iv[16]; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle)); - memset(iv, 0x2a, sizeof(iv)); - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key))); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + psa_set_key_bits(&attributes, 128); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle)); operation = psa_cipher_operation_init(); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_cipher_encrypt_setup(&operation, key_handle, alg)); @@ -187,10 +184,10 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void) void test_crypto_asymmetric_sign_verify(void) { - psa_key_handle_t key_handle = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR; + psa_key_handle_t key_handle; + psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW; - psa_key_policy_t policy; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; static const unsigned char key[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, @@ -261,12 +258,10 @@ void test_crypto_asymmetric_sign_verify(void) unsigned char signature[sizeof(expected_signature)]; size_t signature_len; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle)); - - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key))); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle)); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input), signature, sizeof(signature), &signature_len)); TEST_ASSERT_EQUAL(sizeof(signature), signature_len); @@ -279,31 +274,43 @@ void test_crypto_asymmetric_sign_verify(void) void test_crypto_key_derivation(void) { - psa_key_handle_t key_handle = 0, derived_key_handle = 0; + psa_key_handle_t key_handle, derived_key_handle; psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256), derived_alg = PSA_ALG_CTR; - psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES, got_type; - psa_key_policy_t policy; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - size_t key_bits = 512, derived_key_bits = 256, got_bits; + psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_derivation_operation_t operation = + PSA_KEY_DERIVATION_OPERATION_INIT; + size_t key_bits = 512, derived_key_bits = 256; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle)); - - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, key_type, key_bits, NULL, 0)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation(&generator, key_handle, alg, NULL, 0, NULL, 0, + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + psa_set_key_bits(&attributes, key_bits); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, alg)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + psa_key_derivation_set_capacity(&operation, PSA_BITS_TO_BYTES(derived_key_bits))); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + psa_key_derivation_input_bytes(&operation, + PSA_KEY_DERIVATION_INPUT_SALT, NULL, 0)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_input_key(&operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + psa_key_derivation_input_bytes(&operation, + PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&derived_key_handle)); - psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, derived_alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(derived_key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(derived_key_handle, derived_key_type, - derived_key_bits, &generator)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(derived_key_handle, &got_type, &got_bits)); - TEST_ASSERT_EQUAL(derived_key_type, got_type); - TEST_ASSERT_EQUAL(derived_key_bits, got_bits); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_abort(&generator)); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attributes, derived_alg); + psa_set_key_type(&attributes, derived_key_type); + psa_set_key_bits(&attributes, derived_key_bits); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + psa_key_derivation_output_key(&attributes, &operation, &derived_key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(derived_key_handle, &attributes)); + TEST_ASSERT_EQUAL(derived_key_type, psa_get_key_type(&attributes)); + TEST_ASSERT_EQUAL(derived_key_bits, psa_get_key_bits(&attributes)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_abort(&operation)); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle)); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(derived_key_handle)); } @@ -316,42 +323,45 @@ void test_crypto_key_handles(void) psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING; psa_key_handle_t key_handle; - psa_key_policy_t policy; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, usage, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0)); + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle)); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle)); - - key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, usage, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle)); key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - policy = psa_key_policy_init(); - psa_key_policy_set_usage(&policy, usage, alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle)); - - key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle)); + attributes = psa_key_attributes_init(); + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle)); key_handle = 0; - TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle)); + attributes = psa_key_attributes_init(); + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT); + psa_set_key_id(&attributes, id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle)); + TEST_ASSERT_NOT_EQUAL(0, key_handle); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle)); + + key_handle = 0; + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(id, &key_handle)); + TEST_ASSERT_NOT_EQUAL(0, key_handle); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle)); + + key_handle = 0; + TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(id, &key_handle)); } void test_crypto_hash_clone(void) diff --git a/TESTS/psa/attestation/main.cpp b/TESTS/psa/attestation/main.cpp index d4dbb054f7..3789be02b2 100755 --- a/TESTS/psa/attestation/main.cpp +++ b/TESTS/psa/attestation/main.cpp @@ -94,7 +94,7 @@ static void check_initial_attestation_get_token() TEST_ASSERT_EQUAL(status, PSA_SUCCESS); status = psa_attestation_inject_key(private_key_data, sizeof(private_key_data), - PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), + PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1), exported, sizeof(exported), &exported_length); @@ -119,9 +119,8 @@ static void check_initial_attestation_get_token() utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason) { - const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID; - psa_key_handle_t handle = 0; - psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); + psa_key_handle_t handle; + psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle); psa_destroy_key(handle); mbedtls_psa_crypto_free(); return greentea_case_teardown_handler(source, passed, failed, reason); diff --git a/TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp b/TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp index ef45ab4381..f260e96f18 100644 --- a/TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp +++ b/TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp @@ -52,15 +52,15 @@ void inject_entropy() } #endif // defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC) -static psa_status_t create_and_generate_key_via_test_partition(psa_key_id_t key_id, psa_key_type_t key_type, - psa_algorithm_t key_alg, psa_key_usage_t key_usage, - size_t key_bits, psa_key_handle_t *key_handle, - unsigned char close_key) +static psa_status_t create_and_generate_key_via_test_partition( + const psa_key_attributes_t *attributes, + psa_key_handle_t *key_handle, + uint8_t close_key) { - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + test_partition_crypto_generate_key(attributes, + key_handle)); TEST_ASSERT_NOT_EQUAL(0, *key_handle); - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(*key_handle, key_usage, key_alg)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(*key_handle, key_type, key_bits)); if (close_key) { TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(*key_handle)); } @@ -75,25 +75,31 @@ void test_open_other_partition_key(void) static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING; static const size_t key_bits = 128; psa_key_handle_t key_handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* via test partition - create a key, set key policy, generate key material and close */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage, - key_bits, &key_handle, 1)); + /* via test partition - create a key, generate key material and close */ + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + create_and_generate_key_via_test_partition(&attributes, &key_handle, 1)); /* via test partition - reopen the key created by the test partition */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* via test partition - close the key created by the test partition */ TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle)); /* try to open the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(key_id, &key_handle)); /* via test partition - reopen the key created by the test partition and keep it open */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* via test partition - destroy the key created by the test partition */ @@ -111,61 +117,54 @@ void test_create_key_same_id_different_partitions(void) key_bits_local = 256; psa_key_handle_t key_handle_remote = 0, key_handle_local = 0; - psa_key_type_t got_key_type_remote = 0, - got_key_type_local = 0; - size_t got_key_bits_remote = 0, - got_key_bits_local = 0; - psa_key_usage_t got_key_usage_remote = 0; - psa_algorithm_t got_key_alg_remote = 0; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* via test partition - create a key, set key policy, generate key material and close */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, - key_usage_remote, key_bits_remote, - &key_handle_remote, 1)); + /* via test partition - create a key, generate key material and close */ + psa_set_key_usage_flags(&attributes, key_usage_remote); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits_remote); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + create_and_generate_key_via_test_partition(&attributes, &key_handle_remote, 1)); + psa_reset_key_attributes(&attributes); - /* create a key, set key policy, generate key material and close from current partition (i.e. NSPE) */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle_local)); + /* create a key, generate key material and close from current partition (i.e. NSPE) */ + psa_set_key_usage_flags(&attributes, key_usage_local); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits_local); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle_local)); TEST_ASSERT_NOT_EQUAL(0, key_handle_local); - psa_key_policy_set_usage(&policy, key_usage_local, key_alg); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle_local, &policy)); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle_local, key_type, key_bits_local, NULL, 0)); TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle_local)); /* via test partition - reopen the key created by the test partition */ key_handle_remote = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle_remote)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle_remote)); TEST_ASSERT_NOT_EQUAL(0, key_handle_remote); /* reopen the key created from the current partition (NSPE) */ key_handle_local = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle_local)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(key_id, &key_handle_local)); TEST_ASSERT_NOT_EQUAL(0, key_handle_local); /* via test partition - get key info for the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_get_key_information(key_handle_remote, - &got_key_type_remote, - &got_key_bits_remote)); - TEST_ASSERT_EQUAL(key_type, got_key_type_remote); - TEST_ASSERT_EQUAL(key_bits_remote, got_key_bits_remote); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + test_partition_crypto_get_key_attributes(key_handle_remote, + &attributes)); + TEST_ASSERT_EQUAL(key_type, psa_get_key_type(&attributes)); + TEST_ASSERT_EQUAL(key_bits_remote, psa_get_key_bits(&attributes)); + TEST_ASSERT_EQUAL(key_usage_remote, psa_get_key_usage_flags(&attributes)); + TEST_ASSERT_EQUAL(key_alg, psa_get_key_algorithm(&attributes)); - /* via test partition - get key policy for key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_get_key_policy(key_handle_remote, - &got_key_usage_remote, - &got_key_alg_remote)); - TEST_ASSERT_EQUAL(key_usage_remote, got_key_usage_remote); - TEST_ASSERT_EQUAL(key_alg, got_key_alg_remote); - - /* get key info for key created by the current partition (NSPE) */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle_local, &got_key_type_local, &got_key_bits_local)); - TEST_ASSERT_EQUAL(key_type, got_key_type_local); - TEST_ASSERT_EQUAL(key_bits_local, got_key_bits_local); - - /* get key policy for key created by the current partition (NSPE) */ - policy = psa_key_policy_init(); - TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_policy(key_handle_local, &policy)); - TEST_ASSERT_EQUAL(key_usage_local, policy.usage); - TEST_ASSERT_EQUAL(key_alg, policy.alg); + /* get key attributes for key created by the current partition (NSPE) */ + attributes = psa_key_attributes_init(); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle_local, &attributes)); + TEST_ASSERT_EQUAL(key_type, psa_get_key_type(&attributes)); + TEST_ASSERT_EQUAL(key_bits_local, psa_get_key_bits(&attributes)); + TEST_ASSERT_EQUAL(key_usage_local, psa_get_key_usage_flags(&attributes)); + TEST_ASSERT_EQUAL(key_alg, psa_get_key_algorithm(&attributes)); /* via test partition - destroy the key created by the test partition */ TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle_remote)); @@ -181,68 +180,50 @@ void test_use_other_partition_key_manage_key(void) static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING; static const psa_key_usage_t key_usage = PSA_KEY_USAGE_EXPORT; static const size_t key_bits = 128; - static const unsigned char key_data[] = { + static const uint8_t key_data[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; psa_key_handle_t key_handle = 0; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - unsigned char output[sizeof(key_data)] = { 0 }; - size_t len, got_key_bits; - psa_key_type_t got_key_type; - psa_key_lifetime_t got_lifetime; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t output[sizeof(key_data)] = { 0 }; + size_t len; - /* via test partition - create a key without generating any key material */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - - /* try to set the key policy for the key that was created by the test partition */ - psa_key_policy_set_usage(&policy, key_usage, key_alg); - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_set_key_policy(key_handle, &policy)); - - /* via test partition - set key policy */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg)); - - /* try to generate key data for the key that was created by the test partition */ - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_generate_key(key_handle, key_type, key_bits, NULL, 0)); - - /* via test partition - generate key material and close the key */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(key_handle, key_type, key_bits)); + /* via test partition - generate a persistent key and close the key */ + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(&attributes, &key_handle)); TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle)); /* via test partition - reopen the key created by the test partition and keep it open */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* try to work with the handle created for a key created by the test partition */ - got_key_type = 0; - got_key_bits = 0; - got_lifetime = 0; - policy = psa_key_policy_init(); - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_policy(key_handle, &policy)); - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_lifetime(key_handle, &got_lifetime)); + attributes = psa_key_attributes_init(); + TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_attributes(key_handle, &attributes)); TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_close_key(key_handle)); TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_destroy_key(key_handle)); - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_information(key_handle, &got_key_type, &got_key_bits)); TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_export_key(key_handle, output, sizeof(output), &len)); TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_export_public_key(key_handle, output, sizeof(output), &len)); /* via test partition - destroy the key created by the test partition */ TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle)); - /* via test partition - create a key, set key policy but no key material */ - key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg)); - - /* try to import key data into the key that was created by the test partition */ - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_import_key(key_handle, key_type, - key_data, sizeof(key_data))); - /* via test partition - import key data for the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data))); + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + test_partition_crypto_import_key( + &attributes, key_data, sizeof(key_data), &key_handle)); + TEST_ASSERT_NOT_EQUAL(0, key_handle); /* via test partition - destroy the key created by the test partition */ TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle)); @@ -257,14 +238,20 @@ void test_use_other_partition_key_mac(void) static const size_t key_bits = 128; psa_key_handle_t key_handle = 0; psa_mac_operation_t operation; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* via test partition - create a key, set key policy, generate key material and close */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage, - key_bits, &key_handle, 1)); + /* via test partition - create a key, generate key material and close */ + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + create_and_generate_key_via_test_partition(&attributes, &key_handle, 1)); /* via test partition - reopen the key created by the test partition */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* try to setup mac sign operation using the key that was created by the test partition */ @@ -288,17 +275,23 @@ void test_use_other_partition_key_cipher(void) static const size_t key_bits = 128; psa_key_handle_t key_handle = 0; psa_cipher_operation_t operation; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* via test partition - create a key, set key policy, generate key material and close */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage, - key_bits, &key_handle, 1)); + /* via test partition - create a key, generate key material and close */ + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + create_and_generate_key_via_test_partition(&attributes, &key_handle, 1)); /* via test partition - reopen the key created by the test partition */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); - /* try to setup cipher encrypt sign operation using the key that was created by the test partition */ + /* try to setup cipher encrypt operation using the key that was created by the test partition */ operation = psa_cipher_operation_init(); TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_cipher_encrypt_setup(&operation, key_handle, key_alg)); @@ -317,19 +310,25 @@ void test_use_other_partition_key_aead(void) static const psa_algorithm_t key_alg = PSA_ALG_GCM; static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; static const size_t key_bits = 128; - static const unsigned char nonce[16] = { 0 }; - unsigned char plain_text[] = "encrypt me!"; - unsigned char cipher_text[PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_alg, sizeof(plain_text))] = { 0 }; + static const uint8_t nonce[16] = { 0 }; + uint8_t plain_text[] = "encrypt me!"; + uint8_t cipher_text[PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_alg, sizeof(plain_text))] = { 0 }; psa_key_handle_t key_handle = 0; size_t len; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* via test partition - create a key, set key policy, generate key material and close */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage, - key_bits, &key_handle, 1)); + /* via test partition - create a key, generate key material and close */ + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + create_and_generate_key_via_test_partition(&attributes, &key_handle, 1)); /* via test partition - reopen the key created by the test partition */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* try to aead encrypt using the key that was created by the test partition */ @@ -349,22 +348,28 @@ void test_use_other_partition_key_aead(void) void test_use_other_partition_key_asymmetric_sign_verify(void) { static const psa_key_id_t key_id = 999; - static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1); + static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1); static const psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY; static const size_t key_bits = 256; - static const unsigned char input[] = "hello world!"; - unsigned char signature[PSA_ECDSA_SIGNATURE_SIZE(key_bits)] = { 0 }; + static const uint8_t input[] = "hello world!"; + uint8_t signature[PSA_ECDSA_SIGNATURE_SIZE(key_bits)] = { 0 }; psa_key_handle_t key_handle = 0; size_t len; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* via test partition - create a key, set key policy, generate key material and close */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage, - key_bits, &key_handle, 1)); + /* via test partition - create a key, generate key material and close */ + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, key_bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + create_and_generate_key_via_test_partition(&attributes, &key_handle, 1)); /* via test partition - reopen the key created by the test partition */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* try to asymmetric sign using the key that was created by the test partition */ @@ -382,11 +387,11 @@ void test_use_other_partition_key_asymmetric_sign_verify(void) void test_use_other_partition_key_asymmetric_encrypt_decrypt(void) { static const psa_key_id_t key_id = 999; - static const psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR; + static const psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR; static const psa_algorithm_t key_alg = PSA_ALG_RSA_PKCS1V15_CRYPT; static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; - static const unsigned char input[] = "encrypt me!"; - static const unsigned char key_data[] = { + static const uint8_t input[] = "encrypt me!"; + static const uint8_t key_data[] = { 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xee, 0x2b, 0x13, 0x1d, 0x6b, 0x18, 0x18, 0xa9, 0x4c, 0xa8, 0xe9, 0x1c, 0x42, 0x38, 0x7e, 0xb1, 0x5a, 0x7c, 0x27, 0x1f, 0x57, 0xb8, 0x9e, 0x73, 0x36, 0xb1, @@ -415,27 +420,29 @@ void test_use_other_partition_key_asymmetric_encrypt_decrypt(void) 0xd8, 0xfb, 0x93, 0x0a, 0xfc, 0xf4, 0x6f, 0x36, 0x60, 0x6e, 0x3a, 0xa0, 0xeb, 0x7a, 0x93, 0xad, 0x88, 0xc1, 0x0c }; - unsigned char encrypted[64] = { 0 }; - unsigned char decrypted[sizeof(input)] = { 0 }; + uint8_t encrypted[64] = { 0 }; + uint8_t decrypted[sizeof(input)] = { 0 }; psa_key_handle_t key_handle = 0; size_t len; - - /* via test partition - create a key without generating any key material */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - - /* via test partition - set key policy */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg)); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; /* via test partition - import key data for the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data))); + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, 512); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + test_partition_crypto_import_key( + &attributes, key_data, sizeof(key_data), &key_handle)); + TEST_ASSERT_NOT_EQUAL(0, key_handle); /* via test partition - close the key created by the test partition */ TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle)); /* via test partition - reopen the key created by the test partition and keep it open */ key_handle = 0; - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_key(key_id, &key_handle)); TEST_ASSERT_NOT_EQUAL(0, key_handle); /* try to asymmetric encrypt using the key that was created by the test partition */ @@ -457,79 +464,32 @@ void test_use_other_partition_key_derivation_setup(void) static const psa_algorithm_t key_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); static const psa_key_usage_t key_usage = PSA_KEY_USAGE_DERIVE; static const psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE; - static const unsigned char key_data[] = { + static const uint8_t key_data[] = { 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xee, 0x2b, 0x13, 0x1d, 0x6b, 0x18, 0x18, 0xa9, 0x4c, 0xa8, 0xe9, 0x1c, 0x42, 0x38 }; - static const unsigned char salt[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c - }; - static const unsigned char label[] = { - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 - }; psa_key_handle_t key_handle = 0; - psa_crypto_generator_t generator = psa_crypto_generator_init(); - size_t bits = 128; - - /* via test partition - create a key without generating any key material */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - - /* via test partition - set key policy */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg)); + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + size_t bits = 192; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; /* via test partition - import key data for the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data))); + psa_set_key_usage_flags(&attributes, key_usage); + psa_set_key_algorithm(&attributes, key_alg); + psa_set_key_bits(&attributes, bits); + psa_set_key_type(&attributes, key_type); + psa_set_key_id(&attributes, key_id); + TEST_ASSERT_EQUAL(PSA_SUCCESS, + test_partition_crypto_import_key( + &attributes, key_data, sizeof(key_data), &key_handle)); + TEST_ASSERT_NOT_EQUAL(0, key_handle); /* try to setup key derivation using the key that was created by the test partition */ - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_key_derivation(&generator, key_handle, key_alg, - (unsigned char *)salt, sizeof(salt), - (unsigned char *)label, sizeof(label), - PSA_BITS_TO_BYTES(bits))); - - /* via test partition - destroy the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle)); -} - -void test_use_other_partition_key_agreement_setup(void) -{ - static const psa_key_id_t key_id = 999; - static const psa_algorithm_t key_alg = PSA_ALG_ECDH(PSA_ALG_SELECT_RAW); - static const psa_key_usage_t key_usage = PSA_KEY_USAGE_DERIVE; - static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1); - static const unsigned char key_data[] = { - 0xc8, 0x8f, 0x01, 0xf5, 0x10, 0xd9, 0xac, 0x3f, 0x70, 0xa2, 0x92, 0xda, - 0xa2, 0x31, 0x6d, 0xe5, 0x44, 0xe9, 0xaa, 0xb8, 0xaf, 0xe8, 0x40, 0x49, - 0xc6, 0x2a, 0x9c, 0x57, 0x86, 0x2d, 0x14, 0x33 - }; - static const unsigned char peer_key_data[] = { - 0x04, 0xd1, 0x2d, 0xfb, 0x52, 0x89, 0xc8, 0xd4, 0xf8, 0x12, 0x08, 0xb7, - 0x02, 0x70, 0x39, 0x8c, 0x34, 0x22, 0x96, 0x97, 0x0a, 0x0b, 0xcc, 0xb7, - 0x4c, 0x73, 0x6f, 0xc7, 0x55, 0x44, 0x94, 0xbf, 0x63, 0x56, 0xfb, 0xf3, - 0xca, 0x36, 0x6c, 0xc2, 0x3e, 0x81, 0x57, 0x85, 0x4c, 0x13, 0xc5, 0x8d, - 0x6a, 0xac, 0x23, 0xf0, 0x46, 0xad, 0xa3, 0x0f, 0x83, 0x53, 0xe7, 0x4f, - 0x33, 0x03, 0x98, 0x72, 0xab - }; - - psa_key_handle_t key_handle = 0; - psa_crypto_generator_t generator = psa_crypto_generator_init(); - - /* via test partition - create a key without generating any key material */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle)); - TEST_ASSERT_NOT_EQUAL(0, key_handle); - - /* via test partition - set key policy */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg)); - - /* via test partition - import key data for the key created by the test partition */ - TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data))); - - /* try to setup key agreement using the key that was created by the test partition */ - TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_key_agreement(&generator, key_handle, - (unsigned char *)peer_key_data, sizeof(peer_key_data), - key_alg)); + TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, key_alg)); + TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, + psa_key_derivation_input_key( + &operation, PSA_KEY_DERIVATION_INPUT_SECRET, key_handle)); /* via test partition - destroy the key created by the test partition */ TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle)); @@ -584,8 +544,6 @@ Case cases[] = { case_setup_handler, test_use_other_partition_key_asymmetric_encrypt_decrypt, case_teardown_handler), Case("use other partition's key - key derivation setup", case_setup_handler, test_use_other_partition_key_derivation_setup, case_teardown_handler), - Case("use other partition's key - key agreement setup", - case_setup_handler, test_use_other_partition_key_agreement_setup, case_teardown_handler), }; Specification specification(test_setup, cases); diff --git a/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c b/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c index 164251946d..88b10d178f 100644 --- a/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c +++ b/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c @@ -37,66 +37,35 @@ static psa_status_t invoke_ipc_call(uint32_t sid, psa_invec *in_vec, size_t in_v return (status); } -psa_status_t test_partition_crypto_create_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle) +psa_status_t test_partition_crypto_get_key_attributes( + psa_key_handle_t key_handle, psa_key_attributes_t *attributes) +{ + psa_invec in_vec = { &key_handle, sizeof(key_handle) }; + psa_outvec out_vec[1] = { + { attributes, sizeof(*attributes) } + }; + psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_ATTRIBUTES, &in_vec, 1, out_vec, 1); + return (status); +} + +psa_status_t test_partition_crypto_generate_key( + const psa_key_attributes_t *attributes, psa_key_handle_t *key_handle) +{ + psa_invec in_vec[] = { + { attributes, sizeof(*attributes) }, + }; + psa_outvec out_vec[] = { + { key_handle, sizeof(*key_handle) }, + }; + psa_status_t status = invoke_ipc_call(CRYPTO_GENERATE_KEY, in_vec, 1, out_vec, 1); + return (status); +} + +psa_status_t test_partition_crypto_open_key(psa_key_id_t key_id, psa_key_handle_t *key_handle) { psa_invec in_vec = { &key_id, sizeof(key_id) }; psa_outvec out_vec = { key_handle, sizeof(*key_handle) }; - psa_status_t status = invoke_ipc_call(CRYPTO_CREATE_PERSISTENT_KEY, &in_vec, 1, &out_vec, 1); - return (status); -} - -psa_status_t test_partition_crypto_set_key_policy(psa_key_handle_t key_handle, psa_key_usage_t key_usage, - psa_algorithm_t key_alg) -{ - psa_invec in_vec[3] = { - { &key_handle, sizeof(key_handle) }, - { &key_usage, sizeof(key_usage) }, - { &key_alg, sizeof(key_alg) } - }; - psa_status_t status = invoke_ipc_call(CRYPTO_SET_KEY_POLICY, in_vec, 3, NULL, 0); - return (status); -} - -psa_status_t test_partition_crypto_get_key_policy(psa_key_handle_t key_handle, psa_key_usage_t *key_usage, - psa_algorithm_t *key_alg) -{ - psa_invec in_vec = { &key_handle, sizeof(key_handle) }; - psa_outvec out_vec[2] = { - { key_usage, sizeof(*key_usage) }, - { key_alg, sizeof(*key_alg) } - }; - psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_POLICY, &in_vec, 1, out_vec, 2); - return (status); -} - -psa_status_t test_partition_crypto_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *key_type, - size_t *key_bits) -{ - psa_invec in_vec = { &key_handle, sizeof(key_handle) }; - psa_outvec out_vec[2] = { - { key_type, sizeof(*key_type) }, - { key_bits, sizeof(*key_bits) } - }; - psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_INFO, &in_vec, 1, out_vec, 2); - return (status); -} - -psa_status_t test_partition_crypto_generate_key(psa_key_handle_t key_handle, psa_key_type_t key_type, size_t key_bits) -{ - psa_invec in_vec[3] = { - { &key_handle, sizeof(key_handle) }, - { &key_type, sizeof(key_type) }, - { &key_bits, sizeof(key_bits) } - }; - psa_status_t status = invoke_ipc_call(CRYPTO_GENERATE_KEY, in_vec, 3, NULL, 0); - return (status); -} - -psa_status_t test_partition_crypto_open_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle) -{ - psa_invec in_vec = { &key_id, sizeof(key_id) }; - psa_outvec out_vec = { key_handle, sizeof(*key_handle) }; - psa_status_t status = invoke_ipc_call(CRYPTO_OPEN_PERSISTENT_KEY, &in_vec, 1, &out_vec, 1); + psa_status_t status = invoke_ipc_call(CRYPTO_OPEN_KEY, &in_vec, 1, &out_vec, 1); return (status); } @@ -114,15 +83,19 @@ psa_status_t test_partition_crypto_destroy_key(psa_key_handle_t key_handle) return (status); } -psa_status_t test_partition_crypto_import_key(psa_key_handle_t key_handle, psa_key_type_t key_type, - const unsigned char *key_data, size_t key_data_size) +psa_status_t test_partition_crypto_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_data, + size_t key_data_size, + psa_key_handle_t *key_handle) { - psa_invec in_vec[4] = { - { &key_handle, sizeof(key_handle) }, - { &key_type, sizeof(key_type) }, - { &key_data_size, sizeof(key_data_size) }, - { key_data, key_data_size } + psa_invec in_vec[] = { + { attributes, sizeof(*attributes) }, + { key_data, key_data_size }, }; - psa_status_t status = invoke_ipc_call(CRYPTO_IMPORT_KEY, in_vec, 4, NULL, 0); + psa_outvec out_vec[] = { + { key_handle, sizeof(*key_handle) }, + }; + psa_status_t status = invoke_ipc_call(CRYPTO_IMPORT_KEY, in_vec, 2, out_vec, 1); return (status); } diff --git a/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.h b/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.h index fe4aa22387..eaf7fb38cc 100644 --- a/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.h +++ b/TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.h @@ -24,27 +24,24 @@ extern "C" { #endif -psa_status_t test_partition_crypto_create_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle); +psa_status_t test_partition_crypto_get_key_attributes( + psa_key_handle_t key_handle, psa_key_attributes_t *attributes); -psa_status_t test_partition_crypto_set_key_policy(psa_key_handle_t key_handle, psa_key_usage_t key_usage, - psa_algorithm_t key_alg); +psa_status_t test_partition_crypto_generate_key( + const psa_key_attributes_t *attributes, psa_key_handle_t *key_handle); -psa_status_t test_partition_crypto_get_key_policy(psa_key_handle_t key_handle, psa_key_usage_t *key_usage, - psa_algorithm_t *key_alg); - -psa_status_t test_partition_crypto_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *key_type, - size_t *key_bits); - -psa_status_t test_partition_crypto_generate_key(psa_key_handle_t key_handle, psa_key_type_t key_type, size_t key_bits); - -psa_status_t test_partition_crypto_open_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle); +psa_status_t test_partition_crypto_open_key( + psa_key_id_t key_id, psa_key_handle_t *key_handle); psa_status_t test_partition_crypto_close_key(psa_key_handle_t key_handle); psa_status_t test_partition_crypto_destroy_key(psa_key_handle_t key_handle); -psa_status_t test_partition_crypto_import_key(psa_key_handle_t key_handle, psa_key_type_t key_type, - const unsigned char *key_data, size_t key_data_size); +psa_status_t test_partition_crypto_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_data, + size_t key_data_size, + psa_key_handle_t *key_handle); #ifdef __cplusplus } diff --git a/TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c b/TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c index 05872535ec..f845c82dae 100644 --- a/TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c +++ b/TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c @@ -31,37 +31,24 @@ static void read_input_param_from_message(psa_msg_t *msg, uint8_t param_index, v } } -static psa_status_t crypto_create_persistent_key(psa_msg_t *msg) -{ - psa_status_t status; - psa_key_id_t key_id = 0; - psa_key_handle_t key_handle = 0; - - read_input_param_from_message(msg, 0, &key_id); - - status = psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle); - if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, &key_handle, sizeof(key_handle)); - } - return (status); -} - static psa_status_t crypto_generate_key(psa_msg_t *msg) { psa_status_t status; psa_key_handle_t key_handle = 0; psa_key_type_t key_type = 0; size_t key_bits = 0; + psa_key_attributes_t attributes; - read_input_param_from_message(msg, 0, &key_handle); - read_input_param_from_message(msg, 1, &key_type); - read_input_param_from_message(msg, 2, &key_bits); + read_input_param_from_message(msg, 0, &attributes); - status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0); + status = psa_generate_key(&attributes, &key_handle); + if (status == PSA_SUCCESS) { + psa_write(msg->handle, 0, &key_handle, sizeof(key_handle)); + } return (status); } -static psa_status_t crypto_open_persistent_key(psa_msg_t *msg) +static psa_status_t crypto_open_key(psa_msg_t *msg) { psa_status_t status; psa_key_id_t key_id; @@ -69,7 +56,7 @@ static psa_status_t crypto_open_persistent_key(psa_msg_t *msg) read_input_param_from_message(msg, 0, &key_id); - status = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle); + status = psa_open_key(key_id, &key_handle); if (status == PSA_SUCCESS) { psa_write(msg->handle, 0, &key_handle, sizeof(key_handle)); } @@ -87,23 +74,6 @@ static psa_status_t crypto_close_key(psa_msg_t *msg) return (status); } -static psa_status_t crypto_set_key_policy(psa_msg_t *msg) -{ - psa_status_t status; - psa_key_handle_t key_handle; - psa_key_usage_t key_usage; - psa_algorithm_t key_alg; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - - read_input_param_from_message(msg, 0, &key_handle); - read_input_param_from_message(msg, 1, &key_usage); - read_input_param_from_message(msg, 2, &key_alg); - - psa_key_policy_set_usage(&policy, key_usage, key_alg); - status = psa_set_key_policy(key_handle, &policy); - return (status); -} - static psa_status_t crypto_destroy_key(psa_msg_t *msg) { psa_status_t status; @@ -115,35 +85,17 @@ static psa_status_t crypto_destroy_key(psa_msg_t *msg) return (status); } -static psa_status_t crypto_get_key_info(psa_msg_t *msg) +static psa_status_t crypto_get_key_attributes(psa_msg_t *msg) { psa_status_t status; psa_key_handle_t key_handle; - psa_key_type_t key_type = 0; - size_t key_bits = 0; + psa_key_attributes_t attributes; read_input_param_from_message(msg, 0, &key_handle); - status = psa_get_key_information(key_handle, &key_type, &key_bits); + status = psa_get_key_attributes(key_handle, &attributes); if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, &key_type, sizeof(key_type)); - psa_write(msg->handle, 1, &key_bits, sizeof(key_bits)); - } - return (status); -} - -static psa_status_t crypto_get_key_policy(psa_msg_t *msg) -{ - psa_status_t status; - psa_key_handle_t key_handle; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - - read_input_param_from_message(msg, 0, &key_handle); - - status = psa_get_key_policy(key_handle, &policy); - if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, &(policy.usage), sizeof(policy.usage)); - psa_write(msg->handle, 1, &(policy.alg), sizeof(policy.alg)); + psa_write(msg->handle, 0, &attributes, sizeof(attributes)); } return (status); } @@ -152,22 +104,22 @@ static psa_status_t crypto_import_key(psa_msg_t *msg) { psa_status_t status; psa_key_handle_t key_handle; - psa_key_type_t key_type; - size_t key_data_size; - unsigned char *key_data = NULL; + psa_key_attributes_t attributes; + uint8_t *key_data; + size_t key_data_size = msg->in_size[1]; - read_input_param_from_message(msg, 0, &key_handle); - read_input_param_from_message(msg, 1, &key_type); - read_input_param_from_message(msg, 2, &key_data_size); + read_input_param_from_message(msg, 0, &attributes); key_data = calloc(1, key_data_size); if (key_data == NULL) { return (PSA_ERROR_INSUFFICIENT_MEMORY); } + read_input_param_from_message(msg, 1, key_data); - read_input_param_from_message(msg, 3, key_data); - - status = psa_import_key(key_handle, key_type, key_data, key_data_size); + status = psa_import_key(&attributes, key_data, key_data_size, &key_handle); + if (status == PSA_SUCCESS) { + psa_write(msg->handle, 0, &key_handle, sizeof(key_handle)); + } free(key_data); return (status); @@ -201,23 +153,17 @@ void test_partition_main(void) psa_msg_t msg = {0}; while (1) { signal = psa_wait(CRYPTO_ACL_TEST_WAIT_ANY_SID_MSK, PSA_BLOCK); - if (signal & CRYPTO_CREATE_PERSISTENT_KEY_MSK) { - if (PSA_SUCCESS != psa_get(CRYPTO_CREATE_PERSISTENT_KEY_MSK, &msg)) { - continue; - } - message_handler(&msg, crypto_create_persistent_key); - } if (signal & CRYPTO_GENERATE_KEY_MSK) { if (PSA_SUCCESS != psa_get(CRYPTO_GENERATE_KEY_MSK, &msg)) { continue; } message_handler(&msg, crypto_generate_key); } - if (signal & CRYPTO_OPEN_PERSISTENT_KEY_MSK) { - if (PSA_SUCCESS != psa_get(CRYPTO_OPEN_PERSISTENT_KEY_MSK, &msg)) { + if (signal & CRYPTO_OPEN_KEY_MSK) { + if (PSA_SUCCESS != psa_get(CRYPTO_OPEN_KEY_MSK, &msg)) { continue; } - message_handler(&msg, crypto_open_persistent_key); + message_handler(&msg, crypto_open_key); } if (signal & CRYPTO_CLOSE_KEY_MSK) { if (PSA_SUCCESS != psa_get(CRYPTO_CLOSE_KEY_MSK, &msg)) { @@ -225,29 +171,17 @@ void test_partition_main(void) } message_handler(&msg, crypto_close_key); } - if (signal & CRYPTO_SET_KEY_POLICY_MSK) { - if (PSA_SUCCESS != psa_get(CRYPTO_SET_KEY_POLICY_MSK, &msg)) { - continue; - } - message_handler(&msg, crypto_set_key_policy); - } if (signal & CRYPTO_DESTROY_KEY_MSK) { if (PSA_SUCCESS != psa_get(CRYPTO_DESTROY_KEY_MSK, &msg)) { continue; } message_handler(&msg, crypto_destroy_key); } - if (signal & CRYPTO_GET_KEY_INFO_MSK) { - if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_INFO_MSK, &msg)) { + if (signal & CRYPTO_GET_KEY_ATTRIBUTES_MSK) { + if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_ATTRIBUTES_MSK, &msg)) { continue; } - message_handler(&msg, crypto_get_key_info); - } - if (signal & CRYPTO_GET_KEY_POLICY_MSK) { - if (PSA_SUCCESS != psa_get(CRYPTO_GET_KEY_POLICY_MSK, &msg)) { - continue; - } - message_handler(&msg, crypto_get_key_policy); + message_handler(&msg, crypto_get_key_attributes); } if (signal & CRYPTO_IMPORT_KEY_MSK) { if (PSA_SUCCESS != psa_get(CRYPTO_IMPORT_KEY_MSK, &msg)) { diff --git a/TESTS/psa/crypto_access_control/crypto_acl_tests_partition_psa.json b/TESTS/psa/crypto_access_control/crypto_acl_tests_partition_psa.json index 31d442c292..103d38c031 100644 --- a/TESTS/psa/crypto_access_control/crypto_acl_tests_partition_psa.json +++ b/TESTS/psa/crypto_access_control/crypto_acl_tests_partition_psa.json @@ -7,14 +7,6 @@ "stack_size": "0x200", "heap_size": "0x400", "services": [ - { - "name": "CRYPTO_CREATE_PERSISTENT_KEY", - "identifier": "0x00000200", - "signal": "CRYPTO_CREATE_PERSISTENT_KEY_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, { "name": "CRYPTO_GENERATE_KEY", "identifier": "0x00000201", @@ -24,9 +16,9 @@ "minor_policy": "RELAXED" }, { - "name": "CRYPTO_OPEN_PERSISTENT_KEY", + "name": "CRYPTO_OPEN_KEY", "identifier": "0x00000202", - "signal": "CRYPTO_OPEN_PERSISTENT_KEY_MSK", + "signal": "CRYPTO_OPEN_KEY_MSK", "non_secure_clients": true, "minor_version": 1, "minor_policy": "RELAXED" @@ -39,14 +31,6 @@ "minor_version": 1, "minor_policy": "RELAXED" }, - { - "name": "CRYPTO_SET_KEY_POLICY", - "identifier": "0x00000204", - "signal": "CRYPTO_SET_KEY_POLICY_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, { "name": "CRYPTO_DESTROY_KEY", "identifier": "0x00000205", @@ -56,17 +40,9 @@ "minor_policy": "RELAXED" }, { - "name": "CRYPTO_GET_KEY_INFO", + "name": "CRYPTO_GET_KEY_ATTRIBUTES", "identifier": "0x00000206", - "signal": "CRYPTO_GET_KEY_INFO_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "CRYPTO_GET_KEY_POLICY", - "identifier": "0x00000207", - "signal": "CRYPTO_GET_KEY_POLICY_MSK", + "signal": "CRYPTO_GET_KEY_ATTRIBUTES_MSK", "non_secure_clients": true, "minor_version": 1, "minor_policy": "RELAXED" diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c index 5a32f76f20..60252919ac 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c @@ -45,15 +45,14 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id, (void)key_select; - const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID; - psa_key_handle_t handle = 0; + psa_key_handle_t handle; if (sig_size > signature_buffer.len) { return T_COSE_ERR_SIG_BUFFER_SIZE; } - crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); + crypto_ret = psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle); if (crypto_ret != PSA_SUCCESS) { return T_COSE_ERR_NO_KID; diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c index 6523dcccd0..e3b19a0749 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c @@ -86,6 +86,7 @@ tfm_plat_get_initial_attest_key(uint8_t *key_buf, uint8_t *public_key = NULL; psa_key_type_t type; psa_key_type_t public_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t bits; size_t public_key_size = 0; size_t public_key_length = 0; @@ -93,27 +94,28 @@ tfm_plat_get_initial_attest_key(uint8_t *key_buf, uint32_t initial_attestation_public_x_key_size = 0; uint32_t initial_attestation_public_y_key_size = 0; - const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID; - psa_key_handle_t handle = 0; + psa_key_handle_t handle; - crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); + crypto_ret = psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle); if (crypto_ret != PSA_SUCCESS) { return TFM_PLAT_ERR_SYSTEM_ERR; } - crypto_ret = psa_get_key_information(handle, &type, &bits); + crypto_ret = psa_get_key_attributes(handle, &attributes); if (crypto_ret != PSA_SUCCESS) { psa_close_key(handle); return TFM_PLAT_ERR_SYSTEM_ERR; } + type = psa_get_key_type(&attributes); if (!PSA_KEY_TYPE_IS_ECC(type)) { psa_close_key(handle); return TFM_PLAT_ERR_SYSTEM_ERR; } - public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type); + public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); + bits = psa_get_key_bits(&attributes); public_key_size = PSA_KEY_EXPORT_MAX_SIZE(public_type, bits); public_key = (uint8_t *) malloc(public_key_size); if (public_key == NULL) diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c index f30fb943be..8cae245fd6 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c @@ -59,12 +59,12 @@ static enum tfm_security_lifecycle_t security_lifecycle_psa_to_tfm(void) /* Hash of attestation public key */ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf) { - const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID; psa_key_handle_t handle = 0; uint8_t *public_key = NULL; psa_key_type_t type; psa_key_type_t public_type; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t bits; size_t public_key_size = 0; size_t public_key_length = 0; @@ -73,21 +73,23 @@ static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf enum tfm_plat_err_t status = TFM_PLAT_ERR_SUCCESS; psa_hash_operation_t hash_handle = {0}; - crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); + crypto_ret = psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle); if (crypto_ret != PSA_SUCCESS) { return TFM_PLAT_ERR_SYSTEM_ERR; } - crypto_ret = psa_get_key_information(handle, &type, &bits); + crypto_ret = psa_get_key_attributes(handle, &attributes); if (crypto_ret != PSA_SUCCESS) { status = TFM_PLAT_ERR_SYSTEM_ERR; goto exit; } + type = psa_get_key_type(&attributes); if (!PSA_KEY_TYPE_IS_ECC(type)) { status = TFM_PLAT_ERR_SYSTEM_ERR; goto exit; } - public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type); + public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); + bits = psa_get_key_bits(&attributes); public_key_size = PSA_KEY_EXPORT_MAX_SIZE(public_type, bits); public_key = (uint8_t *) malloc(public_key_size); if (public_key == NULL) { diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c index dbba83dadf..482c306612 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c @@ -29,11 +29,11 @@ psa_attestation_inject_key_impl(const uint8_t *key_data, size_t *public_key_data_length) { psa_status_t status = PSA_SUCCESS; - size_t key_data_bits = 0; - psa_key_handle_t handle = 1; + size_t key_data_bits = ECDSA_P256_KEY_SIZE_IN_BYTES * 8; + psa_key_handle_t handle = 0; psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID; psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_PERSISTENT; - psa_key_policy_t policy = PSA_KEY_POLICY_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY; psa_key_type_t public_type; size_t bits; @@ -42,19 +42,14 @@ psa_attestation_inject_key_impl(const uint8_t *key_data, #if defined(MBEDTLS_ECP_C) - status = psa_create_key(lifetime, key_id, &handle); - if (status != PSA_SUCCESS) { - return (status); - } + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, key_data_bits); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_id(&attributes, key_id); - psa_key_policy_init(); - psa_key_policy_set_usage(&policy, usage, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); - status = psa_set_key_policy(handle, (const psa_key_policy_t *)&policy); - if (status != PSA_SUCCESS) { - return (status); - } - - if (! PSA_KEY_TYPE_IS_ECC_KEYPAIR(type)) { + if (! PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { return (PSA_ERROR_INVALID_ARGUMENT); } @@ -63,25 +58,27 @@ psa_attestation_inject_key_impl(const uint8_t *key_data, status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - status = psa_import_key(handle, type, key_data, key_data_length); + status = psa_import_key(&attributes, key_data, key_data_length, &handle); if (status != PSA_SUCCESS) { goto exit; } } else { /* generating key pair */ key_data_bits = ECDSA_P256_KEY_SIZE_IN_BYTES * 8; - status = psa_generate_key(handle, type, key_data_bits, NULL, 0); + status = psa_generate_key(&attributes, &handle); if (status != PSA_SUCCESS) { goto exit; } } - status = psa_get_key_information(handle, &type_key, &bits); + status = psa_get_key_attributes(handle, &attributes); if (status != PSA_SUCCESS) { goto exit; } - public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(type_key); + type_key = psa_get_key_type(&attributes); + public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type_key); + bits = psa_get_key_bits(&attributes); exported_size = PSA_KEY_EXPORT_MAX_SIZE(public_type, bits); status = psa_export_public_key(handle, diff --git a/components/TARGET_PSA/services/attestation/attestation_partition_psa.json b/components/TARGET_PSA/services/attestation/attestation_partition_psa.json index 9cc8bbaa16..f021d4996d 100755 --- a/components/TARGET_PSA/services/attestation/attestation_partition_psa.json +++ b/components/TARGET_PSA/services/attestation/attestation_partition_psa.json @@ -38,7 +38,7 @@ "PSA_ASYMMETRIC_ID", "PSA_KEY_MNG_ID", "PSA_CRYPTO_FREE_ID", - "PSA_GENERATOR_ID", + "PSA_KEY_DERIVATION_ID", "PSA_PLATFORM_LC_GET" ], "source_files": [ diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp index 00738c0144..807802ab31 100644 --- a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp +++ b/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp @@ -50,9 +50,8 @@ static const uint8_t public_key_data[] = { static void psa_attestation_destroy_key_for_test() { - const psa_key_id_t key_id = TEST_KEY_ID_VALUE; psa_key_handle_t handle = 0; - psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); + psa_open_key(TEST_KEY_ID_VALUE, &handle); psa_destroy_key(handle); } @@ -63,11 +62,11 @@ static void psa_attestation_inject_key_for_test(void) psa_attestation_destroy_key_for_test(); psa_attestation_inject_key(private_key_data, - sizeof(private_key_data), - PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), - exported, - sizeof(exported), - &exported_length); + sizeof(private_key_data), + PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1), + exported, + sizeof(exported), + &exported_length); }