ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #9780 from itayzafrir/crypto-access-control-tests 

Crypto Service - keys access control TESTS
pull/9899/head
Cruz Monrreal 2019-02-28 18:20:53 -06:00 committed by GitHub
parent aaf3ce4741 02f5918013
commit 486f4f5918
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 12894 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

501
TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp Normal file
View File

@ -0,0 +1,501 @@
/*
* Copyright (c) 2019, Arm Limited and affiliates
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if ((!defined(TARGET_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C)) || (!defined(COMPONENT_PSA_SRV_IPC)))
#error [NOT_SUPPORTED] These tests can run only on SPM-enabled targets and where Mbed Crypto is ON - skipping.
#endif
#include <stdio.h>
#include "mbed.h"
#include "greentea-client/test_env.h"
#include "unity.h"
#include "utest.h"
#include "psa/crypto.h"
#include "entropy.h"
#include "entropy_poll.h"
#include "test_partition_proxy.h"
#include "psa/lifecycle.h"
using namespace utest::v1;
#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
#if !defined(MAX)
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
void inject_entropy()
{
uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = { 0 };
for (int i = 0; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) {
seed[i] = i;
}
mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE);
}
#endif // defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
static psa_status_t create_and_generate_key_via_test_partition(psa_key_id_t key_id, psa_key_type_t key_type,
psa_algorithm_t key_alg, psa_key_usage_t key_usage,
size_t key_bits, psa_key_handle_t *key_handle,
unsigned char close_key)
{
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, key_handle));
TEST_ASSERT_NOT_EQUAL(0, *key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(*key_handle, key_usage, key_alg));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(*key_handle, key_type, key_bits));
if (close_key) {
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(*key_handle));
}
return (PSA_SUCCESS);
}
void test_open_other_partition_key(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const size_t key_bits = 128;
psa_key_handle_t key_handle = 0;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
/* try to open the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle));
}
void test_create_key_same_id_different_partitions(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
static const psa_key_usage_t key_usage_remote = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
key_usage_local = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const size_t key_bits_remote = 128,
key_bits_local = 256;
psa_key_handle_t key_handle_remote = 0,
key_handle_local = 0;
psa_key_type_t got_key_type_remote = 0,
got_key_type_local = 0;
size_t got_key_bits_remote = 0,
got_key_bits_local = 0;
psa_key_usage_t got_key_usage_remote = 0;
psa_algorithm_t got_key_alg_remote = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg,
key_usage_remote, key_bits_remote,
&key_handle_remote, 1));
/* create a key, set key policy, generate key material and close from current partition (i.e. NSPE) */
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle_local));
TEST_ASSERT_NOT_EQUAL(0, key_handle_local);
psa_key_policy_set_usage(&policy, key_usage_local, key_alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle_local, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle_local, key_type, key_bits_local, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle_local));
/* via test partition - reopen the key created by the test partition */
key_handle_remote = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle_remote));
TEST_ASSERT_NOT_EQUAL(0, key_handle_remote);
/* reopen the key created from the current partition (NSPE) */
key_handle_local = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle_local));
TEST_ASSERT_NOT_EQUAL(0, key_handle_local);
/* via test partition - get key info for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_get_key_information(key_handle_remote,
&got_key_type_remote,
&got_key_bits_remote));
TEST_ASSERT_EQUAL(key_type, got_key_type_remote);
TEST_ASSERT_EQUAL(key_bits_remote, got_key_bits_remote);
/* via test partition - get key policy for key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_get_key_policy(key_handle_remote,
&got_key_usage_remote,
&got_key_alg_remote));
TEST_ASSERT_EQUAL(key_usage_remote, got_key_usage_remote);
TEST_ASSERT_EQUAL(key_alg, got_key_alg_remote);
/* get key info for key created by the current partition (NSPE) */
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle_local, &got_key_type_local, &got_key_bits_local));
TEST_ASSERT_EQUAL(key_type, got_key_type_local);
TEST_ASSERT_EQUAL(key_bits_local, got_key_bits_local);
/* get key policy for key created by the current partition (NSPE) */
policy = psa_key_policy_init();
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_policy(key_handle_local, &policy));
TEST_ASSERT_EQUAL(key_usage_local, policy.usage);
TEST_ASSERT_EQUAL(key_alg, policy.alg);
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle_remote));
/* close the key created by the current partition (NSPE) */
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle_local));
}
void test_use_other_partition_key_manage_key(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_EXPORT;
static const size_t key_bits = 128;
static const unsigned char key_data[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
psa_key_handle_t key_handle = 0;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
unsigned char output[sizeof(key_data)] = { 0 };
size_t len, got_key_bits;
psa_key_type_t got_key_type;
psa_key_lifetime_t got_lifetime;
/* via test partition - create a key without generating any key material */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to set the key policy for the key that was created by the test partition */
psa_key_policy_set_usage(&policy, key_usage, key_alg);
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_set_key_policy(key_handle, &policy));
/* via test partition - set key policy */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
/* try to generate key data for the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
/* via test partition - generate key material and close the key */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_generate_key(key_handle, key_type, key_bits));
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
/* via test partition - reopen the key created by the test partition and keep it open */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to work with the handle created for a key created by the test partition */
got_key_type = 0;
got_key_bits = 0;
got_lifetime = 0;
policy = psa_key_policy_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_lifetime(key_handle, &got_lifetime));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_close_key(key_handle));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_destroy_key(key_handle));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_get_key_information(key_handle, &got_key_type, &got_key_bits));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_export_key(key_handle, output, sizeof(output), &len));
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_export_public_key(key_handle, output, sizeof(output), &len));
/* via test partition - destroy the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));
/* via test partition - create a key, set key policy but no key material */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
/* try to import key data into the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_import_key(key_handle, key_type,
key_data, sizeof(key_data)));
/* via test partition - import key data for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data)));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
}
void test_use_other_partition_key_mac(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
static const size_t key_bits = 128;
psa_key_handle_t key_handle = 0;
psa_mac_operation_t operation;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to setup mac sign operation using the key that was created by the test partition */
operation = psa_mac_operation_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_mac_sign_setup(&operation, key_handle, key_alg));
/* try to setup mac verify operation using the key that was created by the test partition */
operation = psa_mac_operation_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_mac_verify_setup(&operation, key_handle, key_alg));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
}
void test_use_other_partition_key_cipher(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
static const psa_algorithm_t key_alg = PSA_ALG_CBC_NO_PADDING;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
static const size_t key_bits = 128;
psa_key_handle_t key_handle = 0;
psa_cipher_operation_t operation;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to setup cipher encrypt sign operation using the key that was created by the test partition */
operation = psa_cipher_operation_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_cipher_encrypt_setup(&operation, key_handle, key_alg));
/* try to setup cipher decrypt operation using the key that was created by the test partition */
operation = psa_cipher_operation_init();
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_cipher_decrypt_setup(&operation, key_handle, key_alg));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
}
void test_use_other_partition_key_aead(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_AES;
static const psa_algorithm_t key_alg = PSA_ALG_GCM;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
static const size_t key_bits = 128;
static const unsigned char nonce[16] = { 0 };
unsigned char plain_text[] = "encrypt me!";
unsigned char cipher_text[PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_alg, sizeof(plain_text))] = { 0 };
psa_key_handle_t key_handle = 0;
size_t len;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to aead encrypt using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_aead_encrypt(key_handle, key_alg, nonce, sizeof(nonce), NULL, 0,
plain_text, sizeof(plain_text),
cipher_text, sizeof(cipher_text), &len));
/* try to aead decrypt using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_aead_decrypt(key_handle, key_alg, nonce, sizeof(nonce), NULL, 0,
cipher_text, sizeof(cipher_text),
plain_text, sizeof(plain_text), &len));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
}
void test_use_other_partition_key_asymmetric_sign_verify(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1);
static const psa_algorithm_t key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
static const size_t key_bits = 256;
static const unsigned char input[] = "hello world!";
unsigned char signature[PSA_ECDSA_SIGNATURE_SIZE(key_bits)] = { 0 };
psa_key_handle_t key_handle = 0;
size_t len;
/* via test partition - create a key, set key policy, generate key material and close */
TEST_ASSERT_EQUAL(PSA_SUCCESS, create_and_generate_key_via_test_partition(key_id, key_type, key_alg, key_usage,
key_bits, &key_handle, 1));
/* via test partition - reopen the key created by the test partition */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to asymmetric sign using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_sign(key_handle, key_alg, input, sizeof(input),
signature, sizeof(signature), &len));
/* try to asymmetric verify using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_verify(key_handle, key_alg, input, sizeof(input),
signature, len));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
}
void test_use_other_partition_key_asymmetric_encrypt_decrypt(void)
{
static const psa_key_id_t key_id = 999;
static const psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
static const psa_algorithm_t key_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
static const psa_key_usage_t key_usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
static const unsigned char input[] = "encrypt me!";
static const unsigned char key_data[] = {
0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xee, 0x2b,
0x13, 0x1d, 0x6b, 0x18, 0x18, 0xa9, 0x4c, 0xa8, 0xe9, 0x1c, 0x42, 0x38,
0x7e, 0xb1, 0x5a, 0x7c, 0x27, 0x1f, 0x57, 0xb8, 0x9e, 0x73, 0x36, 0xb1,
0x44, 0xd4, 0x53, 0x5b, 0x16, 0xc8, 0x30, 0x97, 0xec, 0xde, 0xfb, 0xbb,
0x92, 0xd1, 0xb5, 0x31, 0x3b, 0x5a, 0x37, 0x21, 0x4d, 0x0e, 0x8f, 0x25,
0x92, 0x2d, 0xca, 0x77, 0x8b, 0x42, 0x4b, 0x25, 0x29, 0x5f, 0xc8, 0xa1,
0xa7, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 0x97, 0x8a,
0xc8, 0xea, 0xdb, 0x0d, 0xc6, 0x03, 0x53, 0x47, 0xd6, 0xab, 0xa8, 0x67,
0x12, 0x15, 0xff, 0x21, 0x28, 0x33, 0x85, 0x39, 0x6f, 0x78, 0x97, 0xc0,
0x4b, 0xaf, 0x5e, 0x2a, 0x83, 0x5f, 0x3b, 0x53, 0xef, 0x80, 0xa8, 0x2e,
0xd3, 0x6a, 0xe6, 0x87, 0xa9, 0x25, 0x38, 0x0b, 0x55, 0xa0, 0xc7, 0x3e,
0xb8, 0x56, 0x56, 0xe9, 0x89, 0xdc, 0xf0, 0xed, 0x7f, 0xb4, 0x88, 0x70,
0x24, 0xe1, 0x02, 0x21, 0x00, 0xfd, 0xad, 0x8e, 0x1c, 0x68, 0x53, 0x56,
0x3f, 0x8b, 0x92, 0x1d, 0x2d, 0x11, 0x24, 0x62, 0xae, 0x7d, 0x6b, 0x17,
0x60, 0x82, 0xd2, 0xba, 0x43, 0xe8, 0x7e, 0x1a, 0x37, 0xfc, 0x1a, 0x8b,
0x33, 0x02, 0x21, 0x00, 0xf0, 0x59, 0x2c, 0xf4, 0xc5, 0x5b, 0xa4, 0x43,
0x07, 0xb1, 0x89, 0x81, 0xbc, 0xdb, 0xda, 0x37, 0x6c, 0x51, 0xe5, 0x90,
0xff, 0xa5, 0x34, 0x5b, 0xa8, 0x66, 0xf6, 0x96, 0x2d, 0xca, 0x94, 0xdd,
0x02, 0x20, 0x19, 0x95, 0xf1, 0xa9, 0x67, 0xd4, 0x4f, 0xf4, 0xa4, 0xcd,
0x1d, 0xe8, 0x37, 0xbc, 0x65, 0xbf, 0x97, 0xa2, 0xbf, 0x7e, 0xda, 0x73,
0x0a, 0x9a, 0x62, 0xce, 0xa5, 0x32, 0x54, 0x59, 0x11, 0x05, 0x02, 0x20,
0x27, 0xf9, 0x6c, 0xf4, 0xb8, 0xee, 0x68, 0xff, 0x8d, 0x04, 0x06, 0x2e,
0xc1, 0xce, 0x7f, 0x18, 0xc0, 0xb7, 0x4e, 0x4b, 0x33, 0x79, 0xb2, 0x9f,
0x9b, 0xfe, 0xa3, 0xfc, 0x8e, 0x59, 0x27, 0x31, 0x02, 0x21, 0x00, 0xce,
0xfa, 0x6d, 0x22, 0x04, 0x96, 0xb4, 0x3f, 0xeb, 0x83, 0x19, 0x42, 0x55,
0xd8, 0xfb, 0x93, 0x0a, 0xfc, 0xf4, 0x6f, 0x36, 0x60, 0x6e, 0x3a, 0xa0,
0xeb, 0x7a, 0x93, 0xad, 0x88, 0xc1, 0x0c
};
unsigned char encrypted[64] = { 0 };
unsigned char decrypted[sizeof(input)] = { 0 };
psa_key_handle_t key_handle = 0;
size_t len;
/* via test partition - create a key without generating any key material */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_create_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* via test partition - set key policy */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_set_key_policy(key_handle, key_usage, key_alg));
/* via test partition - import key data for the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_import_key(key_handle, key_type, key_data, sizeof(key_data)));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
/* via test partition - reopen the key created by the test partition and keep it open */
key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_open_persistent_key(key_id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
/* try to asymmetric encrypt using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_encrypt(key_handle, key_alg, input, sizeof(input),
NULL, 0, encrypted, sizeof(encrypted), &len));
/* try to asymmetric decrypt using the key that was created by the test partition */
TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_decrypt(key_handle, key_alg,
encrypted, sizeof(encrypted), NULL, 0,
decrypted, sizeof(decrypted), &len));
/* via test partition - close the key created by the test partition */
TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_close_key(key_handle));
}
utest::v1::status_t case_setup_handler(const Case *const source, const size_t index_of_case)
{
psa_status_t status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
status = psa_crypto_init();
#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(COMPONENT_PSA_SRV_IPC)
if (status == PSA_ERROR_INSUFFICIENT_ENTROPY) {
inject_entropy();
status = psa_crypto_init();
}
#endif
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
return greentea_case_setup_handler(source, index_of_case);
}
utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed,
const size_t failed, const failure_t failure)
{
psa_status_t status = mbed_psa_reboot_and_request_new_security_state(PSA_LIFECYCLE_ASSEMBLY_AND_TEST);
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
mbedtls_psa_crypto_free();
return greentea_case_teardown_handler(source, passed, failed, failure);
}
utest::v1::status_t test_setup(const size_t number_of_cases)
{
#ifndef NO_GREENTEA
GREENTEA_SETUP(120, "default_auto");
#endif
return verbose_test_setup_handler(number_of_cases);
}
Case cases[] = {
Case("open other partitions' key",
case_setup_handler, test_open_other_partition_key, case_teardown_handler),
Case("create key with same id different partitions",
case_setup_handler, test_create_key_same_id_different_partitions, case_teardown_handler),
Case("use other partitions' key - key manage",
case_setup_handler, test_use_other_partition_key_manage_key, case_teardown_handler),
Case("use other partitions' key - mac",
case_setup_handler, test_use_other_partition_key_mac, case_teardown_handler),
Case("use other partitions' key - cipher",
case_setup_handler, test_use_other_partition_key_cipher, case_teardown_handler),
Case("use other partitions' key - aead",
case_setup_handler, test_use_other_partition_key_aead, case_teardown_handler),
Case("use other partitions' key - asymmetric sign verify",
case_setup_handler, test_use_other_partition_key_asymmetric_sign_verify, case_teardown_handler),
Case("use other partitions' key - asymmetric encrypt decrypt",
case_setup_handler, test_use_other_partition_key_asymmetric_encrypt_decrypt, case_teardown_handler),
};
Specification specification(test_setup, cases);
int main(void)
{
return !Harness::run(specification);
}

128
TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.c Normal file
View File

@ -0,0 +1,128 @@
/*
* Copyright (c) 2019, Arm Limited and affiliates
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "psa/client.h"
#include "psa_test_partition_ifs.h"
#include "test_partition_proxy.h"
#define MINOR_VER 1
static psa_status_t invoke_ipc_call(uint32_t sid, psa_invec *in_vec, size_t in_vec_size,
psa_outvec *out_vec, size_t out_vec_size)
{
psa_status_t status;
psa_handle_t handle = psa_connect(sid, MINOR_VER);
if (handle <= 0) {
return (PSA_ERROR_COMMUNICATION_FAILURE);
}
status = psa_call(handle, in_vec, in_vec_size, out_vec, out_vec_size);
psa_close(handle);
return (status);
}
psa_status_t test_partition_crypto_create_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle)
{
psa_invec in_vec = { &key_id, sizeof(key_id) };
psa_outvec out_vec = { key_handle, sizeof(*key_handle) };
psa_status_t status = invoke_ipc_call(CRYPTO_CREATE_PERSISTENT_KEY, &in_vec, 1, &out_vec, 1);
return (status);
}
psa_status_t test_partition_crypto_set_key_policy(psa_key_handle_t key_handle, psa_key_usage_t key_usage,
psa_algorithm_t key_alg)
{
psa_invec in_vec[3] = {
{ &key_handle, sizeof(key_handle) },
{ &key_usage, sizeof(key_usage) },
{ &key_alg, sizeof(key_alg) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_SET_KEY_POLICY, in_vec, 3, NULL, 0);
return (status);
}
psa_status_t test_partition_crypto_get_key_policy(psa_key_handle_t key_handle, psa_key_usage_t *key_usage,
psa_algorithm_t *key_alg)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_outvec out_vec[2] = {
{ key_usage, sizeof(*key_usage) },
{ key_alg, sizeof(*key_alg) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_POLICY, &in_vec, 1, out_vec, 2);
return (status);
}
psa_status_t test_partition_crypto_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *key_type,
size_t *key_bits)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_outvec out_vec[2] = {
{ key_type, sizeof(*key_type) },
{ key_bits, sizeof(*key_bits) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GET_KEY_INFO, &in_vec, 1, out_vec, 2);
return (status);
}
psa_status_t test_partition_crypto_generate_key(psa_key_handle_t key_handle, psa_key_type_t key_type, size_t key_bits)
{
psa_invec in_vec[3] = {
{ &key_handle, sizeof(key_handle) },
{ &key_type, sizeof(key_type) },
{ &key_bits, sizeof(key_bits) }
};
psa_status_t status = invoke_ipc_call(CRYPTO_GENERATE_KEY, in_vec, 3, NULL, 0);
return (status);
}
psa_status_t test_partition_crypto_open_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle)
{
psa_invec in_vec = { &key_id, sizeof(key_id) };
psa_outvec out_vec = { key_handle, sizeof(*key_handle) };
psa_status_t status = invoke_ipc_call(CRYPTO_OPEN_PERSISTENT_KEY, &in_vec, 1, &out_vec, 1);
return (status);
}
psa_status_t test_partition_crypto_close_key(psa_key_handle_t key_handle)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_status_t status = invoke_ipc_call(CRYPTO_CLOSE_KEY, &in_vec, 1, NULL, 0);
return (status);
}
psa_status_t test_partition_crypto_destroy_key(psa_key_handle_t key_handle)
{
psa_invec in_vec = { &key_handle, sizeof(key_handle) };
psa_status_t status = invoke_ipc_call(CRYPTO_DESTROY_KEY, &in_vec, 1, NULL, 0);
return (status);
}
psa_status_t test_partition_crypto_import_key(psa_key_handle_t key_handle, psa_key_type_t key_type,
const unsigned char *key_data, size_t key_data_size)
{
psa_invec in_vec[4] = {
{ &key_handle, sizeof(key_handle) },
{ &key_type, sizeof(key_type) },
{ &key_data_size, sizeof(key_data_size) },
{ key_data, key_data_size }
};
psa_status_t status = invoke_ipc_call(CRYPTO_IMPORT_KEY, in_vec, 4, NULL, 0);
return (status);
}

53
TESTS/psa/crypto_access_control/COMPONENT_PSA_SRV_IPC/test_partition_proxy.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (c) 2019, Arm Limited and affiliates
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEST_PARTITION_PROXY_H
#define TEST_PARTITION_PROXY_H
#include "psa/crypto.h"
#ifdef __cplusplus
extern "C" {
#endif
psa_status_t test_partition_crypto_create_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle);
psa_status_t test_partition_crypto_set_key_policy(psa_key_handle_t key_handle, psa_key_usage_t key_usage,
psa_algorithm_t key_alg);
psa_status_t test_partition_crypto_get_key_policy(psa_key_handle_t key_handle, psa_key_usage_t *key_usage,
psa_algorithm_t *key_alg);
psa_status_t test_partition_crypto_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *key_type,
size_t *key_bits);
psa_status_t test_partition_crypto_generate_key(psa_key_handle_t key_handle, psa_key_type_t key_type, size_t key_bits);
psa_status_t test_partition_crypto_open_persistent_key(psa_key_id_t key_id, psa_key_handle_t *key_handle);
psa_status_t test_partition_crypto_close_key(psa_key_handle_t key_handle);
psa_status_t test_partition_crypto_destroy_key(psa_key_handle_t key_handle);
psa_status_t test_partition_crypto_import_key(psa_key_handle_t key_handle, psa_key_type_t key_type,
const unsigned char *key_data, size_t key_data_size);
#ifdef __cplusplus
}
#endif
#endif /* TEST_PARTITION_PROXY_H */

203
TESTS/psa/crypto_access_control/COMPONENT_SPE/TARGET_MBED_SPM/psa_test_partition_partition.c Normal file
View File

@ -0,0 +1,203 @@
/* Copyright (c) 2017-2019 ARM Limited
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/***********************************************************************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* Template Version 1.0
* Generated by tools/spm/generate_partition_code.py Version 1.0
**********************************************************************************************************************/
#include "cmsis.h"
#include "mbed_toolchain.h" /* For using MBED_ALIGN macro */
#include "rtx_os.h"
#include "spm_panic.h"
#include "spm_internal.h"
#include "psa_test_partition_partition.h"
#include "psa_test_partition_ifs.h"
#include "psa_crypto_srv_ifs.h"
/* Threads stacks */
MBED_ALIGN(8) uint8_t test_partition_thread_stack[512] = {0};
/* Threads control blocks */
osRtxThread_t test_partition_thread_cb = {0};
/* Thread attributes - for thread initialization */
osThreadAttr_t test_partition_thread_attr = {
.name = "test_partition",
.attr_bits = 0,
.cb_mem = &test_partition_thread_cb,
.cb_size = sizeof(test_partition_thread_cb),
.stack_mem = test_partition_thread_stack,
.stack_size = 512,
.priority = osPriorityNormal,
.tz_module = 0,
.reserved = 0
};
spm_rot_service_t test_partition_rot_services[TEST_PARTITION_ROT_SRV_COUNT] = {
{
.sid = CRYPTO_CREATE_PERSISTENT_KEY,
.mask = CRYPTO_CREATE_PERSISTENT_KEY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_GENERATE_KEY,
.mask = CRYPTO_GENERATE_KEY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_OPEN_PERSISTENT_KEY,
.mask = CRYPTO_OPEN_PERSISTENT_KEY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_CLOSE_KEY,
.mask = CRYPTO_CLOSE_KEY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_SET_KEY_POLICY,
.mask = CRYPTO_SET_KEY_POLICY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_DESTROY_KEY,
.mask = CRYPTO_DESTROY_KEY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_GET_KEY_INFO,
.mask = CRYPTO_GET_KEY_INFO_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_GET_KEY_POLICY,
.mask = CRYPTO_GET_KEY_POLICY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
{
.sid = CRYPTO_IMPORT_KEY,
.mask = CRYPTO_IMPORT_KEY_MSK,
.partition = NULL,
.min_version = 1,
.min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
.allow_nspe = true,
.queue = {
.head = NULL,
.tail = NULL
}
},
};
/* External SIDs used by TEST_PARTITION */
const uint32_t test_partition_external_sids[1] = {
PSA_KEY_MNG_ID,
};
static osRtxMutex_t test_partition_mutex = {0};
static const osMutexAttr_t test_partition_mutex_attr = {
.name = "test_partition_mutex",
.attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
.cb_mem = &test_partition_mutex,
.cb_size = sizeof(test_partition_mutex),
};
extern void test_partition_main(void *ptr);
void test_partition_init(spm_partition_t *partition)
{
if (NULL == partition) {
SPM_PANIC("partition is NULL!\n");
}
partition->mutex = osMutexNew(&test_partition_mutex_attr);
if (NULL == partition->mutex) {
SPM_PANIC("Failed to create mutex for secure partition test_partition!\n");
}
for (uint32_t i = 0; i < TEST_PARTITION_ROT_SRV_COUNT; ++i) {
test_partition_rot_services[i].partition = partition;
}
partition->rot_services = test_partition_rot_services;
partition->thread_id = osThreadNew(test_partition_main, NULL, &test_partition_thread_attr);
if (NULL == partition->thread_id) {
SPM_PANIC("Failed to create start main thread of partition test_partition!\n");
}
}

113
TESTS/psa/crypto_access_control/COMPONENT_SPE/psa_setup.c Normal file
View File

@ -0,0 +1,113 @@
/* Copyright (c) 2017-2019 ARM Limited
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/***********************************************************************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* Template Version 1.0
* Generated by tools/spm/generate_partition_code.py Version 1.0
**********************************************************************************************************************/
#include "spm_panic.h"
#include "spm_internal.h"
#include "handles_manager.h"
#include "cmsis.h"
#include "psa_test_partition_partition.h"
#include "psa_crypto_srv_partition.h"
#include "psa_platform_partition.h"
#include "psa_its_partition.h"
extern const uint32_t test_partition_external_sids[1];
extern const uint32_t crypto_srv_external_sids[4];
extern const uint32_t platform_external_sids[1];
spm_partition_t g_partitions[4] = {
{
.partition_id = TEST_PARTITION_ID,
.thread_id = 0,
.flags_rot_srv = TEST_PARTITION_WAIT_ANY_SID_MSK,
.flags_interrupts = 0,
.rot_services = NULL,
.rot_services_count = TEST_PARTITION_ROT_SRV_COUNT,
.extern_sids = test_partition_external_sids,
.extern_sids_count = TEST_PARTITION_EXT_ROT_SRV_COUNT,
.irq_mapper = NULL,
},
{
.partition_id = CRYPTO_SRV_ID,
.thread_id = 0,
.flags_rot_srv = CRYPTO_SRV_WAIT_ANY_SID_MSK,
.flags_interrupts = 0,
.rot_services = NULL,
.rot_services_count = CRYPTO_SRV_ROT_SRV_COUNT,
.extern_sids = crypto_srv_external_sids,
.extern_sids_count = CRYPTO_SRV_EXT_ROT_SRV_COUNT,
.irq_mapper = NULL,
},
{
.partition_id = PLATFORM_ID,
.thread_id = 0,
.flags_rot_srv = PLATFORM_WAIT_ANY_SID_MSK,
.flags_interrupts = 0,
.rot_services = NULL,
.rot_services_count = PLATFORM_ROT_SRV_COUNT,
.extern_sids = platform_external_sids,
.extern_sids_count = PLATFORM_EXT_ROT_SRV_COUNT,
.irq_mapper = NULL,
},
{
.partition_id = ITS_ID,
.thread_id = 0,
.flags_rot_srv = ITS_WAIT_ANY_SID_MSK,
.flags_interrupts = 0,
.rot_services = NULL,
.rot_services_count = ITS_ROT_SRV_COUNT,
.extern_sids = NULL,
.extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
.irq_mapper = NULL,
},
};
/* Check all the defined memory regions for overlapping. */
/* A list of all the memory regions. */
const mem_region_t *mem_regions = NULL;
const uint32_t mem_region_count = 0;
// forward declaration of partition initializers
void test_partition_init(spm_partition_t *partition);
void crypto_srv_init(spm_partition_t *partition);
void platform_init(spm_partition_t *partition);
void its_init(spm_partition_t *partition);
uint32_t init_partitions(spm_partition_t **partitions)
{
if (NULL == partitions) {
SPM_PANIC("partitions is NULL!\n");
}
test_partition_init(&(g_partitions[0]));
crypto_srv_init(&(g_partitions[1]));
platform_init(&(g_partitions[2]));
its_init(&(g_partitions[3]));
*partitions = g_partitions;
return 4;
}

74
TESTS/psa/crypto_access_control/COMPONENT_SPE/psa_test_partition_partition.h Normal file
View File

@ -0,0 +1,74 @@
/* Copyright (c) 2017-2019 ARM Limited
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/***********************************************************************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* Template Version 1.0
* Generated by tools/spm/generate_partition_code.py Version 1.0
**********************************************************************************************************************/
#ifndef PSA_TEST_PARTITION_PARTITION_H
#define PSA_TEST_PARTITION_PARTITION_H
#define TEST_PARTITION_ID 128
#define TEST_PARTITION_ROT_SRV_COUNT (9UL)
#define TEST_PARTITION_EXT_ROT_SRV_COUNT (1UL)
/* TEST_PARTITION event flags */
#define TEST_PARTITION_RESERVED1_POS (1UL)
#define TEST_PARTITION_RESERVED1_MSK (1UL << TEST_PARTITION_RESERVED1_POS)
#define TEST_PARTITION_RESERVED2_POS (2UL)
#define TEST_PARTITION_RESERVED2_MSK (1UL << TEST_PARTITION_RESERVED2_POS)
#define CRYPTO_CREATE_PERSISTENT_KEY_MSK_POS (4UL)
#define CRYPTO_CREATE_PERSISTENT_KEY_MSK (1UL << CRYPTO_CREATE_PERSISTENT_KEY_MSK_POS)
#define CRYPTO_GENERATE_KEY_MSK_POS (5UL)
#define CRYPTO_GENERATE_KEY_MSK (1UL << CRYPTO_GENERATE_KEY_MSK_POS)
#define CRYPTO_OPEN_PERSISTENT_KEY_MSK_POS (6UL)
#define CRYPTO_OPEN_PERSISTENT_KEY_MSK (1UL << CRYPTO_OPEN_PERSISTENT_KEY_MSK_POS)
#define CRYPTO_CLOSE_KEY_MSK_POS (7UL)
#define CRYPTO_CLOSE_KEY_MSK (1UL << CRYPTO_CLOSE_KEY_MSK_POS)
#define CRYPTO_SET_KEY_POLICY_MSK_POS (8UL)
#define CRYPTO_SET_KEY_POLICY_MSK (1UL << CRYPTO_SET_KEY_POLICY_MSK_POS)
#define CRYPTO_DESTROY_KEY_MSK_POS (9UL)
#define CRYPTO_DESTROY_KEY_MSK (1UL << CRYPTO_DESTROY_KEY_MSK_POS)
#define CRYPTO_GET_KEY_INFO_MSK_POS (10UL)
#define CRYPTO_GET_KEY_INFO_MSK (1UL << CRYPTO_GET_KEY_INFO_MSK_POS)
#define CRYPTO_GET_KEY_POLICY_MSK_POS (11UL)
#define CRYPTO_GET_KEY_POLICY_MSK (1UL << CRYPTO_GET_KEY_POLICY_MSK_POS)
#define CRYPTO_IMPORT_KEY_MSK_POS (12UL)
#define CRYPTO_IMPORT_KEY_MSK (1UL << CRYPTO_IMPORT_KEY_MSK_POS)
#define TEST_PARTITION_WAIT_ANY_SID_MSK (\
CRYPTO_CREATE_PERSISTENT_KEY_MSK | \
CRYPTO_GENERATE_KEY_MSK | \
CRYPTO_OPEN_PERSISTENT_KEY_MSK | \
CRYPTO_CLOSE_KEY_MSK | \
CRYPTO_SET_KEY_POLICY_MSK | \
CRYPTO_DESTROY_KEY_MSK | \
CRYPTO_GET_KEY_INFO_MSK | \
CRYPTO_GET_KEY_POLICY_MSK | \
CRYPTO_IMPORT_KEY_MSK)
#endif // PSA_TEST_PARTITION_PARTITION_H

248
TESTS/psa/crypto_access_control/COMPONENT_SPE/test_partition.c Normal file
View File

@ -0,0 +1,248 @@
/*
* Copyright (c) 2019, Arm Limited and affiliates
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdlib.h>
#include "psa_test_partition_partition.h"
#include "psa/service.h"
#include "psa/client.h"
#include "psa/crypto.h"
typedef psa_status_t (*SignalHandler)(psa_msg_t *);
#if defined(TARGET_TFM)
#define SPM_PANIC(format, ...) \
{ \
while(1){}; \
}
#endif
static void read_input_param_from_message(psa_msg_t *msg, uint8_t param_index, void *param_ptr)
{
size_t bytes_read = psa_read(msg->handle, param_index, param_ptr, msg->in_size[param_index]);
if (bytes_read != msg->in_size[param_index]) {
SPM_PANIC("SPM read length mismatch");
}
}
static psa_status_t crypto_create_persistent_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_id_t key_id = 0;
psa_key_handle_t key_handle = 0;
read_input_param_from_message(msg, 0, &key_id);
status = psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_handle, sizeof(key_handle));
}
return (status);
}
static psa_status_t crypto_generate_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle = 0;
psa_key_type_t key_type = 0;
size_t key_bits = 0;
read_input_param_from_message(msg, 0, &key_handle);
read_input_param_from_message(msg, 1, &key_type);
read_input_param_from_message(msg, 2, &key_bits);
status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
return (status);
}
static psa_status_t crypto_open_persistent_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_id_t key_id;
psa_key_handle_t key_handle;
read_input_param_from_message(msg, 0, &key_id);
status = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &key_handle);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_handle, sizeof(key_handle));
}
return (status);
}
static psa_status_t crypto_close_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
read_input_param_from_message(msg, 0, &key_handle);
status = psa_close_key(key_handle);
return (status);
}
static psa_status_t crypto_set_key_policy(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_usage_t key_usage;
psa_algorithm_t key_alg;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
read_input_param_from_message(msg, 0, &key_handle);
read_input_param_from_message(msg, 1, &key_usage);
read_input_param_from_message(msg, 2, &key_alg);
psa_key_policy_set_usage(&policy, key_usage, key_alg);
status = psa_set_key_policy(key_handle, &policy);
return (status);
}
static psa_status_t crypto_destroy_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
read_input_param_from_message(msg, 0, &key_handle);
status = psa_destroy_key(key_handle);
return (status);
}
static psa_status_t crypto_get_key_info(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_type_t key_type = 0;
size_t key_bits = 0;
read_input_param_from_message(msg, 0, &key_handle);
status = psa_get_key_information(key_handle, &key_type, &key_bits);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &key_type, sizeof(key_type));
psa_write(msg->handle, 1, &key_bits, sizeof(key_bits));
}
return (status);
}
static psa_status_t crypto_get_key_policy(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
read_input_param_from_message(msg, 0, &key_handle);
status = psa_get_key_policy(key_handle, &policy);
if (status == PSA_SUCCESS) {
psa_write(msg->handle, 0, &(policy.usage), sizeof(policy.usage));
psa_write(msg->handle, 1, &(policy.alg), sizeof(policy.alg));
}
return (status);
}
static psa_status_t crypto_import_key(psa_msg_t *msg)
{
psa_status_t status;
psa_key_handle_t key_handle;
psa_key_type_t key_type;
size_t key_data_size;
unsigned char *key_data = NULL;
read_input_param_from_message(msg, 0, &key_handle);
read_input_param_from_message(msg, 1, &key_type);
read_input_param_from_message(msg, 2, &key_data_size);
key_data = calloc(1, key_data_size);
if (key_data == NULL) {
return (PSA_ERROR_INSUFFICIENT_MEMORY);
}
read_input_param_from_message(msg, 3, key_data);
status = psa_import_key(key_handle, key_type, key_data, key_data_size);
free(key_data);
return (status);
}
static void message_handler(psa_msg_t *msg, SignalHandler handler)
{
psa_status_t status = 0;
switch (msg->type) {
case PSA_IPC_CONNECT:
case PSA_IPC_DISCONNECT: {
break;
}
case PSA_IPC_CALL: {
status = handler(msg);
break;
}
default: {
SPM_PANIC("Unexpected message type %d!", (int)(msg->type));
break;
}
}
psa_reply(msg->handle, status);
}
void test_partition_main(void)
{
psa_signal_t signal;
psa_msg_t msg = {0};
while (1) {
signal = psa_wait_any(PSA_BLOCK);
if (signal & CRYPTO_CREATE_PERSISTENT_KEY_MSK) {
psa_get(CRYPTO_CREATE_PERSISTENT_KEY_MSK, &msg);
message_handler(&msg, crypto_create_persistent_key);
}
if (signal & CRYPTO_GENERATE_KEY_MSK) {
psa_get(CRYPTO_GENERATE_KEY_MSK, &msg);
message_handler(&msg, crypto_generate_key);
}
if (signal & CRYPTO_OPEN_PERSISTENT_KEY_MSK) {
psa_get(CRYPTO_OPEN_PERSISTENT_KEY_MSK, &msg);
message_handler(&msg, crypto_open_persistent_key);
}
if (signal & CRYPTO_CLOSE_KEY_MSK) {
psa_get(CRYPTO_CLOSE_KEY_MSK, &msg);
message_handler(&msg, crypto_close_key);
}
if (signal & CRYPTO_SET_KEY_POLICY_MSK) {
psa_get(CRYPTO_SET_KEY_POLICY_MSK, &msg);
message_handler(&msg, crypto_set_key_policy);
}
if (signal & CRYPTO_DESTROY_KEY_MSK) {
psa_get(CRYPTO_DESTROY_KEY_MSK, &msg);
message_handler(&msg, crypto_destroy_key);
}
if (signal & CRYPTO_GET_KEY_INFO_MSK) {
psa_get(CRYPTO_GET_KEY_INFO_MSK, &msg);
message_handler(&msg, crypto_get_key_info);
}
if (signal & CRYPTO_GET_KEY_POLICY_MSK) {
psa_get(CRYPTO_GET_KEY_POLICY_MSK, &msg);
message_handler(&msg, crypto_get_key_policy);
}
if (signal & CRYPTO_IMPORT_KEY_MSK) {
psa_get(CRYPTO_IMPORT_KEY_MSK, &msg);
message_handler(&msg, crypto_import_key);
}
}
}

89
TESTS/psa/crypto_access_control/crypto_acl_test_partition_psa.json Normal file
View File

@ -0,0 +1,89 @@
{
"name": "TEST_PARTITION",
"type": "APPLICATION-ROT",
"priority": "NORMAL",
"id": "0x00000080",
"entry_point": "test_partition_main",
"stack_size": "0x200",
"heap_size": "0x400",
"services": [
{
"name": "CRYPTO_CREATE_PERSISTENT_KEY",
"identifier": "0x00000200",
"signal": "CRYPTO_CREATE_PERSISTENT_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_GENERATE_KEY",
"identifier": "0x00000201",
"signal": "CRYPTO_GENERATE_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_OPEN_PERSISTENT_KEY",
"identifier": "0x00000202",
"signal": "CRYPTO_OPEN_PERSISTENT_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_CLOSE_KEY",
"identifier": "0x00000203",
"signal": "CRYPTO_CLOSE_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_SET_KEY_POLICY",
"identifier": "0x00000204",
"signal": "CRYPTO_SET_KEY_POLICY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_DESTROY_KEY",
"identifier": "0x00000205",
"signal": "CRYPTO_DESTROY_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_GET_KEY_INFO",
"identifier": "0x00000206",
"signal": "CRYPTO_GET_KEY_INFO_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_GET_KEY_POLICY",
"identifier": "0x00000207",
"signal": "CRYPTO_GET_KEY_POLICY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
},
{
"name": "CRYPTO_IMPORT_KEY",
"identifier": "0x00000208",
"signal": "CRYPTO_IMPORT_KEY_MSK",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "RELAXED"
}
],
"extern_sids": [
"PSA_KEY_MNG_ID"
],
"source_files": [
"COMPONENT_SPE/test_partition.c"
]
}

39
TESTS/psa/crypto_access_control/psa_test_partition_ifs.h Normal file
View File

@ -0,0 +1,39 @@
/* Copyright (c) 2017-2019 ARM Limited
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/***********************************************************************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* Template Version 1.0
* Generated by tools/spm/generate_partition_code.py Version 1.0
**********************************************************************************************************************/
#ifndef PSA_TEST_PARTITION_PARTITION_ROT_SERVICES_H
#define PSA_TEST_PARTITION_PARTITION_ROT_SERVICES_H
#define CRYPTO_CREATE_PERSISTENT_KEY 0x00000200
#define CRYPTO_GENERATE_KEY 0x00000201
#define CRYPTO_OPEN_PERSISTENT_KEY 0x00000202
#define CRYPTO_CLOSE_KEY 0x00000203
#define CRYPTO_SET_KEY_POLICY 0x00000204
#define CRYPTO_DESTROY_KEY 0x00000205
#define CRYPTO_GET_KEY_INFO 0x00000206
#define CRYPTO_GET_KEY_POLICY 0x00000207
#define CRYPTO_IMPORT_KEY 0x00000208
#endif // PSA_TEST_PARTITION_PARTITION_ROT_SERVICES_H

11446
targets/TARGET_Cypress/TARGET_PSOC6_FUTURE/TARGET_FUTURE_SEQUANA_PSA/prebuilt/crypto_access_control.hex Normal file
View File

File diff suppressed because it is too large Load Diff