From dc137252a13d502839b56e565918cd4b7d874344 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 7 Dec 2021 19:06:51 +0100 Subject: [PATCH 1/4] Add tests for an opaque import in the driver wrappers Signed-off-by: Andrzej Kurek --- tests/include/test/drivers/key_management.h | 6 ++++- .../src/drivers/test_driver_key_management.c | 9 ++++++++ ...test_suite_psa_crypto_driver_wrappers.data | 22 ++++++++++++++----- ..._suite_psa_crypto_driver_wrappers.function | 8 +++++++ 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index ba1e04ab7..48c33d77f 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -38,9 +38,13 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Record the source of the function call. */ + psa_key_location_t source; } mbedtls_test_driver_key_management_hooks_t; -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 } +/* 0x800000 is a vendor-specific location, unused by the PSA, overwritten + * in tests that expect a different value. */ +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init( void ) { diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 5028073a6..3cfd59599 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -29,6 +29,8 @@ #include "mbedtls/error.h" #include "test/drivers/key_management.h" +#include "test/drivers/test_driver.h" + #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) @@ -260,6 +262,7 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.source = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); @@ -326,6 +329,12 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *key_buffer_length, size_t *bits) { + ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.source = PSA_CRYPTO_TEST_DRIVER_LOCATION; + + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); /* This buffer will be used as an intermediate placeholder for diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index ea6c9b32c..ab25726f1 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -83,23 +83,35 @@ generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS +validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 -validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS +validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 -validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 -validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR +validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR + +validate key through opaque driver: good private key +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS + +validate key through opaque driver: good public key +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS + +validate key through opaque driver: error +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR +validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 8b7f413e6..eab258da6 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -314,10 +314,15 @@ exit: /* BEGIN_CASE */ void validate_key( int force_status_arg, + int location, + int owner_id_arg, + int id_arg, int key_type_arg, data_t *key_input, int expected_status_arg ) { + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, location); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_key_type_t key_type = key_type_arg; @@ -327,8 +332,10 @@ void validate_key( int force_status_arg, mbedtls_test_driver_key_management_hooks = mbedtls_test_driver_key_management_hooks_init(); + psa_set_key_id( &attributes, id ); psa_set_key_type( &attributes, key_type ); + psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_bits( &attributes, 0 ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); @@ -339,6 +346,7 @@ void validate_key( int force_status_arg, actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); + TEST_EQUAL( mbedtls_test_driver_key_management_hooks.source, location ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( key ); From 333e0fac1d5a9bd1674738d5d90cb036663ae5bc Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 09:42:47 -0500 Subject: [PATCH 2/4] Formatting and documentation fixes Signed-off-by: Andrzej Kurek --- tests/include/test/drivers/key_management.h | 6 ++++-- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 48c33d77f..50a740735 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -42,8 +42,10 @@ typedef struct { psa_key_location_t source; } mbedtls_test_driver_key_management_hooks_t; -/* 0x800000 is a vendor-specific location, unused by the PSA, overwritten - * in tests that expect a different value. */ +/* The location is initialized to the invalid value 0x800000. Invalid in the + * sense that no PSA specification will assign a meaning to this location + * (stated first in version 1.0.1 of the specification) and that it is not + * used as a location of an opaque test drivers. */ #define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init( void ) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index eab258da6..161745993 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -321,7 +321,9 @@ void validate_key( int force_status_arg, data_t *key_input, int expected_status_arg ) { - psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, location); + psa_key_lifetime_t lifetime = + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, location); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; From ba4cadef142112f5fcb8d1af940a7874fa909394 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 10:27:01 -0500 Subject: [PATCH 3/4] Test drivers: rename import call source to driver location Signed-off-by: Andrzej Kurek --- tests/include/test/drivers/key_management.h | 4 ++-- tests/src/drivers/test_driver_key_management.c | 4 ++-- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 50a740735..1f33da1a5 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -38,8 +38,8 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; - /* Record the source of the function call. */ - psa_key_location_t source; + /* Location of the last key management driver called to import a key. */ + psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; /* The location is initialized to the invalid value 0x800000. Invalid in the diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 3cfd59599..e5f1193e9 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -262,7 +262,7 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.source = PSA_KEY_LOCATION_LOCAL_STORAGE; + mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); @@ -330,7 +330,7 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *bits) { ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.source = PSA_CRYPTO_TEST_DRIVER_LOCATION; + mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 161745993..483f89b23 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -348,7 +348,7 @@ void validate_key( int force_status_arg, actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); - TEST_EQUAL( mbedtls_test_driver_key_management_hooks.source, location ); + TEST_EQUAL( mbedtls_test_driver_key_management_hooks.location, location ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( key ); From 59469d7c64d188a6d7ef1fd10bdd3df45b3562fc Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 3 Feb 2022 10:30:30 -0500 Subject: [PATCH 4/4] Test driver: keep variable declarations first Signed-off-by: Andrzej Kurek --- tests/src/drivers/test_driver_key_management.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index e5f1193e9..974d49875 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -261,14 +261,14 @@ psa_status_t mbedtls_test_transparent_import_key( size_t *key_buffer_length, size_t *bits) { + psa_key_type_t type = psa_get_key_type( attributes ); + ++mbedtls_test_driver_key_management_hooks.hits; mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_key_type_t type = psa_get_key_type( attributes ); - if( PSA_KEY_TYPE_IS_ECC( type ) ) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -329,18 +329,18 @@ psa_status_t mbedtls_test_opaque_import_key( size_t *key_buffer_length, size_t *bits) { - ++mbedtls_test_driver_key_management_hooks.hits; - mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; - - if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); /* This buffer will be used as an intermediate placeholder for * the clear key till we wrap it */ uint8_t *key_buffer_temp; + ++mbedtls_test_driver_key_management_hooks.hits; + mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; + + if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_key_management_hooks.forced_status ); + key_buffer_temp = mbedtls_calloc( 1, key_buffer_size ); if( key_buffer_temp == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY );