1/* BEGIN_HEADER */ 2 3/* The tests in this module verify the contents of key store files. They 4 * access internal key storage functions directly. Some of the tests depend 5 * on the the storage format. On the other hand, these tests treat the storage 6 * subsystem as a black box, and in particular have no reliance on the 7 * internals of the ITS implementation. 8 */ 9 10#include <stdint.h> 11 12#include "psa_crypto_slot_management.h" 13#include "psa_crypto_storage.h" 14 15#include "mbedtls/md.h" 16 17#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY" 18#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) ) 19 20/* Enforce the storage format for keys. The storage format is not a public 21 * documented interface, but it must be preserved between versions so that 22 * upgrades work smoothly, so it's a stable interface nonetheless. 23 */ 24typedef struct { 25 uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH]; 26 uint8_t version[4]; 27 uint8_t lifetime[sizeof( psa_key_lifetime_t )]; 28 uint8_t type[4]; 29 uint8_t policy[sizeof( psa_key_policy_t )]; 30 uint8_t data_len[4]; 31 uint8_t key_data[]; 32} psa_persistent_key_storage_format; 33 34/* END_HEADER */ 35 36/* BEGIN_DEPENDENCIES 37 * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_C 38 * END_DEPENDENCIES 39 */ 40 41/* BEGIN_CASE */ 42void format_storage_data_check( data_t *key_data, 43 data_t *expected_file_data, 44 int key_lifetime, int key_type, int key_bits, 45 int key_usage, int key_alg, int key_alg2 ) 46{ 47 uint8_t *file_data = NULL; 48 size_t file_data_length = 49 key_data->len + sizeof( psa_persistent_key_storage_format ); 50 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 51 52 psa_set_key_lifetime( &attributes, key_lifetime ); 53 psa_set_key_type( &attributes, key_type ); 54 psa_set_key_bits( &attributes, key_bits ); 55 psa_set_key_usage_flags( &attributes, key_usage ); 56 psa_set_key_algorithm( &attributes, key_alg ); 57 psa_set_key_enrollment_algorithm( &attributes, key_alg2 ); 58 59 ASSERT_ALLOC( file_data, file_data_length ); 60 psa_format_key_data_for_storage( key_data->x, key_data->len, 61 &attributes.core, 62 file_data ); 63 64 ASSERT_COMPARE( expected_file_data->x, expected_file_data->len, 65 file_data, file_data_length ); 66 67exit: 68 mbedtls_free( file_data ); 69} 70/* END_CASE */ 71 72/* BEGIN_CASE */ 73void parse_storage_data_check( data_t *file_data, 74 data_t *expected_key_data, 75 int expected_key_lifetime, 76 int expected_key_type, 77 int expected_key_bits, 78 int expected_key_usage, 79 int expected_key_alg, 80 int expected_key_alg2, 81 int expected_status ) 82{ 83 uint8_t *key_data = NULL; 84 size_t key_data_length = 0; 85 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 86 psa_status_t status; 87 88 status = psa_parse_key_data_from_storage( file_data->x, file_data->len, 89 &key_data, &key_data_length, 90 &attributes.core ); 91 92 TEST_EQUAL( status, expected_status ); 93 if( status != PSA_SUCCESS ) 94 goto exit; 95 96 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 97 (psa_key_type_t) expected_key_lifetime ); 98 TEST_EQUAL( psa_get_key_type( &attributes ), 99 (psa_key_type_t) expected_key_type ); 100 TEST_EQUAL( psa_get_key_bits( &attributes ), 101 (psa_key_bits_t) expected_key_bits ); 102 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 103 (uint32_t) expected_key_usage ); 104 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 105 (uint32_t) expected_key_alg ); 106 TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), 107 (uint32_t) expected_key_alg2 ); 108 ASSERT_COMPARE( expected_key_data->x, expected_key_data->len, 109 key_data, key_data_length ); 110 111exit: 112 mbedtls_free( key_data ); 113} 114/* END_CASE */ 115 116/* BEGIN_CASE */ 117void save_large_persistent_key( int data_length_arg, int expected_status ) 118{ 119 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); 120 uint8_t *data = NULL; 121 size_t data_length = data_length_arg; 122 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 123 124 ASSERT_ALLOC( data, data_length ); 125 126 PSA_ASSERT( psa_crypto_init() ); 127 128 psa_set_key_id( &attributes, key_id ); 129 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); 130 131 TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ), 132 expected_status ); 133 134 if( expected_status == PSA_SUCCESS ) 135 PSA_ASSERT( psa_destroy_key( key_id ) ); 136 137exit: 138 mbedtls_free( data ); 139 PSA_DONE(); 140 psa_destroy_persistent_key( key_id ); 141} 142/* END_CASE */ 143 144/* BEGIN_CASE */ 145void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, 146 int first_type_arg, data_t *first_data, 147 int second_type_arg, data_t *second_data ) 148{ 149 mbedtls_svc_key_id_t key_id = 150 mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); 151 mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; 152 psa_key_type_t first_type = (psa_key_type_t) first_type_arg; 153 psa_key_type_t second_type = (psa_key_type_t) second_type_arg; 154 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 155 156 PSA_ASSERT( psa_crypto_init() ); 157 158 psa_set_key_id( &attributes, key_id ); 159 psa_set_key_type( &attributes, first_type ); 160 161 PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len, 162 &returned_key_id ) ); 163 164 if( restart ) 165 { 166 psa_close_key( key_id ); 167 PSA_DONE(); 168 PSA_ASSERT( psa_crypto_init() ); 169 } 170 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); 171 172 /* Destroy the key */ 173 PSA_ASSERT( psa_destroy_key( key_id ) ); 174 175 /* Check key slot storage is removed */ 176 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); 177 178 /* Shutdown and restart */ 179 PSA_DONE(); 180 PSA_ASSERT( psa_crypto_init() ); 181 182 /* Create another key in the same slot */ 183 psa_set_key_id( &attributes, key_id ); 184 psa_set_key_type( &attributes, second_type ); 185 PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len, 186 &returned_key_id ) ); 187 188 PSA_ASSERT( psa_destroy_key( key_id ) ); 189 190exit: 191 PSA_DONE(); 192 psa_destroy_persistent_key( key_id ); 193} 194/* END_CASE */ 195 196/* BEGIN_CASE */ 197void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, 198 data_t *data, int restart, int expected_status ) 199{ 200 mbedtls_svc_key_id_t key_id = 201 mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); 202 mbedtls_svc_key_id_t returned_key_id; 203 psa_key_type_t type = (psa_key_type_t) type_arg; 204 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 205 206 PSA_ASSERT( psa_crypto_init() ); 207 208 psa_set_key_id( &attributes, key_id ); 209 psa_set_key_type( &attributes, type ); 210 TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ), 211 expected_status ); 212 213 if( expected_status != PSA_SUCCESS ) 214 { 215 TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) ); 216 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); 217 goto exit; 218 } 219 220 TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) ); 221 222 if( restart ) 223 { 224 PSA_ASSERT( psa_purge_key( key_id ) ); 225 PSA_DONE(); 226 PSA_ASSERT( psa_crypto_init() ); 227 } 228 229 psa_reset_key_attributes( &attributes ); 230 PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); 231 TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), 232 key_id ) ); 233 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 234 PSA_KEY_LIFETIME_PERSISTENT ); 235 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 236 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); 237 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); 238 239 PSA_ASSERT( psa_destroy_key( key_id ) ); 240 241exit: 242 /* 243 * Key attributes may have been returned by psa_get_key_attributes() 244 * thus reset them as required. 245 */ 246 psa_reset_key_attributes( &attributes ); 247 248 psa_destroy_persistent_key( key_id ); 249 PSA_DONE(); 250} 251/* END_CASE */ 252 253/* BEGIN_CASE */ 254void import_export_persistent_key( data_t *data, int type_arg, 255 int expected_bits, 256 int restart, int key_not_exist ) 257{ 258 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); 259 psa_key_type_t type = (psa_key_type_t) type_arg; 260 mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; 261 unsigned char *exported = NULL; 262 size_t export_size = data->len; 263 size_t exported_length; 264 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 265 266 ASSERT_ALLOC( exported, export_size ); 267 268 PSA_ASSERT( psa_crypto_init( ) ); 269 270 psa_set_key_id( &attributes, key_id ); 271 psa_set_key_type( &attributes, type ); 272 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 273 274 /* Import the key */ 275 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, 276 &returned_key_id ) ); 277 278 279 if( restart ) 280 { 281 PSA_ASSERT( psa_purge_key( key_id ) ); 282 PSA_DONE(); 283 PSA_ASSERT( psa_crypto_init() ); 284 } 285 286 /* Test the key information */ 287 psa_reset_key_attributes( &attributes ); 288 PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); 289 TEST_ASSERT( mbedtls_svc_key_id_equal( 290 psa_get_key_id( &attributes ), key_id ) ); 291 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 292 PSA_KEY_LIFETIME_PERSISTENT ); 293 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 294 TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits ); 295 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT ); 296 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); 297 298 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); 299 300 if( key_not_exist ) 301 { 302 psa_destroy_persistent_key( key_id ); 303 } 304 /* Export the key */ 305 PSA_ASSERT( psa_export_key( key_id, exported, export_size, 306 &exported_length ) ); 307 308 ASSERT_COMPARE( data->x, data->len, exported, exported_length ); 309 310 /* Destroy the key */ 311 PSA_ASSERT( psa_destroy_key( key_id ) ); 312 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); 313 314exit: 315 /* 316 * Key attributes may have been returned by psa_get_key_attributes() 317 * thus reset them as required. 318 */ 319 psa_reset_key_attributes( &attributes ); 320 321 mbedtls_free( exported ); 322 PSA_DONE( ); 323 psa_destroy_persistent_key( key_id ); 324} 325/* END_CASE */ 326 327/* BEGIN_CASE */ 328void destroy_nonexistent( int id_arg, int expected_status_arg ) 329{ 330 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); 331 psa_status_t expected_status = expected_status_arg; 332 333 PSA_INIT( ); 334 335 TEST_EQUAL( expected_status, psa_destroy_key( id ) ); 336 337exit: 338 PSA_DONE( ); 339} 340/* END_CASE */ 341