1/* BEGIN_HEADER */ 2 3/* The tests in this module verify the contents of key store files. They 4 * access internal key storage functions directly. Some of the tests depend 5 * on the storage format. On the other hand, these tests treat the storage 6 * subsystem as a black box, and in particular have no reliance on the 7 * internals of the ITS implementation. 8 * 9 * Note that if you need to make a change that affects how files are 10 * stored, this may indicate that the key store is changing in a 11 * backward-incompatible way! Think carefully about backward compatibility 12 * before changing how test data is constructed or validated. 13 */ 14 15#include <stdint.h> 16 17#include "psa_crypto_slot_management.h" 18#include "psa_crypto_storage.h" 19 20#include "mbedtls/md.h" 21 22#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY" 23#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) ) 24 25/* Enforce the storage format for keys. The storage format is not a public 26 * documented interface, but it must be preserved between versions so that 27 * upgrades work smoothly, so it's a stable interface nonetheless. 28 */ 29typedef struct { 30 uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH]; 31 uint8_t version[4]; 32 uint8_t lifetime[sizeof( psa_key_lifetime_t )]; 33 uint8_t type[4]; 34 uint8_t policy[sizeof( psa_key_policy_t )]; 35 uint8_t data_len[4]; 36 uint8_t key_data[]; 37} psa_persistent_key_storage_format; 38 39/* END_HEADER */ 40 41/* BEGIN_DEPENDENCIES 42 * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_STORAGE_C 43 * END_DEPENDENCIES 44 */ 45 46/* BEGIN_CASE */ 47void format_storage_data_check( data_t *key_data, 48 data_t *expected_file_data, 49 int key_lifetime, int key_type, int key_bits, 50 int key_usage, int key_alg, int key_alg2 ) 51{ 52 uint8_t *file_data = NULL; 53 size_t file_data_length = 54 key_data->len + sizeof( psa_persistent_key_storage_format ); 55 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 56 57 psa_set_key_lifetime( &attributes, key_lifetime ); 58 psa_set_key_type( &attributes, key_type ); 59 psa_set_key_bits( &attributes, key_bits ); 60 psa_set_key_usage_flags( &attributes, key_usage ); 61 psa_set_key_algorithm( &attributes, key_alg ); 62 psa_set_key_enrollment_algorithm( &attributes, key_alg2 ); 63 64 ASSERT_ALLOC( file_data, file_data_length ); 65 psa_format_key_data_for_storage( key_data->x, key_data->len, 66 &attributes.core, 67 file_data ); 68 69 ASSERT_COMPARE( expected_file_data->x, expected_file_data->len, 70 file_data, file_data_length ); 71 72exit: 73 mbedtls_free( file_data ); 74} 75/* END_CASE */ 76 77/* BEGIN_CASE */ 78void parse_storage_data_check( data_t *file_data, 79 data_t *expected_key_data, 80 int expected_key_lifetime, 81 int expected_key_type, 82 int expected_key_bits, 83 int expected_key_usage, 84 int expected_key_alg, 85 int expected_key_alg2, 86 int expected_status ) 87{ 88 uint8_t *key_data = NULL; 89 size_t key_data_length = 0; 90 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 91 psa_status_t status; 92 93 status = psa_parse_key_data_from_storage( file_data->x, file_data->len, 94 &key_data, &key_data_length, 95 &attributes.core ); 96 97 TEST_EQUAL( status, expected_status ); 98 if( status != PSA_SUCCESS ) 99 goto exit; 100 101 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 102 (psa_key_type_t) expected_key_lifetime ); 103 TEST_EQUAL( psa_get_key_type( &attributes ), 104 (psa_key_type_t) expected_key_type ); 105 TEST_EQUAL( psa_get_key_bits( &attributes ), 106 (psa_key_bits_t) expected_key_bits ); 107 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 108 (uint32_t) expected_key_usage ); 109 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 110 (uint32_t) expected_key_alg ); 111 TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), 112 (uint32_t) expected_key_alg2 ); 113 ASSERT_COMPARE( expected_key_data->x, expected_key_data->len, 114 key_data, key_data_length ); 115 116exit: 117 mbedtls_free( key_data ); 118} 119/* END_CASE */ 120 121/* BEGIN_CASE */ 122void save_large_persistent_key( int data_length_arg, int expected_status ) 123{ 124 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); 125 uint8_t *data = NULL; 126 size_t data_length = data_length_arg; 127 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 128 129 ASSERT_ALLOC( data, data_length ); 130 131 PSA_ASSERT( psa_crypto_init() ); 132 133 psa_set_key_id( &attributes, key_id ); 134 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); 135 136 TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ), 137 expected_status ); 138 139 if( expected_status == PSA_SUCCESS ) 140 PSA_ASSERT( psa_destroy_key( key_id ) ); 141 142exit: 143 mbedtls_free( data ); 144 PSA_DONE(); 145 psa_destroy_persistent_key( key_id ); 146} 147/* END_CASE */ 148 149/* BEGIN_CASE */ 150void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, 151 int first_type_arg, data_t *first_data, 152 int second_type_arg, data_t *second_data ) 153{ 154 mbedtls_svc_key_id_t key_id = 155 mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); 156 mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; 157 psa_key_type_t first_type = (psa_key_type_t) first_type_arg; 158 psa_key_type_t second_type = (psa_key_type_t) second_type_arg; 159 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 160 161 PSA_ASSERT( psa_crypto_init() ); 162 163 psa_set_key_id( &attributes, key_id ); 164 psa_set_key_type( &attributes, first_type ); 165 166 PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len, 167 &returned_key_id ) ); 168 169 if( restart ) 170 { 171 psa_close_key( key_id ); 172 PSA_DONE(); 173 PSA_ASSERT( psa_crypto_init() ); 174 } 175 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); 176 177 /* Destroy the key */ 178 PSA_ASSERT( psa_destroy_key( key_id ) ); 179 180 /* Check key slot storage is removed */ 181 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); 182 183 /* Shutdown and restart */ 184 PSA_DONE(); 185 PSA_ASSERT( psa_crypto_init() ); 186 187 /* Create another key in the same slot */ 188 psa_set_key_id( &attributes, key_id ); 189 psa_set_key_type( &attributes, second_type ); 190 PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len, 191 &returned_key_id ) ); 192 193 PSA_ASSERT( psa_destroy_key( key_id ) ); 194 195exit: 196 PSA_DONE(); 197 psa_destroy_persistent_key( key_id ); 198} 199/* END_CASE */ 200 201/* BEGIN_CASE */ 202void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, 203 data_t *data, int restart, int expected_status ) 204{ 205 mbedtls_svc_key_id_t key_id = 206 mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); 207 mbedtls_svc_key_id_t returned_key_id; 208 psa_key_type_t type = (psa_key_type_t) type_arg; 209 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 210 211 PSA_ASSERT( psa_crypto_init() ); 212 213 psa_set_key_id( &attributes, key_id ); 214 psa_set_key_type( &attributes, type ); 215 TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ), 216 expected_status ); 217 218 if( expected_status != PSA_SUCCESS ) 219 { 220 TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) ); 221 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); 222 goto exit; 223 } 224 225 TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) ); 226 227 if( restart ) 228 { 229 PSA_ASSERT( psa_purge_key( key_id ) ); 230 PSA_DONE(); 231 PSA_ASSERT( psa_crypto_init() ); 232 } 233 234 psa_reset_key_attributes( &attributes ); 235 PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); 236 TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), 237 key_id ) ); 238 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 239 PSA_KEY_LIFETIME_PERSISTENT ); 240 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 241 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); 242 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); 243 244 PSA_ASSERT( psa_destroy_key( key_id ) ); 245 246exit: 247 /* 248 * Key attributes may have been returned by psa_get_key_attributes() 249 * thus reset them as required. 250 */ 251 psa_reset_key_attributes( &attributes ); 252 253 psa_destroy_persistent_key( key_id ); 254 PSA_DONE(); 255} 256/* END_CASE */ 257 258/* BEGIN_CASE */ 259void import_export_persistent_key( data_t *data, int type_arg, 260 int expected_bits, 261 int restart, int key_not_exist ) 262{ 263 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); 264 psa_key_type_t type = (psa_key_type_t) type_arg; 265 mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; 266 unsigned char *exported = NULL; 267 size_t export_size = data->len; 268 size_t exported_length; 269 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 270 271 ASSERT_ALLOC( exported, export_size ); 272 273 PSA_ASSERT( psa_crypto_init( ) ); 274 275 psa_set_key_id( &attributes, key_id ); 276 psa_set_key_type( &attributes, type ); 277 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); 278 279 /* Import the key */ 280 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, 281 &returned_key_id ) ); 282 283 284 if( restart ) 285 { 286 PSA_ASSERT( psa_purge_key( key_id ) ); 287 PSA_DONE(); 288 PSA_ASSERT( psa_crypto_init() ); 289 } 290 291 /* Test the key information */ 292 psa_reset_key_attributes( &attributes ); 293 PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); 294 TEST_ASSERT( mbedtls_svc_key_id_equal( 295 psa_get_key_id( &attributes ), key_id ) ); 296 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 297 PSA_KEY_LIFETIME_PERSISTENT ); 298 TEST_EQUAL( psa_get_key_type( &attributes ), type ); 299 TEST_EQUAL( psa_get_key_bits( &attributes ), (size_t) expected_bits ); 300 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT ); 301 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); 302 303 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); 304 305 if( key_not_exist ) 306 { 307 psa_destroy_persistent_key( key_id ); 308 } 309 /* Export the key */ 310 PSA_ASSERT( psa_export_key( key_id, exported, export_size, 311 &exported_length ) ); 312 313 ASSERT_COMPARE( data->x, data->len, exported, exported_length ); 314 315 /* Destroy the key */ 316 PSA_ASSERT( psa_destroy_key( key_id ) ); 317 TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); 318 319exit: 320 /* 321 * Key attributes may have been returned by psa_get_key_attributes() 322 * thus reset them as required. 323 */ 324 psa_reset_key_attributes( &attributes ); 325 326 mbedtls_free( exported ); 327 PSA_DONE( ); 328 psa_destroy_persistent_key( key_id ); 329} 330/* END_CASE */ 331 332/* BEGIN_CASE */ 333void destroy_nonexistent( int id_arg, int expected_status_arg ) 334{ 335 mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); 336 psa_status_t expected_status = expected_status_arg; 337 338 PSA_INIT( ); 339 340 TEST_EQUAL( expected_status, psa_destroy_key( id ) ); 341 342exit: 343 PSA_DONE( ); 344} 345/* END_CASE */ 346