diff options
Diffstat (limited to 'tests/suites/test_suite_psa_crypto_se_driver_hal.function')
| -rw-r--r-- | tests/suites/test_suite_psa_crypto_se_driver_hal.function | 1480 |
1 files changed, 743 insertions, 737 deletions
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 9f684913d..9c5ef23a6 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -24,16 +24,16 @@ /** The location and lifetime used for tests that use a single driver. */ #define TEST_DRIVER_LOCATION 1 #define TEST_SE_PERSISTENT_LIFETIME \ - ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ - PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) + (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION)) #define TEST_SE_VOLATILE_LIFETIME \ - ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ - PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) ) + (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION)) /** The driver detected a condition that shouldn't happen. * This is probably a bug in the library. */ -#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 )) +#define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t) (-500)) /** Like #TEST_ASSERT for use in a driver method, with no cleanup. * @@ -41,14 +41,14 @@ * * Use this macro to assert on guarantees provided by the core. */ -#define DRIVER_ASSERT_RETURN( TEST ) \ +#define DRIVER_ASSERT_RETURN(TEST) \ do { \ - if( ! (TEST) ) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - return( PSA_ERROR_DETECTED_BY_DRIVER ); \ - } \ - } while( 0 ) + if (!(TEST)) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ + return PSA_ERROR_DETECTED_BY_DRIVER; \ + } \ + } while (0) /** Like #TEST_ASSERT for use in a driver method, with cleanup. * @@ -57,15 +57,15 @@ * * Use this macro to assert on guarantees provided by the core. */ -#define DRIVER_ASSERT( TEST ) \ +#define DRIVER_ASSERT(TEST) \ do { \ - if( ! (TEST) ) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - status = PSA_ERROR_DETECTED_BY_DRIVER; \ - goto exit; \ - } \ - } while( 0 ) + if (!(TEST)) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ + status = PSA_ERROR_DETECTED_BY_DRIVER; \ + goto exit; \ + } \ + } while (0) /** Like #PSA_ASSERT for a PSA API call that calls a driver underneath. * @@ -78,17 +78,17 @@ * case, the test driver code is expected to have called mbedtls_test_fail() * already, so we make sure not to overwrite the failure information. */ -#define PSA_ASSERT_VIA_DRIVER( expr, expected_status ) \ +#define PSA_ASSERT_VIA_DRIVER(expr, expected_status) \ do { \ - psa_status_t PSA_ASSERT_VIA_DRIVER_status = ( expr ); \ - if( PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER ) \ - goto exit; \ - if( PSA_ASSERT_VIA_DRIVER_status != ( expected_status ) ) \ + psa_status_t PSA_ASSERT_VIA_DRIVER_status = (expr); \ + if (PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER) \ + goto exit; \ + if (PSA_ASSERT_VIA_DRIVER_status != (expected_status)) \ { \ - mbedtls_test_fail( #expr, __LINE__, __FILE__ ); \ + mbedtls_test_fail( #expr, __LINE__, __FILE__); \ goto exit; \ } \ - } while( 0 ) + } while (0) @@ -97,20 +97,21 @@ /****************************************************************/ /* Return the exact bit size given a curve family and a byte length. */ -static size_t ecc_curve_bits( psa_ecc_family_t curve, size_t data_length ) +static size_t ecc_curve_bits(psa_ecc_family_t curve, size_t data_length) { - switch( curve ) - { + switch (curve) { case PSA_ECC_FAMILY_SECP_R1: - if( data_length == PSA_BYTES_TO_BITS( 521 ) ) - return( 521 ); + if (data_length == PSA_BYTES_TO_BITS(521)) { + return 521; + } break; case PSA_ECC_FAMILY_MONTGOMERY: - if( data_length == PSA_BYTES_TO_BITS( 255 ) ) - return( 255 ); + if (data_length == PSA_BYTES_TO_BITS(255)) { + return 255; + } } /* If not listed above, assume a multiple of 8 bits. */ - return( PSA_BYTES_TO_BITS( data_length ) ); + return PSA_BYTES_TO_BITS(data_length); } @@ -118,8 +119,7 @@ static size_t ecc_curve_bits( psa_ecc_family_t curve, size_t data_length ) /* Miscellaneous driver methods */ /****************************************************************/ -typedef struct -{ +typedef struct { psa_key_slot_number_t slot_number; psa_key_creation_method_t method; psa_status_t status; @@ -132,51 +132,53 @@ static psa_status_t validate_slot_number_as_directed( void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, - psa_key_slot_number_t slot_number ) + psa_key_slot_number_t slot_number) { (void) context; (void) persistent_data; (void) attributes; - DRIVER_ASSERT_RETURN( slot_number == - validate_slot_number_directions.slot_number ); - DRIVER_ASSERT_RETURN( method == - validate_slot_number_directions.method ); - return( validate_slot_number_directions.status ); + DRIVER_ASSERT_RETURN(slot_number == + validate_slot_number_directions.slot_number); + DRIVER_ASSERT_RETURN(method == + validate_slot_number_directions.method); + return validate_slot_number_directions.status; } /* Allocate slot numbers with a monotonic counter. */ static psa_key_slot_number_t shadow_counter; -static void counter_reset( void ) +static void counter_reset(void) { shadow_counter = 0; } -static psa_status_t counter_allocate( psa_drv_se_context_t *context, - void *persistent_data, - const psa_key_attributes_t *attributes, - psa_key_creation_method_t method, - psa_key_slot_number_t *slot_number ) +static psa_status_t counter_allocate(psa_drv_se_context_t *context, + void *persistent_data, + const psa_key_attributes_t *attributes, + psa_key_creation_method_t method, + psa_key_slot_number_t *slot_number) { psa_key_slot_number_t *p_counter = persistent_data; (void) attributes; (void) method; - if( context->persistent_data_size != sizeof( psa_key_slot_number_t ) ) - return( PSA_ERROR_DETECTED_BY_DRIVER ); + if (context->persistent_data_size != sizeof(psa_key_slot_number_t)) { + return PSA_ERROR_DETECTED_BY_DRIVER; + } ++*p_counter; - if( *p_counter == 0 ) - return( PSA_ERROR_INSUFFICIENT_STORAGE ); + if (*p_counter == 0) { + return PSA_ERROR_INSUFFICIENT_STORAGE; + } shadow_counter = *p_counter; *slot_number = *p_counter; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } /* Null import: do nothing, but pretend it worked. */ #if defined(AT_LEAST_ONE_BUILTIN_KDF) -static psa_status_t null_import( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits ) +static psa_status_t null_import(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits) { (void) context; (void) slot_number; @@ -184,44 +186,43 @@ static psa_status_t null_import( psa_drv_se_context_t *context, (void) data; /* We're supposed to return a key size. Return one that's correct for * plain data keys. */ - *bits = PSA_BYTES_TO_BITS( data_length ); - return( PSA_SUCCESS ); + *bits = PSA_BYTES_TO_BITS(data_length); + return PSA_SUCCESS; } #endif /* AT_LEAST_ONE_BUILTIN_KDF */ /* Null generate: do nothing, but pretend it worked. */ #if defined(AT_LEAST_ONE_BUILTIN_KDF) -static psa_status_t null_generate( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - const psa_key_attributes_t *attributes, - uint8_t *pubkey, - size_t pubkey_size, - size_t *pubkey_length ) +static psa_status_t null_generate(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + const psa_key_attributes_t *attributes, + uint8_t *pubkey, + size_t pubkey_size, + size_t *pubkey_length) { (void) context; (void) slot_number; (void) attributes; - DRIVER_ASSERT_RETURN( *pubkey_length == 0 ); - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) - { - DRIVER_ASSERT_RETURN( pubkey == NULL ); - DRIVER_ASSERT_RETURN( pubkey_size == 0 ); + DRIVER_ASSERT_RETURN(*pubkey_length == 0); + if (!PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { + DRIVER_ASSERT_RETURN(pubkey == NULL); + DRIVER_ASSERT_RETURN(pubkey_size == 0); } - return( PSA_SUCCESS ); + return PSA_SUCCESS; } #endif /* AT_LEAST_ONE_BUILTIN_KDF */ /* Null destroy: do nothing, but pretend it worked. */ -static psa_status_t null_destroy( psa_drv_se_context_t *context, - void *persistent_data, - psa_key_slot_number_t slot_number ) +static psa_status_t null_destroy(psa_drv_se_context_t *context, + void *persistent_data, + psa_key_slot_number_t slot_number) { (void) context; (void) persistent_data; (void) slot_number; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } @@ -231,8 +232,7 @@ static psa_status_t null_destroy( psa_drv_se_context_t *context, /****************************************************************/ #define RAM_MAX_KEY_SIZE 64 -typedef struct -{ +typedef struct { psa_key_lifetime_t lifetime; psa_key_type_t type; size_t bits; @@ -248,9 +248,9 @@ static ram_slot_usage_t ram_shadow_slot_usage; static uint8_t ram_min_slot = 0; -static void ram_slots_reset( void ) +static void ram_slots_reset(void) { - memset( ram_slots, 0, sizeof( ram_slots ) ); + memset(ram_slots, 0, sizeof(ram_slots)); ram_min_slot = 0; ram_shadow_slot_usage = 0; } @@ -263,168 +263,165 @@ static void ram_slots_reset( void ) * in the test case function's cleanup code) and it might be wrong * (if slot_number is invalid). */ -static psa_status_t ram_create_common( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - const psa_key_attributes_t *attributes, - size_t required_storage ) +static psa_status_t ram_create_common(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + const psa_key_attributes_t *attributes, + size_t required_storage) { (void) context; - DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); + DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots)); - ram_slots[slot_number].lifetime = psa_get_key_lifetime( attributes ); - ram_slots[slot_number].type = psa_get_key_type( attributes ); - ram_slots[slot_number].bits = psa_get_key_bits( attributes ); + ram_slots[slot_number].lifetime = psa_get_key_lifetime(attributes); + ram_slots[slot_number].type = psa_get_key_type(attributes); + ram_slots[slot_number].bits = psa_get_key_bits(attributes); - if( required_storage > sizeof( ram_slots[slot_number].content ) ) - { - memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) ); - return( PSA_ERROR_INSUFFICIENT_STORAGE ); + if (required_storage > sizeof(ram_slots[slot_number].content)) { + memset(&ram_slots[slot_number], 0, sizeof(ram_slots[slot_number])); + return PSA_ERROR_INSUFFICIENT_STORAGE; } - return( PSA_SUCCESS ); + return PSA_SUCCESS; } /* This function does everything except actually generating key material. * After calling it, you must copy the desired key material to * ram_slots[slot_number].content. */ -static psa_status_t ram_fake_generate( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - const psa_key_attributes_t *attributes, - uint8_t *pubkey, - size_t pubkey_size, - size_t *pubkey_length ) +static psa_status_t ram_fake_generate(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + const psa_key_attributes_t *attributes, + uint8_t *pubkey, + size_t pubkey_size, + size_t *pubkey_length) { psa_status_t status; size_t required_storage = - PSA_EXPORT_KEY_OUTPUT_SIZE( psa_get_key_type( attributes ), - psa_get_key_bits( attributes ) ); + PSA_EXPORT_KEY_OUTPUT_SIZE(psa_get_key_type(attributes), + psa_get_key_bits(attributes)); - DRIVER_ASSERT_RETURN( *pubkey_length == 0 ); - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) - { - DRIVER_ASSERT_RETURN( pubkey == NULL ); - DRIVER_ASSERT_RETURN( pubkey_size == 0 ); + DRIVER_ASSERT_RETURN(*pubkey_length == 0); + if (!PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { + DRIVER_ASSERT_RETURN(pubkey == NULL); + DRIVER_ASSERT_RETURN(pubkey_size == 0); } - status = ram_create_common( context, slot_number, attributes, - required_storage ); - return( status ); + status = ram_create_common(context, slot_number, attributes, + required_storage); + return status; } -static psa_status_t ram_import( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits ) +static psa_status_t ram_import(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits) { - psa_key_type_t type = psa_get_key_type( attributes ); - psa_status_t status = ram_create_common( context, slot_number, attributes, - data_length ); - if( status != PSA_SUCCESS ) - return( status ); + psa_key_type_t type = psa_get_key_type(attributes); + psa_status_t status = ram_create_common(context, slot_number, attributes, + data_length); + if (status != PSA_SUCCESS) { + return status; + } /* The RAM driver only works for certain key types: raw keys, * and ECC key pairs. This is true in particular of the bit-size * calculation here. */ - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ) - *bits = PSA_BYTES_TO_BITS( data_length ); - else if ( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - { - *bits = ecc_curve_bits( PSA_KEY_TYPE_ECC_GET_FAMILY( type ), data_length ); - if( *bits == 0 ) - return( PSA_ERROR_DETECTED_BY_DRIVER ); - } - else - { - memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) ); - return( PSA_ERROR_NOT_SUPPORTED ); + if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { + *bits = PSA_BYTES_TO_BITS(data_length); + } else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + *bits = ecc_curve_bits(PSA_KEY_TYPE_ECC_GET_FAMILY(type), data_length); + if (*bits == 0) { + return PSA_ERROR_DETECTED_BY_DRIVER; + } + } else { + memset(&ram_slots[slot_number], 0, sizeof(ram_slots[slot_number])); + return PSA_ERROR_NOT_SUPPORTED; } ram_slots[slot_number].bits = *bits; - memcpy( ram_slots[slot_number].content, data, data_length ); + memcpy(ram_slots[slot_number].content, data, data_length); - return( PSA_SUCCESS ); + return PSA_SUCCESS; } -static psa_status_t ram_export( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - uint8_t *data, - size_t data_size, - size_t *data_length ) +static psa_status_t ram_export(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + uint8_t *data, + size_t data_size, + size_t *data_length) { size_t actual_size; (void) context; - DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); - actual_size = PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ); - if( actual_size > data_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots)); + actual_size = PSA_BITS_TO_BYTES(ram_slots[slot_number].bits); + if (actual_size > data_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } *data_length = actual_size; - memcpy( data, ram_slots[slot_number].content, actual_size ); - return( PSA_SUCCESS ); + memcpy(data, ram_slots[slot_number].content, actual_size); + return PSA_SUCCESS; } -static psa_status_t ram_export_public( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - uint8_t *data, - size_t data_size, - size_t *data_length ) +static psa_status_t ram_export_public(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + uint8_t *data, + size_t data_size, + size_t *data_length) { psa_status_t status; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; (void) context; - DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); + DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots)); DRIVER_ASSERT_RETURN( - PSA_KEY_TYPE_IS_KEY_PAIR( ram_slots[slot_number].type ) ); - - psa_set_key_type( &attributes, ram_slots[slot_number].type ); - status = psa_import_key( &attributes, - ram_slots[slot_number].content, - PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ), - &key ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_export_public_key( key, data, data_size, data_length ); - psa_destroy_key( key ); - return( PSA_SUCCESS ); + PSA_KEY_TYPE_IS_KEY_PAIR(ram_slots[slot_number].type)); + + psa_set_key_type(&attributes, ram_slots[slot_number].type); + status = psa_import_key(&attributes, + ram_slots[slot_number].content, + PSA_BITS_TO_BYTES(ram_slots[slot_number].bits), + &key); + if (status != PSA_SUCCESS) { + return status; + } + status = psa_export_public_key(key, data, data_size, data_length); + psa_destroy_key(key); + return PSA_SUCCESS; } -static psa_status_t ram_destroy( psa_drv_se_context_t *context, - void *persistent_data, - psa_key_slot_number_t slot_number ) +static psa_status_t ram_destroy(psa_drv_se_context_t *context, + void *persistent_data, + psa_key_slot_number_t slot_number) { ram_slot_usage_t *slot_usage = persistent_data; - DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) ); - DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); - memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) ); - *slot_usage &= ~(ram_slot_usage_t)( 1 << slot_number ); + DRIVER_ASSERT_RETURN(context->persistent_data_size == sizeof(ram_slot_usage_t)); + DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots)); + memset(&ram_slots[slot_number], 0, sizeof(ram_slots[slot_number])); + *slot_usage &= ~(ram_slot_usage_t) (1 << slot_number); ram_shadow_slot_usage = *slot_usage; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } -static psa_status_t ram_allocate( psa_drv_se_context_t *context, - void *persistent_data, - const psa_key_attributes_t *attributes, - psa_key_creation_method_t method, - psa_key_slot_number_t *slot_number ) +static psa_status_t ram_allocate(psa_drv_se_context_t *context, + void *persistent_data, + const psa_key_attributes_t *attributes, + psa_key_creation_method_t method, + psa_key_slot_number_t *slot_number) { ram_slot_usage_t *slot_usage = persistent_data; (void) attributes; (void) method; - DRIVER_ASSERT_RETURN( context->persistent_data_size == sizeof( ram_slot_usage_t ) ); - for( *slot_number = ram_min_slot; - *slot_number < ARRAY_LENGTH( ram_slots ); - ++( *slot_number ) ) - { - if( ! ( *slot_usage & 1 << *slot_number ) ) - { + DRIVER_ASSERT_RETURN(context->persistent_data_size == sizeof(ram_slot_usage_t)); + for (*slot_number = ram_min_slot; + *slot_number < ARRAY_LENGTH(ram_slots); + ++(*slot_number)) { + if (!(*slot_usage & 1 << *slot_number)) { ram_shadow_slot_usage = *slot_usage; - return( PSA_SUCCESS ); + return PSA_SUCCESS; } } - return( PSA_ERROR_INSUFFICIENT_STORAGE ); + return PSA_ERROR_INSUFFICIENT_STORAGE; } static psa_status_t ram_validate_slot_number( @@ -432,25 +429,26 @@ static psa_status_t ram_validate_slot_number( void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, - psa_key_slot_number_t slot_number ) + psa_key_slot_number_t slot_number) { (void) context; (void) persistent_data; (void) attributes; (void) method; - if( slot_number >= ARRAY_LENGTH( ram_slots ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - return( PSA_SUCCESS ); + if (slot_number >= ARRAY_LENGTH(ram_slots)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return PSA_SUCCESS; } -static psa_status_t ram_sign( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +static psa_status_t ram_sign(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length) { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -458,32 +456,32 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; - DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); + DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots)); slot = &ram_slots[slot_number]; - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, slot->type ); - DRIVER_ASSERT( psa_import_key( &attributes, - slot->content, - PSA_BITS_TO_BYTES( slot->bits ), - &key ) == PSA_SUCCESS ); - status = psa_sign_hash( key, alg, - hash, hash_length, - signature, signature_size, signature_length ); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, slot->type); + DRIVER_ASSERT(psa_import_key(&attributes, + slot->content, + PSA_BITS_TO_BYTES(slot->bits), + &key) == PSA_SUCCESS); + status = psa_sign_hash(key, alg, + hash, hash_length, + signature, signature_size, signature_length); exit: - psa_destroy_key( key ); - return( status ); + psa_destroy_key(key); + return status; } -static psa_status_t ram_verify( psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t ram_verify(psa_drv_se_context_t *context, + psa_key_slot_number_t slot_number, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length) { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -491,24 +489,24 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; - DRIVER_ASSERT_RETURN( slot_number < ARRAY_LENGTH( ram_slots ) ); + DRIVER_ASSERT_RETURN(slot_number < ARRAY_LENGTH(ram_slots)); slot = &ram_slots[slot_number]; - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, slot->type ); - DRIVER_ASSERT( psa_import_key( &attributes, - slot->content, - PSA_BITS_TO_BYTES( slot->bits ), - &key ) == - PSA_SUCCESS ); - status = psa_verify_hash( key, alg, - hash, hash_length, - signature, signature_length ); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, slot->type); + DRIVER_ASSERT(psa_import_key(&attributes, + slot->content, + PSA_BITS_TO_BYTES(slot->bits), + &key) == + PSA_SUCCESS); + status = psa_verify_hash(key, alg, + hash, hash_length, + signature, signature_length); exit: - psa_destroy_key( key ); - return( status ); + psa_destroy_key(key); + return status; } @@ -516,8 +514,7 @@ exit: /* Other test helper functions */ /****************************************************************/ -typedef enum -{ +typedef enum { SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION, SIGN_IN_DRIVER_AND_PARALLEL_CREATION, SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC, @@ -527,54 +524,49 @@ typedef enum * are consistent with the attributes used when creating the key. */ static int check_key_attributes( mbedtls_svc_key_id_t key, - const psa_key_attributes_t *reference_attributes ) + const psa_key_attributes_t *reference_attributes) { int ok = 0; psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) ); - - TEST_ASSERT( mbedtls_svc_key_id_equal( - psa_get_key_id( &actual_attributes ), - psa_get_key_id( reference_attributes ) ) ); - TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ), - psa_get_key_lifetime( reference_attributes ) ); - TEST_EQUAL( psa_get_key_type( &actual_attributes ), - psa_get_key_type( reference_attributes ) ); - TEST_EQUAL( psa_get_key_usage_flags( &actual_attributes ), - psa_get_key_usage_flags( reference_attributes ) ); - TEST_EQUAL( psa_get_key_algorithm( &actual_attributes ), - psa_get_key_algorithm( reference_attributes ) ); - TEST_EQUAL( psa_get_key_enrollment_algorithm( &actual_attributes ), - psa_get_key_enrollment_algorithm( reference_attributes ) ); - if( psa_get_key_bits( reference_attributes ) != 0 ) - { - TEST_EQUAL( psa_get_key_bits( &actual_attributes ), - psa_get_key_bits( reference_attributes ) ); + PSA_ASSERT(psa_get_key_attributes(key, &actual_attributes)); + + TEST_ASSERT(mbedtls_svc_key_id_equal( + psa_get_key_id(&actual_attributes), + psa_get_key_id(reference_attributes))); + TEST_EQUAL(psa_get_key_lifetime(&actual_attributes), + psa_get_key_lifetime(reference_attributes)); + TEST_EQUAL(psa_get_key_type(&actual_attributes), + psa_get_key_type(reference_attributes)); + TEST_EQUAL(psa_get_key_usage_flags(&actual_attributes), + psa_get_key_usage_flags(reference_attributes)); + TEST_EQUAL(psa_get_key_algorithm(&actual_attributes), + psa_get_key_algorithm(reference_attributes)); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&actual_attributes), + psa_get_key_enrollment_algorithm(reference_attributes)); + if (psa_get_key_bits(reference_attributes) != 0) { + TEST_EQUAL(psa_get_key_bits(&actual_attributes), + psa_get_key_bits(reference_attributes)); } { psa_key_slot_number_t actual_slot_number = 0xdeadbeef; psa_key_slot_number_t desired_slot_number = 0xb90cc011; psa_key_lifetime_t lifetime = - psa_get_key_lifetime( &actual_attributes ); - psa_status_t status = psa_get_key_slot_number( &actual_attributes, - &actual_slot_number ); - if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION ) - { + psa_get_key_lifetime(&actual_attributes); + psa_status_t status = psa_get_key_slot_number(&actual_attributes, + &actual_slot_number); + if (PSA_KEY_LIFETIME_GET_LOCATION(lifetime) < MIN_DRIVER_LOCATION) { /* The key is not in a secure element. */ - TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT ); - } - else - { + TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT); + } else { /* The key is in a secure element. If it had been created * in a specific slot, check that it is reported there. */ - PSA_ASSERT( status ); - status = psa_get_key_slot_number( reference_attributes, - &desired_slot_number ); - if( status == PSA_SUCCESS ) - { - TEST_EQUAL( desired_slot_number, actual_slot_number ); + PSA_ASSERT(status); + status = psa_get_key_slot_number(reference_attributes, + &desired_slot_number); + if (status == PSA_SUCCESS) { + TEST_EQUAL(desired_slot_number, actual_slot_number); } } } @@ -585,65 +577,65 @@ exit: * Actual key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &actual_attributes ); + psa_reset_key_attributes(&actual_attributes); - return( ok ); + return ok; } /* Get the file UID corresponding to the specified location. * If this changes, the storage format version must change. * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. */ -psa_storage_uid_t file_uid_for_location( psa_key_location_t location ) +psa_storage_uid_t file_uid_for_location(psa_key_location_t location) { - if( location > PSA_MAX_SE_LOCATION ) - return( 0 ); - return( 0xfffffe00 + location ); + if (location > PSA_MAX_SE_LOCATION) { + return 0; + } + return 0xfffffe00 + location; } /* Check that the persistent data of a driver has its expected content. */ -static int check_persistent_data( psa_key_location_t location, - const void *expected_data, - size_t size ) +static int check_persistent_data(psa_key_location_t location, + const void *expected_data, + size_t size) { - psa_storage_uid_t uid = file_uid_for_location( location ); + psa_storage_uid_t uid = file_uid_for_location(location); struct psa_storage_info_t info; uint8_t *loaded = NULL; int ok = 0; - PSA_ASSERT( psa_its_get_info( uid, &info ) ); - ASSERT_ALLOC( loaded, info.size ); - PSA_ASSERT( psa_its_get( uid, 0, info.size, loaded, NULL ) ); - ASSERT_COMPARE( expected_data, size, loaded, info.size ); + PSA_ASSERT(psa_its_get_info(uid, &info)); + TEST_CALLOC(loaded, info.size); + PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL)); + TEST_MEMORY_COMPARE(expected_data, size, loaded, info.size); ok = 1; exit: - mbedtls_free( loaded ); - return( ok ); + mbedtls_free(loaded); + return ok; } /* Check that no persistent data exists for the given location. */ -static int check_no_persistent_data( psa_key_location_t location ) +static int check_no_persistent_data(psa_key_location_t location) { - psa_storage_uid_t uid = file_uid_for_location( location ); + psa_storage_uid_t uid = file_uid_for_location(location); struct psa_storage_info_t info; int ok = 0; - TEST_EQUAL( psa_its_get_info( uid, &info ), PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL(psa_its_get_info(uid, &info), PSA_ERROR_DOES_NOT_EXIST); ok = 1; exit: - return( ok ); + return ok; } /* Check that a function's return status is "smoke-free", i.e. that * it's an acceptable error code when calling an API function that operates * on a key with potentially bogus parameters. */ #if defined(AT_LEAST_ONE_BUILTIN_KDF) -static int is_status_smoke_free( psa_status_t status ) +static int is_status_smoke_free(psa_status_t status) { - switch( status ) - { + switch (status) { case PSA_SUCCESS: case PSA_ERROR_NOT_SUPPORTED: case PSA_ERROR_NOT_PERMITTED: @@ -651,22 +643,22 @@ static int is_status_smoke_free( psa_status_t status ) case PSA_ERROR_INVALID_ARGUMENT: case PSA_ERROR_INVALID_SIGNATURE: case PSA_ERROR_INVALID_PADDING: - return( 1 ); + return 1; default: - return( 0 ); + return 0; } } #endif /* AT_LEAST_ONE_BUILTIN_KDF */ -#define SMOKE_ASSERT( expr ) \ - TEST_ASSERT( is_status_smoke_free( expr ) ) +#define SMOKE_ASSERT(expr) \ + TEST_ASSERT(is_status_smoke_free(expr)) /* Smoke test a key. There are mostly no wrong answers here since we pass * mostly bogus parameters: the goal is to ensure that there is no memory * corruption or crash. This test function is most useful when run under * an environment with sanity checks such as ASan or MSan. */ #if defined(AT_LEAST_ONE_BUILTIN_KDF) -static int smoke_test_key( mbedtls_svc_key_id_t key ) +static int smoke_test_key(mbedtls_svc_key_id_t key) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -678,90 +670,90 @@ static int smoke_test_key( mbedtls_svc_key_id_t key ) size_t length; mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; - SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) ); - - SMOKE_ASSERT( psa_export_key( key, - buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_export_public_key( key, - buffer, sizeof( buffer ), &length ) ); - - SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) ); - if( ! mbedtls_svc_key_id_is_null( key2 ) ) - PSA_ASSERT( psa_destroy_key( key2 ) ); - - SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) ); - PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key, - PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) ); - PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - - SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key, - PSA_ALG_CTR ) ); - PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key, - PSA_ALG_CTR ) ); - PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - - SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM, - buffer, sizeof( buffer ), - NULL, 0, - buffer, sizeof( buffer), - buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM, - buffer, sizeof( buffer ), - NULL, 0, - buffer, sizeof( buffer), - buffer, sizeof( buffer), &length ) ); - - SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT(psa_get_key_attributes(key, &attributes)); + + SMOKE_ASSERT(psa_export_key(key, + buffer, sizeof(buffer), &length)); + SMOKE_ASSERT(psa_export_public_key(key, + buffer, sizeof(buffer), &length)); + + SMOKE_ASSERT(psa_copy_key(key, &attributes, &key2)); + if (!mbedtls_svc_key_id_is_null(key2)) { + PSA_ASSERT(psa_destroy_key(key2)); + } + + SMOKE_ASSERT(psa_mac_sign_setup(&mac_operation, key, PSA_ALG_CMAC)); + PSA_ASSERT(psa_mac_abort(&mac_operation)); + SMOKE_ASSERT(psa_mac_verify_setup(&mac_operation, key, + PSA_ALG_HMAC(PSA_ALG_SHA_256))); + PSA_ASSERT(psa_mac_abort(&mac_operation)); + + SMOKE_ASSERT(psa_cipher_encrypt_setup(&cipher_operation, key, + PSA_ALG_CTR)); + PSA_ASSERT(psa_cipher_abort(&cipher_operation)); + SMOKE_ASSERT(psa_cipher_decrypt_setup(&cipher_operation, key, + PSA_ALG_CTR)); + PSA_ASSERT(psa_cipher_abort(&cipher_operation)); + + SMOKE_ASSERT(psa_aead_encrypt(key, PSA_ALG_CCM, + buffer, sizeof(buffer), + NULL, 0, + buffer, sizeof(buffer), + buffer, sizeof(buffer), &length)); + SMOKE_ASSERT(psa_aead_decrypt(key, PSA_ALG_CCM, + buffer, sizeof(buffer), + NULL, 0, + buffer, sizeof(buffer), + buffer, sizeof(buffer), &length)); + + SMOKE_ASSERT(psa_sign_hash(key, PSA_ALG_ECDSA_ANY, + buffer, 32, + buffer, sizeof(buffer), &length)); + SMOKE_ASSERT(psa_verify_hash(key, PSA_ALG_ECDSA_ANY, buffer, 32, - buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY, - buffer, 32, - buffer, sizeof( buffer ) ) ); - - SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, - buffer, 10, NULL, 0, - buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, - buffer, sizeof( buffer ), NULL, 0, - buffer, sizeof( buffer ), &length ) ); - -#if defined(MBEDTLS_SHA256_C) + buffer, sizeof(buffer))); + + SMOKE_ASSERT(psa_asymmetric_encrypt(key, PSA_ALG_RSA_PKCS1V15_CRYPT, + buffer, 10, NULL, 0, + buffer, sizeof(buffer), &length)); + SMOKE_ASSERT(psa_asymmetric_decrypt(key, PSA_ALG_RSA_PKCS1V15_CRYPT, + buffer, sizeof(buffer), NULL, 0, + buffer, sizeof(buffer), &length)); + +#if defined(PSA_WANT_ALG_SHA_256) /* Try the key in a plain key derivation. */ - PSA_ASSERT( psa_key_derivation_setup( &derivation_operation, - PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &derivation_operation, - PSA_KEY_DERIVATION_INPUT_SALT, - NULL, 0 ) ); - SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key ) ); - PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); + PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, + PSA_ALG_HKDF(PSA_ALG_SHA_256))); + PSA_ASSERT(psa_key_derivation_input_bytes(&derivation_operation, + PSA_KEY_DERIVATION_INPUT_SALT, + NULL, 0)); + SMOKE_ASSERT(psa_key_derivation_input_key(&derivation_operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + PSA_ASSERT(psa_key_derivation_abort(&derivation_operation)); /* If the key is asymmetric, try it in a key agreement, both as * part of a derivation operation and standalone. */ - if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) == - PSA_SUCCESS ) - { + if (psa_export_public_key(key, buffer, sizeof(buffer), &length) == + PSA_SUCCESS) { psa_algorithm_t alg = - PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, - PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ); - PSA_ASSERT( psa_key_derivation_setup( &derivation_operation, alg ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( - &derivation_operation, PSA_KEY_DERIVATION_INPUT_SALT, - NULL, 0 ) ); - SMOKE_ASSERT( psa_key_derivation_key_agreement( - &derivation_operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - key, buffer, length ) ); - PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); - - SMOKE_ASSERT( psa_raw_key_agreement( - alg, key, buffer, length, - buffer, sizeof( buffer ), &length ) ); + PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, + PSA_ALG_HKDF(PSA_ALG_SHA_256)); + PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, alg)); + PSA_ASSERT(psa_key_derivation_input_bytes( + &derivation_operation, PSA_KEY_DERIVATION_INPUT_SALT, + NULL, 0)); + SMOKE_ASSERT(psa_key_derivation_key_agreement( + &derivation_operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key, buffer, length)); + PSA_ASSERT(psa_key_derivation_abort(&derivation_operation)); + + SMOKE_ASSERT(psa_raw_key_agreement( + alg, key, buffer, length, + buffer, sizeof(buffer), &length)); } -#endif /* MBEDTLS_SHA256_C */ +#endif /* PSA_WANT_ALG_SHA_256 */ ok = 1; @@ -770,23 +762,24 @@ exit: * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - return( ok ); + return ok; } #endif /* AT_LEAST_ONE_BUILTIN_KDF */ -static void psa_purge_storage( void ) +static void psa_purge_storage(void) { /* The generic code in mbedtls_test_psa_purge_key_storage() * (which is called by PSA_DONE()) doesn't take care of things that are * specific to dynamic secure elements. */ psa_key_location_t location; /* Purge the transaction file. */ - psa_crypto_stop_transaction( ); + psa_crypto_stop_transaction(); /* Purge driver persistent data. */ - for( location = 0; location < PSA_MAX_SE_LOCATION; location++ ) - psa_destroy_se_persistent_data( location ); + for (location = 0; location < PSA_MAX_SE_LOCATION; location++) { + psa_destroy_se_persistent_data(location); + } } /* END_HEADER */ @@ -797,205 +790,207 @@ static void psa_purge_storage( void ) */ /* BEGIN_CASE */ -void register_one( int location, int version, int expected_status_arg ) +void register_one(int location, int version, int expected_status_arg) { psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; - memset( &driver, 0, sizeof( driver ) ); + memset(&driver, 0, sizeof(driver)); driver.hal_version = version; - TEST_EQUAL( psa_register_se_driver( location, &driver ), - expected_status ); + TEST_EQUAL(psa_register_se_driver(location, &driver), + expected_status); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_crypto_init()); exit: - PSA_DONE( ); + PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ -void register_twice( int count ) +void register_twice(int count) { psa_drv_se_t driver; psa_key_location_t location; psa_key_location_t max = MIN_DRIVER_LOCATION + count; - memset( &driver, 0, sizeof( driver ) ); + memset(&driver, 0, sizeof(driver)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( location = MIN_DRIVER_LOCATION; location < max; location++ ) - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - for( location = MIN_DRIVER_LOCATION; location < max; location++ ) - TEST_EQUAL( psa_register_se_driver( location, &driver ), - PSA_ERROR_ALREADY_EXISTS ); + for (location = MIN_DRIVER_LOCATION; location < max; location++) { + PSA_ASSERT(psa_register_se_driver(location, &driver)); + } + for (location = MIN_DRIVER_LOCATION; location < max; location++) { + TEST_EQUAL(psa_register_se_driver(location, &driver), + PSA_ERROR_ALREADY_EXISTS); + } - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_crypto_init()); exit: - PSA_DONE( ); + PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ -void register_max( ) +void register_max() { psa_drv_se_t driver; psa_key_location_t location; psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS; - memset( &driver, 0, sizeof( driver ) ); + memset(&driver, 0, sizeof(driver)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - for( location = MIN_DRIVER_LOCATION; location < max; location++ ) - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); + for (location = MIN_DRIVER_LOCATION; location < max; location++) { + PSA_ASSERT(psa_register_se_driver(location, &driver)); + } - TEST_EQUAL( psa_register_se_driver( location, &driver ), - PSA_ERROR_INSUFFICIENT_MEMORY ); + TEST_EQUAL(psa_register_se_driver(location, &driver), + PSA_ERROR_INSUFFICIENT_MEMORY); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_crypto_init()); exit: - PSA_DONE( ); + PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE */ -void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) +void key_creation_import_export(int lifetime_arg, int min_slot, int restart) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1); mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; - uint8_t exported[sizeof( key_material )]; + const uint8_t key_material[3] = { 0xfa, 0xca, 0xde }; + uint8_t exported[sizeof(key_material)]; size_t exported_length; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); - memset( &key_management, 0, sizeof( key_management ) ); + memset(&driver, 0, sizeof(driver)); + memset(&key_management, 0, sizeof(key_management)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; driver.key_management = &key_management; - driver.persistent_data_size = sizeof( ram_slot_usage_t ); + driver.persistent_data_size = sizeof(ram_slot_usage_t); key_management.p_allocate = ram_allocate; key_management.p_import = ram_import; key_management.p_destroy = ram_destroy; key_management.p_export = ram_export; ram_min_slot = min_slot; - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); /* Create a key. */ - psa_set_key_id( &attributes, id ); - psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - PSA_ASSERT( psa_import_key( &attributes, - key_material, sizeof( key_material ), - &returned_id ) ); - - if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) - { + psa_set_key_id(&attributes, id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); + psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA); + PSA_ASSERT(psa_import_key(&attributes, + key_material, sizeof(key_material), + &returned_id)); + + if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { /* For volatile keys, check no persistent data was created */ - if( ! check_no_persistent_data( location ) ) + if (!check_no_persistent_data(location)) { goto exit; - } - else - { + } + } else { /* For persistent keys, check persistent data */ - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) + if (!check_persistent_data(location, + &ram_shadow_slot_usage, + sizeof(ram_shadow_slot_usage))) { goto exit; + } } /* Test that the key was created in the expected slot. */ - TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA ); + TEST_EQUAL(ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA); /* Maybe restart, to check that the information is saved correctly. */ - if( restart ) - { - mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + if (restart) { + mbedtls_psa_crypto_free(); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); - if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) - { + if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { /* Check that the PSA core has no knowledge of the volatile key */ - TEST_ASSERT( psa_open_key( returned_id, &handle ) == - PSA_ERROR_DOES_NOT_EXIST ); + TEST_ASSERT(psa_open_key(returned_id, &handle) == + PSA_ERROR_DOES_NOT_EXIST); /* Drop data from our mockup driver */ ram_slots_reset(); ram_min_slot = min_slot; /* Re-import key */ - PSA_ASSERT( psa_import_key( &attributes, - key_material, sizeof( key_material ), - &returned_id ) ); - } - else - { + PSA_ASSERT(psa_import_key(&attributes, + key_material, sizeof(key_material), + &returned_id)); + } else { /* Check the persistent key file */ - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) + if (!check_persistent_data(location, + &ram_shadow_slot_usage, + sizeof(ram_shadow_slot_usage))) { goto exit; + } } } /* Test that the key was created in the expected slot. */ - TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA ); + TEST_EQUAL(ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA); /* Test the key attributes, including the reported slot number. */ - psa_set_key_bits( &attributes, - PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); - psa_set_key_slot_number( &attributes, min_slot ); + psa_set_key_bits(&attributes, + PSA_BYTES_TO_BITS(sizeof(key_material))); + psa_set_key_slot_number(&attributes, min_slot); - if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { attributes.core.id = returned_id; - else - psa_set_key_id( &attributes, returned_id ); + } else { + psa_set_key_id(&attributes, returned_id); + } - if( ! check_key_attributes( returned_id, &attributes ) ) + if (!check_key_attributes(returned_id, &attributes)) { goto exit; + } /* Test the key data. */ - PSA_ASSERT( psa_export_key( returned_id, - exported, sizeof( exported ), - &exported_length ) ); - ASSERT_COMPARE( key_material, sizeof( key_material ), - exported, exported_length ); - - PSA_ASSERT( psa_destroy_key( returned_id ) ); - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) + PSA_ASSERT(psa_export_key(returned_id, + exported, sizeof(exported), + &exported_length)); + TEST_MEMORY_COMPARE(key_material, sizeof(key_material), + exported, exported_length); + + PSA_ASSERT(psa_destroy_key(returned_id)); + if (!check_persistent_data(location, + &ram_shadow_slot_usage, + sizeof(ram_shadow_slot_usage))) { goto exit; - TEST_EQUAL( psa_open_key( returned_id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + } + TEST_EQUAL(psa_open_key(returned_id, &handle), + PSA_ERROR_DOES_NOT_EXIST); /* Test that the key has been erased from the designated slot. */ - TEST_EQUAL( ram_slots[min_slot].type, 0 ); + TEST_EQUAL(ram_slots[min_slot].type, 0); exit: - PSA_DONE( ); - ram_slots_reset( ); - psa_purge_storage( ); + PSA_DONE(); + ram_slots_reset(); + psa_purge_storage(); } /* END_CASE */ /* BEGIN_CASE */ -void key_creation_in_chosen_slot( int slot_arg, - int restart, - int expected_status_arg ) +void key_creation_in_chosen_slot(int slot_arg, + int restart, + int expected_status_arg) { psa_key_slot_number_t wanted_slot = slot_arg; psa_status_t expected_status = expected_status_arg; @@ -1003,200 +998,208 @@ void key_creation_in_chosen_slot( int slot_arg, psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1); mbedtls_svc_key_id_t returned_id; psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; + const uint8_t key_material[3] = { 0xfa, 0xca, 0xde }; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); - memset( &key_management, 0, sizeof( key_management ) ); + memset(&driver, 0, sizeof(driver)); + memset(&key_management, 0, sizeof(key_management)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; driver.key_management = &key_management; - driver.persistent_data_size = sizeof( ram_slot_usage_t ); + driver.persistent_data_size = sizeof(ram_slot_usage_t); key_management.p_validate_slot_number = ram_validate_slot_number; key_management.p_import = ram_import; key_management.p_destroy = ram_destroy; key_management.p_export = ram_export; - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); /* Create a key. */ - psa_set_key_id( &attributes, id ); - psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - psa_set_key_slot_number( &attributes, wanted_slot ); - status = psa_import_key( &attributes, - key_material, sizeof( key_material ), - &returned_id ); - TEST_EQUAL( status, expected_status ); - - if( status != PSA_SUCCESS ) + psa_set_key_id(&attributes, id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); + psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA); + psa_set_key_slot_number(&attributes, wanted_slot); + status = psa_import_key(&attributes, + key_material, sizeof(key_material), + &returned_id); + TEST_EQUAL(status, expected_status); + + if (status != PSA_SUCCESS) { goto exit; - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) + } + if (!check_persistent_data(location, + &ram_shadow_slot_usage, + sizeof(ram_shadow_slot_usage))) { goto exit; + } /* Maybe restart, to check that the information is saved correctly. */ - if( restart ) - { - mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) + if (restart) { + mbedtls_psa_crypto_free(); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); + if (!check_persistent_data(location, + &ram_shadow_slot_usage, + sizeof(ram_shadow_slot_usage))) { goto exit; + } } /* Test that the key was created in the expected slot. */ - TEST_EQUAL( ram_slots[wanted_slot].type, PSA_KEY_TYPE_RAW_DATA ); + TEST_EQUAL(ram_slots[wanted_slot].type, PSA_KEY_TYPE_RAW_DATA); /* Test that the key is reported with the correct attributes, * including the expected slot. */ - PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); + PSA_ASSERT(psa_get_key_attributes(id, &attributes)); - PSA_ASSERT( psa_destroy_key( id ) ); - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) + PSA_ASSERT(psa_destroy_key(id)); + if (!check_persistent_data(location, + &ram_shadow_slot_usage, + sizeof(ram_shadow_slot_usage))) { goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); + } + TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST); exit: /* * Key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes(&attributes); - PSA_DONE( ); - ram_slots_reset( ); - psa_purge_storage( ); + PSA_DONE(); + ram_slots_reset(); + psa_purge_storage(); } /* END_CASE */ /* BEGIN_CASE depends_on:AT_LEAST_ONE_BUILTIN_KDF */ -void import_key_smoke( int type_arg, int alg_arg, - data_t *key_material ) +void import_key_smoke(int type_arg, int alg_arg, + data_t *key_material) { psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1); mbedtls_svc_key_id_t returned_id; psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); - memset( &key_management, 0, sizeof( key_management ) ); + memset(&driver, 0, sizeof(driver)); + memset(&key_management, 0, sizeof(key_management)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; driver.key_management = &key_management; - driver.persistent_data_size = sizeof( psa_key_slot_number_t ); + driver.persistent_data_size = sizeof(psa_key_slot_number_t); key_management.p_allocate = counter_allocate; key_management.p_import = null_import; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); /* Create a key. */ - psa_set_key_id( &attributes, id ); - psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, type ); - PSA_ASSERT( psa_import_key( &attributes, - key_material->x, key_material->len, - &returned_id ) ); - if( ! check_persistent_data( location, - &shadow_counter, sizeof( shadow_counter ) ) ) + psa_set_key_id(&attributes, id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_usage_flags(&attributes, + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + PSA_ASSERT(psa_import_key(&attributes, + key_material->x, key_material->len, + &returned_id)); + if (!check_persistent_data(location, + &shadow_counter, sizeof(shadow_counter))) { goto exit; + } /* Do stuff with the key. */ - if( ! smoke_test_key( id ) ) + if (!smoke_test_key(id)) { goto exit; + } /* Restart and try again. */ - mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( location, - &shadow_counter, sizeof( shadow_counter ) ) ) + mbedtls_psa_crypto_free(); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); + if (!check_persistent_data(location, + &shadow_counter, sizeof(shadow_counter))) { goto exit; - if( ! smoke_test_key( id ) ) + } + if (!smoke_test_key(id)) { goto exit; + } /* We're done. */ - PSA_ASSERT( psa_destroy_key( id ) ); - if( ! check_persistent_data( location, - &shadow_counter, sizeof( shadow_counter ) ) ) + PSA_ASSERT(psa_destroy_key(id)); + if (!check_persistent_data(location, + &shadow_counter, sizeof(shadow_counter))) { goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); + } + TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST); exit: - PSA_DONE( ); - counter_reset( ); - psa_purge_storage( ); + PSA_DONE(); + counter_reset(); + psa_purge_storage(); } /* END_CASE */ /* BEGIN_CASE */ -void generate_key_not_supported( int type_arg, int bits_arg ) +void generate_key_not_supported(int type_arg, int bits_arg) { psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1); mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); - memset( &key_management, 0, sizeof( key_management ) ); + memset(&driver, 0, sizeof(driver)); + memset(&key_management, 0, sizeof(key_management)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; driver.key_management = &key_management; - driver.persistent_data_size = sizeof( psa_key_slot_number_t ); + driver.persistent_data_size = sizeof(psa_key_slot_number_t); key_management.p_allocate = counter_allocate; /* No p_generate method */ - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); - psa_set_key_id( &attributes, id ); - psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_type( &attributes, type ); - psa_set_key_bits( &attributes, bits ); - TEST_EQUAL( psa_generate_key( &attributes, &returned_id ), - PSA_ERROR_NOT_SUPPORTED ); + psa_set_key_id(&attributes, id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + TEST_EQUAL(psa_generate_key(&attributes, &returned_id), + PSA_ERROR_NOT_SUPPORTED); exit: - PSA_DONE( ); - counter_reset( ); - psa_purge_storage( ); + PSA_DONE(); + counter_reset(); + psa_purge_storage(); } /* END_CASE */ /* BEGIN_CASE depends_on:AT_LEAST_ONE_BUILTIN_KDF */ -void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) +void generate_key_smoke(int type_arg, int bits_arg, int alg_arg) { psa_key_type_t type = type_arg; psa_key_bits_t bits = bits_arg; @@ -1204,88 +1207,93 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1); mbedtls_svc_key_id_t returned_id; psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); - memset( &key_management, 0, sizeof( key_management ) ); + memset(&driver, 0, sizeof(driver)); + memset(&key_management, 0, sizeof(key_management)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; driver.key_management = &key_management; - driver.persistent_data_size = sizeof( psa_key_slot_number_t ); + driver.persistent_data_size = sizeof(psa_key_slot_number_t); key_management.p_allocate = counter_allocate; key_management.p_generate = null_generate; key_management.p_destroy = null_destroy; - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); /* Create a key. */ - psa_set_key_id( &attributes, id ); - psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, type ); - psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) ); - if( ! check_persistent_data( location, - &shadow_counter, sizeof( shadow_counter ) ) ) + psa_set_key_id(&attributes, id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_usage_flags(&attributes, + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + PSA_ASSERT(psa_generate_key(&attributes, &returned_id)); + if (!check_persistent_data(location, + &shadow_counter, sizeof(shadow_counter))) { goto exit; + } /* Do stuff with the key. */ - if( ! smoke_test_key( id ) ) + if (!smoke_test_key(id)) { goto exit; + } /* Restart and try again. */ - mbedtls_psa_crypto_free( ); - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( location, - &shadow_counter, sizeof( shadow_counter ) ) ) + mbedtls_psa_crypto_free(); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); + if (!check_persistent_data(location, + &shadow_counter, sizeof(shadow_counter))) { goto exit; - if( ! smoke_test_key( id ) ) + } + if (!smoke_test_key(id)) { goto exit; + } /* We're done. */ - PSA_ASSERT( psa_destroy_key( id ) ); - if( ! check_persistent_data( location, - &shadow_counter, sizeof( shadow_counter ) ) ) + PSA_ASSERT(psa_destroy_key(id)); + if (!check_persistent_data(location, + &shadow_counter, sizeof(shadow_counter))) { goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); + } + TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST); exit: - PSA_DONE( ); - counter_reset( ); - psa_purge_storage( ); + PSA_DONE(); + counter_reset(); + psa_purge_storage(); } /* END_CASE */ /* BEGIN_CASE */ -void sign_verify( int flow, - int type_arg, int alg_arg, - int bits_arg, data_t *key_material, - data_t *input ) +void sign_verify(int flow, + int type_arg, int alg_arg, + int bits_arg, data_t *key_material, + data_t *input) { psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; size_t bits = bits_arg; /* Pass bits=0 to import, bits>0 to fake-generate */ - int generating = ( bits != 0 ); + int generating = (bits != 0); psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(1, 1); mbedtls_svc_key_id_t returned_id; mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1293,23 +1301,23 @@ void sign_verify( int flow, uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; size_t signature_length; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); - memset( &key_management, 0, sizeof( key_management ) ); - memset( &asymmetric, 0, sizeof( asymmetric ) ); + memset(&driver, 0, sizeof(driver)); + memset(&key_management, 0, sizeof(key_management)); + memset(&asymmetric, 0, sizeof(asymmetric)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; driver.key_management = &key_management; driver.asymmetric = &asymmetric; - driver.persistent_data_size = sizeof( ram_slot_usage_t ); + driver.persistent_data_size = sizeof(ram_slot_usage_t); key_management.p_allocate = ram_allocate; key_management.p_destroy = ram_destroy; - if( generating ) + if (generating) { key_management.p_generate = ram_fake_generate; - else + } else { key_management.p_import = ram_import; - switch( flow ) - { + } + switch (flow) { case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: break; case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: @@ -1320,208 +1328,206 @@ void sign_verify( int flow, key_management.p_export_public = ram_export_public; break; default: - TEST_ASSERT( ! "unsupported flow (should be SIGN_IN_xxx)" ); + TEST_FAIL("unsupported flow (should be SIGN_IN_xxx)"); break; } asymmetric.p_verify = ram_verify; - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); /* Prepare to create two keys with the same key material: a transparent * key, and one that goes through the driver. */ - psa_set_key_usage_flags( &sw_attributes, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); - psa_set_key_algorithm( &sw_attributes, alg ); - psa_set_key_type( &sw_attributes, type ); + psa_set_key_usage_flags(&sw_attributes, + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&sw_attributes, alg); + psa_set_key_type(&sw_attributes, type); drv_attributes = sw_attributes; - psa_set_key_id( &drv_attributes, id ); - psa_set_key_lifetime( &drv_attributes, lifetime ); + psa_set_key_id(&drv_attributes, id); + psa_set_key_lifetime(&drv_attributes, lifetime); /* Create the key in the driver. */ - if( generating ) - { - psa_set_key_bits( &drv_attributes, bits ); - PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) ); + if (generating) { + psa_set_key_bits(&drv_attributes, bits); + PSA_ASSERT(psa_generate_key(&drv_attributes, &returned_id)); /* Since we called a generate method that does not actually * generate material, store the desired result of generation in * the mock secure element storage. */ - PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) ); - TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) ); - memcpy( ram_slots[ram_min_slot].content, key_material->x, - key_material->len ); - } - else - { - PSA_ASSERT( psa_import_key( &drv_attributes, - key_material->x, key_material->len, - &returned_id ) ); + PSA_ASSERT(psa_get_key_attributes(id, &drv_attributes)); + TEST_EQUAL(key_material->len, PSA_BITS_TO_BYTES(bits)); + memcpy(ram_slots[ram_min_slot].content, key_material->x, + key_material->len); + } else { + PSA_ASSERT(psa_import_key(&drv_attributes, + key_material->x, key_material->len, + &returned_id)); } /* Either import the same key in software, or export the driver's * public key and import that. */ - switch( flow ) - { + switch (flow) { case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: - PSA_ASSERT( psa_import_key( &sw_attributes, - key_material->x, key_material->len, - &sw_key ) ); + PSA_ASSERT(psa_import_key(&sw_attributes, + key_material->x, key_material->len, + &sw_key)); break; case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: { - uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )]; + uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) + ]; size_t public_key_length; - PSA_ASSERT( psa_export_public_key( id, - public_key, sizeof( public_key ), - &public_key_length ) ); - psa_set_key_type( &sw_attributes, - PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) ); - PSA_ASSERT( psa_import_key( &sw_attributes, - public_key, public_key_length, - &sw_key ) ); + PSA_ASSERT(psa_export_public_key(id, + public_key, sizeof(public_key), + &public_key_length)); + psa_set_key_type(&sw_attributes, + PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type)); + PSA_ASSERT(psa_import_key(&sw_attributes, + public_key, public_key_length, + &sw_key)); break; } } /* Sign with the chosen key. */ - switch( flow ) - { + switch (flow) { case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: PSA_ASSERT_VIA_DRIVER( - psa_sign_hash( id, alg, - input->x, input->len, - signature, sizeof( signature ), - &signature_length ), - PSA_SUCCESS ); + psa_sign_hash(id, alg, + input->x, input->len, + signature, sizeof(signature), + &signature_length), + PSA_SUCCESS); break; case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: - PSA_ASSERT( psa_sign_hash( sw_key, alg, - input->x, input->len, - signature, sizeof( signature ), - &signature_length ) ); + PSA_ASSERT(psa_sign_hash(sw_key, alg, + input->x, input->len, + signature, sizeof(signature), + &signature_length)); break; } /* Verify with both keys. */ - PSA_ASSERT( psa_verify_hash( sw_key, alg, - input->x, input->len, - signature, signature_length ) ); + PSA_ASSERT(psa_verify_hash(sw_key, alg, + input->x, input->len, + signature, signature_length)); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( id, alg, - input->x, input->len, - signature, signature_length ), - PSA_SUCCESS ); + psa_verify_hash(id, alg, + input->x, input->len, + signature, signature_length), + PSA_SUCCESS); /* Change the signature and verify again. */ signature[0] ^= 1; - TEST_EQUAL( psa_verify_hash( sw_key, alg, - input->x, input->len, - signature, signature_length ), - PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL(psa_verify_hash(sw_key, alg, + input->x, input->len, + signature, signature_length), + PSA_ERROR_INVALID_SIGNATURE); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( id, alg, - input->x, input->len, - signature, signature_length ), - PSA_ERROR_INVALID_SIGNATURE ); + psa_verify_hash(id, alg, + input->x, input->len, + signature, signature_length), + PSA_ERROR_INVALID_SIGNATURE); exit: /* * Driver key attributes may have been returned by psa_get_key_attributes() * thus reset them as required. */ - psa_reset_key_attributes( &drv_attributes ); + psa_reset_key_attributes(&drv_attributes); - psa_destroy_key( id ); - psa_destroy_key( sw_key ); - PSA_DONE( ); - ram_slots_reset( ); - psa_purge_storage( ); + psa_destroy_key(id); + psa_destroy_key(sw_key); + PSA_DONE(); + ram_slots_reset(); + psa_purge_storage(); } /* END_CASE */ /* BEGIN_CASE */ -void register_key_smoke_test( int lifetime_arg, - int owner_id_arg, - int id_arg, - int validate, - int expected_status_arg ) +void register_key_smoke_test(int lifetime_arg, + int owner_id_arg, + int id_arg, + int validate, + int expected_status_arg) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); psa_status_t expected_status = expected_status_arg; psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); psa_key_handle_t handle; size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; psa_status_t status; - TEST_USES_KEY_ID( id ); + TEST_USES_KEY_ID(id); - memset( &driver, 0, sizeof( driver ) ); + memset(&driver, 0, sizeof(driver)); driver.hal_version = PSA_DRV_SE_HAL_VERSION; - memset( &key_management, 0, sizeof( key_management ) ); + memset(&key_management, 0, sizeof(key_management)); driver.key_management = &key_management; key_management.p_destroy = null_destroy; - if( validate >= 0 ) - { + if (validate >= 0) { key_management.p_validate_slot_number = validate_slot_number_as_directed; validate_slot_number_directions.slot_number = wanted_slot; validate_slot_number_directions.method = PSA_KEY_CREATION_REGISTER; validate_slot_number_directions.status = - ( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED ); + (validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED); } - mbedtls_test_set_step( 1 ); - PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); + mbedtls_test_set_step(1); + PSA_ASSERT(psa_register_se_driver(MIN_DRIVER_LOCATION, &driver)); + PSA_ASSERT(psa_crypto_init()); - psa_set_key_id( &attributes, id ); - psa_set_key_lifetime( &attributes, lifetime ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - psa_set_key_bits( &attributes, bit_size ); - psa_set_key_slot_number( &attributes, wanted_slot ); + psa_set_key_id(&attributes, id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); + psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA); + psa_set_key_bits(&attributes, bit_size); + psa_set_key_slot_number(&attributes, wanted_slot); - status = mbedtls_psa_register_se_key( &attributes ); - TEST_EQUAL( status, expected_status ); + status = mbedtls_psa_register_se_key(&attributes); + TEST_EQUAL(status, expected_status); - if( status != PSA_SUCCESS ) + if (status != PSA_SUCCESS) { goto exit; + } /* Test that the key exists and has the expected attributes. */ - if( ! check_key_attributes( id, &attributes ) ) + if (!check_key_attributes(id, &attributes)) { goto exit; + } #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_svc_key_id_t invalid_id = - mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); - TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); + mbedtls_svc_key_id_make(owner_id_arg + 1, id_arg); + TEST_EQUAL(psa_open_key(invalid_id, &handle), PSA_ERROR_DOES_NOT_EXIST); #endif - PSA_ASSERT( psa_purge_key( id ) ); + PSA_ASSERT(psa_purge_key(id)); /* Restart and try again. */ - mbedtls_test_set_step( 2 ); - PSA_SESSION_DONE( ); - PSA_ASSERT( psa_register_se_driver( location, &driver ) ); - PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_key_attributes( id, &attributes ) ) + mbedtls_test_set_step(2); + PSA_SESSION_DONE(); + PSA_ASSERT(psa_register_se_driver(location, &driver)); + PSA_ASSERT(psa_crypto_init()); + if (!check_key_attributes(id, &attributes)) { goto exit; + } /* This time, destroy the key. */ - PSA_ASSERT( psa_destroy_key( id ) ); - TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); + PSA_ASSERT(psa_destroy_key(id)); + TEST_EQUAL(psa_open_key(id, &handle), PSA_ERROR_DOES_NOT_EXIST); exit: - psa_reset_key_attributes( &attributes ); - psa_destroy_key( id ); - PSA_DONE( ); - psa_purge_storage( ); - memset( &validate_slot_number_directions, 0, - sizeof( validate_slot_number_directions ) ); + psa_reset_key_attributes(&attributes); + psa_destroy_key(id); + PSA_DONE(); + psa_purge_storage(); + memset(&validate_slot_number_directions, 0, + sizeof(validate_slot_number_directions)); } /* END_CASE */ |