Add simple test coverage for builtin keys (PSA opaque driver export)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index ee96024..cf6fbb0 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -32,6 +32,9 @@
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
+
+extern const uint8_t test_driver_aes_key[16];
+extern const uint8_t test_driver_ecdsa_key[32];
#endif
typedef struct {
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
index d8410be..77a217f 100644
--- a/tests/src/drivers/key_management.c
+++ b/tests/src/drivers/key_management.c
@@ -41,6 +41,30 @@
test_driver_key_management_hooks_t test_driver_key_management_hooks =
TEST_DRIVER_KEY_MANAGEMENT_INIT;
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+const uint8_t test_driver_aes_key[16] =
+ { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
+ 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
+const uint8_t test_driver_ecdsa_key[32] =
+ { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
+ 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
+ 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
+ 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
+const uint8_t test_driver_ecdsa_pubkey[65] =
+ { 0x04,
+ 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
+ 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
+ 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
+ 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
+ 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
+ 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
+ 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
+ 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
+
+static const psa_drv_slot_number_t aes_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
+static const psa_drv_slot_number_t ecdsa_slot = PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
psa_status_t test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length )
@@ -154,6 +178,57 @@
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length )
{
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
+ {
+ if( key_length != sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
+ {
+ /* This is the ECDSA slot. Verify key attributes before returning pubkey. */
+ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 256 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( test_driver_ecdsa_key ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, test_driver_ecdsa_key, sizeof( test_driver_ecdsa_key ) );
+ *data_length = sizeof( test_driver_ecdsa_key );
+ return( PSA_SUCCESS );
+ }
+
+ if( memcmp( key, &aes_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
+ {
+ /* This is the ECDSA slot. Verify key attributes before returning pubkey. */
+ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 128 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( (psa_get_key_usage_flags( attributes ) & PSA_KEY_USAGE_EXPORT) == 0 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( test_driver_aes_key ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, test_driver_aes_key, sizeof( test_driver_aes_key ) );
+ *data_length = sizeof( test_driver_aes_key );
+ return( PSA_SUCCESS );
+ }
+
+ /* Potentially add more slots here */
+
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
(void) attributes;
(void) key;
(void) key_length;
@@ -223,6 +298,35 @@
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length )
{
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ if( psa_key_id_is_builtin( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( attributes ) ) ) )
+ {
+ if( key_length != sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( memcmp( key, &ecdsa_slot, sizeof( psa_drv_slot_number_t ) ) == 0 )
+ {
+ /* This is the ECDSA slot. Verify key attributes before returning pubkey. */
+ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 256 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) != PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( test_driver_ecdsa_pubkey ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy(data, test_driver_ecdsa_pubkey, sizeof( test_driver_ecdsa_pubkey ) );
+ *data_length = sizeof( test_driver_ecdsa_pubkey );
+ return( PSA_SUCCESS );
+ }
+
+ /* Potentially add more slots here */
+
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
(void) attributes;
(void) key;
(void) key_length;
@@ -253,7 +357,7 @@
psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( attributes, 128 );
- psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( attributes, PSA_ALG_CTR );
*( (psa_drv_slot_number_t*) key_buffer ) =
@@ -264,9 +368,9 @@
if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) );
+ psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_bits( attributes, 256 );
- psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
*( (psa_drv_slot_number_t*) key_buffer) =
@@ -281,14 +385,14 @@
(void) key_buffer_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else
+#else /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
(void) slot_number;
(void) attributes;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
return( PSA_ERROR_DOES_NOT_EXIST );
-#endif
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 241d715..2513883 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -243,3 +243,27 @@
PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA opaque driver builtin key export: AES
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: AES (registered to ID_MAX-1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: AES (registered to ID_MAX)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: key ID out of range (ID_MIN - 1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
+
+PSA opaque driver builtin key export: key ID out of range (ID_MAX + 1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
+
+PSA opaque driver builtin key export: secp256r1
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"dc7d9d26d67a4f632c34c2dc0b6986183882c206df04cdb7d69aabe28be4f81a":PSA_SUCCESS
+
+PSA opaque driver builtin pubkey export: secp256r1
+builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_SUCCESS
+
+PSA opaque driver builtin pubkey export: not a public key
+builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 20452b7..449b528 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -936,3 +936,107 @@
test_driver_aead_hooks = test_driver_aead_hooks_init();
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+void builtin_key_export( int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
+ psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
+ psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg;
+ size_t builtin_key_bits = (size_t) builtin_key_bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id);
+ uint8_t* output_buffer = NULL;
+ size_t output_size = 0;
+ psa_status_t actual_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+
+ actual_status = psa_export_key( key, output_buffer, expected_output->len, &output_size );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( actual_status );
+ TEST_EQUAL( output_size, expected_output->len );
+ ASSERT_COMPARE( output_buffer, output_size,
+ expected_output->x, expected_output->len );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
+ TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
+ }
+ else
+ {
+ if( actual_status != expected_status )
+ fprintf(stderr, "Expected %d but got %d\n", expected_status, actual_status);
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_size, 0 );
+ }
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+void builtin_pubkey_export( int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
+ psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
+ psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg;
+ size_t builtin_key_bits = (size_t) builtin_key_bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make(0, builtin_key_id);
+ uint8_t* output_buffer = NULL;
+ size_t output_size = 0;
+ psa_status_t actual_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+
+ actual_status = psa_export_public_key( key, output_buffer, expected_output->len, &output_size );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( actual_status );
+ TEST_EQUAL( output_size, expected_output->len );
+ ASSERT_COMPARE( output_buffer, output_size,
+ expected_output->x, expected_output->len );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
+ TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
+ }
+ else
+ {
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_size, 0 );
+ }
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
