Add test driver implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
As part of test_psa_crypto_drivers, define a builtin symmetric
plus an ECC key on the test driver lifetime.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 70c3026..28087de 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -257,6 +257,16 @@
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ /* Emulate property 'builtin_key_size' */
+ if( psa_key_id_is_builtin(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
+ psa_get_key_id( attributes ) ) ) )
+ {
+ *key_buffer_size = sizeof(psa_drv_slot_number_t);
+ return( PSA_SUCCESS );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
*key_buffer_size = test_size_function( key_type, key_bits );
return( PSA_SUCCESS );
@@ -582,6 +592,17 @@
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ return( test_opaque_get_builtin_key(
+ slot_number,
+ attributes,
+ key_buffer, key_buffer_size, key_buffer_length ) );
+#else
+ return( PSA_ERROR_DOES_NOT_EXIST );
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void) slot_number;
(void) key_buffer;
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index b30baa2..ee96024 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -29,6 +29,11 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
+#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
+#endif
+
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
@@ -82,5 +87,10 @@
size_t *key_buffer_length,
size_t *bits);
+psa_status_t test_opaque_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
index 10a40c3..d8410be 100644
--- a/tests/src/drivers/key_management.c
+++ b/tests/src/drivers/key_management.c
@@ -232,4 +232,63 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
+/* The opaque test driver exposes two built-in keys when builtin key support is
+ * compiled in.
+ * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 key which allows CTR mode
+ * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 private key which allows ECDSA sign & verify
+ * The key buffer format for these is the raw format of psa_drv_slot_number_t
+ * (i.e. for an actual driver this would mean 'builtin_key_size' = sizeof(psa_drv_slot_number_t))
+ */
+psa_status_t test_opaque_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+{
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
+ if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( attributes, 128 );
+ psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( attributes, PSA_ALG_CTR );
+
+ *( (psa_drv_slot_number_t*) key_buffer ) =
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
+ *key_buffer_length = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ psa_set_key_type( attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) );
+ psa_set_key_bits( attributes, 256 );
+ psa_set_key_usage_flags( attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
+
+ *( (psa_drv_slot_number_t*) key_buffer) =
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
+ *key_buffer_length = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ default:
+ (void) slot_number;
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_buffer_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+#else
+ (void) slot_number;
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_buffer_length;
+ return( PSA_ERROR_DOES_NOT_EXIST );
+#endif
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index c282edc..ee7fa20 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -285,16 +285,33 @@
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
#include <psa/crypto.h>
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include "test/drivers/test_driver.h"
+#endif
+
typedef struct
{
psa_key_id_t builtin_key_id;
psa_key_location_t location;
psa_drv_slot_number_t slot_number;
} mbedtls_psa_builtin_key_description_t;
+
static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
- // TODO: declare some keys
- {0, 0, 0},
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ /* For testing, assign the AES builtin key slot to the boundary values.
+ * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
+ {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ {MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
+ {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ {MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1, PSA_CRYPTO_TEST_DRIVER_LIFETIME, PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+#else
+ {0, 0, 0}
+#endif
};
+
psa_status_t mbedtls_psa_platform_get_builtin_key(
psa_key_attributes_t *attributes, psa_drv_slot_number_t *slot_number )
{