AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #3302 from gilles-peskine-arm/psa-lifetime-persistence-indicator

Browse Source 
Define some structure for lifetime values
This commit is contained in:
Gilles Peskine 2020-05-14 16:13:20 +02:00 committed by GitHub
commit ee61b6601e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 360 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog.d/psa-lifetime-locations.txt Normal file
View File

@ -0,0 +1,8 @@
Default behavior changes
* In the experimental PSA secure element interface, change the encoding of
key lifetimes to encode a persistence level and the location. Although C
prototypes do not effectively change, code calling
psa_register_se_driver() must be modified to pass the driver's location
instead of the keys' lifetime. If the library is upgraded on an existing
device, keys created with the old lifetime value will not be readable or
removable through Mbed TLS after the upgrade.

24
include/psa/crypto_se_driver.h
View File

@ -119,8 +119,10 @@ typedef struct {
* \param[in,out] drv_context The driver context structure.
* \param[in,out] persistent_data A pointer to the persistent data
* that allows writing.
* \param lifetime The lifetime value for which this driver
* is registered.
* \param location The location value for which this driver
* is registered. The driver will be invoked
* for all keys whose lifetime is in this
* location.
*
* \retval #PSA_SUCCESS
* The driver is operational.
@ -132,7 +134,7 @@ typedef struct {
*/
typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
void *persistent_data,
psa_key_lifetime_t lifetime);
psa_key_location_t location);
#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Mbed Crypto with secure element support enabled defines this type in
@ -1341,17 +1343,19 @@ typedef struct {
* after psa_crypto_init().
*
* \note Implementations store metadata about keys including the lifetime
* value. Therefore, from one instantiation of the PSA Cryptography
* value, which contains the driver's location indicator. Therefore,
* from one instantiation of the PSA Cryptography
* library to the next one, if there is a key in storage with a certain
* lifetime value, you must always register the same driver (or an
* updated version that communicates with the same secure element)
* with the same lifetime value.
* with the same location value.
*
* \param lifetime The lifetime value through which this driver will
* \param location The location value through which this driver will
* be exposed to applications.
* The values #PSA_KEY_LIFETIME_VOLATILE and
* #PSA_KEY_LIFETIME_PERSISTENT are reserved and
* may not be used for drivers. Implementations
* This driver will be used for all keys such that
* `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`.
* The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved
* and may not be used for drivers. Implementations
* may reserve other values.
* \param[in] methods The method table of the driver. This structure must
* remain valid for as long as the cryptography
@ -1376,7 +1380,7 @@ typedef struct {
* \return PSA_ERROR_NOT_PERMITTED
*/
psa_status_t psa_register_se_driver(
psa_key_lifetime_t lifetime,
psa_key_location_t location,
const psa_drv_se_t *methods);
/**@}*/

109
include/psa/crypto_types.h
View File

@ -108,18 +108,117 @@ typedef uint32_t psa_algorithm_t;
* The lifetime of a key indicates where it is stored and what system actions
* may create and destroy it.
*
* Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically
* destroyed when the application terminates or on a power reset.
* Lifetime values have the following structure:
* - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
* persistence level. This value indicates what device management
* actions can cause it to be destroyed. In particular, it indicates
* whether the key is _volatile_ or _persistent_.
* See ::psa_key_persistence_t for more information.
* - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
* location indicator. This value indicates where the key is stored
* and where operations on the key are performed.
* See ::psa_key_location_t for more information.
*
* Volatile keys are automatically destroyed when the application instance
* terminates or on a power reset of the device. Persistent keys are
* preserved until the application explicitly destroys them or until an
* implementation-specific device management event occurs (for example,
* a factory reset).
*
* Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said
* to be _persistent_.
* Persistent keys are preserved if the application or the system restarts.
* Persistent keys have a key identifier of type #psa_key_id_t.
* This identifier remains valid throughout the lifetime of the key,
* even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
* it created previously.
*
* This specification defines two basic lifetime values:
* - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
* All implementations should support this lifetime.
* - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
* All implementations that have access to persistent storage with
* appropriate security guarantees should support this lifetime.
*/
typedef uint32_t psa_key_lifetime_t;
/** Encoding of key persistence levels.
*
* What distinguishes different persistence levels is what device management
* events may cause keys to be destroyed. _Volatile_ keys are destroyed
* by a power reset. Persistent keys may be destroyed by events such as
* a transfer of ownership or a factory reset. What management events
* actually affect persistent keys at different levels is outside the
* scope of the PSA Cryptography specification.
*
* This specification defines the following values of persistence levels:
* - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
* A volatile key is automatically destroyed by the implementation when
* the application instance terminates. In particular, a volatile key
* is automatically destroyed on a power reset of the device.
* - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
* persistent key with a default lifetime.
* Implementations should support this value if they support persistent
* keys at all.
* Applications should use this value if they have no specific needs that
* are only met by implementation-specific features.
* - \c 2-127: persistent key with a PSA-specified lifetime.
* The PSA Cryptography specification does not define the meaning of these
* values, but other PSA specifications may do so.
* - \c 128-254: persistent key with a vendor-specified lifetime.
* No PSA specification will define the meaning of these values, so
* implementations may choose the meaning freely.
* As a guideline, higher persistence levels should cause a key to survive
* more management events than lower levels.
* - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
* read-only or write-once key.
* A key with this persistence level cannot be destroyed.
* Implementations that support such keys may either allow their creation
* through the PSA Cryptography API, preferably only to applications with
* the appropriate privilege, or only expose keys created through
* implementation-specific means such as a factory ROM engraving process.
* Note that keys that are read-only due to policy restrictions
* rather than due to physical limitations should not have this
* persistence levels.
*
* \note Key persistence levels are 8-bit values. Key management
* interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
* encode the persistence as the lower 8 bits of a 32-bit value.
*/
typedef uint8_t psa_key_persistence_t;
/** Encoding of key location indicators.
*
* If an implementation of this API can make calls to external
* cryptoprocessors such as secure elements, the location of a key
* indicates which secure element performs the operations on the key.
* If an implementation offers multiple physical locations for persistent
* storage, the location indicator reflects at which physical location
* the key is stored.
*
* This specification defines the following values of location indicators:
* - \c 0: primary local storage.
* All implementations should support this value.
* The primary local storage is typically the same storage area that
* contains the key metadata.
* - \c 1: primary secure element.
* Implementations should support this value if there is a secure element
* attached to the operating environment.
* As a guideline, secure elements may provide higher resistance against
* side channel and physical attacks than the primary local storage, but may
* have restrictions on supported key types, sizes, policies and operations
* and may have different performance characteristics.
* - \c 2-0x7fffff: other locations defined by a PSA specification.
* The PSA Cryptography API does not currently assign any meaning to these
* locations, but future versions of this specification or other PSA
* specifications may do so.
* - \c 0x800000-0xffffff: vendor-defined locations.
* No PSA specification will assign a meaning to locations in this range.
*
* \note Key location indicators are 24-bit values. Key management
* interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
* encode the location as the upper 24 bits of a 32-bit value.
*/
typedef uint32_t psa_key_location_t;
/** Encoding of identifiers of persistent keys.
*
* - Applications may freely choose key identifiers in the range

80
include/psa/crypto_values.h
View File

@ -1539,12 +1539,20 @@
* @{
*/
/** A volatile key only exists as long as the handle to it is not closed.
/** The default lifetime for volatile keys.
*
* A volatile key only exists as long as the handle to it is not closed.
* The key material is guaranteed to be erased on a power reset.
*
* A key with this lifetime is typically stored in the RAM area of the
* PSA Crypto subsystem. However this is an implementation choice.
* If an implementation stores data about the key in a non-volatile memory,
* it must release all the resources associated with the key and erase the
* key material if the calling application terminates.
*/
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
/** The default storage area for persistent keys.
/** The default lifetime for persistent keys.
*
* A persistent key remains in storage until it is explicitly destroyed or
* until the corresponding storage area is wiped. This specification does
@ -1555,9 +1563,77 @@
* This lifetime value is the default storage area for the calling
* application. Implementations may offer other storage areas designated
* by other lifetime values as implementation-specific extensions.
* See ::psa_key_lifetime_t for more information.
*/
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
/** The persistence level of volatile keys.
*
* See ::psa_key_persistence_t for more information.
*/
#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
/** The default persistence level for persistent keys.
*
* See ::psa_key_persistence_t for more information.
*/
#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
/** A persistence level indicating that a key is never destroyed.
*
* See ::psa_key_persistence_t for more information.
*/
#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
((psa_key_persistence_t)((lifetime) & 0x000000ff))
#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
((psa_key_location_t)((lifetime) >> 8))
/** Whether a key lifetime indicates that the key is volatile.
*
* A volatile key is automatically destroyed by the implementation when
* the application instance terminates. In particular, a volatile key
* is automatically destroyed on a power reset of the device.
*
* A key that is not volatile is persistent. Persistent keys are
* preserved until the application explicitly destroys them or until an
* implementation-specific device management event occurs (for example,
* a factory reset).
*
* \param lifetime The lifetime value to query (value of type
* ::psa_key_lifetime_t).
*
* \return \c 1 if the key is volatile, otherwise \c 0.
*/
#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE)
/** Construct a lifetime from a persistence level and a location.
*
* \param persistence The persistence level
* (value of type ::psa_key_persistence_t).
* \param location The location indicator
* (value of type ::psa_key_location_t).
*
* \return The constructed lifetime value.
*/
#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
((location) << 8 | (persistence))
/** The local storage area for persistent keys.
*
* This storage area is available on all systems that can store persistent
* keys without delegating the storage to a third-party cryptoprocessor.
*
* See ::psa_key_location_t for more information.
*/
#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)

58
library/psa_crypto_se.c
View File

@ -66,7 +66,7 @@ typedef struct
struct psa_se_drv_table_entry_s
{
psa_key_lifetime_t lifetime;
psa_key_location_t location;
const psa_drv_se_t *methods;
union
{
@ -81,15 +81,16 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry(
psa_key_lifetime_t lifetime )
{
size_t i;
/* In the driver table, lifetime=0 means an entry that isn't used.
* No driver has a lifetime of 0 because it's a reserved value
* (which designates volatile keys). Make sure we never return
* a driver entry for lifetime 0. */
if( lifetime == 0 )
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
/* In the driver table, location=0 means an entry that isn't used.
* No driver has a location of 0 because it's a reserved value
* (which designates transparent keys). Make sure we never return
* a driver entry for location 0. */
if( location == 0 )
return( NULL );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
if( driver_table[i].lifetime == lifetime )
if( driver_table[i].location == location )
return( &driver_table[i] );
}
return( NULL );
@ -129,7 +130,7 @@ static psa_status_t psa_get_se_driver_its_file_uid(
const psa_se_drv_table_entry_t *driver,
psa_storage_uid_t *uid )
{
if( driver->lifetime > PSA_MAX_SE_LIFETIME )
if( driver->location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
#if SIZE_MAX > UINT32_MAX
@ -139,7 +140,7 @@ static psa_status_t psa_get_se_driver_its_file_uid(
#endif
/* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
*uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime;
*uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
return( PSA_SUCCESS );
}
@ -186,12 +187,12 @@ psa_status_t psa_save_se_persistent_data(
0 ) );
}
psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime )
psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
{
psa_storage_uid_t uid;
if( lifetime > PSA_MAX_SE_LIFETIME )
if( location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime;
uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location;
return( psa_its_remove( uid ) );
}
@ -202,9 +203,11 @@ psa_status_t psa_find_se_slot_for_key(
psa_key_slot_number_t *slot_number )
{
psa_status_t status;
psa_key_location_t key_location =
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) );
/* If the lifetime is wrong, it's a bug in the library. */
if( driver->lifetime != psa_get_key_lifetime( attributes ) )
/* If the location is wrong, it's a bug in the library. */
if( driver->location != key_location )
return( PSA_ERROR_CORRUPTION_DETECTED );
/* If the driver doesn't support key creation in any way, give up now. */
@ -278,7 +281,7 @@ psa_status_t psa_init_all_se_drivers( void )
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
psa_se_drv_table_entry_t *driver = &driver_table[i];
if( driver->lifetime == 0 )
if( driver->location == 0 )
continue; /* skipping unused entry */
const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
if( methods->p_init != NULL )
@ -286,7 +289,7 @@ psa_status_t psa_init_all_se_drivers( void )
psa_status_t status = methods->p_init(
&driver->u.context,
driver->u.internal.persistent_data,
driver->lifetime );
driver->location );
if( status != PSA_SUCCESS )
return( status );
status = psa_save_se_persistent_data( driver );
@ -304,7 +307,7 @@ psa_status_t psa_init_all_se_drivers( void )
/****************************************************************/
psa_status_t psa_register_se_driver(
psa_key_lifetime_t lifetime,
psa_key_location_t location,
const psa_drv_se_t *methods)
{
size_t i;
@ -313,33 +316,30 @@ psa_status_t psa_register_se_driver(
if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
return( PSA_ERROR_NOT_SUPPORTED );
/* Driver table entries are 0-initialized. 0 is not a valid driver
* lifetime because it means a volatile key. */
* location because it means a transparent key. */
#if defined(static_assert)
static_assert( PSA_KEY_LIFETIME_VOLATILE == 0,
"Secure element support requires 0 to mean a volatile key" );
static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
"Secure element support requires 0 to mean a local key" );
#endif
if( lifetime == PSA_KEY_LIFETIME_VOLATILE ||
lifetime == PSA_KEY_LIFETIME_PERSISTENT )
{
if( location == PSA_KEY_LOCATION_LOCAL_STORAGE )
return( PSA_ERROR_INVALID_ARGUMENT );
}
if( lifetime > PSA_MAX_SE_LIFETIME )
if( location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
if( driver_table[i].lifetime == 0 )
if( driver_table[i].location == 0 )
break;
/* Check that lifetime isn't already in use up to the first free
/* Check that location isn't already in use up to the first free
* entry. Since entries are created in order and never deleted,
* there can't be a used entry after the first free entry. */
if( driver_table[i].lifetime == lifetime )
if( driver_table[i].location == location )
return( PSA_ERROR_ALREADY_EXISTS );
}
if( i == PSA_MAX_SE_DRIVERS )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
driver_table[i].lifetime = lifetime;
driver_table[i].location = location;
driver_table[i].methods = methods;
driver_table[i].u.internal.persistent_data_size =
methods->persistent_data_size;

23
library/psa_crypto_se.h
View File

@ -31,31 +31,30 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
/** The maximum lifetime value that this implementation supports
/** The maximum location value that this implementation supports
* for a secure element.
*
* This is not a characteristic that each PSA implementation has, but a
* limitation of the current implementation due to the constraints imposed
* by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE.
*
* The minimum lifetime value for a secure element is 2, like on any
* PSA implementation (0=volatile and 1=internal-storage are taken).
* The minimum location value for a secure element is 1, like on any
* PSA implementation (0 means a transparent key).
*/
#define PSA_MAX_SE_LIFETIME 255
#define PSA_MAX_SE_LOCATION 255
/** The base of the range of ITS file identifiers for secure element
* driver persistent data.
*
* We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
* specifically the range 0xfffffe00..0xfffffeff. The length of this range
* drives the value of #PSA_MAX_SE_LIFETIME.
* The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since
* they correspond to #PSA_KEY_LIFETIME_VOLATILE and
* #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver.
* drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is
* actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
* which doesn't have a driver.
*/
#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
/** The maximum number of registered secure element driver lifetimes. */
/** The maximum number of registered secure element driver locations. */
#define PSA_MAX_SE_DRIVERS 4
/** Unregister all secure element drivers.
@ -173,10 +172,10 @@ psa_status_t psa_save_se_persistent_data(
*
* This is currently only used for testing.
*
* \param[in] lifetime The driver lifetime whose persistent data should
* be erased.
* \param[in] location The location identifier for the driver whose
* persistent data is to be erased.
*/
psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime );
psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
/** The storage representation of a key whose data is in a secure element.

17
tests/suites/test_suite_psa_crypto_se_driver_hal.data
View File

@ -6,14 +6,11 @@ register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
Register SE driver: good, again
register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
Register SE driver: invalid lifetime (0)
Register SE driver: invalid location (0)
register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid lifetime (VOLATILE)
register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid lifetime (PERSISTENT)
register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid location (local)
register_one:PSA_KEY_LOCATION_LOCAL_STORAGE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid version (ancient)
register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED
@ -121,7 +118,7 @@ Key generation smoke test: HMAC-SHA-256
generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
Key registration: smoke test
register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS
Key registration: invalid lifetime (volatile)
register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
@ -130,13 +127,13 @@ Key registration: invalid lifetime (internal storage)
register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT
Key registration: invalid lifetime (no registered driver)
register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT
register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT
Key registration: rejected
register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
Key registration: not supported
register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
Import-sign-verify: sign in driver, ECDSA
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED

123
tests/suites/test_suite_psa_crypto_se_driver_hal.function
View File

@ -18,8 +18,14 @@
/* Test driver helpers */
/****************************************************************/
/** The minimum valid lifetime value for a secure element driver. */
#define MIN_DRIVER_LIFETIME 2
/** The minimum valid location value for a secure element driver. */
#define MIN_DRIVER_LOCATION 1
/** The location and lifetime used for tests that use a single driver. */
#define TEST_DRIVER_LOCATION 1
#define TEST_SE_PERSISTENT_LIFETIME \
( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
/** The driver detected a condition that shouldn't happen.
* This is probably a bug in the library. */
@ -547,7 +553,7 @@ static int check_key_attributes(
psa_get_key_lifetime( &actual_attributes );
psa_status_t status = psa_get_key_slot_number( &actual_attributes,
&actual_slot_number );
if( lifetime < MIN_DRIVER_LIFETIME )
if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION )
{
/* The key is not in a secure element. */
TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
@ -571,23 +577,23 @@ exit:
return( ok );
}
/* Get the file UID corresponding to the specified lifetime.
/* Get the file UID corresponding to the specified location.
* If this changes, the storage format version must change.
* See psa_get_se_driver_its_file_uid() in psa_crypto_se.c.
*/
psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime )
psa_storage_uid_t file_uid_for_location( psa_key_location_t location )
{
if( lifetime > PSA_MAX_SE_LIFETIME )
if( location > PSA_MAX_SE_LOCATION )
return( 0 );
return( 0xfffffe00 + lifetime );
return( 0xfffffe00 + location );
}
/* Check that the persistent data of a driver has its expected content. */
static int check_persistent_data( psa_key_lifetime_t lifetime,
static int check_persistent_data( psa_key_location_t location,
const void *expected_data,
size_t size )
{
psa_storage_uid_t uid = file_uid_for_lifetime( lifetime );
psa_storage_uid_t uid = file_uid_for_location( location );
struct psa_storage_info_t info;
uint8_t *loaded = NULL;
int ok = 0;
@ -737,7 +743,7 @@ exit:
static void psa_purge_storage( void )
{
psa_key_id_t id;
psa_key_lifetime_t lifetime;
psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
@ -746,8 +752,8 @@ static void psa_purge_storage( void )
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
psa_destroy_se_persistent_data( lifetime );
for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
psa_destroy_se_persistent_data( location );
}
/* END_HEADER */
@ -758,7 +764,7 @@ static void psa_purge_storage( void )
*/
/* BEGIN_CASE */
void register_one( int lifetime, int version, int expected_status_arg )
void register_one( int location, int version, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
@ -766,7 +772,7 @@ void register_one( int lifetime, int version, int expected_status_arg )
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = version;
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
TEST_EQUAL( psa_register_se_driver( location, &driver ),
expected_status );
PSA_ASSERT( psa_crypto_init( ) );
@ -780,16 +786,16 @@ exit:
void register_twice( int count )
{
psa_drv_se_t driver;
psa_key_lifetime_t lifetime;
psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count;
psa_key_location_t location;
psa_key_location_t max = MIN_DRIVER_LOCATION + count;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
for( location = MIN_DRIVER_LOCATION; location < max; location++ )
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
for( location = MIN_DRIVER_LOCATION; location < max; location++ )
TEST_EQUAL( psa_register_se_driver( location, &driver ),
PSA_ERROR_ALREADY_EXISTS );
PSA_ASSERT( psa_crypto_init( ) );
@ -803,16 +809,16 @@ exit:
void register_max( )
{
psa_drv_se_t driver;
psa_key_lifetime_t lifetime;
psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS;
psa_key_location_t location;
psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
for( location = MIN_DRIVER_LOCATION; location < max; location++ )
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
TEST_EQUAL( psa_register_se_driver( location, &driver ),
PSA_ERROR_INSUFFICIENT_MEMORY );
PSA_ASSERT( psa_crypto_init( ) );
@ -827,7 +833,8 @@ void key_creation_import_export( int min_slot, int restart )
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -846,7 +853,7 @@ void key_creation_import_export( int min_slot, int restart )
key_management.p_export = ram_export;
ram_min_slot = min_slot;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@ -857,7 +864,7 @@ void key_creation_import_export( int min_slot, int restart )
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
&handle ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@ -866,9 +873,9 @@ void key_creation_import_export( int min_slot, int restart )
if( restart )
{
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@ -894,7 +901,7 @@ void key_creation_import_export( int min_slot, int restart )
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@ -921,7 +928,8 @@ void key_creation_in_chosen_slot( int slot_arg,
psa_status_t status;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -937,7 +945,7 @@ void key_creation_in_chosen_slot( int slot_arg,
key_management.p_destroy = ram_destroy;
key_management.p_export = ram_export;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@ -953,7 +961,7 @@ void key_creation_in_chosen_slot( int slot_arg,
if( status != PSA_SUCCESS )
goto exit;
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@ -962,9 +970,9 @@ void key_creation_in_chosen_slot( int slot_arg,
if( restart )
{
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@ -980,7 +988,7 @@ void key_creation_in_chosen_slot( int slot_arg,
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@ -1002,7 +1010,8 @@ void import_key_smoke( int type_arg, int alg_arg,
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1016,7 +1025,7 @@ void import_key_smoke( int type_arg, int alg_arg,
key_management.p_import = null_import;
key_management.p_destroy = null_destroy;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@ -1031,7 +1040,7 @@ void import_key_smoke( int type_arg, int alg_arg,
PSA_ASSERT( psa_import_key( &attributes,
key_material->x, key_material->len,
&handle ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
@ -1041,9 +1050,9 @@ void import_key_smoke( int type_arg, int alg_arg,
/* Restart and try again. */
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
@ -1053,7 +1062,7 @@ void import_key_smoke( int type_arg, int alg_arg,
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
@ -1073,7 +1082,8 @@ void generate_key_not_supported( int type_arg, int bits_arg )
size_t bits = bits_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1086,7 +1096,7 @@ void generate_key_not_supported( int type_arg, int bits_arg )
key_management.p_allocate = counter_allocate;
/* No p_generate method */
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -1111,7 +1121,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -1125,7 +1136,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
key_management.p_generate = null_generate;
key_management.p_destroy = null_destroy;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@ -1139,7 +1150,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
@ -1149,9 +1160,9 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
/* Restart and try again. */
mbedtls_psa_crypto_free( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
@ -1161,7 +1172,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
if( ! check_persistent_data( lifetime,
if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
@ -1190,7 +1201,8 @@ void sign_verify( int flow,
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t drv_handle = 0; /* key managed by the driver */
psa_key_handle_t sw_handle = 0; /* transparent key */
@ -1229,7 +1241,7 @@ void sign_verify( int flow,
}
asymmetric.p_verify = ram_verify;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Prepare to create two keys with the same key material: a transparent
@ -1347,6 +1359,7 @@ void register_key_smoke_test( int lifetime_arg,
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
@ -1371,7 +1384,7 @@ void register_key_smoke_test( int lifetime_arg,
( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED );
}
PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) );
PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -1395,7 +1408,7 @@ void register_key_smoke_test( int lifetime_arg,
/* Restart and try again. */
PSA_DONE( );
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_open_key( id, &handle ) );
if( ! check_key_attributes( handle, &attributes ) )

11
tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
View File

@ -1,11 +1,14 @@
SE init mock test: success
mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
mock_init:1:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
SE init mock test: failure
mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
mock_init:1:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
SE init mock test: invalid lifetime
mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
SE init mock test: invalid location (0)
mock_init:0:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
SE init mock test: location not supported (INT_MAX)
mock_init:INT_MAX:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
SE key importing mock test
mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS

56
tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
View File

@ -5,10 +5,16 @@
#include "psa_crypto_se.h"
#include "psa_crypto_storage.h"
/** The location and lifetime used for tests that use a single driver. */
#define TEST_DRIVER_LOCATION 1
#define TEST_SE_PERSISTENT_LIFETIME \
( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
static struct
{
uint16_t called;
psa_key_lifetime_t lifetime;
psa_key_location_t location;
psa_status_t return_value;
} mock_init_data;
@ -84,7 +90,7 @@ static struct
static void psa_purge_storage( void )
{
psa_key_id_t id;
psa_key_lifetime_t lifetime;
psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
@ -93,8 +99,8 @@ static void psa_purge_storage( void )
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
psa_destroy_se_persistent_data( lifetime );
for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
psa_destroy_se_persistent_data( location );
}
static void mock_teardown( void )
@ -113,13 +119,13 @@ static void mock_teardown( void )
static psa_status_t mock_init( psa_drv_se_context_t *drv_context,
void *persistent_data,
psa_key_lifetime_t lifetime )
psa_key_location_t location )
{
(void) drv_context;
(void) persistent_data;
mock_init_data.called++;
mock_init_data.lifetime = lifetime;
mock_init_data.location = location;
return( mock_init_data.return_value );
}
@ -279,13 +285,13 @@ psa_status_t mock_destroy( psa_drv_se_context_t *context,
*/
/* BEGIN_CASE */
void mock_init( int lifetime_arg,
void mock_init( int location_arg,
int expected_register_status_arg,
int driver_status_arg,
int expected_psa_status_arg,
int expected_called )
{
psa_key_lifetime_t lifetime = lifetime_arg;
psa_key_location_t location = location_arg;
psa_status_t expected_register_status = expected_register_status_arg;
psa_status_t driver_status = driver_status_arg;
psa_status_t expected_psa_status = expected_psa_status_arg;
@ -297,7 +303,7 @@ void mock_init( int lifetime_arg,
mock_init_data.return_value = driver_status;
TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
TEST_EQUAL( psa_register_se_driver( location, &driver ),
expected_register_status );
psa_crypto_init_called = 1;
@ -305,7 +311,7 @@ void mock_init( int lifetime_arg,
TEST_EQUAL( mock_init_data.called, expected_called );
if( expected_called )
TEST_EQUAL( mock_init_data.lifetime, lifetime );
TEST_EQUAL( mock_init_data.location, location );
exit:
if( psa_crypto_init_called )
@ -322,7 +328,8 @@ void mock_import( int mock_alloc_return_value,
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -339,7 +346,7 @@ void mock_import( int mock_alloc_return_value,
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -378,7 +385,8 @@ void mock_export( int mock_export_return_value, int expected_result )
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -397,7 +405,7 @@ void mock_export( int mock_export_return_value, int expected_result )
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -431,7 +439,8 @@ void mock_generate( int mock_alloc_return_value,
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -446,7 +455,7 @@ void mock_generate( int mock_alloc_return_value,
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -485,7 +494,8 @@ void mock_export_public( int mock_export_public_return_value,
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -503,7 +513,7 @@ void mock_export_public( int mock_export_public_return_value,
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -534,7 +544,8 @@ void mock_sign( int mock_sign_return_value, int expected_result )
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -559,7 +570,7 @@ void mock_sign( int mock_sign_return_value, int expected_result )
driver.asymmetric = &asymmetric;
asymmetric.p_sign = mock_sign;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@ -594,7 +605,8 @@ void mock_verify( int mock_verify_return_value, int expected_result )
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
psa_key_lifetime_t lifetime = 2;
psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -618,7 +630,7 @@ void mock_verify( int mock_verify_return_value, int expected_result )
driver.asymmetric = &asymmetric;
asymmetric.p_verify = mock_verify;
PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );