From f1c9a5594709df7b3297355c1ff1fb64742a5b9e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 29 Jul 2020 15:24:05 +0200 Subject: [PATCH] tests: psa: Add checks involving unknown key owner ids Add checks involving unknown key owner identifiers in tests related to SE and persistent keys. Signed-off-by: Ronald Cron --- ...est_suite_psa_crypto_se_driver_hal.function | 6 ++++++ .../test_suite_psa_crypto_slot_management.data | 4 ++++ ...t_suite_psa_crypto_slot_management.function | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 1d213610f..8584e5ed6 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1503,6 +1503,12 @@ void register_key_smoke_test( int lifetime_arg, goto exit; PSA_ASSERT( psa_close_key( handle ) ); +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_svc_key_id_t invalid_id = + mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); + TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); +#endif + /* Restart and try again. */ PSA_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 3031266e6..e16089d65 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -132,6 +132,10 @@ Copy persistent to persistent depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10000:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +Copy persistent to persistent, same id but different owner +depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10001:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 + Copy persistent to persistent with enrollment algorithm depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x100000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0x100000:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 3c5af4724..fa3dd6e3a 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -191,6 +191,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, uint8_t *reexported = NULL; size_t reexported_length = -1; +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_svc_key_id_t wrong_owner_id = + mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); + psa_key_handle_t invalid_handle = 0; +#endif + TEST_USES_KEY_ID( id ); PSA_ASSERT( psa_crypto_init( ) ); @@ -205,6 +211,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); TEST_ASSERT( handle != 0 ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + PSA_ERROR_DOES_NOT_EXIST ); +#endif + PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_ASSERT( mbedtls_svc_key_id_equal( @@ -216,6 +228,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, /* Close the key and reopen it. */ PSA_ASSERT( psa_close_key( handle ) ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + PSA_ERROR_DOES_NOT_EXIST ); +#endif + PSA_ASSERT( psa_open_key( id, &handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );