Skip to content

Commit f04cddb

Browse files
Test slot_number attribute
Test the behavior of the getter/setter functions. Test that psa_get_key_slot_number() reports a slot number for a key in a secure element, and doesn't report a slot number for a key that is not in a secure element. Test that psa_get_key_slot_number() reports the correct slot number for a key in a secure element.
1 parent ad48da8 commit f04cddb

File tree

4 files changed

+105
-1
lines changed

4 files changed

+105
-1
lines changed

include/psa/crypto_extra.h

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,18 @@ static inline void psa_set_key_slot_number(
163163
attributes->slot_number = slot_number;
164164
}
165165

166+
/** Remove the slot number attribute from a key attribute structure.
167+
*
168+
* This function undoes the action of psa_set_key_slot_number().
169+
*
170+
* \param[out] attributes The attribute structure to write to.
171+
*/
172+
static inline void psa_clear_key_slot_number(
173+
psa_key_attributes_t *attributes )
174+
{
175+
attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
176+
}
177+
166178
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
167179

168180
/**@}*/

tests/suites/test_suite_psa_crypto.data

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ persistence_attributes:0x1234:3:-1:0x1234:3
1919
PSA key attributes: lifetime then id
2020
persistence_attributes:0x1234:3:0x1235:0x1235:3
2121

22+
PSA key attributes: slot number
23+
slot_number_attribute:
24+
2225
PSA import/export raw: 0 bytes
2326
import_export:"":PSA_KEY_TYPE_RAW_DATA:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_SUCCESS:1
2427

tests/suites/test_suite_psa_crypto.function

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1107,6 +1107,23 @@ exit:
11071107
return( ok );
11081108
}
11091109

1110+
/* Assert that a key isn't reported as having a slot number. */
1111+
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1112+
#define ASSERT_NO_SLOT_NUMBER( attributes ) \
1113+
do \
1114+
{ \
1115+
psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
1116+
TEST_EQUAL( psa_get_key_slot_number( \
1117+
attributes, \
1118+
&ASSERT_NO_SLOT_NUMBER_slot_number ), \
1119+
PSA_ERROR_INVALID_ARGUMENT ); \
1120+
} \
1121+
while( 0 )
1122+
#else /* MBEDTLS_PSA_CRYPTO_SE_C */
1123+
#define ASSERT_NO_SLOT_NUMBER( attributes ) \
1124+
( (void) 0 )
1125+
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1126+
11101127
/* An overapproximation of the amount of storage needed for a key of the
11111128
* given type and with the given content. The API doesn't make it easy
11121129
* to find a good value for the size. The current implementation doesn't
@@ -1208,6 +1225,46 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg,
12081225
}
12091226
/* END_CASE */
12101227

1228+
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_SE_C */
1229+
void slot_number_attribute( )
1230+
{
1231+
psa_key_slot_number_t slot_number = 0xdeadbeef;
1232+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1233+
1234+
/* Initially, there is no slot number. */
1235+
TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
1236+
PSA_ERROR_INVALID_ARGUMENT );
1237+
1238+
/* Test setting a slot number. */
1239+
psa_set_key_slot_number( &attributes, 0 );
1240+
PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
1241+
TEST_EQUAL( slot_number, 0 );
1242+
1243+
/* Test changing the slot number. */
1244+
psa_set_key_slot_number( &attributes, 42 );
1245+
PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
1246+
TEST_EQUAL( slot_number, 42 );
1247+
1248+
/* Test clearing the slot number. */
1249+
psa_clear_key_slot_number( &attributes );
1250+
TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
1251+
PSA_ERROR_INVALID_ARGUMENT );
1252+
1253+
/* Clearing again should have no effect. */
1254+
psa_clear_key_slot_number( &attributes );
1255+
TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
1256+
PSA_ERROR_INVALID_ARGUMENT );
1257+
1258+
/* Test that reset clears the slot number. */
1259+
psa_set_key_slot_number( &attributes, 42 );
1260+
PSA_ASSERT( psa_get_key_slot_number( &attributes, &slot_number ) );
1261+
TEST_EQUAL( slot_number, 42 );
1262+
psa_reset_key_attributes( &attributes );
1263+
TEST_EQUAL( psa_get_key_slot_number( &attributes, &slot_number ),
1264+
PSA_ERROR_INVALID_ARGUMENT );
1265+
}
1266+
/* END_CASE */
1267+
12111268
/* BEGIN_CASE */
12121269
void import_with_policy( int type_arg,
12131270
int usage_arg, int alg_arg,
@@ -1240,6 +1297,7 @@ void import_with_policy( int type_arg,
12401297
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
12411298
TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
12421299
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
1300+
ASSERT_NO_SLOT_NUMBER( &got_attributes );
12431301

12441302
PSA_ASSERT( psa_destroy_key( handle ) );
12451303
test_operations_on_invalid_handle( handle );
@@ -1278,6 +1336,7 @@ void import_with_data( data_t *data, int type_arg,
12781336
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
12791337
if( attr_bits != 0 )
12801338
TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
1339+
ASSERT_NO_SLOT_NUMBER( &got_attributes );
12811340

12821341
PSA_ASSERT( psa_destroy_key( handle ) );
12831342
test_operations_on_invalid_handle( handle );
@@ -1322,6 +1381,7 @@ void import_large_key( int type_arg, int byte_size_arg,
13221381
TEST_EQUAL( psa_get_key_type( &attributes ), type );
13231382
TEST_EQUAL( psa_get_key_bits( &attributes ),
13241383
PSA_BYTES_TO_BITS( byte_size ) );
1384+
ASSERT_NO_SLOT_NUMBER( &attributes );
13251385
memset( buffer, 0, byte_size + 1 );
13261386
PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) );
13271387
for( n = 0; n < byte_size; n++ )
@@ -1414,6 +1474,7 @@ void import_export( data_t *data,
14141474
PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) );
14151475
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
14161476
TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
1477+
ASSERT_NO_SLOT_NUMBER( &got_attributes );
14171478

14181479
/* Export the key */
14191480
status = psa_export_key( handle,

tests/suites/test_suite_psa_crypto_se_driver_hal.function

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -212,6 +212,31 @@ static int check_key_attributes(
212212
psa_get_key_bits( reference_attributes ) );
213213
}
214214

215+
{
216+
psa_key_slot_number_t actual_slot_number = 0xdeadbeef;
217+
psa_key_slot_number_t desired_slot_number = 0xb90cc011;
218+
psa_key_lifetime_t lifetime =
219+
psa_get_key_lifetime( &actual_attributes );
220+
psa_status_t status = psa_get_key_slot_number( &actual_attributes,
221+
&actual_slot_number );
222+
if( lifetime < MIN_DRIVER_LIFETIME )
223+
{
224+
/* The key is not in a secure element. */
225+
TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
226+
}
227+
else
228+
{
229+
/* The key is in a secure element. If it had been created
230+
* in a specific slot, check that it is reported there. */
231+
PSA_ASSERT( status );
232+
status = psa_get_key_slot_number( reference_attributes,
233+
&desired_slot_number );
234+
if( status == PSA_SUCCESS )
235+
{
236+
TEST_EQUAL( desired_slot_number, actual_slot_number );
237+
}
238+
}
239+
}
215240
ok = 1;
216241

217242
exit:
@@ -485,11 +510,14 @@ void key_creation_import_export( int min_slot, int restart )
485510
/* Test that the key was created in the expected slot. */
486511
TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
487512

488-
/* Test the key attributes and the key data. */
513+
/* Test the key attributes, including the reported slot number. */
489514
psa_set_key_bits( &attributes,
490515
PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
516+
psa_set_key_slot_number( &attributes, min_slot );
491517
if( ! check_key_attributes( handle, &attributes ) )
492518
goto exit;
519+
520+
/* Test the key data. */
493521
PSA_ASSERT( psa_export_key( handle,
494522
exported, sizeof( exported ),
495523
&exported_length ) );

0 commit comments

Comments
 (0)