Skip to content

Commit 26546c8

Browse files
PataterPatater
committed
Use PSA Crypto API 1.0b3
The PSA Crypto API has moved on from 1.0b2 to 1.0b3, bringing along with it some breaking changes. Update Mbed OS to use the 1.0b3 API.
1 parent a890043 commit 26546c8

File tree

10 files changed

+114
-145
lines changed

10 files changed

+114
-145
lines changed

TESTS/mbed-crypto/sanity/main.cpp

Lines changed: 51 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -86,22 +86,21 @@ void test_crypto_random(void)
8686
void test_crypto_asymmetric_encrypt_decrypt(void)
8787
{
8888
psa_status_t status = PSA_SUCCESS;
89-
psa_key_handle_t key_handle = 0;
90-
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
89+
psa_key_handle_t key_handle;
90+
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
9191
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
9292
size_t key_bits = 512, got_bits = 0, output_length;
93-
psa_key_policy_t policy;
93+
psa_key_attributes_t attributes;
9494
static const unsigned char input[] = "encrypt me!";
9595
unsigned char encrypted[64];
9696
unsigned char decrypted[sizeof(input)];
9797

98-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
98+
attributes = psa_key_attributes_init();
99+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT);
100+
psa_set_key_algorithm(&attributes, alg);
101+
psa_set_key_type(&attributes, key_type);
99102

100-
policy = psa_key_policy_init();
101-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
102-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
103-
104-
status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
103+
status = psa_generate_key(&attributes, &key_handle);
105104
TEST_SKIP_UNLESS_MESSAGE(status != PSA_ERROR_NOT_SUPPORTED, "RSA key generation is not supported");
106105
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
107106
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle, NULL, &got_bits));
@@ -135,11 +134,11 @@ void test_crypto_hash_verify(void)
135134

136135
void test_crypto_symmetric_cipher_encrypt_decrypt(void)
137136
{
138-
psa_key_handle_t key_handle = 0;
137+
psa_key_handle_t key_handle;
139138
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
140139
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
141140
psa_cipher_operation_t operation;
142-
psa_key_policy_t policy;
141+
psa_key_attributes_t attributes;
143142
size_t output_len;
144143
static const unsigned char key[] = {
145144
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -155,13 +154,12 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
155154
};
156155
unsigned char encrypted[sizeof(input)], decrypted[sizeof(input)], iv[16];
157156

158-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
159-
160157
memset(iv, 0x2a, sizeof(iv));
161-
policy = psa_key_policy_init();
162-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
163-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
164-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
158+
attributes = psa_key_attributes_init();
159+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT);
160+
psa_set_key_algorithm(&attributes, alg);
161+
psa_set_key_type(&attributes, key_type);
162+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
165163

166164
operation = psa_cipher_operation_init();
167165
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_cipher_encrypt_setup(&operation, key_handle, alg));
@@ -187,10 +185,10 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
187185

188186
void test_crypto_asymmetric_sign_verify(void)
189187
{
190-
psa_key_handle_t key_handle = 0;
191-
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
188+
psa_key_handle_t key_handle;
189+
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
192190
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
193-
psa_key_policy_t policy;
191+
psa_key_attributes_t attributes;
194192
static const unsigned char key[] = {
195193
0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf,
196194
0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1,
@@ -263,10 +261,11 @@ void test_crypto_asymmetric_sign_verify(void)
263261

264262
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
265263

266-
policy = psa_key_policy_init();
267-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg);
268-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
269-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
264+
attributes = psa_key_attributes_init();
265+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg);
266+
psa_set_key_algorithm(&attributes, alg);
267+
psa_set_key_type(&attributes, key_type);
268+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
270269
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
271270
signature, sizeof(signature), &signature_len));
272271
TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
@@ -279,27 +278,26 @@ void test_crypto_asymmetric_sign_verify(void)
279278

280279
void test_crypto_key_derivation(void)
281280
{
282-
psa_key_handle_t key_handle = 0, derived_key_handle = 0;
281+
psa_key_handle_t key_handle, derived_key_handle;
283282
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256), derived_alg = PSA_ALG_CTR;
284283
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES, got_type;
285-
psa_key_policy_t policy;
284+
psa_key_attributes_t attributes;
286285
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
287286
size_t key_bits = 512, derived_key_bits = 256, got_bits;
288287

289-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
290-
291-
policy = psa_key_policy_init();
292-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
293-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
294-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
288+
attributes = psa_key_attributes_init();
289+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
290+
psa_set_key_algorithm(&attributes, alg);
291+
psa_set_key_type(&attributes, key_type);
292+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
295293
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation(&generator, key_handle, alg, NULL, 0, NULL, 0,
296294
PSA_BITS_TO_BYTES(derived_key_bits)));
297295

298296
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&derived_key_handle));
299-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, derived_alg);
300-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(derived_key_handle, &policy));
301-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(derived_key_handle, derived_key_type,
302-
derived_key_bits, &generator));
297+
psa_key_set_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
298+
psa_key_set_algorithm(&attributes, derived_alg);
299+
psa_set_key_type(&attributes, derived_key_type);
300+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(&attributes, derived_key_handle, &generator));
303301
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(derived_key_handle, &got_type, &got_bits));
304302
TEST_ASSERT_EQUAL(derived_key_type, got_type);
305303
TEST_ASSERT_EQUAL(derived_key_bits, got_bits);
@@ -316,42 +314,45 @@ void test_crypto_key_handles(void)
316314
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
317315
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
318316
psa_key_handle_t key_handle;
319-
psa_key_policy_t policy;
317+
psa_key_attributes_t attributes;
320318

321-
key_handle = 0;
322-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
323-
TEST_ASSERT_NOT_EQUAL(0, key_handle);
324-
policy = psa_key_policy_init();
325-
psa_key_policy_set_usage(&policy, usage, alg);
326-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
327-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
319+
attributes = psa_key_attributes_init();
320+
psa_set_key_usage_flags(&attributes, usage);
321+
psa_set_key_algorithm(&attributes, alg);
322+
psa_set_key_type(&attributes, type);
323+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
328324
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
325+
TEST_ASSERT_NOT_EQUAL(0, key_handle);
329326

330327
key_handle = 0;
331328
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
332329
TEST_ASSERT_NOT_EQUAL(0, key_handle);
333-
policy = psa_key_policy_init();
334-
psa_key_policy_set_usage(&policy, usage, alg);
330+
attributes = psa_key_attributes_init();
331+
psa_set_key_usage_flags(&attributes, usage);
332+
psa_set_key_algorithm(&attributes, alg);
333+
psa_set_key_type(&attributes, type);
335334
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
336335
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
337336
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
338337

339338
key_handle = 0;
340339
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
341340
TEST_ASSERT_NOT_EQUAL(0, key_handle);
342-
policy = psa_key_policy_init();
343-
psa_key_policy_set_usage(&policy, usage, alg);
341+
attributes = psa_key_attributes_init();
342+
psa_set_key_usage_flags(&attributes, usage);
343+
psa_set_key_algorithm(&attributes, alg);
344+
psa_set_key_type(&attributes, type);
344345
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
345346
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
346347
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
347348

348349
key_handle = 0;
349-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
350+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(id, &key_handle));
350351
TEST_ASSERT_NOT_EQUAL(0, key_handle);
351352
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
352353

353354
key_handle = 0;
354-
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
355+
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(id, &key_handle));
355356
}
356357

357358
void test_crypto_hash_clone(void)

TESTS/psa/attestation/main.cpp

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ static void check_initial_attestation_get_token()
9494
TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
9595
status = psa_attestation_inject_key(private_key_data,
9696
sizeof(private_key_data),
97-
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
97+
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
9898
exported,
9999
sizeof(exported),
100100
&exported_length);
@@ -119,9 +119,8 @@ static void check_initial_attestation_get_token()
119119

120120
utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason)
121121
{
122-
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
123-
psa_key_handle_t handle = 0;
124-
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
122+
psa_key_handle_t handle;
123+
psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
125124
psa_destroy_key(handle);
126125
mbedtls_psa_crypto_free();
127126
return greentea_case_teardown_handler(source, passed, failed, reason);

0 commit comments

Comments
 (0)