Skip to content

Commit e001216

Browse files
0xc01700xc0170
authored
Merge pull request #11315 from Patater/psa-crypto-api-1.0b3
Update Mbed OS for PSA Crypto API 1.0b3
2 parents 940d3fd + a848cd6 commit e001216

File tree

379 files changed

+15271
-26598
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

379 files changed

+15271
-26598
lines changed

.astyleignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
^components/TARGET_PSA/services/attestation/attestation.h
55
^components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl
66
^components/TARGET_PSA/services/attestation/qcbor
7+
^components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h
78
^components/TARGET_PSA/TARGET_TFM
89
^components/TARGET_PSA/TESTS
910
^features/cryptocell

TESTS/mbed-crypto/sanity/main.cpp

Lines changed: 83 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -86,26 +86,24 @@ void test_crypto_random(void)
8686
void test_crypto_asymmetric_encrypt_decrypt(void)
8787
{
8888
psa_status_t status = PSA_SUCCESS;
89-
psa_key_handle_t key_handle = 0;
90-
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
89+
psa_key_handle_t key_handle;
90+
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
9191
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
92-
size_t key_bits = 512, got_bits = 0, output_length;
93-
psa_key_policy_t policy;
92+
size_t key_bits = 512, output_length;
93+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
9494
static const unsigned char input[] = "encrypt me!";
9595
unsigned char encrypted[64];
9696
unsigned char decrypted[sizeof(input)];
9797

98-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
99-
100-
policy = psa_key_policy_init();
101-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
102-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
103-
104-
status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
98+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT);
99+
psa_set_key_algorithm(&attributes, alg);
100+
psa_set_key_type(&attributes, key_type);
101+
psa_set_key_bits(&attributes, key_bits);
102+
status = psa_generate_key(&attributes, &key_handle);
105103
TEST_SKIP_UNLESS_MESSAGE(status != PSA_ERROR_NOT_SUPPORTED, "RSA key generation is not supported");
106104
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
107-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle, NULL, &got_bits));
108-
TEST_ASSERT_EQUAL(key_bits, got_bits);
105+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle, &attributes));
106+
TEST_ASSERT_EQUAL(key_bits, psa_get_key_bits(&attributes));
109107
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_encrypt(key_handle, alg, input, sizeof(input), NULL, 0,
110108
encrypted, sizeof(encrypted), &output_length));
111109
TEST_ASSERT_EQUAL(sizeof(encrypted), output_length);
@@ -135,11 +133,11 @@ void test_crypto_hash_verify(void)
135133

136134
void test_crypto_symmetric_cipher_encrypt_decrypt(void)
137135
{
138-
psa_key_handle_t key_handle = 0;
136+
psa_key_handle_t key_handle;
139137
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
140138
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
141139
psa_cipher_operation_t operation;
142-
psa_key_policy_t policy;
140+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
143141
size_t output_len;
144142
static const unsigned char key[] = {
145143
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -155,13 +153,12 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
155153
};
156154
unsigned char encrypted[sizeof(input)], decrypted[sizeof(input)], iv[16];
157155

158-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
159-
160156
memset(iv, 0x2a, sizeof(iv));
161-
policy = psa_key_policy_init();
162-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
163-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
164-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
157+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
158+
psa_set_key_algorithm(&attributes, alg);
159+
psa_set_key_type(&attributes, key_type);
160+
psa_set_key_bits(&attributes, 128);
161+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
165162

166163
operation = psa_cipher_operation_init();
167164
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_cipher_encrypt_setup(&operation, key_handle, alg));
@@ -187,10 +184,10 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
187184

188185
void test_crypto_asymmetric_sign_verify(void)
189186
{
190-
psa_key_handle_t key_handle = 0;
191-
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
187+
psa_key_handle_t key_handle;
188+
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
192189
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
193-
psa_key_policy_t policy;
190+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
194191
static const unsigned char key[] = {
195192
0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf,
196193
0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1,
@@ -261,12 +258,10 @@ void test_crypto_asymmetric_sign_verify(void)
261258
unsigned char signature[sizeof(expected_signature)];
262259
size_t signature_len;
263260

264-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
265-
266-
policy = psa_key_policy_init();
267-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg);
268-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
269-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
261+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY);
262+
psa_set_key_algorithm(&attributes, alg);
263+
psa_set_key_type(&attributes, key_type);
264+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
270265
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
271266
signature, sizeof(signature), &signature_len));
272267
TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
@@ -279,31 +274,43 @@ void test_crypto_asymmetric_sign_verify(void)
279274

280275
void test_crypto_key_derivation(void)
281276
{
282-
psa_key_handle_t key_handle = 0, derived_key_handle = 0;
277+
psa_key_handle_t key_handle, derived_key_handle;
283278
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256), derived_alg = PSA_ALG_CTR;
284-
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES, got_type;
285-
psa_key_policy_t policy;
286-
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
287-
size_t key_bits = 512, derived_key_bits = 256, got_bits;
288-
289-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
290-
291-
policy = psa_key_policy_init();
292-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
293-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
294-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
295-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation(&generator, key_handle, alg, NULL, 0, NULL, 0,
279+
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES;
280+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
281+
psa_key_derivation_operation_t operation =
282+
PSA_KEY_DERIVATION_OPERATION_INIT;
283+
size_t key_bits = 512, derived_key_bits = 256;
284+
285+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
286+
psa_set_key_algorithm(&attributes, alg);
287+
psa_set_key_type(&attributes, key_type);
288+
psa_set_key_bits(&attributes, key_bits);
289+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
290+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, alg));
291+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
292+
psa_key_derivation_set_capacity(&operation,
296293
PSA_BITS_TO_BYTES(derived_key_bits)));
297-
298-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&derived_key_handle));
299-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, derived_alg);
300-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(derived_key_handle, &policy));
301-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(derived_key_handle, derived_key_type,
302-
derived_key_bits, &generator));
303-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(derived_key_handle, &got_type, &got_bits));
304-
TEST_ASSERT_EQUAL(derived_key_type, got_type);
305-
TEST_ASSERT_EQUAL(derived_key_bits, got_bits);
306-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_abort(&generator));
294+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
295+
psa_key_derivation_input_bytes(&operation,
296+
PSA_KEY_DERIVATION_INPUT_SALT, NULL, 0));
297+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_input_key(&operation,
298+
PSA_KEY_DERIVATION_INPUT_SECRET,
299+
key_handle));
300+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
301+
psa_key_derivation_input_bytes(&operation,
302+
PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0));
303+
304+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
305+
psa_set_key_algorithm(&attributes, derived_alg);
306+
psa_set_key_type(&attributes, derived_key_type);
307+
psa_set_key_bits(&attributes, derived_key_bits);
308+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
309+
psa_key_derivation_output_key(&attributes, &operation, &derived_key_handle));
310+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(derived_key_handle, &attributes));
311+
TEST_ASSERT_EQUAL(derived_key_type, psa_get_key_type(&attributes));
312+
TEST_ASSERT_EQUAL(derived_key_bits, psa_get_key_bits(&attributes));
313+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_abort(&operation));
307314
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
308315
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(derived_key_handle));
309316
}
@@ -316,42 +323,45 @@ void test_crypto_key_handles(void)
316323
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
317324
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
318325
psa_key_handle_t key_handle;
319-
psa_key_policy_t policy;
326+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
320327

321-
key_handle = 0;
322-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
323-
TEST_ASSERT_NOT_EQUAL(0, key_handle);
324-
policy = psa_key_policy_init();
325-
psa_key_policy_set_usage(&policy, usage, alg);
326-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
327-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
328+
psa_set_key_usage_flags(&attributes, usage);
329+
psa_set_key_algorithm(&attributes, alg);
330+
psa_set_key_type(&attributes, type);
331+
psa_set_key_bits(&attributes, bits);
332+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
328333
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
334+
TEST_ASSERT_NOT_EQUAL(0, key_handle);
329335

330336
key_handle = 0;
331-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
337+
attributes = psa_key_attributes_init();
338+
psa_set_key_usage_flags(&attributes, usage);
339+
psa_set_key_algorithm(&attributes, alg);
340+
psa_set_key_type(&attributes, type);
341+
psa_set_key_bits(&attributes, bits);
342+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
332343
TEST_ASSERT_NOT_EQUAL(0, key_handle);
333-
policy = psa_key_policy_init();
334-
psa_key_policy_set_usage(&policy, usage, alg);
335-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
336-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
337344
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
338345

339346
key_handle = 0;
340-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
347+
attributes = psa_key_attributes_init();
348+
psa_set_key_usage_flags(&attributes, usage);
349+
psa_set_key_algorithm(&attributes, alg);
350+
psa_set_key_type(&attributes, type);
351+
psa_set_key_bits(&attributes, bits);
352+
psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
353+
psa_set_key_id(&attributes, id);
354+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
341355
TEST_ASSERT_NOT_EQUAL(0, key_handle);
342-
policy = psa_key_policy_init();
343-
psa_key_policy_set_usage(&policy, usage, alg);
344-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
345-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
346356
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
347357

348358
key_handle = 0;
349-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
359+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(id, &key_handle));
350360
TEST_ASSERT_NOT_EQUAL(0, key_handle);
351361
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
352362

353363
key_handle = 0;
354-
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
364+
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(id, &key_handle));
355365
}
356366

357367
void test_crypto_hash_clone(void)

TESTS/psa/attestation/main.cpp

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ static void check_initial_attestation_get_token()
9494
TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
9595
status = psa_attestation_inject_key(private_key_data,
9696
sizeof(private_key_data),
97-
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
97+
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
9898
exported,
9999
sizeof(exported),
100100
&exported_length);
@@ -119,9 +119,8 @@ static void check_initial_attestation_get_token()
119119

120120
utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason)
121121
{
122-
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
123-
psa_key_handle_t handle = 0;
124-
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
122+
psa_key_handle_t handle;
123+
psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
125124
psa_destroy_key(handle);
126125
mbedtls_psa_crypto_free();
127126
return greentea_case_teardown_handler(source, passed, failed, reason);

0 commit comments

Comments
 (0)