Skip to content

Update Mbed OS for PSA Crypto API 1.0b3 #11315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Sep 3, 2019
Merged

Update Mbed OS for PSA Crypto API 1.0b3 #11315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
273c625
crypto: Remove old compliance tests
Patater Aug 20, 2019
3e5fa80
psa: Eliminate some PSA_SUCCESS redefinition warnings
Patater Aug 20, 2019
e31916f
attestation: Remove unused status variable
Patater Aug 21, 2019
dda4c47
crypto: Match styles of crypto struct headers
Patater Aug 21, 2019
9744767
crypto: Remove duplicate PSA_CRYPTO_INIT
Patater Aug 21, 2019
dafbf27
crypto: Fix "refence count" typo
Patater Aug 21, 2019
b0c8350
crypto: Make IPC declaration order follow crypto.h
Patater Aug 21, 2019
0758d23
crypto: Make service parameter names match API
Patater Aug 21, 2019
6dfd515
crypto: Add Mbed Crypto includes to unit tests
Patater Aug 27, 2019
ea17d58
mbedtls: Update Mbed TLS and Mbed Crypto
Patater Aug 21, 2019
4eb4b32
psa: Update crypto service for PSA Crypto 1.0b3
Patater Aug 19, 2019
3e53118
crypto: Add IPC for psa_copy_key()
Patater Aug 21, 2019
3d1b836
Use PSA Crypto API 1.0b3
Patater Aug 16, 2019
5c81d19
psa: Document a test partition creation gotcha
Patater Aug 28, 2019
43af68d
attestation: Don't create attestation key twice
Patater Aug 28, 2019
95d448b
attestation: Erase storage before test
Patater Aug 29, 2019
a848cd6
psa: Update LPC55S69 and MUSCA_A1 TF-M binaries
Patater Aug 21, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions .astyleignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
^components/TARGET_PSA/services/attestation/attestation.h
^components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl
^components/TARGET_PSA/services/attestation/qcbor
^components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h
^components/TARGET_PSA/TARGET_TFM
^components/TARGET_PSA/TESTS
^features/cryptocell
Expand Down
156 changes: 83 additions & 73 deletions TESTS/mbed-crypto/sanity/main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,26 +86,24 @@ void test_crypto_random(void)
void test_crypto_asymmetric_encrypt_decrypt(void)
{
psa_status_t status = PSA_SUCCESS;
psa_key_handle_t key_handle = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
psa_key_handle_t key_handle;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
size_t key_bits = 512, got_bits = 0, output_length;
psa_key_policy_t policy;
size_t key_bits = 512, output_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
static const unsigned char input[] = "encrypt me!";
unsigned char encrypted[64];
unsigned char decrypted[sizeof(input)];

TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));

policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));

status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key(&attributes, &key_handle);
TEST_SKIP_UNLESS_MESSAGE(status != PSA_ERROR_NOT_SUPPORTED, "RSA key generation is not supported");
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle, NULL, &got_bits));
TEST_ASSERT_EQUAL(key_bits, got_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle, &attributes));
TEST_ASSERT_EQUAL(key_bits, psa_get_key_bits(&attributes));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_encrypt(key_handle, alg, input, sizeof(input), NULL, 0,
encrypted, sizeof(encrypted), &output_length));
TEST_ASSERT_EQUAL(sizeof(encrypted), output_length);
Expand Down Expand Up @@ -135,11 +133,11 @@ void test_crypto_hash_verify(void)

void test_crypto_symmetric_cipher_encrypt_decrypt(void)
{
psa_key_handle_t key_handle = 0;
psa_key_handle_t key_handle;
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_cipher_operation_t operation;
psa_key_policy_t policy;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t output_len;
static const unsigned char key[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
Expand All @@ -155,13 +153,12 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
};
unsigned char encrypted[sizeof(input)], decrypted[sizeof(input)], iv[16];

TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));

memset(iv, 0x2a, sizeof(iv));
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, 128);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));

operation = psa_cipher_operation_init();
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_cipher_encrypt_setup(&operation, key_handle, alg));
Expand All @@ -187,10 +184,10 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)

void test_crypto_asymmetric_sign_verify(void)
{
psa_key_handle_t key_handle = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
psa_key_handle_t key_handle;
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
psa_key_policy_t policy;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
static const unsigned char key[] = {
0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf,
0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1,
Expand Down Expand Up @@ -261,12 +258,10 @@ void test_crypto_asymmetric_sign_verify(void)
unsigned char signature[sizeof(expected_signature)];
size_t signature_len;

TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));

policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
signature, sizeof(signature), &signature_len));
TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
Expand All @@ -279,31 +274,43 @@ void test_crypto_asymmetric_sign_verify(void)

void test_crypto_key_derivation(void)
{
psa_key_handle_t key_handle = 0, derived_key_handle = 0;
psa_key_handle_t key_handle, derived_key_handle;
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256), derived_alg = PSA_ALG_CTR;
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES, got_type;
psa_key_policy_t policy;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
size_t key_bits = 512, derived_key_bits = 256, got_bits;

TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));

policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation(&generator, key_handle, alg, NULL, 0, NULL, 0,
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation =
PSA_KEY_DERIVATION_OPERATION_INIT;
size_t key_bits = 512, derived_key_bits = 256;

psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, key_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, alg));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_set_capacity(&operation,
PSA_BITS_TO_BYTES(derived_key_bits)));

TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&derived_key_handle));
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, derived_alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(derived_key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(derived_key_handle, derived_key_type,
derived_key_bits, &generator));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(derived_key_handle, &got_type, &got_bits));
TEST_ASSERT_EQUAL(derived_key_type, got_type);
TEST_ASSERT_EQUAL(derived_key_bits, got_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_abort(&generator));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_input_bytes(&operation,
PSA_KEY_DERIVATION_INPUT_SALT, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_input_key(&operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_input_bytes(&operation,
PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0));

psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
psa_set_key_algorithm(&attributes, derived_alg);
psa_set_key_type(&attributes, derived_key_type);
psa_set_key_bits(&attributes, derived_key_bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS,
psa_key_derivation_output_key(&attributes, &operation, &derived_key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(derived_key_handle, &attributes));
TEST_ASSERT_EQUAL(derived_key_type, psa_get_key_type(&attributes));
TEST_ASSERT_EQUAL(derived_key_bits, psa_get_key_bits(&attributes));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_abort(&operation));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(derived_key_handle));
}
Expand All @@ -316,42 +323,45 @@ void test_crypto_key_handles(void)
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_key_handle_t key_handle;
psa_key_policy_t policy;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;

key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);

key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));

key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
psa_set_key_id(&attributes, id);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy, usage, alg);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));

key_handle = 0;
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(id, &key_handle));
TEST_ASSERT_NOT_EQUAL(0, key_handle);
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));

key_handle = 0;
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(id, &key_handle));
}

void test_crypto_hash_clone(void)
Expand Down
7 changes: 3 additions & 4 deletions TESTS/psa/attestation/main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ static void check_initial_attestation_get_token()
TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
status = psa_attestation_inject_key(private_key_data,
sizeof(private_key_data),
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
exported,
sizeof(exported),
&exported_length);
Expand All @@ -119,9 +119,8 @@ static void check_initial_attestation_get_token()

utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason)
{
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
psa_key_handle_t handle = 0;
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
psa_key_handle_t handle;
psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
psa_destroy_key(handle);
mbedtls_psa_crypto_free();
return greentea_case_teardown_handler(source, passed, failed, reason);
Expand Down
Loading