aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Hall <julian.hall@arm.com>2021-08-11 14:24:26 +0100
committerGyorgy Szing <Gyorgy.Szing@arm.com>2021-10-06 00:49:08 +0200
commitfad352150cffe6da68498481898c1f1cc73ee330 (patch)
tree133fb1899eb3acf1e2d0a3dec08e9686a2c14215
parente65694412aa5adbdebb9d2383a356218a0bfca63 (diff)
downloadtrusted-services-fad352150cffe6da68498481898c1f1cc73ee330.tar.gz
Extend core crypto service level tests
Tests added for copy_key, purge_key and get_key_attributes operations that have been recently added. The copy_key test identified a bug in the client-side translation of key attributes retrieved from a service provider where the read key lifetime was always persistent. This is fixed in this commit. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: I0ab7ca8c961c70a38627198c9a7556c34ce09dc9
-rw-r--r--components/service/crypto/client/caller/packed-c/crypto_caller_key_attributes.h6
-rw-r--r--components/service/crypto/test/service/crypto_service_scenarios.cpp75
-rw-r--r--components/service/crypto/test/service/crypto_service_scenarios.h2
-rw-r--r--components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp80
4 files changed, 127 insertions, 36 deletions
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/packed-c/crypto_caller_key_attributes.h
index 26c42b8..2fad2f0 100644
--- a/components/service/crypto/client/caller/packed-c/crypto_caller_key_attributes.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_key_attributes.h
@@ -34,7 +34,11 @@ static inline void packedc_crypto_caller_translate_key_attributes_from_proto(
psa_set_key_type(psa_attributes, proto_attributes->type);
psa_set_key_bits(psa_attributes, proto_attributes->key_bits);
psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime);
- psa_set_key_id(psa_attributes, proto_attributes->id);
+
+ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) {
+
+ psa_set_key_id(psa_attributes, proto_attributes->id);
+ }
psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage);
psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg);
diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp
index 63a231f..ec2c673 100644
--- a/components/service/crypto/test/service/crypto_service_scenarios.cpp
+++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp
@@ -95,6 +95,81 @@ void crypto_service_scenarios::generatePersistentKeys()
psa_reset_key_attributes(&attributes);
}
+void crypto_service_scenarios::copyKey()
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_COPY);
+ psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+ psa_set_key_bits(&attributes, 256);
+
+ /* Generate a key */
+ psa_key_id_t key_id_1;
+ status = m_crypto_client->generate_key(&attributes, &key_id_1);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Copy it */
+ psa_key_id_t key_id_2;
+ status = m_crypto_client->copy_key(key_id_1, &attributes, &key_id_2);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Expect the copied key attributes to match the original */
+ psa_key_attributes_t copy_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ status = m_crypto_client->get_key_attributes(key_id_2, &copy_attributes);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ UNSIGNED_LONGS_EQUAL(
+ psa_get_key_type(&attributes), psa_get_key_type(&copy_attributes));
+ UNSIGNED_LONGS_EQUAL(
+ psa_get_key_algorithm(&attributes), psa_get_key_algorithm(&copy_attributes));
+ UNSIGNED_LONGS_EQUAL(
+ psa_get_key_bits(&attributes), psa_get_key_bits(&copy_attributes));
+ UNSIGNED_LONGS_EQUAL(
+ psa_get_key_usage_flags(&attributes), psa_get_key_usage_flags(&copy_attributes));
+ UNSIGNED_LONGS_EQUAL(
+ psa_get_key_lifetime(&attributes), psa_get_key_lifetime(&copy_attributes));
+
+ /* Remove the keys */
+ status = m_crypto_client->destroy_key(key_id_1);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+ status = m_crypto_client->destroy_key(key_id_2);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ psa_reset_key_attributes(&attributes);
+ psa_reset_key_attributes(&copy_attributes);
+}
+
+void crypto_service_scenarios::purgeKey()
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Generate a persistent key */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
+ psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+ psa_set_key_bits(&attributes, 256);
+ psa_set_key_id(&attributes, 100002);
+
+ psa_key_id_t key_id;
+ status = m_crypto_client->generate_key(&attributes, &key_id);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Perform purge */
+ status = m_crypto_client->purge_key(key_id);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Expect key to still exist when destroyed */
+ status = m_crypto_client->destroy_key(key_id);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ psa_reset_key_attributes(&attributes);
+}
+
void crypto_service_scenarios::exportPublicKey()
{
psa_status_t status;
diff --git a/components/service/crypto/test/service/crypto_service_scenarios.h b/components/service/crypto/test/service/crypto_service_scenarios.h
index 4407d06..c65eba2 100644
--- a/components/service/crypto/test/service/crypto_service_scenarios.h
+++ b/components/service/crypto/test/service/crypto_service_scenarios.h
@@ -29,6 +29,8 @@ public:
void exportPublicKey();
void generatePersistentKeys();
void generateVolatileKeys();
+ void copyKey();
+ void purgeKey();
private:
crypto_client *m_crypto_client;
diff --git a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp
index 695929b..79eddfb 100644
--- a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp
+++ b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp
@@ -15,84 +15,94 @@
*/
TEST_GROUP(CryptoServicePackedcTests)
{
- void setup()
- {
- struct rpc_caller *caller;
- int status;
+ void setup()
+ {
+ struct rpc_caller *caller;
+ int status;
- m_rpc_session_handle = NULL;
- m_crypto_service_context = NULL;
- m_scenarios = NULL;
+ m_rpc_session_handle = NULL;
+ m_crypto_service_context = NULL;
+ m_scenarios = NULL;
- service_locator_init();
+ service_locator_init();
- m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0", &status);
- CHECK_TRUE(m_crypto_service_context);
+ m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0", &status);
+ CHECK_TRUE(m_crypto_service_context);
- m_rpc_session_handle = service_context_open(m_crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller);
- CHECK_TRUE(m_rpc_session_handle);
+ m_rpc_session_handle = service_context_open(m_crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller);
+ CHECK_TRUE(m_rpc_session_handle);
- m_scenarios = new crypto_service_scenarios(new packedc_crypto_client(caller));
- }
+ m_scenarios = new crypto_service_scenarios(new packedc_crypto_client(caller));
+ }
- void teardown()
- {
- delete m_scenarios;
- m_scenarios = NULL;
+ void teardown()
+ {
+ delete m_scenarios;
+ m_scenarios = NULL;
- service_context_close(m_crypto_service_context, m_rpc_session_handle);
- m_rpc_session_handle = NULL;
+ service_context_close(m_crypto_service_context, m_rpc_session_handle);
+ m_rpc_session_handle = NULL;
- service_context_relinquish(m_crypto_service_context);
- m_crypto_service_context = NULL;
- }
+ service_context_relinquish(m_crypto_service_context);
+ m_crypto_service_context = NULL;
+ }
- rpc_session_handle m_rpc_session_handle;
- struct service_context *m_crypto_service_context;
- crypto_service_scenarios *m_scenarios;
+ rpc_session_handle m_rpc_session_handle;
+ struct service_context *m_crypto_service_context;
+ crypto_service_scenarios *m_scenarios;
};
TEST(CryptoServicePackedcTests, generateVolatileKeys)
{
- m_scenarios->generateVolatileKeys();
+ m_scenarios->generateVolatileKeys();
}
TEST(CryptoServicePackedcTests, generatePersistentKeys)
{
- m_scenarios->generatePersistentKeys();
+ m_scenarios->generatePersistentKeys();
+}
+
+TEST(CryptoServicePackedcTests, copyKey)
+{
+ m_scenarios->copyKey();
+}
+
+TEST(CryptoServicePackedcTests, purgeKey)
+{
+ m_scenarios->purgeKey();
}
TEST(CryptoServicePackedcTests, exportPublicKey)
{
- m_scenarios->exportPublicKey();
+ m_scenarios->exportPublicKey();
}
TEST(CryptoServicePackedcTests, exportAndImportKeyPair)
{
- m_scenarios->exportAndImportKeyPair();
+ m_scenarios->exportAndImportKeyPair();
}
TEST(CryptoServicePackedcTests, signAndVerifyHash)
{
- m_scenarios->signAndVerifyHash();
+ m_scenarios->signAndVerifyHash();
}
TEST(CryptoServicePackedcTests, signAndVerifyEat)
{
- m_scenarios->signAndVerifyEat();
+ m_scenarios->signAndVerifyEat();
}
TEST(CryptoServicePackedcTests, asymEncryptDecrypt)
{
- m_scenarios->asymEncryptDecrypt();
+ m_scenarios->asymEncryptDecrypt();
}
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt)
{
- m_scenarios->asymEncryptDecryptWithSalt();
+ m_scenarios->asymEncryptDecryptWithSalt();
}
TEST(CryptoServicePackedcTests, generateRandomNumbers)
{
- m_scenarios->generateRandomNumbers();
+ m_scenarios->generateRandomNumbers();
}