TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d98059d599dc4745d480b052626718d70bae8ad7^! / .
commitd98059d599dc4745d480b052626718d70bae8ad7[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Fri Oct 23 18:00:55 2020 +0200
committerRonald Cron <ronald.cron@arm.com>Tue Nov 10 18:18:15 2020 +0100
tree1e956b888424090c62716312b4aa1d62fc459f34
parent4067d1c1e571b2e0189cfd230671c6c52c6f274f [diff]
psa: Fix tests/handling of lifetime incompatible with location

The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index bf178ec..6a018e1 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h

@@ -374,9 +374,17 @@
 static inline void psa_set_key_id( psa_key_attributes_t *attributes,
                                    mbedtls_svc_key_id_t key )
 {
+    psa_key_lifetime_t lifetime = attributes->core.lifetime;
+
     attributes->core.id = key;
-    if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
-        attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    {
+        attributes->core.lifetime =
+            PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+                PSA_KEY_LIFETIME_PERSISTENT,
+                PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
+    }
 }
 
 static inline mbedtls_svc_key_id_t psa_get_key_id(
@@ -397,7 +405,7 @@
                                         psa_key_lifetime_t lifetime)
 {
     attributes->core.lifetime = lifetime;
-    if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
     {
 #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
         attributes->core.id.key_id = 0;

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2f01bf2..82e2549 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1342,7 +1342,7 @@
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE )
+    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
     {
         status = psa_destroy_persistent_key( slot->attr.id );
         if( overall_status == PSA_SUCCESS )

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6f6ba07..7308f6f 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c

@@ -348,7 +348,7 @@
     if( status != PSA_SUCCESS )
         return( status );
 
-    if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
         return PSA_SUCCESS;
 
     return( psa_wipe_key_slot( slot ) );

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 8ba9ec1..44f11a6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data

@@ -13,12 +13,18 @@
 PSA key attributes: id then back to volatile
 persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE
 
+PSA key attributes: id then back to non local volatile
+persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1):-1:0:0:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1)
+
 PSA key attributes: id then lifetime
 persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3
 
 PSA key attributes: lifetime then id
 persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3
 
+PSA key attributes: non local volatile lifetime then id
+persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,3):0x1235:0x5679:0x1235:0x5679:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT,3)
+
 PSA key attributes: slot number
 slot_number_attribute:
 

diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 28ab03f..c9f9dbe 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function

@@ -969,7 +969,12 @@
     psa_set_key_bits( &attributes,
                       PSA_BYTES_TO_BITS( sizeof( key_material ) ) );
     psa_set_key_slot_number( &attributes, min_slot );
-    psa_set_key_id( &attributes, returned_id );
+
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+        attributes.core.id = returned_id;
+    else
+        psa_set_key_id( &attributes, returned_id );
+
     if( ! check_key_attributes( returned_id, &attributes ) )
         goto exit;