Merge pull request #3302 from gilles-peskine-arm/psa-lifetime-persistence-indicator
Define some structure for lifetime values
diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt
new file mode 100644
index 0000000..6ac02bc
--- /dev/null
+++ b/ChangeLog.d/psa-lifetime-locations.txt
@@ -0,0 +1,8 @@
+Default behavior changes
+ * In the experimental PSA secure element interface, change the encoding of
+ key lifetimes to encode a persistence level and the location. Although C
+ prototypes do not effectively change, code calling
+ psa_register_se_driver() must be modified to pass the driver's location
+ instead of the keys' lifetime. If the library is upgraded on an existing
+ device, keys created with the old lifetime value will not be readable or
+ removable through Mbed TLS after the upgrade.
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 7ac1ed1..0c28579 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -119,8 +119,10 @@
* \param[in,out] drv_context The driver context structure.
* \param[in,out] persistent_data A pointer to the persistent data
* that allows writing.
- * \param lifetime The lifetime value for which this driver
- * is registered.
+ * \param location The location value for which this driver
+ * is registered. The driver will be invoked
+ * for all keys whose lifetime is in this
+ * location.
*
* \retval #PSA_SUCCESS
* The driver is operational.
@@ -132,7 +134,7 @@
*/
typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
void *persistent_data,
- psa_key_lifetime_t lifetime);
+ psa_key_location_t location);
#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Mbed Crypto with secure element support enabled defines this type in
@@ -1341,17 +1343,19 @@
* after psa_crypto_init().
*
* \note Implementations store metadata about keys including the lifetime
- * value. Therefore, from one instantiation of the PSA Cryptography
+ * value, which contains the driver's location indicator. Therefore,
+ * from one instantiation of the PSA Cryptography
* library to the next one, if there is a key in storage with a certain
* lifetime value, you must always register the same driver (or an
* updated version that communicates with the same secure element)
- * with the same lifetime value.
+ * with the same location value.
*
- * \param lifetime The lifetime value through which this driver will
+ * \param location The location value through which this driver will
* be exposed to applications.
- * The values #PSA_KEY_LIFETIME_VOLATILE and
- * #PSA_KEY_LIFETIME_PERSISTENT are reserved and
- * may not be used for drivers. Implementations
+ * This driver will be used for all keys such that
+ * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`.
+ * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved
+ * and may not be used for drivers. Implementations
* may reserve other values.
* \param[in] methods The method table of the driver. This structure must
* remain valid for as long as the cryptography
@@ -1376,7 +1380,7 @@
* \return PSA_ERROR_NOT_PERMITTED
*/
psa_status_t psa_register_se_driver(
- psa_key_lifetime_t lifetime,
+ psa_key_location_t location,
const psa_drv_se_t *methods);
/**@}*/
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index d96c66e..41f1bea 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -108,18 +108,117 @@
* The lifetime of a key indicates where it is stored and what system actions
* may create and destroy it.
*
- * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically
- * destroyed when the application terminates or on a power reset.
+ * Lifetime values have the following structure:
+ * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+ * persistence level. This value indicates what device management
+ * actions can cause it to be destroyed. In particular, it indicates
+ * whether the key is _volatile_ or _persistent_.
+ * See ::psa_key_persistence_t for more information.
+ * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+ * location indicator. This value indicates where the key is stored
+ * and where operations on the key are performed.
+ * See ::psa_key_location_t for more information.
*
- * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said
- * to be _persistent_.
- * Persistent keys are preserved if the application or the system restarts.
+ * Volatile keys are automatically destroyed when the application instance
+ * terminates or on a power reset of the device. Persistent keys are
+ * preserved until the application explicitly destroys them or until an
+ * implementation-specific device management event occurs (for example,
+ * a factory reset).
+ *
* Persistent keys have a key identifier of type #psa_key_id_t.
+ * This identifier remains valid throughout the lifetime of the key,
+ * even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
* it created previously.
+ *
+ * This specification defines two basic lifetime values:
+ * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
+ * All implementations should support this lifetime.
+ * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
+ * All implementations that have access to persistent storage with
+ * appropriate security guarantees should support this lifetime.
*/
typedef uint32_t psa_key_lifetime_t;
+/** Encoding of key persistence levels.
+ *
+ * What distinguishes different persistence levels is what device management
+ * events may cause keys to be destroyed. _Volatile_ keys are destroyed
+ * by a power reset. Persistent keys may be destroyed by events such as
+ * a transfer of ownership or a factory reset. What management events
+ * actually affect persistent keys at different levels is outside the
+ * scope of the PSA Cryptography specification.
+ *
+ * This specification defines the following values of persistence levels:
+ * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+ * A volatile key is automatically destroyed by the implementation when
+ * the application instance terminates. In particular, a volatile key
+ * is automatically destroyed on a power reset of the device.
+ * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+ * persistent key with a default lifetime.
+ * Implementations should support this value if they support persistent
+ * keys at all.
+ * Applications should use this value if they have no specific needs that
+ * are only met by implementation-specific features.
+ * - \c 2-127: persistent key with a PSA-specified lifetime.
+ * The PSA Cryptography specification does not define the meaning of these
+ * values, but other PSA specifications may do so.
+ * - \c 128-254: persistent key with a vendor-specified lifetime.
+ * No PSA specification will define the meaning of these values, so
+ * implementations may choose the meaning freely.
+ * As a guideline, higher persistence levels should cause a key to survive
+ * more management events than lower levels.
+ * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+ * read-only or write-once key.
+ * A key with this persistence level cannot be destroyed.
+ * Implementations that support such keys may either allow their creation
+ * through the PSA Cryptography API, preferably only to applications with
+ * the appropriate privilege, or only expose keys created through
+ * implementation-specific means such as a factory ROM engraving process.
+ * Note that keys that are read-only due to policy restrictions
+ * rather than due to physical limitations should not have this
+ * persistence levels.
+ *
+ * \note Key persistence levels are 8-bit values. Key management
+ * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+ * encode the persistence as the lower 8 bits of a 32-bit value.
+ */
+typedef uint8_t psa_key_persistence_t;
+
+/** Encoding of key location indicators.
+ *
+ * If an implementation of this API can make calls to external
+ * cryptoprocessors such as secure elements, the location of a key
+ * indicates which secure element performs the operations on the key.
+ * If an implementation offers multiple physical locations for persistent
+ * storage, the location indicator reflects at which physical location
+ * the key is stored.
+ *
+ * This specification defines the following values of location indicators:
+ * - \c 0: primary local storage.
+ * All implementations should support this value.
+ * The primary local storage is typically the same storage area that
+ * contains the key metadata.
+ * - \c 1: primary secure element.
+ * Implementations should support this value if there is a secure element
+ * attached to the operating environment.
+ * As a guideline, secure elements may provide higher resistance against
+ * side channel and physical attacks than the primary local storage, but may
+ * have restrictions on supported key types, sizes, policies and operations
+ * and may have different performance characteristics.
+ * - \c 2-0x7fffff: other locations defined by a PSA specification.
+ * The PSA Cryptography API does not currently assign any meaning to these
+ * locations, but future versions of this specification or other PSA
+ * specifications may do so.
+ * - \c 0x800000-0xffffff: vendor-defined locations.
+ * No PSA specification will assign a meaning to locations in this range.
+ *
+ * \note Key location indicators are 24-bit values. Key management
+ * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+ * encode the location as the upper 24 bits of a 32-bit value.
+ */
+typedef uint32_t psa_key_location_t;
+
/** Encoding of identifiers of persistent keys.
*
* - Applications may freely choose key identifiers in the range
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index baaabff..18b2d5a 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1539,12 +1539,20 @@
* @{
*/
-/** A volatile key only exists as long as the handle to it is not closed.
+/** The default lifetime for volatile keys.
+ *
+ * A volatile key only exists as long as the handle to it is not closed.
* The key material is guaranteed to be erased on a power reset.
+ *
+ * A key with this lifetime is typically stored in the RAM area of the
+ * PSA Crypto subsystem. However this is an implementation choice.
+ * If an implementation stores data about the key in a non-volatile memory,
+ * it must release all the resources associated with the key and erase the
+ * key material if the calling application terminates.
*/
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
-/** The default storage area for persistent keys.
+/** The default lifetime for persistent keys.
*
* A persistent key remains in storage until it is explicitly destroyed or
* until the corresponding storage area is wiped. This specification does
@@ -1555,9 +1563,77 @@
* This lifetime value is the default storage area for the calling
* application. Implementations may offer other storage areas designated
* by other lifetime values as implementation-specific extensions.
+ * See ::psa_key_lifetime_t for more information.
*/
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+/** The persistence level of volatile keys.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
+
+/** The default persistence level for persistent keys.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
+
+/** A persistence level indicating that a key is never destroyed.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
+
+#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
+ ((psa_key_persistence_t)((lifetime) & 0x000000ff))
+
+#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
+ ((psa_key_location_t)((lifetime) >> 8))
+
+/** Whether a key lifetime indicates that the key is volatile.
+ *
+ * A volatile key is automatically destroyed by the implementation when
+ * the application instance terminates. In particular, a volatile key
+ * is automatically destroyed on a power reset of the device.
+ *
+ * A key that is not volatile is persistent. Persistent keys are
+ * preserved until the application explicitly destroys them or until an
+ * implementation-specific device management event occurs (for example,
+ * a factory reset).
+ *
+ * \param lifetime The lifetime value to query (value of type
+ * ::psa_key_lifetime_t).
+ *
+ * \return \c 1 if the key is volatile, otherwise \c 0.
+ */
+#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
+ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
+ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE)
+
+/** Construct a lifetime from a persistence level and a location.
+ *
+ * \param persistence The persistence level
+ * (value of type ::psa_key_persistence_t).
+ * \param location The location indicator
+ * (value of type ::psa_key_location_t).
+ *
+ * \return The constructed lifetime value.
+ */
+#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
+ ((location) << 8 | (persistence))
+
+/** The local storage area for persistent keys.
+ *
+ * This storage area is available on all systems that can store persistent
+ * keys without delegating the storage to a third-party cryptoprocessor.
+ *
+ * See ::psa_key_location_t for more information.
+ */
+#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
+
+#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index b9f186a..087c768 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -66,7 +66,7 @@
struct psa_se_drv_table_entry_s
{
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
const psa_drv_se_t *methods;
union
{
@@ -81,15 +81,16 @@
psa_key_lifetime_t lifetime )
{
size_t i;
- /* In the driver table, lifetime=0 means an entry that isn't used.
- * No driver has a lifetime of 0 because it's a reserved value
- * (which designates volatile keys). Make sure we never return
- * a driver entry for lifetime 0. */
- if( lifetime == 0 )
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
+ /* In the driver table, location=0 means an entry that isn't used.
+ * No driver has a location of 0 because it's a reserved value
+ * (which designates transparent keys). Make sure we never return
+ * a driver entry for location 0. */
+ if( location == 0 )
return( NULL );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
- if( driver_table[i].lifetime == lifetime )
+ if( driver_table[i].location == location )
return( &driver_table[i] );
}
return( NULL );
@@ -129,7 +130,7 @@
const psa_se_drv_table_entry_t *driver,
psa_storage_uid_t *uid )
{
- if( driver->lifetime > PSA_MAX_SE_LIFETIME )
+ if( driver->location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
#if SIZE_MAX > UINT32_MAX
@@ -139,7 +140,7 @@
#endif
/* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
- *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime;
+ *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
return( PSA_SUCCESS );
}
@@ -186,12 +187,12 @@
0 ) );
}
-psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime )
+psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
{
psa_storage_uid_t uid;
- if( lifetime > PSA_MAX_SE_LIFETIME )
+ if( location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
- uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime;
+ uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location;
return( psa_its_remove( uid ) );
}
@@ -202,9 +203,11 @@
psa_key_slot_number_t *slot_number )
{
psa_status_t status;
+ psa_key_location_t key_location =
+ PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) );
- /* If the lifetime is wrong, it's a bug in the library. */
- if( driver->lifetime != psa_get_key_lifetime( attributes ) )
+ /* If the location is wrong, it's a bug in the library. */
+ if( driver->location != key_location )
return( PSA_ERROR_CORRUPTION_DETECTED );
/* If the driver doesn't support key creation in any way, give up now. */
@@ -278,7 +281,7 @@
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
psa_se_drv_table_entry_t *driver = &driver_table[i];
- if( driver->lifetime == 0 )
+ if( driver->location == 0 )
continue; /* skipping unused entry */
const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
if( methods->p_init != NULL )
@@ -286,7 +289,7 @@
psa_status_t status = methods->p_init(
&driver->u.context,
driver->u.internal.persistent_data,
- driver->lifetime );
+ driver->location );
if( status != PSA_SUCCESS )
return( status );
status = psa_save_se_persistent_data( driver );
@@ -304,7 +307,7 @@
/****************************************************************/
psa_status_t psa_register_se_driver(
- psa_key_lifetime_t lifetime,
+ psa_key_location_t location,
const psa_drv_se_t *methods)
{
size_t i;
@@ -313,33 +316,30 @@
if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
return( PSA_ERROR_NOT_SUPPORTED );
/* Driver table entries are 0-initialized. 0 is not a valid driver
- * lifetime because it means a volatile key. */
+ * location because it means a transparent key. */
#if defined(static_assert)
- static_assert( PSA_KEY_LIFETIME_VOLATILE == 0,
- "Secure element support requires 0 to mean a volatile key" );
+ static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
+ "Secure element support requires 0 to mean a local key" );
#endif
- if( lifetime == PSA_KEY_LIFETIME_VOLATILE ||
- lifetime == PSA_KEY_LIFETIME_PERSISTENT )
- {
+ if( location == PSA_KEY_LOCATION_LOCAL_STORAGE )
return( PSA_ERROR_INVALID_ARGUMENT );
- }
- if( lifetime > PSA_MAX_SE_LIFETIME )
+ if( location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
- if( driver_table[i].lifetime == 0 )
+ if( driver_table[i].location == 0 )
break;
- /* Check that lifetime isn't already in use up to the first free
+ /* Check that location isn't already in use up to the first free
* entry. Since entries are created in order and never deleted,
* there can't be a used entry after the first free entry. */
- if( driver_table[i].lifetime == lifetime )
+ if( driver_table[i].location == location )
return( PSA_ERROR_ALREADY_EXISTS );
}
if( i == PSA_MAX_SE_DRIVERS )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- driver_table[i].lifetime = lifetime;
+ driver_table[i].location = location;
driver_table[i].methods = methods;
driver_table[i].u.internal.persistent_data_size =
methods->persistent_data_size;
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 86bf7a7..c145065 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -31,31 +31,30 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
-/** The maximum lifetime value that this implementation supports
+/** The maximum location value that this implementation supports
* for a secure element.
*
* This is not a characteristic that each PSA implementation has, but a
* limitation of the current implementation due to the constraints imposed
* by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE.
*
- * The minimum lifetime value for a secure element is 2, like on any
- * PSA implementation (0=volatile and 1=internal-storage are taken).
+ * The minimum location value for a secure element is 1, like on any
+ * PSA implementation (0 means a transparent key).
*/
-#define PSA_MAX_SE_LIFETIME 255
+#define PSA_MAX_SE_LOCATION 255
/** The base of the range of ITS file identifiers for secure element
* driver persistent data.
*
* We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
* specifically the range 0xfffffe00..0xfffffeff. The length of this range
- * drives the value of #PSA_MAX_SE_LIFETIME.
- * The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since
- * they correspond to #PSA_KEY_LIFETIME_VOLATILE and
- * #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver.
+ * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is
+ * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
+ * which doesn't have a driver.
*/
#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
-/** The maximum number of registered secure element driver lifetimes. */
+/** The maximum number of registered secure element driver locations. */
#define PSA_MAX_SE_DRIVERS 4
/** Unregister all secure element drivers.
@@ -173,10 +172,10 @@
*
* This is currently only used for testing.
*
- * \param[in] lifetime The driver lifetime whose persistent data should
- * be erased.
+ * \param[in] location The location identifier for the driver whose
+ * persistent data is to be erased.
*/
-psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime );
+psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
/** The storage representation of a key whose data is in a secure element.
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
index 0c2411b..55c3426 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -6,14 +6,11 @@
Register SE driver: good, again
register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
-Register SE driver: invalid lifetime (0)
+Register SE driver: invalid location (0)
register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
-Register SE driver: invalid lifetime (VOLATILE)
-register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
-
-Register SE driver: invalid lifetime (PERSISTENT)
-register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
+Register SE driver: invalid location (local)
+register_one:PSA_KEY_LOCATION_LOCAL_STORAGE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid version (ancient)
register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED
@@ -121,7 +118,7 @@
generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
Key registration: smoke test
-register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS
Key registration: invalid lifetime (volatile)
register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
@@ -130,13 +127,13 @@
register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT
Key registration: invalid lifetime (no registered driver)
-register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT
+register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT
Key registration: rejected
-register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
Key registration: not supported
-register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
Import-sign-verify: sign in driver, ECDSA
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index b468d5e..f95f7e5 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -18,8 +18,14 @@
/* Test driver helpers */
/****************************************************************/
-/** The minimum valid lifetime value for a secure element driver. */
-#define MIN_DRIVER_LIFETIME 2
+/** The minimum valid location value for a secure element driver. */
+#define MIN_DRIVER_LOCATION 1
+
+/** The location and lifetime used for tests that use a single driver. */
+#define TEST_DRIVER_LOCATION 1
+#define TEST_SE_PERSISTENT_LIFETIME \
+ ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
/** The driver detected a condition that shouldn't happen.
* This is probably a bug in the library. */
@@ -547,7 +553,7 @@
psa_get_key_lifetime( &actual_attributes );
psa_status_t status = psa_get_key_slot_number( &actual_attributes,
&actual_slot_number );
- if( lifetime < MIN_DRIVER_LIFETIME )
+ if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION )
{
/* The key is not in a secure element. */
TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
@@ -571,23 +577,23 @@
return( ok );
}
-/* Get the file UID corresponding to the specified lifetime.
+/* Get the file UID corresponding to the specified location.
* If this changes, the storage format version must change.
* See psa_get_se_driver_its_file_uid() in psa_crypto_se.c.
*/
-psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime )
+psa_storage_uid_t file_uid_for_location( psa_key_location_t location )
{
- if( lifetime > PSA_MAX_SE_LIFETIME )
+ if( location > PSA_MAX_SE_LOCATION )
return( 0 );
- return( 0xfffffe00 + lifetime );
+ return( 0xfffffe00 + location );
}
/* Check that the persistent data of a driver has its expected content. */
-static int check_persistent_data( psa_key_lifetime_t lifetime,
+static int check_persistent_data( psa_key_location_t location,
const void *expected_data,
size_t size )
{
- psa_storage_uid_t uid = file_uid_for_lifetime( lifetime );
+ psa_storage_uid_t uid = file_uid_for_location( location );
struct psa_storage_info_t info;
uint8_t *loaded = NULL;
int ok = 0;
@@ -737,7 +743,7 @@
static void psa_purge_storage( void )
{
psa_key_id_t id;
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
@@ -746,8 +752,8 @@
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
- for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
- psa_destroy_se_persistent_data( lifetime );
+ for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
+ psa_destroy_se_persistent_data( location );
}
/* END_HEADER */
@@ -758,7 +764,7 @@
*/
/* BEGIN_CASE */
-void register_one( int lifetime, int version, int expected_status_arg )
+void register_one( int location, int version, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
@@ -766,7 +772,7 @@
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = version;
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
expected_status );
PSA_ASSERT( psa_crypto_init( ) );
@@ -780,16 +786,16 @@
void register_twice( int count )
{
psa_drv_se_t driver;
- psa_key_lifetime_t lifetime;
- psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count;
+ psa_key_location_t location;
+ psa_key_location_t max = MIN_DRIVER_LOCATION + count;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
- for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ for( location = MIN_DRIVER_LOCATION; location < max; location++ )
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
+ for( location = MIN_DRIVER_LOCATION; location < max; location++ )
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
PSA_ERROR_ALREADY_EXISTS );
PSA_ASSERT( psa_crypto_init( ) );
@@ -803,16 +809,16 @@
void register_max( )
{
psa_drv_se_t driver;
- psa_key_lifetime_t lifetime;
- psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS;
+ psa_key_location_t location;
+ psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ for( location = MIN_DRIVER_LOCATION; location < max; location++ )
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
PSA_ERROR_INSUFFICIENT_MEMORY );
PSA_ASSERT( psa_crypto_init( ) );
@@ -827,7 +833,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -846,7 +853,7 @@
key_management.p_export = ram_export;
ram_min_slot = min_slot;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -857,7 +864,7 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
&handle ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -866,9 +873,9 @@
if( restart )
{
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -894,7 +901,7 @@
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -921,7 +928,8 @@
psa_status_t status;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -937,7 +945,7 @@
key_management.p_destroy = ram_destroy;
key_management.p_export = ram_export;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -953,7 +961,7 @@
if( status != PSA_SUCCESS )
goto exit;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -962,9 +970,9 @@
if( restart )
{
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -980,7 +988,7 @@
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -1002,7 +1010,8 @@
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1016,7 +1025,7 @@
key_management.p_import = null_import;
key_management.p_destroy = null_destroy;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -1031,7 +1040,7 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material->x, key_material->len,
&handle ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
@@ -1041,9 +1050,9 @@
/* Restart and try again. */
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
@@ -1053,7 +1062,7 @@
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
@@ -1073,7 +1082,8 @@
size_t bits = bits_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1086,7 +1096,7 @@
key_management.p_allocate = counter_allocate;
/* No p_generate method */
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -1111,7 +1121,8 @@
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1125,7 +1136,7 @@
key_management.p_generate = null_generate;
key_management.p_destroy = null_destroy;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -1139,7 +1150,7 @@
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
@@ -1149,9 +1160,9 @@
/* Restart and try again. */
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
@@ -1161,7 +1172,7 @@
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
@@ -1190,7 +1201,8 @@
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t drv_handle = 0; /* key managed by the driver */
psa_key_handle_t sw_handle = 0; /* transparent key */
@@ -1229,7 +1241,7 @@
}
asymmetric.p_verify = ram_verify;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Prepare to create two keys with the same key material: a transparent
@@ -1347,6 +1359,7 @@
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
@@ -1371,7 +1384,7 @@
( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED );
}
- PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -1395,7 +1408,7 @@
/* Restart and try again. */
PSA_DONE( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_open_key( id, &handle ) );
if( ! check_key_attributes( handle, &attributes ) )
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
index f60bd76..23e035a 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
@@ -1,11 +1,14 @@
SE init mock test: success
-mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
+mock_init:1:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
SE init mock test: failure
-mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
+mock_init:1:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
-SE init mock test: invalid lifetime
-mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
+SE init mock test: invalid location (0)
+mock_init:0:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
+
+SE init mock test: location not supported (INT_MAX)
+mock_init:INT_MAX:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
SE key importing mock test
mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index 9f17b84..f6acb07 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -5,10 +5,16 @@
#include "psa_crypto_se.h"
#include "psa_crypto_storage.h"
+/** The location and lifetime used for tests that use a single driver. */
+#define TEST_DRIVER_LOCATION 1
+#define TEST_SE_PERSISTENT_LIFETIME \
+ ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
+
static struct
{
uint16_t called;
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
psa_status_t return_value;
} mock_init_data;
@@ -84,7 +90,7 @@
static void psa_purge_storage( void )
{
psa_key_id_t id;
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
@@ -93,8 +99,8 @@
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
- for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
- psa_destroy_se_persistent_data( lifetime );
+ for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
+ psa_destroy_se_persistent_data( location );
}
static void mock_teardown( void )
@@ -113,13 +119,13 @@
static psa_status_t mock_init( psa_drv_se_context_t *drv_context,
void *persistent_data,
- psa_key_lifetime_t lifetime )
+ psa_key_location_t location )
{
(void) drv_context;
(void) persistent_data;
mock_init_data.called++;
- mock_init_data.lifetime = lifetime;
+ mock_init_data.location = location;
return( mock_init_data.return_value );
}
@@ -279,13 +285,13 @@
*/
/* BEGIN_CASE */
-void mock_init( int lifetime_arg,
+void mock_init( int location_arg,
int expected_register_status_arg,
int driver_status_arg,
int expected_psa_status_arg,
int expected_called )
{
- psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_location_t location = location_arg;
psa_status_t expected_register_status = expected_register_status_arg;
psa_status_t driver_status = driver_status_arg;
psa_status_t expected_psa_status = expected_psa_status_arg;
@@ -297,7 +303,7 @@
mock_init_data.return_value = driver_status;
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
expected_register_status );
psa_crypto_init_called = 1;
@@ -305,7 +311,7 @@
TEST_EQUAL( mock_init_data.called, expected_called );
if( expected_called )
- TEST_EQUAL( mock_init_data.lifetime, lifetime );
+ TEST_EQUAL( mock_init_data.location, location );
exit:
if( psa_crypto_init_called )
@@ -322,7 +328,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -339,7 +346,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -378,7 +385,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -397,7 +405,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -431,7 +439,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -446,7 +455,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -485,7 +494,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -503,7 +513,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -534,7 +544,8 @@
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -559,7 +570,7 @@
driver.asymmetric = &asymmetric;
asymmetric.p_sign = mock_sign;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -594,7 +605,8 @@
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -618,7 +630,7 @@
driver.asymmetric = &asymmetric;
asymmetric.p_verify = mock_verify;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );