Fixups after review

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

Author: stevew817

library/psa_crypto.c

@@ -1499,43 +1499,12 @@ static psa_status_t psa_validate_key_attributes(
     psa_se_drv_table_entry_t **p_drv )
 {
     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
 
-    /* Check there is a proper handler for this lifetime */
-    if ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
-         != PSA_KEY_LOCATION_LOCAL_STORAGE )
-    {
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-        psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime );
-        if( p_drv_e == NULL )
-            status = PSA_ERROR_INVALID_ARGUMENT;
-        else
-        {
-            if (p_drv != NULL)
-                *p_drv = p_drv_e;
-            status = PSA_SUCCESS;
-        }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-    }
-    else
-    {
-        if( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) {
-            /* PSA Core needs storage to support persistent local keys */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-            psa_key_id_t key_id = psa_get_key_id( attributes );
-            if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX )
-                status = PSA_SUCCESS;
-            else
-                status = PSA_ERROR_INVALID_ARGUMENT;
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-            status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
-        } else {
-            /* PSA Core is always able to store a volatile key internally */
-            status = PSA_SUCCESS;
-        }
-    }
+    status = psa_validate_key_location( attributes, p_drv );
+    if( status != PSA_SUCCESS )
+        return( status );
 
+    status = psa_validate_key_persistence( attributes );
     if( status != PSA_SUCCESS )
         return( status );
 

library/psa_crypto_slot_management.c

@@ -183,6 +183,55 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id,
 }
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 
+psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
+                                        psa_se_drv_table_entry_t **p_drv )
+{
+    psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
+    if ( psa_key_lifetime_is_external( lifetime ) )
+    {
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+        psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime );
+        if( p_drv_e == NULL )
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        else
+        {
+            if (p_drv != NULL)
+                *p_drv = p_drv_e;
+            return( PSA_SUCCESS );
+        }
+#else
+        return( PSA_ERROR_INVALID_ARGUMENT );
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+    }
+    else
+        /* Local/internal keys are always valid */
+        return( PSA_SUCCESS );
+}
+
+psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes )
+{
+    psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
+
+    if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    {
+        /* Volatile keys are always supported */
+        return( PSA_SUCCESS );
+    }
+    else
+    {
+        /* Persistent keys require storage support */
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+        if( psa_is_key_id_valid( psa_get_key_id( attributes ),
+            psa_key_lifetime_is_external( lifetime ) ) )
+            return( PSA_SUCCESS );
+        else
+            return( PSA_ERROR_INVALID_ARGUMENT );
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+        return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
+    }
+}
+
 psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle )
 {
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)

library/psa_crypto_slot_management.h

@@ -92,5 +92,33 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
                 != PSA_KEY_LOCATION_LOCAL_STORAGE );
 }
 
+/** Validate that a key's attributes point to a known location.
+ *
+ * This function checks whether the key's attributes point to a location that
+ * is known to the PSA Core, and returns the driver function table if the key
+ * is to be found in an external location.
+ *
+ * \param[in] attributes    The key attributes.
+ * \param[out] p_drv        On success, when a key is located in external
+ *                          storage, returns a pointer to the driver table
+ *                          associated with the key's storage location.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ */
+psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes,
+                                        psa_se_drv_table_entry_t **p_drv );
+
+/** Validate that a key's persistence is consistent.
+ *
+ * This function checks whether a key's persistence attribute is consistent.
+ *
+ * \param[in] attributes    The key attributes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ */
+psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes );
+
 
 #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */

tests/suites/test_suite_psa_crypto_se_driver_hal.data

@@ -130,22 +130,28 @@ Key generation smoke test: HMAC-SHA-256
 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
 
 Key registration: smoke test
-register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:1:PSA_SUCCESS
 
 Key registration: invalid lifetime (volatile internal storage)
-register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
+register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:1:PSA_ERROR_INVALID_ARGUMENT
 
 Key registration: invalid lifetime (internal storage)
-register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT
+register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:1:PSA_ERROR_INVALID_ARGUMENT
 
 Key registration: invalid lifetime (no registered driver)
-register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT
+register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:1:PSA_ERROR_INVALID_ARGUMENT
 
 Key registration: rejected
-register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:0:PSA_ERROR_NOT_PERMITTED
 
 Key registration: not supported
-register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:-1:PSA_ERROR_NOT_SUPPORTED
+
+Key registration: key id out of range
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT
+
+Key registration: key id in vendor range
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS
 
 Import-sign-verify: sign in driver, ECDSA
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED

tests/suites/test_suite_psa_crypto_se_driver_hal.function

@@ -620,7 +620,7 @@ static int check_no_persistent_data( psa_key_location_t location )
     struct psa_storage_info_t info;
     int ok = 0;
 
-    TEST_ASSERT( psa_its_get_info( uid, &info ) != PSA_SUCCESS );
+    TEST_ASSERT( psa_its_get_info( uid, &info ) == PSA_ERROR_DOES_NOT_EXIST );
     ok = 1;
 
 exit:
@@ -884,18 +884,18 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
                                 &handle ) );
 
 
-    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
     {
-        /* For persistent keys, check persistent data */
-        if( ! check_persistent_data( location,
-                             &ram_shadow_slot_usage,
-                             sizeof( ram_shadow_slot_usage ) ) )
+        /* For volatile keys, check no persistent data was created */
+        if( ! check_no_persistent_data( location ) )
             goto exit;
     }
     else
     {
-        /* For volatile keys, check no persistent data was created */
-        if( ! check_no_persistent_data( location ) )
+        /* For persistent keys, check persistent data */
+        if( ! check_persistent_data( location,
+                             &ram_shadow_slot_usage,
+                             sizeof( ram_shadow_slot_usage ) ) )
             goto exit;
     }
 
@@ -912,7 +912,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
         if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
         {
             /* Check that the PSA core has no knowledge of the volatile key */
-            TEST_ASSERT( psa_open_key( id, &handle ) != PSA_SUCCESS );
+            TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST );
 
             /* Drop data from our mockup driver */
             ram_slots_reset();
@@ -1410,6 +1410,7 @@ exit:
 
 /* BEGIN_CASE */
 void register_key_smoke_test( int lifetime_arg,
+                              int id_arg,
                               int validate,
                               int expected_status_arg )
 {
@@ -1419,7 +1420,7 @@ void register_key_smoke_test( int lifetime_arg,
     psa_drv_se_t driver;
     psa_drv_se_key_management_t key_management;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_id_t id = 1;
+    psa_key_id_t id = id_arg;
     size_t bit_size = 48;
     psa_key_slot_number_t wanted_slot = 0x123456789;
     psa_key_handle_t handle = 0;