Add test to check that volatile external keys do not get persisted

stevew817 · stevew817 · commit 223f2877bee9 · 2020-06-08T18:35:16.000+02:00
Signed-off-by: Steven Cooreman &lt;steven.cooreman@silabs.com&gt;
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -24,17 +24,29 @@ register_twice:3
 Register SE driver: maximum number of drivers
 register_max:
 
-SE key import-export (p_allocate allows all slots)
-key_creation_import_export:0:0
+SE key import-export persistent (p_allocate allows all slots)
+key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:0
 
-SE key import-export (p_allocate allows 1 slot)
-key_creation_import_export:ARRAY_LENGTH( ram_slots ) - 1:0
+SE key import-export persistent (p_allocate allows 1 slot)
+key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0
 
-SE key import-export, check after restart (slot 0)
-key_creation_import_export:0:1
+SE key import-export persistent, check after restart (slot 0)
+key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:1
 
-SE key import-export, check after restart (slot 3)
-key_creation_import_export:3:1
+SE key import-export persistent, check after restart (slot 3)
+key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:3:1
+
+SE key import-export volatile (p_allocate allows all slots)
+key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:0
+
+SE key import-export volatile (p_allocate allows 1 slot)
+key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0
+
+SE key import-export volatile, check after restart (slot 0)
+key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:1
+
+SE key import-export volatile, check after restart (slot 3)
+key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:3:1
 
 Key creation in a specific slot (0)
 key_creation_in_chosen_slot:0:0:PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -27,6 +27,10 @@
     ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(           \
         PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
 
+#define TEST_SE_VOLATILE_LIFETIME                               \
+    ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(           \
+        PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) )
+
 /** The driver detected a condition that shouldn't happen.
  * This is probably a bug in the library. */
 #define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 ))
@@ -609,6 +613,20 @@ exit:
     return( ok );
 }
 
+/* Check that no persistent data exists for the given location. */
+static int check_no_persistent_data( psa_key_location_t location )
+{
+    psa_storage_uid_t uid = file_uid_for_location( location );
+    struct psa_storage_info_t info;
+    int ok = 0;
+
+    TEST_ASSERT( psa_its_get_info( uid, &info ) == PSA_ERROR_DOES_NOT_EXIST );
+    ok = 1;
+
+exit:
+    return( ok );
+}
+
 /* Check that a function's return status is "smoke-free", i.e. that
  * it's an acceptable error code when calling an API function that operates
  * on a key with potentially bogus parameters. */
@@ -829,11 +847,11 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void key_creation_import_export( int min_slot, int restart )
+void key_creation_import_export( int lifetime_arg, int min_slot, int restart )
 {
     psa_drv_se_t driver;
     psa_drv_se_key_management_t key_management;
-    psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+    psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg;
     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
     psa_key_id_t id = 1;
     psa_key_handle_t handle = 0;
@@ -864,22 +882,59 @@ void key_creation_import_export( int min_slot, int restart )
     PSA_ASSERT( psa_import_key( &attributes,
                                 key_material, sizeof( key_material ),
                                 &handle ) );
-    if( ! check_persistent_data( location,
-                                 &ram_shadow_slot_usage,
-                                 sizeof( ram_shadow_slot_usage ) ) )
-        goto exit;
+
+
+    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    {
+        /* For volatile keys, check no persistent data was created */
+        if( ! check_no_persistent_data( location ) )
+            goto exit;
+    }
+    else
+    {
+        /* For persistent keys, check persistent data */
+        if( ! check_persistent_data( location,
+                             &ram_shadow_slot_usage,
+                             sizeof( ram_shadow_slot_usage ) ) )
+            goto exit;
+    }
+
+    /* Test that the key was created in the expected slot. */
+    TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA );
 
     /* Maybe restart, to check that the information is saved correctly. */
     if( restart )
     {
         mbedtls_psa_crypto_free( );
         PSA_ASSERT( psa_register_se_driver( location, &driver ) );
         PSA_ASSERT( psa_crypto_init( ) );
-        if( ! check_persistent_data( location,
-                                     &ram_shadow_slot_usage,
-                                     sizeof( ram_shadow_slot_usage ) ) )
-            goto exit;
-        PSA_ASSERT( psa_open_key( id, &handle ) );
+
+        if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+        {
+            /* Check that the PSA core has no knowledge of the volatile key */
+            TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST );
+
+            /* Drop data from our mockup driver */
+            ram_slots_reset();
+            ram_min_slot = min_slot;
+
+            /* Re-import key */
+            PSA_ASSERT( psa_import_key( &attributes,
+                                key_material, sizeof( key_material ),
+                                &handle ) );
+        }
+        else
+        {
+
+            /* Check we can re-open the persistent key */
+            if( ! check_persistent_data( location,
+                                         &ram_shadow_slot_usage,
+                                         sizeof( ram_shadow_slot_usage ) ) )
+                goto exit;
+
+            /* Check that the PSA core still knows about the key */
+            PSA_ASSERT( psa_open_key( id, &handle ) );
+        }
     }
 
     /* Test that the key was created in the expected slot. */
