Skip to content

Commit 3d1b836

Browse files
Pataterdgreen-arm
Patater
authored and
dgreen-arm
committed
Use PSA Crypto API 1.0b3
The PSA Crypto API has moved on from 1.0b2 to 1.0b3, bringing along with it some breaking changes. Update Mbed OS to use the 1.0b3 API.
1 parent 3e53118 commit 3d1b836

File tree

13 files changed

+350
-504
lines changed

13 files changed

+350
-504
lines changed

TESTS/mbed-crypto/sanity/main.cpp

Lines changed: 83 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -86,26 +86,24 @@ void test_crypto_random(void)
8686
void test_crypto_asymmetric_encrypt_decrypt(void)
8787
{
8888
psa_status_t status = PSA_SUCCESS;
89-
psa_key_handle_t key_handle = 0;
90-
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
89+
psa_key_handle_t key_handle;
90+
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
9191
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
92-
size_t key_bits = 512, got_bits = 0, output_length;
93-
psa_key_policy_t policy;
92+
size_t key_bits = 512, output_length;
93+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
9494
static const unsigned char input[] = "encrypt me!";
9595
unsigned char encrypted[64];
9696
unsigned char decrypted[sizeof(input)];
9797

98-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
99-
100-
policy = psa_key_policy_init();
101-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
102-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
103-
104-
status = psa_generate_key(key_handle, key_type, key_bits, NULL, 0);
98+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_ENCRYPT);
99+
psa_set_key_algorithm(&attributes, alg);
100+
psa_set_key_type(&attributes, key_type);
101+
psa_set_key_bits(&attributes, key_bits);
102+
status = psa_generate_key(&attributes, &key_handle);
105103
TEST_SKIP_UNLESS_MESSAGE(status != PSA_ERROR_NOT_SUPPORTED, "RSA key generation is not supported");
106104
TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
107-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(key_handle, NULL, &got_bits));
108-
TEST_ASSERT_EQUAL(key_bits, got_bits);
105+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(key_handle, &attributes));
106+
TEST_ASSERT_EQUAL(key_bits, psa_get_key_bits(&attributes));
109107
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_encrypt(key_handle, alg, input, sizeof(input), NULL, 0,
110108
encrypted, sizeof(encrypted), &output_length));
111109
TEST_ASSERT_EQUAL(sizeof(encrypted), output_length);
@@ -135,11 +133,11 @@ void test_crypto_hash_verify(void)
135133

136134
void test_crypto_symmetric_cipher_encrypt_decrypt(void)
137135
{
138-
psa_key_handle_t key_handle = 0;
136+
psa_key_handle_t key_handle;
139137
psa_key_type_t key_type = PSA_KEY_TYPE_AES;
140138
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
141139
psa_cipher_operation_t operation;
142-
psa_key_policy_t policy;
140+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
143141
size_t output_len;
144142
static const unsigned char key[] = {
145143
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -155,13 +153,12 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
155153
};
156154
unsigned char encrypted[sizeof(input)], decrypted[sizeof(input)], iv[16];
157155

158-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
159-
160156
memset(iv, 0x2a, sizeof(iv));
161-
policy = psa_key_policy_init();
162-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg);
163-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
164-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
157+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
158+
psa_set_key_algorithm(&attributes, alg);
159+
psa_set_key_type(&attributes, key_type);
160+
psa_set_key_bits(&attributes, 128);
161+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
165162

166163
operation = psa_cipher_operation_init();
167164
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_cipher_encrypt_setup(&operation, key_handle, alg));
@@ -187,10 +184,10 @@ void test_crypto_symmetric_cipher_encrypt_decrypt(void)
187184

188185
void test_crypto_asymmetric_sign_verify(void)
189186
{
190-
psa_key_handle_t key_handle = 0;
191-
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEYPAIR;
187+
psa_key_handle_t key_handle;
188+
psa_key_type_t key_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
192189
psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
193-
psa_key_policy_t policy;
190+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
194191
static const unsigned char key[] = {
195192
0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf,
196193
0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1,
@@ -261,12 +258,10 @@ void test_crypto_asymmetric_sign_verify(void)
261258
unsigned char signature[sizeof(expected_signature)];
262259
size_t signature_len;
263260

264-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
265-
266-
policy = psa_key_policy_init();
267-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, alg);
268-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
269-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(key_handle, key_type, key, sizeof(key)));
261+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY);
262+
psa_set_key_algorithm(&attributes, alg);
263+
psa_set_key_type(&attributes, key_type);
264+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
270265
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
271266
signature, sizeof(signature), &signature_len));
272267
TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
@@ -279,31 +274,43 @@ void test_crypto_asymmetric_sign_verify(void)
279274

280275
void test_crypto_key_derivation(void)
281276
{
282-
psa_key_handle_t key_handle = 0, derived_key_handle = 0;
277+
psa_key_handle_t key_handle, derived_key_handle;
283278
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256), derived_alg = PSA_ALG_CTR;
284-
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES, got_type;
285-
psa_key_policy_t policy;
286-
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
287-
size_t key_bits = 512, derived_key_bits = 256, got_bits;
288-
289-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
290-
291-
policy = psa_key_policy_init();
292-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_DERIVE, alg);
293-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
294-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, key_type, key_bits, NULL, 0));
295-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation(&generator, key_handle, alg, NULL, 0, NULL, 0,
279+
psa_key_type_t key_type = PSA_KEY_TYPE_DERIVE, derived_key_type = PSA_KEY_TYPE_AES;
280+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
281+
psa_key_derivation_operation_t operation =
282+
PSA_KEY_DERIVATION_OPERATION_INIT;
283+
size_t key_bits = 512, derived_key_bits = 256;
284+
285+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
286+
psa_set_key_algorithm(&attributes, alg);
287+
psa_set_key_type(&attributes, key_type);
288+
psa_set_key_bits(&attributes, key_bits);
289+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
290+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_setup(&operation, alg));
291+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
292+
psa_key_derivation_set_capacity(&operation,
296293
PSA_BITS_TO_BYTES(derived_key_bits)));
297-
298-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&derived_key_handle));
299-
psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, derived_alg);
300-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(derived_key_handle, &policy));
301-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_import_key(derived_key_handle, derived_key_type,
302-
derived_key_bits, &generator));
303-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_information(derived_key_handle, &got_type, &got_bits));
304-
TEST_ASSERT_EQUAL(derived_key_type, got_type);
305-
TEST_ASSERT_EQUAL(derived_key_bits, got_bits);
306-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generator_abort(&generator));
294+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
295+
psa_key_derivation_input_bytes(&operation,
296+
PSA_KEY_DERIVATION_INPUT_SALT, NULL, 0));
297+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_input_key(&operation,
298+
PSA_KEY_DERIVATION_INPUT_SECRET,
299+
key_handle));
300+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
301+
psa_key_derivation_input_bytes(&operation,
302+
PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0));
303+
304+
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
305+
psa_set_key_algorithm(&attributes, derived_alg);
306+
psa_set_key_type(&attributes, derived_key_type);
307+
psa_set_key_bits(&attributes, derived_key_bits);
308+
TEST_ASSERT_EQUAL(PSA_SUCCESS,
309+
psa_key_derivation_output_key(&attributes, &operation, &derived_key_handle));
310+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_get_key_attributes(derived_key_handle, &attributes));
311+
TEST_ASSERT_EQUAL(derived_key_type, psa_get_key_type(&attributes));
312+
TEST_ASSERT_EQUAL(derived_key_bits, psa_get_key_bits(&attributes));
313+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_key_derivation_abort(&operation));
307314
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
308315
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(derived_key_handle));
309316
}
@@ -316,42 +323,45 @@ void test_crypto_key_handles(void)
316323
psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
317324
psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
318325
psa_key_handle_t key_handle;
319-
psa_key_policy_t policy;
326+
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
320327

321-
key_handle = 0;
322-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
323-
TEST_ASSERT_NOT_EQUAL(0, key_handle);
324-
policy = psa_key_policy_init();
325-
psa_key_policy_set_usage(&policy, usage, alg);
326-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
327-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
328+
psa_set_key_usage_flags(&attributes, usage);
329+
psa_set_key_algorithm(&attributes, alg);
330+
psa_set_key_type(&attributes, type);
331+
psa_set_key_bits(&attributes, bits);
332+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
328333
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
334+
TEST_ASSERT_NOT_EQUAL(0, key_handle);
329335

330336
key_handle = 0;
331-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_allocate_key(&key_handle));
337+
attributes = psa_key_attributes_init();
338+
psa_set_key_usage_flags(&attributes, usage);
339+
psa_set_key_algorithm(&attributes, alg);
340+
psa_set_key_type(&attributes, type);
341+
psa_set_key_bits(&attributes, bits);
342+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
332343
TEST_ASSERT_NOT_EQUAL(0, key_handle);
333-
policy = psa_key_policy_init();
334-
psa_key_policy_set_usage(&policy, usage, alg);
335-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
336-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
337344
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
338345

339346
key_handle = 0;
340-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_create_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
347+
attributes = psa_key_attributes_init();
348+
psa_set_key_usage_flags(&attributes, usage);
349+
psa_set_key_algorithm(&attributes, alg);
350+
psa_set_key_type(&attributes, type);
351+
psa_set_key_bits(&attributes, bits);
352+
psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
353+
psa_set_key_id(&attributes, id);
354+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(&attributes, &key_handle));
341355
TEST_ASSERT_NOT_EQUAL(0, key_handle);
342-
policy = psa_key_policy_init();
343-
psa_key_policy_set_usage(&policy, usage, alg);
344-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_set_key_policy(key_handle, &policy));
345-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_generate_key(key_handle, type, bits, NULL, 0));
346356
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_close_key(key_handle));
347357

348358
key_handle = 0;
349-
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
359+
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_open_key(id, &key_handle));
350360
TEST_ASSERT_NOT_EQUAL(0, key_handle);
351361
TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
352362

353363
key_handle = 0;
354-
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, id, &key_handle));
364+
TEST_ASSERT_EQUAL(PSA_ERROR_DOES_NOT_EXIST, psa_open_key(id, &key_handle));
355365
}
356366

357367
void test_crypto_hash_clone(void)

TESTS/psa/attestation/main.cpp

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ static void check_initial_attestation_get_token()
9494
TEST_ASSERT_EQUAL(status, PSA_SUCCESS);
9595
status = psa_attestation_inject_key(private_key_data,
9696
sizeof(private_key_data),
97-
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1),
97+
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1),
9898
exported,
9999
sizeof(exported),
100100
&exported_length);
@@ -119,9 +119,8 @@ static void check_initial_attestation_get_token()
119119

120120
utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason)
121121
{
122-
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
123-
psa_key_handle_t handle = 0;
124-
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle);
122+
psa_key_handle_t handle;
123+
psa_open_key(PSA_ATTESTATION_PRIVATE_KEY_ID, &handle);
125124
psa_destroy_key(handle);
126125
mbedtls_psa_crypto_free();
127126
return greentea_case_teardown_handler(source, passed, failed, reason);

0 commit comments

Comments
 (0)