Add tests checking owner of volatile keys
When key identifiers encode key owner, add tests
checking that:
. the key owner of an imported volatile key is
the one specified.
. a key identifier of a volatile key with a valid
PSA key identifier but the wrong owner is
rejected.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index bf5a89e..4f31a23 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -1,17 +1,17 @@
Transient slot, check after closing
-transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING
+transient_slot_lifecycle:0x1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING
Transient slot, check after closing and restarting
-transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN
+transient_slot_lifecycle:0x13:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN
Transient slot, check after destroying
-transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING
+transient_slot_lifecycle:0x135:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING
Transient slot, check after destroying and restarting
-transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN
+transient_slot_lifecycle:0x1357:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN
Transient slot, check after restart with live handles
-transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN
+transient_slot_lifecycle:0x13579:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN
Persistent slot, check after closing, id=min
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index b334257..75e1d8b 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -157,7 +157,8 @@
*/
/* BEGIN_CASE */
-void transient_slot_lifecycle( int usage_arg, int alg_arg,
+void transient_slot_lifecycle( int owner_id_arg,
+ int usage_arg, int alg_arg,
int type_arg, data_t *key_data,
int invalidate_method_arg )
{
@@ -171,6 +172,14 @@
PSA_ASSERT( psa_crypto_init( ) );
/* Import a key. */
+ #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+ mbedtls_key_owner_id_t owner_id = owner_id_arg;
+
+ mbedtls_set_key_owner_id( &attributes, owner_id );
+ #else
+ (void)owner_id_arg;
+ #endif
+
psa_set_key_usage_flags( &attributes, usage_flags );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, type );
@@ -181,6 +190,21 @@
TEST_EQUAL( psa_get_key_type( &attributes ), type );
psa_reset_key_attributes( &attributes );
+ #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+ {
+ psa_key_handle_t handle;
+ mbedtls_svc_key_id_t key_with_invalid_owner =
+ mbedtls_svc_key_id_make( owner_id + 1,
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
+
+ TEST_ASSERT( mbedtls_key_owner_id_equal(
+ owner_id,
+ MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ) ) );
+ TEST_EQUAL( psa_open_key( key_with_invalid_owner, &handle ),
+ PSA_ERROR_DOES_NOT_EXIST );
+ }
+ #endif
+
/*
* Purge the key and make sure that it is still valid, as purging a
* volatile key shouldn't invalidate/destroy it.