From 2aed5b40975e9793ebdbb3829ad285a1f2e55458 Mon Sep 17 00:00:00 2001 From: Krzysztof Taborowski Date: Fri, 30 Aug 2024 10:56:47 +0200 Subject: [PATCH] pal: on dev cert support secure keys [KRKNWK-19108] Signed-off-by: Krzysztof Taborowski --- Kconfig | 1 + Kconfig.dependencies | 1 + .../common/sid_on_dev_cert/sid_on_dev_cert.c | 27 ++++- subsys/sal/sid_pal/include/sid_crypto_keys.h | 17 +-- subsys/sal/sid_pal/src/sid_crypto_keys.c | 21 +++- subsys/sal/sid_pal/src/sid_storage.c | 111 ++++++++++++------ tests/functional/crypto_keys/Kconfig | 4 + .../functional/crypto_keys/Kconfig.defconfig | 17 +++ .../nrf54l15pdk_nrf54l15_cpuapp_0_3_0.conf | 7 ++ .../nrf54l15pdk_nrf54l15_cpuapp_0_3_0.overlay | 84 +++++++++++++ tests/functional/crypto_keys/src/main.c | 76 +++++++++--- 11 files changed, 300 insertions(+), 66 deletions(-) create mode 100644 tests/functional/crypto_keys/Kconfig.defconfig create mode 100644 tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.conf create mode 100644 tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.overlay diff --git a/Kconfig b/Kconfig index 40df2314da..2ea594c42b 100644 --- a/Kconfig +++ b/Kconfig @@ -213,6 +213,7 @@ config SIDEWALK_ON_DEV_CERT config SIDEWALK_CRYPTO_PSA_KEY_STORAGE bool "Enable psa crypto storage for persistent Sidewalk keys [EXPERIMENTAL]" + default SIDEWALK select EXPERIMENTAL config SIDEWALK_PAL_RADIO_SOURCE diff --git a/Kconfig.dependencies b/Kconfig.dependencies index 291c52526c..68400dbc4c 100644 --- a/Kconfig.dependencies +++ b/Kconfig.dependencies @@ -73,6 +73,7 @@ config SIDEWALK_CRYPTO imply MBEDTLS_ENABLE_HEAP imply MBEDTLS_PSA_CRYPTO_STORAGE_C if SIDEWALK_CRYPTO_PSA_KEY_STORAGE imply TRUSTED_STORAGE if SIDEWALK_CRYPTO_PSA_KEY_STORAGE + imply HW_UNIQUE_KEY if SIDEWALK_CRYPTO_PSA_KEY_STORAGE imply HW_UNIQUE_KEY_WRITE_ON_CRYPTO_INIT if SIDEWALK_CRYPTO_PSA_KEY_STORAGE help Sidewalk security module diff --git a/subsys/sal/common/sid_on_dev_cert/sid_on_dev_cert.c b/subsys/sal/common/sid_on_dev_cert/sid_on_dev_cert.c index 7b46f5593a..f80083f3dc 100644 --- a/subsys/sal/common/sid_on_dev_cert/sid_on_dev_cert.c +++ b/subsys/sal/common/sid_on_dev_cert/sid_on_dev_cert.c @@ -19,6 +19,10 @@ #include #include +#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE +#include +#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ + #include #include #include @@ -337,7 +341,23 @@ sid_error_t sid_on_dev_cert_generate_csr(enum sid_on_dev_cert_algo_type algo, ui } // Generate key pair - if ((ret = sid_pal_crypto_ecc_key_gen(&key_params)) == SID_ERROR_NONE) { +#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE + ret = SID_ERROR_GENERIC; + psa_key_id_t key_id = + (algo == SID_ODC_CRYPT_ALGO_ED25519) ? SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID : + (algo == SID_ODC_CRYPT_ALGO_P256R1) ? SID_CRYPTO_MFG_SECP_256R1_PRIV_KEY_ID : + PSA_KEY_ID_NULL; + int err = sid_crypto_keys_new_generate(key_id, key_params.puk, key_params.puk_size); + if (!err) { + err = sid_crypto_keys_buffer_set(key_id, key_params.prk, key_params.prk_size); + if (!err) { + ret = SID_ERROR_NONE; + } + } +#else + ret = sid_pal_crypto_ecc_key_gen(&key_params); +#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ + if (ret == SID_ERROR_NONE) { /* * Signing the certificate CSR * Message_to_sign = Public key || SMSN @@ -641,6 +661,11 @@ sid_error_t sid_on_dev_cert_verify_and_store(void) goto exit; } +#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE + memset(context->device_ed25519_prk, 0, SID_ODC_ED25519_PRK_SIZE); + memset(context->device_p256r1_prk, 0, SID_ODC_P256R1_PRK_SIZE); +#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ + status = write_to_mfg_store(SID_PAL_MFG_STORE_SMSN, context->smsn, SID_ODC_SMSN_SIZE) && write_to_mfg_store(SID_PAL_MFG_STORE_APID, context->apid, SID_PAL_MFG_STORE_APID_SIZE) && diff --git a/subsys/sal/sid_pal/include/sid_crypto_keys.h b/subsys/sal/sid_pal/include/sid_crypto_keys.h index de2be59d11..00b731e938 100644 --- a/subsys/sal/sid_pal/include/sid_crypto_keys.h +++ b/subsys/sal/sid_pal/include/sid_crypto_keys.h @@ -9,18 +9,19 @@ #include -#define SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(_id) (PSA_KEY_ID_USER_MIN <= _id && _id < SID_CRYPTO_KEY_ID_LAST) +#define SID_CRYPTO_KEYS_ID_IS_SIDEWALK_KEY(_id) \ + (PSA_KEY_ID_USER_MIN <= _id && _id < SID_CRYPTO_KEY_ID_LAST) /** * @brief Persistent psa key ids used in Sidewalk. */ typedef enum { - SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID = PSA_KEY_ID_USER_MIN, - SID_CRYPTO_MFG_SECP_256R1_PRIV_KEY_ID, - SID_CRYPTO_KV_WAN_MASTER_KEY_ID, - SID_CRYPTO_KV_APP_KEY_KEY_ID, - SID_CRYPTO_KV_D2D_KEY_ID, - SID_CRYPTO_KEY_ID_LAST + SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID = PSA_KEY_ID_USER_MIN, + SID_CRYPTO_MFG_SECP_256R1_PRIV_KEY_ID, + SID_CRYPTO_KV_WAN_MASTER_KEY_ID, + SID_CRYPTO_KV_APP_KEY_KEY_ID, + SID_CRYPTO_KV_D2D_KEY_ID, + SID_CRYPTO_KEY_ID_LAST } sid_crypto_key_id_t; /** @@ -50,7 +51,7 @@ int sid_crypto_keys_new_import(psa_key_id_t id, uint8_t *data, size_t size); * @param id [in] Key id to generate new. * @return 0 on success, or -errno on failure. */ -int sid_crypto_keys_new_generate(psa_key_id_t id); +int sid_crypto_keys_new_generate(psa_key_id_t id, uint8_t *puk, size_t puk_size); /** * @brief Set key id in buffer. diff --git a/subsys/sal/sid_pal/src/sid_crypto_keys.c b/subsys/sal/sid_pal/src/sid_crypto_keys.c index af7ff0b4d9..8cf5e3e79f 100644 --- a/subsys/sal/sid_pal/src/sid_crypto_keys.c +++ b/subsys/sal/sid_pal/src/sid_crypto_keys.c @@ -82,7 +82,7 @@ int sid_crypto_keys_new_import(psa_key_id_t id, uint8_t *data, size_t size) /* Import key to secure storage */ status = psa_import_key(&attributes, data, size, &out_id); if (PSA_SUCCESS == status && out_id == id) { - LOG_HEXDUMP_DBG(data, size, "found new key: "); + LOG_DBG("psa_import_key success"); } else { LOG_ERR("psa_import_key failed! (err %d id %d)", status, id); return -EACCES; @@ -100,10 +100,10 @@ int sid_crypto_keys_new_import(psa_key_id_t id, uint8_t *data, size_t size) return ESUCCESS; } -int sid_crypto_keys_new_generate(psa_key_id_t id) +int sid_crypto_keys_new_generate(psa_key_id_t id, uint8_t *puk, size_t puk_size) { /* Check arguments */ - if (PSA_KEY_ID_NULL == id) { + if (PSA_KEY_ID_NULL == id || !puk || !puk_size) { return -EINVAL; } @@ -116,6 +116,7 @@ int sid_crypto_keys_new_generate(psa_key_id_t id) /* Configure the key attributes */ psa_key_id_t out_id = PSA_KEY_ID_NULL; + size_t out_size = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; sid_crypto_keys_attributes_set(id, &attributes); @@ -124,10 +125,20 @@ int sid_crypto_keys_new_generate(psa_key_id_t id) if (PSA_SUCCESS == status && out_id == id) { LOG_DBG("key generation success"); } else { - LOG_ERR("psa_import_key failed! (err %d id %d)", status, id); + LOG_ERR("psa_generate_key failed! (err %d id %d)", status, id); return -EACCES; } + /* Export public key */ + status = psa_export_public_key(id, puk, puk_size, &out_size); + if (PSA_SUCCESS == status && out_size == puk_size) { + LOG_DBG("export public key success"); + } else { + LOG_ERR("psa_export_public_key failed! (err %d id %d)", status, id); + LOG_ERR("psa_export_public_key failed! (expected %d was %d)", puk_size, out_size); + return -EBADF; + } + /* Clear key data */ status = psa_purge_key(id); if (status != PSA_SUCCESS) { @@ -151,7 +162,7 @@ int sid_crypto_keys_buffer_set(psa_key_id_t id, uint8_t *data, size_t size) memset(data, 0, size); psa_key_id_t *data_id = (psa_key_id_t *)data; *data_id = id; - LOG_HEXDUMP_DBG(data, size, "saved new key: "); + LOG_DBG("key buffer set %d", id); return ESUCCESS; } diff --git a/subsys/sal/sid_pal/src/sid_storage.c b/subsys/sal/sid_pal/src/sid_storage.c index ffd414a416..8533f41598 100644 --- a/subsys/sal/sid_pal/src/sid_storage.c +++ b/subsys/sal/sid_pal/src/sid_storage.c @@ -17,9 +17,10 @@ #include #define STORAGE_KV_INTERNAL_PROTOCOL_GROUP_ID 0 -#define STORAGE_KV_WAN_MASTER_KEY 28 -#define STORAGE_KV_APP_MASTER_KEY 30 -#define STORAGE_KV_D2D_MASTER_KEY 48 +#define STORAGE_KV_WAN_MASTER_KEY (28) +#define STORAGE_KV_APP_MASTER_KEY (30) +#define STORAGE_KV_D2D_MASTER_KEY (48) +#define STORAGE_MASTER_KEY_SIZE (16) #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ #include @@ -27,6 +28,19 @@ LOG_MODULE_REGISTER(sid_storage, CONFIG_SIDEWALK_LOG_LEVEL); +#define STORAGE_SERIAL_SIZE (32) + +static void settings_serialize_group(char *serial, size_t serial_size, uint16_t group) +{ + snprintf(serial, serial_size, "sidewalk/storage/%04x", group); +} + +static void settings_serialize_group_key(char *serial, size_t serial_size, uint16_t group, + uint16_t key) +{ + snprintf(serial, serial_size, "sidewalk/storage/%04x/%04x", group, key); +} + #ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE static psa_key_id_t storage2key_id(uint16_t group, uint16_t key) { @@ -42,6 +56,37 @@ static psa_key_id_t storage2key_id(uint16_t group, uint16_t key) } return PSA_KEY_ID_NULL; } + +static void storage_key_save_secure(uint16_t group, uint16_t key) +{ + int err = 0; + char serial[STORAGE_SERIAL_SIZE] = { 0 }; + uint8_t data[STORAGE_MASTER_KEY_SIZE]; + psa_key_id_t key_id = storage2key_id(group, key); + + settings_serialize_group_key(serial, sizeof(serial), group, key); + err = settings_utils_load_immediate_value(serial, (void *)data, STORAGE_MASTER_KEY_SIZE); + if (err == -ENOENT) { + LOG_DBG("not found key %04x", key); + return; + } + if (err < 0) { + LOG_ERR("load key %04x err %d", key, err); + return; + } + + err = sid_crypto_keys_new_import(key_id, (void *)data, STORAGE_MASTER_KEY_SIZE); + if (err) { + LOG_ERR("crypto import %d err %d", key_id, err); + return; + } + + err = settings_delete(serial); + if (err) { + LOG_ERR("delete key %04x err %d", key, err); + return; + } +} #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ sid_error_t sid_pal_storage_kv_init() @@ -59,18 +104,15 @@ sid_error_t sid_pal_storage_kv_init() } LOG_DBG("Initialized KV storage"); - return SID_ERROR_NONE; -} -static void settings_serialize_group(char *serial, size_t serial_size, uint16_t group) -{ - snprintf(serial, serial_size, "sidewalk/storage/%04x", group); -} +#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE + storage_key_save_secure(STORAGE_KV_INTERNAL_PROTOCOL_GROUP_ID, STORAGE_KV_WAN_MASTER_KEY); + storage_key_save_secure(STORAGE_KV_INTERNAL_PROTOCOL_GROUP_ID, + STORAGE_KV_APP_MASTER_KEY); + storage_key_save_secure(STORAGE_KV_INTERNAL_PROTOCOL_GROUP_ID, STORAGE_KV_D2D_MASTER_KEY); +#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ -static void settings_serialize_group_key(char *serial, size_t serial_size, uint16_t group, - uint16_t key) -{ - snprintf(serial, serial_size, "sidewalk/storage/%04x/%04x", group, key); + return SID_ERROR_NONE; } sid_error_t sid_pal_storage_kv_record_get(uint16_t group, uint16_t key, void *p_data, uint32_t len) @@ -92,12 +134,12 @@ sid_error_t sid_pal_storage_kv_record_get(uint16_t group, uint16_t key, void *p_ } #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ - char serial[32] = { 0 }; + char serial[STORAGE_SERIAL_SIZE] = { 0 }; settings_serialize_group_key(serial, sizeof(serial), group, key); int rc = settings_utils_load_immediate_value(serial, p_data, len); - if (rc <= 0) + if (rc <= 0) { return SID_ERROR_NOT_FOUND; - else + } else return SID_ERROR_NONE; } @@ -106,7 +148,7 @@ sid_error_t sid_pal_storage_kv_record_get_len(uint16_t group, uint16_t key, uint if (!p_len) { return SID_ERROR_NULL_POINTER; } - char serial[32] = { 0 }; + char serial[STORAGE_SERIAL_SIZE] = { 0 }; settings_serialize_group_key(serial, sizeof(serial), group, key); int rc = settings_utils_get_value_size(serial, p_len); if (rc < 0 || *p_len == 0) @@ -138,7 +180,7 @@ sid_error_t sid_pal_storage_kv_record_set(uint16_t group, uint16_t key, void con } #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ - char serial[32] = { 0 }; + char serial[STORAGE_SERIAL_SIZE] = { 0 }; settings_serialize_group_key(serial, sizeof(serial), group, key); int rc = settings_save_one(serial, (const void *)p_data, len); @@ -170,7 +212,7 @@ sid_error_t sid_pal_storage_kv_record_delete(uint16_t group, uint16_t key) } #endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ - char serial[32] = { 0 }; + char serial[STORAGE_SERIAL_SIZE] = { 0 }; settings_serialize_group_key(serial, sizeof(serial), group, key); int rc = settings_delete(serial); if (rc == 0) { @@ -184,7 +226,7 @@ int delete_subtree_cb(const char *key, size_t len, settings_read_cb read_cb, voi void *param) { char *subtree = (char *)param; - char serial[32] = { 0 }; + char serial[STORAGE_SERIAL_SIZE] = { 0 }; snprintf(serial, sizeof(serial), "%s/%s", subtree, key); int rc = settings_delete(serial); if (rc != 0) { @@ -196,6 +238,19 @@ int delete_subtree_cb(const char *key, size_t len, settings_read_cb read_cb, voi sid_error_t sid_pal_storage_kv_group_delete(uint16_t group) { + char serial[STORAGE_SERIAL_SIZE] = { 0 }; + settings_serialize_group(serial, sizeof(serial), group); + int rc = settings_load_subtree_direct(serial, delete_subtree_cb, (void *)serial); + if (rc != 0) { + LOG_ERR("Failed to delete group. Returned errno %d", rc); + return SID_ERROR_STORAGE_ERASE_FAIL; + } + rc = settings_commit(); + if (rc != 0) { + LOG_ERR("Failed to commit changes. Returned errno %d", rc); + return SID_ERROR_GENERIC; + } + #ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE bool key_delete_fail = false; if (STORAGE_KV_INTERNAL_PROTOCOL_GROUP_ID == group) { @@ -216,22 +271,6 @@ sid_error_t sid_pal_storage_kv_group_delete(uint16_t group) key_delete_fail = true; } } -#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */ - - char serial[32] = { 0 }; - settings_serialize_group(serial, sizeof(serial), group); - int rc = settings_load_subtree_direct(serial, delete_subtree_cb, (void *)serial); - if (rc != 0) { - LOG_ERR("Failed to delete group. Returned errno %d", rc); - return SID_ERROR_STORAGE_ERASE_FAIL; - } - rc = settings_commit(); - if (rc != 0) { - LOG_ERR("Failed to commit changes. Returned errno %d", rc); - return SID_ERROR_GENERIC; - } - -#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE if (key_delete_fail) { return SID_ERROR_STORAGE_ERASE_FAIL; } diff --git a/tests/functional/crypto_keys/Kconfig b/tests/functional/crypto_keys/Kconfig index 3e399bed3e..7ea11a2dc4 100644 --- a/tests/functional/crypto_keys/Kconfig +++ b/tests/functional/crypto_keys/Kconfig @@ -12,6 +12,9 @@ config SIDEWALK_CRYPTO config SIDEWALK_STORAGE default y +config SIDEWALK_SETTINGS_UTILS + default y + config SIDEWALK_CRYPTO_PSA_KEY_STORAGE default y @@ -34,5 +37,6 @@ config HEAP_MEM_POOL_SIZE config MBEDTLS_HEAP_SIZE default 4096 +rsource "Kconfig.defconfig" source "Kconfig.zephyr" source "${ZEPHYR_BASE}/../sidewalk/Kconfig.dependencies" diff --git a/tests/functional/crypto_keys/Kconfig.defconfig b/tests/functional/crypto_keys/Kconfig.defconfig new file mode 100644 index 0000000000..0e343b8d0d --- /dev/null +++ b/tests/functional/crypto_keys/Kconfig.defconfig @@ -0,0 +1,17 @@ +# +# Copyright (c) 2024 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +config PSA_USE_CC3XX_KEY_AGREEMENT_DRIVER + default n if SOC_NRF52840 || SOC_NRF5340_CPUAPP + +config PSA_USE_CC3XX_ASYMMETRIC_SIGNATURE_DRIVER + default n if SOC_NRF52840 || SOC_NRF5340_CPUAPP + +config PSA_USE_CC3XX_ASYMMETRIC_ENCRYPTION_DRIVER + default n if SOC_NRF52840 || SOC_NRF5340_CPUAPP + +config PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER + default n if SOC_NRF52840 || SOC_NRF5340_CPUAPP diff --git a/tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.conf b/tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.conf new file mode 100644 index 0000000000..e99da5439c --- /dev/null +++ b/tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.conf @@ -0,0 +1,7 @@ +# +# Copyright (c) 2024 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +CONFIG_SOC_FLASH_NRF_TIMEOUT_MULTIPLIER=100 diff --git a/tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.overlay b/tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.overlay new file mode 100644 index 0000000000..0885e3e6c5 --- /dev/null +++ b/tests/functional/crypto_keys/boards/nrf54l15pdk_nrf54l15_cpuapp_0_3_0.overlay @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + + +/* Application does not use cpuflpr core. Assign whole RRAM to cpuapp. */ +&cpuapp_rram { + reg = < 0x0 DT_SIZE_K(1524) >; +}; + + &pinctrl { + spi21_default: spi21_default { + group1 { + psels = , + , + ; + }; + }; + + spi21_sleep: spi21_sleep { + group1 { + psels = , + , + ; + low-power-enable; + }; + }; +}; + + sid_semtech: &spi21 { + compatible = "nordic,nrf-spim"; + status = "okay"; + pinctrl-0 = <&spi21_default>; + pinctrl-1 = <&spi21_sleep>; + pinctrl-names = "default", "sleep"; + clock-frequency = ; +}; + +/{ + aliases { + state-notifier-connected = &led0; + state-notifier-time-sync = &led1; + state-notifier-registered = &led2; + state-notifier-working = &led3; + }; + + semtech_sx1262_gpios{ + compatible = "gpio-keys"; + semtech_sx1262_cs: cs { + gpios = <&gpio2 0xa GPIO_PULL_UP>; + label = "semtech_sx1262 CS"; + }; + semtech_sx1262_reset_gpios: reset { + gpios = <&gpio0 0x2 (GPIO_ACTIVE_LOW|GPIO_PULL_UP)>; + label = "semtech_sx1262 Reset"; + }; + semtech_sx1262_busy_gpios: busy { + gpios = <&gpio0 0x0 0x0>; + label = "semtech_sx1262 Busy"; + }; + semtech_sx1262_antenna_enable_gpios: antena_enable { + gpios = <&gpio0 0x1 0x0>; + label = "semtech_sx1262 Antena Enable"; + }; + semtech_sx1262_dio1_gpios: dio1 { + gpios = <&gpio0 0x3 0x0>; + label = "semtech_sx1262 DIO1"; + }; + }; +}; + +&gpio1 { + status = "okay"; +}; + +&gpio2 { + status = "okay"; +}; + +&gpio0 { + status = "okay"; +}; diff --git a/tests/functional/crypto_keys/src/main.c b/tests/functional/crypto_keys/src/main.c index a2e035c9e8..292524a2fc 100644 --- a/tests/functional/crypto_keys/src/main.c +++ b/tests/functional/crypto_keys/src/main.c @@ -10,9 +10,12 @@ #include -#define TEST_KEY_SIZE (16) +#define TEST_SYMMETRIC_KEY_SIZE (16) +#define TEST_ECC_PRIVATE_KEY_SIZE (255) +#define TEST_ECC_PUBLIC_KEY_SIZE (32) static psa_key_id_t test_key_id = SID_CRYPTO_KV_APP_KEY_KEY_ID; +static psa_key_id_t test_key_ecc_id = SID_CRYPTO_MFG_ED25519_PRIV_KEY_ID; static void *setup(void) { @@ -24,71 +27,112 @@ static void *setup(void) static void teardown(void *f) { - sid_crypto_keys_delete(test_key_id); sid_pal_crypto_deinit(); } ZTEST(crypto_keys, test_sid_crypto_key_invalid_args) { int err = -ENOEXEC; - uint8_t key_data[TEST_KEY_SIZE]; + uint8_t key_data[TEST_SYMMETRIC_KEY_SIZE]; + uint8_t ecc_key_data[TEST_ECC_PUBLIC_KEY_SIZE]; err = sid_crypto_keys_init(); zassert_equal(0, err, "err: %d", err); /* Invalid data */ psa_key_id_t new_key_id = PSA_KEY_ID_NULL; - err = sid_crypto_keys_buffer_get(&new_key_id, NULL, TEST_KEY_SIZE); + err = sid_crypto_keys_buffer_get(&new_key_id, NULL, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); err = sid_crypto_keys_buffer_get(&new_key_id, key_data, 0); zassert_equal(-EINVAL, err, "err: %d", err); - err = sid_crypto_keys_buffer_set(test_key_id, NULL, TEST_KEY_SIZE); + err = sid_crypto_keys_buffer_set(test_key_id, NULL, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); err = sid_crypto_keys_buffer_set(test_key_id, key_data, 0); zassert_equal(-EINVAL, err, "err: %d", err); - err = sid_crypto_keys_new_import(test_key_id, NULL, TEST_KEY_SIZE); + err = sid_crypto_keys_new_import(test_key_id, NULL, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); err = sid_crypto_keys_new_import(test_key_id, key_data, 0); zassert_equal(-EINVAL, err, "err: %d", err); + err = sid_crypto_keys_new_generate(test_key_ecc_id, NULL, TEST_SYMMETRIC_KEY_SIZE); + zassert_equal(-EINVAL, err, "err: %d", err); + + err = sid_crypto_keys_new_generate(test_key_ecc_id, key_data, 0); + zassert_equal(-EINVAL, err, "err: %d", err); + /* Invalid key id */ - err = sid_crypto_keys_buffer_get(NULL, key_data, TEST_KEY_SIZE); + err = sid_crypto_keys_buffer_get(NULL, key_data, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); - err = sid_crypto_keys_buffer_set(PSA_KEY_ID_NULL, key_data, TEST_KEY_SIZE); + err = sid_crypto_keys_buffer_set(PSA_KEY_ID_NULL, key_data, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); - err = sid_crypto_keys_new_import(PSA_KEY_ID_NULL, key_data, TEST_KEY_SIZE); + err = sid_crypto_keys_new_import(PSA_KEY_ID_NULL, key_data, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); - err = sid_crypto_keys_new_generate(PSA_KEY_ID_NULL); + err = sid_crypto_keys_new_generate(PSA_KEY_ID_NULL, ecc_key_data, TEST_ECC_PUBLIC_KEY_SIZE); zassert_equal(-EINVAL, err, "err: %d", err); } -ZTEST(crypto_keys, test_sid_crypto_key_positive) +ZTEST(crypto_keys, test_sid_crypto_key_buffers) { psa_key_id_t new_key_id = PSA_KEY_ID_NULL; - uint8_t test_key_data[TEST_KEY_SIZE]; + uint8_t test_key_data[TEST_SYMMETRIC_KEY_SIZE]; int err = -ENOEXEC; err = sid_crypto_keys_init(); zassert_equal(0, err, "err: %d", err); - err = sid_crypto_keys_new_import(test_key_id, test_key_data, TEST_KEY_SIZE); + err = sid_crypto_keys_buffer_set(test_key_id, test_key_data, TEST_SYMMETRIC_KEY_SIZE); zassert_equal(0, err, "err: %d", err); - err = sid_crypto_keys_buffer_set(test_key_id, test_key_data, TEST_KEY_SIZE); + err = sid_crypto_keys_buffer_get(&new_key_id, test_key_data, TEST_SYMMETRIC_KEY_SIZE); + zassert_equal(0, err, "err: %d", err); + + zassert_equal(new_key_id, test_key_id); + + err = sid_crypto_keys_deinit(); zassert_equal(0, err, "err: %d", err); +} + +ZTEST(crypto_keys, test_sid_crypto_key_import) +{ + uint8_t test_key_data[TEST_SYMMETRIC_KEY_SIZE] = { 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, + 0xA6, 0xA7, 0xA8, 0xA9, 0xAA, 0xAB, + 0xAC, 0xAD, 0xAE, 0xAF }; + int err = -ENOEXEC; - err = sid_crypto_keys_buffer_get(&new_key_id, test_key_data, TEST_KEY_SIZE); + err = sid_crypto_keys_init(); zassert_equal(0, err, "err: %d", err); - zassert_equal(new_key_id, test_key_id); + err = sid_crypto_keys_new_import(test_key_id, test_key_data, TEST_SYMMETRIC_KEY_SIZE); + zassert_equal(0, err, "err: %d", err); + + err = sid_crypto_keys_delete(test_key_id); + zassert_equal(0, err, "err: %d", err); + + err = sid_crypto_keys_deinit(); + zassert_equal(0, err, "err: %d", err); +} + +ZTEST(crypto_keys, test_sid_crypto_key_generate) +{ + uint8_t public_key[TEST_ECC_PUBLIC_KEY_SIZE] = { 0 }; + int err = -ENOEXEC; + + err = sid_crypto_keys_init(); + zassert_equal(0, err, "err: %d", err); + + err = sid_crypto_keys_new_generate(test_key_ecc_id, public_key, TEST_ECC_PUBLIC_KEY_SIZE); + zassert_equal(0, err, "err: %d", err); + + err = sid_crypto_keys_delete(test_key_ecc_id); + zassert_equal(0, err, "err: %d", err); err = sid_crypto_keys_deinit(); zassert_equal(0, err, "err: %d", err);