aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2020-04-27 13:24:33 +0800
committerDavid Hu <david.hu@arm.com>2020-05-29 02:17:07 +0000
commit48f4b9ad90a50166ddd78e30ab7b9dc4df2fa3ee (patch)
tree2fac7da2582cceaedf06de8efb03f085a2e4db05 /test
parent0d4047702fd67a6be09a8ae98999b80f6ab55faa (diff)
downloadtrusted-firmware-m-48f4b9ad90a50166ddd78e30ab7b9dc4df2fa3ee.tar.gz
Test: Make common Crypto test cases more general
Profile Small may only enable AES mode. Remove the hard-coded CBC mode setting in common Crypto test cases. Instead, enable those common test cases to test with the AES mode selected in Profile Small. Change-Id: I83d47e3bb705378b3369149031b4a466b8688f12 Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'test')
-rw-r--r--test/suites/crypto/crypto_tests_common.c82
-rw-r--r--test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c26
-rw-r--r--test/suites/crypto/secure/crypto_sec_interface_testsuite.c26
3 files changed, 85 insertions, 49 deletions
diff --git a/test/suites/crypto/crypto_tests_common.c b/test/suites/crypto/crypto_tests_common.c
index aa94beffd3..14fffc099f 100644
--- a/test/suites/crypto/crypto_tests_common.c
+++ b/test/suites/crypto/crypto_tests_common.c
@@ -769,6 +769,34 @@ destroy_key_aead:
}
}
+/*
+ * The list of available AES cipher/AEAD mode for test.
+ * Not all the modes can be available in some use cases and configurations.
+ */
+static const psa_algorithm_t test_aes_mode_array[] = {
+#ifdef TFM_CRYPTO_TEST_ALG_CBC
+ PSA_ALG_CBC_NO_PADDING,
+#endif
+#ifdef TFM_CRYPTO_TEST_ALG_CCM
+ PSA_ALG_CCM,
+#endif
+#ifdef TFM_CRYPTO_TEST_ALG_CFB
+ PSA_ALG_CFB,
+#endif
+#ifdef TFM_CRYPTO_TEST_ALG_CTR
+ PSA_ALG_CTR,
+#endif
+#ifdef TFM_CRYPTO_TEST_ALG_GCM
+ PSA_ALG_GCM,
+#endif
+ /* In case no AES algorithm is available */
+ PSA_ALG_VENDOR_FLAG,
+};
+
+/* Number of available AES cipher modes */
+#define NR_TEST_AES_MODE (sizeof(test_aes_mode_array) / \
+ sizeof(test_aes_mode_array[0]) - 1)
+
void psa_invalid_key_length_test(struct test_result_t *ret)
{
psa_status_t status;
@@ -776,9 +804,14 @@ void psa_invalid_key_length_test(struct test_result_t *ret)
psa_key_handle_t key_handle;
const uint8_t data[19] = {0};
+ if (NR_TEST_AES_MODE < 1) {
+ TEST_FAIL("A cipher mode in AES is required in current test case");
+ return;
+ }
+
/* Setup the key policy */
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT);
- psa_set_key_algorithm(&key_attributes, PSA_ALG_CBC_NO_PADDING);
+ psa_set_key_algorithm(&key_attributes, test_aes_mode_array[0]);
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
/* AES does not support 152-bit keys */
@@ -793,7 +826,7 @@ void psa_invalid_key_length_test(struct test_result_t *ret)
void psa_policy_key_interface_test(struct test_result_t *ret)
{
- psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
+ psa_algorithm_t alg = test_aes_mode_array[0];
psa_algorithm_t alg_out;
psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
psa_key_lifetime_t lifetime_out;
@@ -801,6 +834,11 @@ void psa_policy_key_interface_test(struct test_result_t *ret)
psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT;
psa_key_usage_t usage_out;
+ if (NR_TEST_AES_MODE < 1) {
+ TEST_FAIL("A cipher mode in AES is required in current test case");
+ return;
+ }
+
/* Verify that initialised policy forbids all usage */
usage_out = psa_get_key_usage_flags(&key_attributes);
if (usage_out != 0) {
@@ -846,7 +884,7 @@ void psa_policy_key_interface_test(struct test_result_t *ret)
void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
{
psa_status_t status;
- psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
+ psa_algorithm_t alg, not_permit_alg;
psa_cipher_operation_t handle = psa_cipher_operation_init();
psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_key_handle_t key_handle;
@@ -854,9 +892,38 @@ void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
size_t data_len;
const uint8_t data[] = "THIS IS MY KEY1";
uint8_t data_out[sizeof(data)];
+ uint8_t i, j;
ret->val = TEST_PASSED;
+ if (NR_TEST_AES_MODE < 2) {
+ TEST_LOG("Two cipher modes are required. Skip this test case\r\n");
+ return;
+ }
+
+ /*
+ * Search for two modes for test. Both modes should be Cipher algorithms.
+ * Otherwise, cipher setup may fail before policy permission check.
+ */
+ for (i = 0; i < NR_TEST_AES_MODE - 1; i++) {
+ if (PSA_ALG_IS_CIPHER(test_aes_mode_array[i])) {
+ alg = test_aes_mode_array[i];
+ break;
+ }
+ }
+
+ for (j = i + 1; j < NR_TEST_AES_MODE; j++) {
+ if (PSA_ALG_IS_CIPHER(test_aes_mode_array[j])) {
+ not_permit_alg = test_aes_mode_array[j];
+ break;
+ }
+ }
+
+ if (j == NR_TEST_AES_MODE) {
+ TEST_LOG("Unable to find two Cipher algs. Skip this test case.\r\n");
+ return;
+ }
+
/* Setup the key policy */
psa_set_key_usage_flags(&key_attributes, usage);
psa_set_key_algorithm(&key_attributes, alg);
@@ -883,7 +950,7 @@ void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
}
/* Attempt to setup a cipher with an alg not permitted by the policy */
- status = psa_cipher_encrypt_setup(&handle, key_handle, PSA_ALG_CFB);
+ status = psa_cipher_encrypt_setup(&handle, key_handle, not_permit_alg);
if (status != PSA_ERROR_NOT_PERMITTED) {
TEST_FAIL("Was able to setup cipher operation with wrong alg");
goto destroy_key;
@@ -908,13 +975,18 @@ void psa_persistent_key_test(psa_key_id_t key_id, struct test_result_t *ret)
psa_status_t status;
int comp_result;
psa_key_handle_t key_handle;
- psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
+ psa_algorithm_t alg = test_aes_mode_array[0];
psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t data_len;
const uint8_t data[] = "THIS IS MY KEY1";
uint8_t data_out[sizeof(data)] = {0};
+ if (NR_TEST_AES_MODE < 1) {
+ TEST_FAIL("A cipher mode in AES is required in current test case");
+ return;
+ }
+
/* Setup the key attributes with a key ID to create a persistent key */
psa_set_key_id(&key_attributes, key_id);
psa_set_key_usage_flags(&key_attributes, usage);
diff --git a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
index 2611952d5d..f8448f1645 100644
--- a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
+++ b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c
@@ -20,12 +20,8 @@ static void tfm_crypto_test_6003(struct test_result_t *ret);
#ifdef TFM_CRYPTO_TEST_ALG_CTR
static void tfm_crypto_test_6005(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_CTR */
-#ifdef TFM_CRYPTO_TEST_ALG_GCM
static void tfm_crypto_test_6007(struct test_result_t *ret);
-#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_6008(struct test_result_t *ret);
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
#ifdef TFM_CRYPTO_TEST_ALG_CFB
static void tfm_crypto_test_6009(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_CFB */
@@ -49,11 +45,9 @@ static void tfm_crypto_test_6030(struct test_result_t *ret);
#ifdef TFM_CRYPTO_TEST_ALG_GCM
static void tfm_crypto_test_6031(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_6032(struct test_result_t *ret);
static void tfm_crypto_test_6033(struct test_result_t *ret);
static void tfm_crypto_test_6034(struct test_result_t *ret);
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
static struct test_t crypto_tests[] = {
{&tfm_crypto_test_6001, "TFM_CRYPTO_TEST_6001",
@@ -70,14 +64,10 @@ static struct test_t crypto_tests[] = {
{&tfm_crypto_test_6005, "TFM_CRYPTO_TEST_6005",
"Non Secure Symmetric encryption (AES-128-CTR) interface", {TEST_PASSED} },
#endif /* TFM_CRYPTO_TEST_ALG_CTR */
-#ifdef TFM_CRYPTO_TEST_ALG_GCM
{&tfm_crypto_test_6007, "TFM_CRYPTO_TEST_6007",
- "Non Secure Symmetric encryption invalid cipher (AES-128-GCM)", {TEST_PASSED} },
-#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
+ "Non Secure Symmetric encryption invalid cipher", {TEST_PASSED} },
{&tfm_crypto_test_6008, "TFM_CRYPTO_TEST_6008",
- "Non Secure Symmetric encryption invalid cipher (AES-152-CBC)", {TEST_PASSED} },
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
+ "Non Secure Symmetric encryption invalid cipher (AES-152)", {TEST_PASSED} },
#ifdef TFM_CRYPTO_TEST_ALG_CFB
{&tfm_crypto_test_6009, "TFM_CRYPTO_TEST_6009",
"Non Secure Symmetric encryption invalid cipher (HMAC-128-CFB)", {TEST_PASSED} },
@@ -114,14 +104,12 @@ static struct test_t crypto_tests[] = {
{&tfm_crypto_test_6031, "TFM_CRYPTO_TEST_6031",
"Non Secure AEAD (AES-128-GCM) interface", {TEST_PASSED} },
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
{&tfm_crypto_test_6032, "TFM_CRYPTO_TEST_6032",
"Non Secure key policy interface", {TEST_PASSED} },
{&tfm_crypto_test_6033, "TFM_CRYPTO_TEST_6033",
"Non Secure key policy check permissions", {TEST_PASSED} },
{&tfm_crypto_test_6034, "TFM_CRYPTO_TEST_6034",
"Non Secure persistent key interface", {TEST_PASSED} },
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
};
void register_testsuite_ns_crypto_interface(struct test_suite_t *p_test_suite)
@@ -167,20 +155,16 @@ static void tfm_crypto_test_6005(struct test_result_t *ret)
}
#endif /* TFM_CRYPTO_TEST_ALG_CTR */
-#ifdef TFM_CRYPTO_TEST_ALG_GCM
static void tfm_crypto_test_6007(struct test_result_t *ret)
{
- /* GCM is an AEAD mode */
- psa_invalid_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_GCM, 16, ret);
+ psa_invalid_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ 16, ret);
}
-#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_6008(struct test_result_t *ret)
{
psa_invalid_key_length_test(ret);
}
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
#ifdef TFM_CRYPTO_TEST_ALG_CFB
static void tfm_crypto_test_6009(struct test_result_t *ret)
@@ -259,7 +243,6 @@ static void tfm_crypto_test_6031(struct test_result_t *ret)
}
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_6032(struct test_result_t *ret)
{
psa_policy_key_interface_test(ret);
@@ -274,4 +257,3 @@ static void tfm_crypto_test_6034(struct test_result_t *ret)
{
psa_persistent_key_test(1, ret);
}
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
diff --git a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
index 6803d92b23..1980346f3c 100644
--- a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
+++ b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c
@@ -21,12 +21,8 @@ static void tfm_crypto_test_5003(struct test_result_t *ret);
#ifdef TFM_CRYPTO_TEST_ALG_CTR
static void tfm_crypto_test_5005(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_CTR */
-#ifdef TFM_CRYPTO_TEST_ALG_GCM
static void tfm_crypto_test_5007(struct test_result_t *ret);
-#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_5008(struct test_result_t *ret);
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
#ifdef TFM_CRYPTO_TEST_ALG_CFB
static void tfm_crypto_test_5009(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_CFB */
@@ -50,11 +46,9 @@ static void tfm_crypto_test_5030(struct test_result_t *ret);
#ifdef TFM_CRYPTO_TEST_ALG_GCM
static void tfm_crypto_test_5031(struct test_result_t *ret);
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_5032(struct test_result_t *ret);
static void tfm_crypto_test_5033(struct test_result_t *ret);
static void tfm_crypto_test_5034(struct test_result_t *ret);
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
static void tfm_crypto_test_5035(struct test_result_t *ret);
static struct test_t crypto_tests[] = {
@@ -72,14 +66,10 @@ static struct test_t crypto_tests[] = {
{&tfm_crypto_test_5005, "TFM_CRYPTO_TEST_5005",
"Secure Symmetric encryption (AES-128-CTR) interface", {TEST_PASSED} },
#endif /* TFM_CRYPTO_TEST_ALG_CTR */
-#ifdef TFM_CRYPTO_TEST_ALG_GCM
{&tfm_crypto_test_5007, "TFM_CRYPTO_TEST_5007",
- "Secure Symmetric encryption invalid cipher (AES-128-GCM)", {TEST_PASSED} },
-#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
+ "Secure Symmetric encryption invalid cipher", {TEST_PASSED} },
{&tfm_crypto_test_5008, "TFM_CRYPTO_TEST_5008",
- "Secure Symmetric encryption invalid cipher (AES-152-CBC)", {TEST_PASSED} },
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
+ "Secure Symmetric encryption invalid cipher (AES-152)", {TEST_PASSED} },
#ifdef TFM_CRYPTO_TEST_ALG_CFB
{&tfm_crypto_test_5009, "TFM_CRYPTO_TEST_5009",
"Secure Symmetric encryption invalid cipher (HMAC-128-CFB)", {TEST_PASSED} },
@@ -116,14 +106,12 @@ static struct test_t crypto_tests[] = {
{&tfm_crypto_test_5031, "TFM_CRYPTO_TEST_5031",
"Secure AEAD (AES-128-GCM) interface", {TEST_PASSED} },
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
{&tfm_crypto_test_5032, "TFM_CRYPTO_TEST_5032",
"Secure key policy interface", {TEST_PASSED} },
{&tfm_crypto_test_5033, "TFM_CRYPTO_TEST_5033",
"Secure key policy check permissions", {TEST_PASSED} },
{&tfm_crypto_test_5034, "TFM_CRYPTO_TEST_5034",
"Secure persistent key interface", {TEST_PASSED} },
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
{&tfm_crypto_test_5035, "TFM_CRYPTO_TEST_5035",
"Key access control", {TEST_PASSED} },
};
@@ -171,20 +159,16 @@ static void tfm_crypto_test_5005(struct test_result_t *ret)
}
#endif /* TFM_CRYPTO_TEST_ALG_CTR */
-#ifdef TFM_CRYPTO_TEST_ALG_GCM
static void tfm_crypto_test_5007(struct test_result_t *ret)
{
- /* GCM is an AEAD mode */
- psa_invalid_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_GCM, 16, ret);
+ psa_invalid_cipher_test(PSA_KEY_TYPE_AES, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ 16, ret);
}
-#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_5008(struct test_result_t *ret)
{
psa_invalid_key_length_test(ret);
}
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
#ifdef TFM_CRYPTO_TEST_ALG_CFB
static void tfm_crypto_test_5009(struct test_result_t *ret)
@@ -263,7 +247,6 @@ static void tfm_crypto_test_5031(struct test_result_t *ret)
}
#endif /* TFM_CRYPTO_TEST_ALG_GCM */
-#ifdef TFM_CRYPTO_TEST_ALG_CBC
static void tfm_crypto_test_5032(struct test_result_t *ret)
{
psa_policy_key_interface_test(ret);
@@ -278,7 +261,6 @@ static void tfm_crypto_test_5034(struct test_result_t *ret)
{
psa_persistent_key_test(1, ret);
}
-#endif /* TFM_CRYPTO_TEST_ALG_CBC */
/**
* \brief Tests key access control based on partition ID