diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/suites/crypto/CMakeLists.inc | 6 | ||||
-rw-r--r-- | test/suites/crypto/crypto_tests_common.c | 139 | ||||
-rw-r--r-- | test/suites/crypto/crypto_tests_common.h | 9 | ||||
-rw-r--r-- | test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c | 30 | ||||
-rw-r--r-- | test/suites/crypto/secure/crypto_sec_interface_testsuite.c | 30 |
5 files changed, 214 insertions, 0 deletions
diff --git a/test/suites/crypto/CMakeLists.inc b/test/suites/crypto/CMakeLists.inc index 20f7ca61ae..7faed46e36 100644 --- a/test/suites/crypto/CMakeLists.inc +++ b/test/suites/crypto/CMakeLists.inc @@ -51,6 +51,9 @@ elseif (ENABLE_CRYPTO_SERVICE_TESTS) if (NOT DEFINED TFM_CRYPTO_TEST_ALG_SHA_512) set(TFM_CRYPTO_TEST_ALG_SHA_512 ON) endif() + if (NOT DEFINED TFM_CRYPTO_TEST_HKDF) + set(TFM_CRYPTO_TEST_HKDF ON) + endif() if (TFM_CRYPTO_TEST_ALG_CBC) add_definitions(-DTFM_CRYPTO_TEST_ALG_CBC) @@ -70,6 +73,9 @@ elseif (ENABLE_CRYPTO_SERVICE_TESTS) if (TFM_CRYPTO_TEST_ALG_SHA_512) add_definitions(-DTFM_CRYPTO_TEST_ALG_SHA_512) endif() + if (TFM_CRYPTO_TEST_HKDF) + add_definitions(-DTFM_CRYPTO_TEST_HKDF) + endif() #Setting include directories embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE) diff --git a/test/suites/crypto/crypto_tests_common.c b/test/suites/crypto/crypto_tests_common.c index 14fffc099f..edbca4d048 100644 --- a/test/suites/crypto/crypto_tests_common.c +++ b/test/suites/crypto/crypto_tests_common.c @@ -1046,3 +1046,142 @@ void psa_persistent_key_test(psa_key_id_t key_id, struct test_result_t *ret) ret->val = TEST_PASSED; } + +#define KEY_DERIVE_OUTPUT_LEN 32 +#define KEY_DERIV_SECRET_LEN 16 +#define KEY_DERIV_LABEL_INFO_LEN 8 +#define KEY_DERIV_SEED_SALT_LEN 8 + +static uint8_t key_deriv_secret[KEY_DERIV_SECRET_LEN]; +static uint8_t key_deriv_label_info[KEY_DERIV_LABEL_INFO_LEN]; +static uint8_t key_deriv_seed_salt[KEY_DERIV_SEED_SALT_LEN]; + +void psa_key_derivation_test(psa_algorithm_t deriv_alg, + struct test_result_t *ret) +{ + psa_key_handle_t input_handle = 0, output_handle = 0; + psa_key_attributes_t input_key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t output_key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_key_derivation_operation_t deriv_ops; + psa_status_t status; + uint8_t counter = 0xA5; + + /* Prepare the parameters */ +#if DOMAIN_NS == 1U + memset(key_deriv_secret, counter, KEY_DERIV_SECRET_LEN); + memset(key_deriv_label_info, counter++, KEY_DERIV_LABEL_INFO_LEN); + memset(key_deriv_seed_salt, counter++, KEY_DERIV_SEED_SALT_LEN); +#else + tfm_memset(key_deriv_secret, counter, KEY_DERIV_SECRET_LEN); + tfm_memset(key_deriv_label_info, counter++, KEY_DERIV_LABEL_INFO_LEN); + tfm_memset(key_deriv_seed_salt, counter++, KEY_DERIV_SEED_SALT_LEN); +#endif + + deriv_ops = psa_key_derivation_operation_init(); + + psa_set_key_usage_flags(&input_key_attr, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&input_key_attr, deriv_alg); + psa_set_key_type(&input_key_attr, PSA_KEY_TYPE_DERIVE); + + /* Force to use HMAC-SHA256 as HMAC operation so far */ + status = psa_import_key(&input_key_attr, key_deriv_secret, + KEY_DERIV_SECRET_LEN, &input_handle); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to import secret"); + return; + } + + status = psa_key_derivation_setup(&deriv_ops, deriv_alg); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to setup derivation operation"); + goto destroy_key; + } + + if (PSA_ALG_IS_TLS12_PRF(deriv_alg) || + PSA_ALG_IS_TLS12_PSK_TO_MS(deriv_alg)) { + status = psa_key_derivation_input_bytes(&deriv_ops, + PSA_KEY_DERIVATION_INPUT_SEED, + key_deriv_seed_salt, + KEY_DERIV_SEED_SALT_LEN); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to input seed"); + goto deriv_abort; + } + + status = psa_key_derivation_input_key(&deriv_ops, + PSA_KEY_DERIVATION_INPUT_SECRET, + input_handle); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to input key"); + goto deriv_abort; + } + + status = psa_key_derivation_input_bytes(&deriv_ops, + PSA_KEY_DERIVATION_INPUT_LABEL, + key_deriv_label_info, + KEY_DERIV_LABEL_INFO_LEN); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to input label"); + goto deriv_abort; + } + } else if (PSA_ALG_IS_HKDF(deriv_alg)) { + status = psa_key_derivation_input_bytes(&deriv_ops, + PSA_KEY_DERIVATION_INPUT_SALT, + key_deriv_seed_salt, + KEY_DERIV_SEED_SALT_LEN); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to input salt"); + goto deriv_abort; + } + + status = psa_key_derivation_input_key(&deriv_ops, + PSA_KEY_DERIVATION_INPUT_SECRET, + input_handle); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to input key"); + goto deriv_abort; + } + + status = psa_key_derivation_input_bytes(&deriv_ops, + PSA_KEY_DERIVATION_INPUT_INFO, + key_deriv_label_info, + KEY_DERIV_LABEL_INFO_LEN); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to input info"); + goto deriv_abort; + } + } else { + TEST_FAIL("Unsupported derivation algorithm"); + goto deriv_abort; + } + + if (NR_TEST_AES_MODE < 1) { + TEST_LOG("No AES algorithm to verify. Output raw data instead"); + psa_set_key_type(&output_key_attr, PSA_KEY_TYPE_RAW_DATA); + } else { + psa_set_key_usage_flags(&output_key_attr, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&output_key_attr, test_aes_mode_array[0]); + psa_set_key_type(&output_key_attr, PSA_KEY_TYPE_AES); + } + psa_set_key_bits(&output_key_attr, + PSA_BYTES_TO_BITS(KEY_DERIVE_OUTPUT_LEN)); + + status = psa_key_derivation_output_key(&output_key_attr, &deriv_ops, + &output_handle); + if (status != PSA_SUCCESS) { + TEST_FAIL("Failed to output key"); + goto deriv_abort; + } + + ret->val = TEST_PASSED; + +deriv_abort: + psa_key_derivation_abort(&deriv_ops); +destroy_key: + psa_destroy_key(input_handle); + if (output_handle) { + psa_destroy_key(output_handle); + } + + return; +} diff --git a/test/suites/crypto/crypto_tests_common.h b/test/suites/crypto/crypto_tests_common.h index a9e012f624..67e6a33ced 100644 --- a/test/suites/crypto/crypto_tests_common.h +++ b/test/suites/crypto/crypto_tests_common.h @@ -179,6 +179,15 @@ void psa_policy_invalid_policy_usage_test(struct test_result_t *ret); */ void psa_persistent_key_test(psa_key_id_t key_id, struct test_result_t *ret); +/** + * \brief Key derivation test + * + * \param[in] deriv_alg Key derivation algorithm + * \param[out] ret Test result + */ +void psa_key_derivation_test(psa_algorithm_t deriv_alg, + struct test_result_t *ret); + #ifdef __cplusplus } #endif diff --git a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c index dcd3a6c883..22a0c9d377 100644 --- a/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c +++ b/test/suites/crypto/non_secure/crypto_ns_interface_testsuite.c @@ -51,6 +51,11 @@ static void tfm_crypto_test_6034(struct test_result_t *ret); #ifdef TFM_CRYPTO_TEST_ALG_CCM static void tfm_crypto_test_6035(struct test_result_t *ret); #endif /* TFM_CRYPTO_TEST_ALG_CCM */ +static void tfm_crypto_test_6036(struct test_result_t *ret); +static void tfm_crypto_test_6037(struct test_result_t *ret); +#ifdef TFM_CRYPTO_TEST_HKDF +static void tfm_crypto_test_6038(struct test_result_t *ret); +#endif /* TFM_CRYPTO_TEST_HKDF */ static struct test_t crypto_tests[] = { {&tfm_crypto_test_6001, "TFM_CRYPTO_TEST_6001", @@ -118,6 +123,14 @@ static struct test_t crypto_tests[] = { "Non Secure AEAD interface with truncated auth tag (AES-128-CCM-8)", {TEST_PASSED} }, #endif /* TFM_CRYPTO_TEST_ALG_CCM */ + {&tfm_crypto_test_6036, "TFM_CRYPTO_TEST_6036", + "Non Secure TLS 1.2 PRF key derivation", {TEST_PASSED} }, + {&tfm_crypto_test_6037, "TFM_CRYPTO_TEST_6037", + "Non Secure TLS-1.2 PSK-to-MasterSecret key derivation", {TEST_PASSED} }, +#ifdef TFM_CRYPTO_TEST_HKDF + {&tfm_crypto_test_6038, "TFM_CRYPTO_TEST_6038", + "Non Secure HKDF key derivation", {TEST_PASSED} }, +#endif /* TFM_CRYPTO_TEST_HKDF */ }; void register_testsuite_ns_crypto_interface(struct test_suite_t *p_test_suite) @@ -275,3 +288,20 @@ static void tfm_crypto_test_6035(struct test_result_t *ret) psa_aead_test(PSA_KEY_TYPE_AES, alg, ret); } #endif /* TFM_CRYPTO_TEST_ALG_GCM */ + +static void tfm_crypto_test_6036(struct test_result_t *ret) +{ + psa_key_derivation_test(PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256), ret); +} + +static void tfm_crypto_test_6037(struct test_result_t *ret) +{ + psa_key_derivation_test(PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256), ret); +} + +#ifdef TFM_CRYPTO_TEST_HKDF +static void tfm_crypto_test_6038(struct test_result_t *ret) +{ + psa_key_derivation_test(PSA_ALG_HKDF(PSA_ALG_SHA_256), ret); +} +#endif /* TFM_CRYPTO_TEST_HKDF */ diff --git a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c index 7e6eeaacfa..bd314e0f8c 100644 --- a/test/suites/crypto/secure/crypto_sec_interface_testsuite.c +++ b/test/suites/crypto/secure/crypto_sec_interface_testsuite.c @@ -53,6 +53,11 @@ static void tfm_crypto_test_5035(struct test_result_t *ret); #ifdef TFM_CRYPTO_TEST_ALG_CCM static void tfm_crypto_test_5036(struct test_result_t *ret); #endif /* TFM_CRYPTO_TEST_ALG_CCM */ +static void tfm_crypto_test_5037(struct test_result_t *ret); +static void tfm_crypto_test_5038(struct test_result_t *ret); +#ifdef TFM_CRYPTO_TEST_HKDF +static void tfm_crypto_test_5039(struct test_result_t *ret); +#endif /* TFM_CRYPTO_TEST_HKDF */ static struct test_t crypto_tests[] = { {&tfm_crypto_test_5001, "TFM_CRYPTO_TEST_5001", @@ -122,6 +127,14 @@ static struct test_t crypto_tests[] = { "Secure AEAD interface with truncated auth tag (AES-128-CCM-8)", {TEST_PASSED} }, #endif /* TFM_CRYPTO_TEST_ALG_CCM */ + {&tfm_crypto_test_5037, "TFM_CRYPTO_TEST_5037", + "Secure TLS 1.2 PRF key derivation", {TEST_PASSED} }, + {&tfm_crypto_test_5038, "TFM_CRYPTO_TEST_5038", + "Secure TLS-1.2 PSK-to-MasterSecret key derivation", {TEST_PASSED} }, +#ifdef TFM_CRYPTO_TEST_HKDF + {&tfm_crypto_test_5039, "TFM_CRYPTO_TEST_5039", + "Secure HKDF key derivation", {TEST_PASSED} }, +#endif /* TFM_CRYPTO_TEST_HKDF */ }; void register_testsuite_s_crypto_interface(struct test_suite_t *p_test_suite) @@ -319,3 +332,20 @@ static void tfm_crypto_test_5036(struct test_result_t *ret) psa_aead_test(PSA_KEY_TYPE_AES, alg, ret); } #endif /* TFM_CRYPTO_TEST_ALG_GCM */ + +static void tfm_crypto_test_5037(struct test_result_t *ret) +{ + psa_key_derivation_test(PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256), ret); +} + +static void tfm_crypto_test_5038(struct test_result_t *ret) +{ + psa_key_derivation_test(PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256), ret); +} + +#ifdef TFM_CRYPTO_TEST_HKDF +static void tfm_crypto_test_5039(struct test_result_t *ret) +{ + psa_key_derivation_test(PSA_ALG_HKDF(PSA_ALG_SHA_256), ret); +} +#endif /* TFM_CRYPTO_TEST_HKDF */ |