diff options
Diffstat (limited to 'components/service/crypto/test/service/extension')
5 files changed, 286 insertions, 0 deletions
diff --git a/components/service/crypto/test/service/extension/key_derivation/component.cmake b/components/service/crypto/test/service/extension/key_derivation/component.cmake new file mode 100644 index 000000000..2d251aab5 --- /dev/null +++ b/components/service/crypto/test/service/extension/key_derivation/component.cmake @@ -0,0 +1,13 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +if (NOT DEFINED TGT) + message(FATAL_ERROR "mandatory parameter TGT is not defined.") +endif() + +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/key_derivation_service_scenarios.cpp" + ) diff --git a/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp new file mode 100644 index 000000000..66dc26813 --- /dev/null +++ b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <cstring> +#include <cstdint> +#include <CppUTest/TestHarness.h> +#include "key_derivation_service_scenarios.h" + + +key_derivation_service_scenarios::key_derivation_service_scenarios(crypto_client *crypto_client) : + m_crypto_client(crypto_client), + m_secret_keyid(0) +{ + +} + +key_derivation_service_scenarios::~key_derivation_service_scenarios() +{ + destroySecretKey(); + + delete m_crypto_client; + m_crypto_client = NULL; +} + +psa_status_t key_derivation_service_scenarios::generateSecretKey() +{ + destroySecretKey(); + + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); + psa_set_key_bits(&attributes, 256); + + psa_status_t status = m_crypto_client->generate_key(&attributes, &m_secret_keyid); + + psa_reset_key_attributes(&attributes); + + return status; +} + +void key_derivation_service_scenarios::destroySecretKey() +{ + if (m_secret_keyid) { + + m_crypto_client->destroy_key(m_secret_keyid); + m_secret_keyid = 0; + } +} + +void key_derivation_service_scenarios::hkdfDeriveKey() +{ + psa_status_t status; + uint32_t op_handle = 0; + + status = generateSecretKey(); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_setup(&op_handle, PSA_ALG_HKDF(PSA_ALG_SHA_256)); + CHECK_EQUAL(PSA_SUCCESS, status); + + static const uint8_t salt[] = {0,1,2,3,4,5,6,7,8,9}; + status = m_crypto_client->key_derivation_input_bytes(op_handle, + PSA_KEY_DERIVATION_INPUT_SALT, salt, sizeof(salt)); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_input_key(op_handle, + PSA_KEY_DERIVATION_INPUT_SECRET, m_secret_keyid); + CHECK_EQUAL(PSA_SUCCESS, status); + + static const uint8_t info[] = {50,51,52,53,54,55,56,57,58}; + status = m_crypto_client->key_derivation_input_bytes(op_handle, + PSA_KEY_DERIVATION_INPUT_INFO, info, sizeof(info)); + CHECK_EQUAL(PSA_SUCCESS, status); + + /* Derive a key that could be used for symmetric encryption */ + psa_key_id_t derived_keyid; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attributes, PSA_ALG_CTR); + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attributes, 256); + + status = m_crypto_client->key_derivation_output_key(&attributes, op_handle, &derived_keyid); + psa_reset_key_attributes(&attributes); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_abort(op_handle); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->destroy_key(derived_keyid); + CHECK_EQUAL(PSA_SUCCESS, status); +} + +void key_derivation_service_scenarios::hkdfDeriveBytes() +{ + psa_status_t status; + uint32_t op_handle = 0; + + status = generateSecretKey(); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_setup(&op_handle, PSA_ALG_HKDF(PSA_ALG_SHA_256)); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_input_key(op_handle, + PSA_KEY_DERIVATION_INPUT_SECRET, m_secret_keyid); + CHECK_EQUAL(PSA_SUCCESS, status); + + static const uint8_t info[] = {50,51,52,53,54,55,56,57,58}; + status = m_crypto_client->key_derivation_input_bytes(op_handle, + PSA_KEY_DERIVATION_INPUT_INFO, info, sizeof(info)); + CHECK_EQUAL(PSA_SUCCESS, status); + + /* Derive some output bytes */ + uint8_t derived_bytes[99]; + status = m_crypto_client->key_derivation_output_bytes(op_handle, + derived_bytes, sizeof(derived_bytes)); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_abort(op_handle); + CHECK_EQUAL(PSA_SUCCESS, status); +} + +void key_derivation_service_scenarios::deriveAbort() +{ + psa_status_t status; + uint32_t op_handle = 0; + + status = generateSecretKey(); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_setup(&op_handle, PSA_ALG_HKDF(PSA_ALG_SHA_256)); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_input_key(op_handle, + PSA_KEY_DERIVATION_INPUT_SECRET, m_secret_keyid); + CHECK_EQUAL(PSA_SUCCESS, status); + + status = m_crypto_client->key_derivation_abort(op_handle); + CHECK_EQUAL(PSA_SUCCESS, status); + + /* Expect operation to have been aborted */ + status = m_crypto_client->key_derivation_set_capacity(op_handle, 100); + CHECK_EQUAL(PSA_ERROR_BAD_STATE, status); +} diff --git a/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h new file mode 100644 index 000000000..794311a2a --- /dev/null +++ b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef KEY_DERIVATION_SERVICE_SCENARIOS_H +#define KEY_DERIVATION_SERVICE_SCENARIOS_H + +#include <stddef.h> +#include <stdint.h> +#include <service/crypto/client/cpp/crypto_client.h> + +/* + * Service-level test scenarios for the key_derivation extension to the + * crypto service that may be reused using different concrete + * crypto_clients to check end-to-end operation using different protocol + * serialization schemes. + */ +class key_derivation_service_scenarios +{ +public: + key_derivation_service_scenarios(crypto_client *crypto_client); + ~key_derivation_service_scenarios(); + + void hkdfDeriveKey(); + void hkdfDeriveBytes(); + void deriveAbort(); + +private: + + psa_status_t generateSecretKey(); + void destroySecretKey(); + + crypto_client *m_crypto_client; + psa_key_id_t m_secret_keyid; +}; + +#endif /* KEY_DERIVATION_SERVICE_SCENARIOS_H */ diff --git a/components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake b/components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake new file mode 100644 index 000000000..35615f0c6 --- /dev/null +++ b/components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake @@ -0,0 +1,13 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +if (NOT DEFINED TGT) + message(FATAL_ERROR "mandatory parameter TGT is not defined.") +endif() + +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/key_derivation_service_packedc_tests.cpp" + ) diff --git a/components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp b/components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp new file mode 100644 index 000000000..261bf988d --- /dev/null +++ b/components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h> +#include <service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h> +#include <protocols/rpc/common/packed-c/encoding.h> +#include <service_locator.h> +#include <CppUTest/TestHarness.h> + +/* + * Service-level key derivation tests that use the packed-c access protocol serialization + */ +TEST_GROUP(CryptoKeyDerivationServicePackedcTests) +{ + void setup() + { + struct rpc_caller *caller; + int status; + + m_rpc_session_handle = NULL; + m_crypto_service_context = NULL; + m_scenarios = NULL; + + service_locator_init(); + + m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0", &status); + CHECK_TRUE(m_crypto_service_context); + + m_rpc_session_handle = service_context_open(m_crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller); + CHECK_TRUE(m_rpc_session_handle); + + m_scenarios = new key_derivation_service_scenarios(new packedc_crypto_client(caller)); + } + + void teardown() + { + delete m_scenarios; + m_scenarios = NULL; + + service_context_close(m_crypto_service_context, m_rpc_session_handle); + m_rpc_session_handle = NULL; + + service_context_relinquish(m_crypto_service_context); + m_crypto_service_context = NULL; + } + + rpc_session_handle m_rpc_session_handle; + struct service_context *m_crypto_service_context; + key_derivation_service_scenarios *m_scenarios; +}; + +TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) +{ + m_scenarios->hkdfDeriveKey(); +} + +TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) +{ + m_scenarios->hkdfDeriveBytes(); +} + +TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) +{ + m_scenarios->deriveAbort(); +} |