aboutsummaryrefslogtreecommitdiff
path: root/components/service/crypto/test/service/extension
diff options
context:
space:
mode:
Diffstat (limited to 'components/service/crypto/test/service/extension')
-rw-r--r--components/service/crypto/test/service/extension/key_derivation/component.cmake13
-rw-r--r--components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp153
-rw-r--r--components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h39
-rw-r--r--components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake13
-rw-r--r--components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp68
5 files changed, 286 insertions, 0 deletions
diff --git a/components/service/crypto/test/service/extension/key_derivation/component.cmake b/components/service/crypto/test/service/extension/key_derivation/component.cmake
new file mode 100644
index 000000000..2d251aab5
--- /dev/null
+++ b/components/service/crypto/test/service/extension/key_derivation/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/key_derivation_service_scenarios.cpp"
+ )
diff --git a/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp
new file mode 100644
index 000000000..66dc26813
--- /dev/null
+++ b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.cpp
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <cstring>
+#include <cstdint>
+#include <CppUTest/TestHarness.h>
+#include "key_derivation_service_scenarios.h"
+
+
+key_derivation_service_scenarios::key_derivation_service_scenarios(crypto_client *crypto_client) :
+ m_crypto_client(crypto_client),
+ m_secret_keyid(0)
+{
+
+}
+
+key_derivation_service_scenarios::~key_derivation_service_scenarios()
+{
+ destroySecretKey();
+
+ delete m_crypto_client;
+ m_crypto_client = NULL;
+}
+
+psa_status_t key_derivation_service_scenarios::generateSecretKey()
+{
+ destroySecretKey();
+
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, 256);
+
+ psa_status_t status = m_crypto_client->generate_key(&attributes, &m_secret_keyid);
+
+ psa_reset_key_attributes(&attributes);
+
+ return status;
+}
+
+void key_derivation_service_scenarios::destroySecretKey()
+{
+ if (m_secret_keyid) {
+
+ m_crypto_client->destroy_key(m_secret_keyid);
+ m_secret_keyid = 0;
+ }
+}
+
+void key_derivation_service_scenarios::hkdfDeriveKey()
+{
+ psa_status_t status;
+ uint32_t op_handle = 0;
+
+ status = generateSecretKey();
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_setup(&op_handle, PSA_ALG_HKDF(PSA_ALG_SHA_256));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ static const uint8_t salt[] = {0,1,2,3,4,5,6,7,8,9};
+ status = m_crypto_client->key_derivation_input_bytes(op_handle,
+ PSA_KEY_DERIVATION_INPUT_SALT, salt, sizeof(salt));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_input_key(op_handle,
+ PSA_KEY_DERIVATION_INPUT_SECRET, m_secret_keyid);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ static const uint8_t info[] = {50,51,52,53,54,55,56,57,58};
+ status = m_crypto_client->key_derivation_input_bytes(op_handle,
+ PSA_KEY_DERIVATION_INPUT_INFO, info, sizeof(info));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Derive a key that could be used for symmetric encryption */
+ psa_key_id_t derived_keyid;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CTR);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 256);
+
+ status = m_crypto_client->key_derivation_output_key(&attributes, op_handle, &derived_keyid);
+ psa_reset_key_attributes(&attributes);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_abort(op_handle);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->destroy_key(derived_keyid);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+}
+
+void key_derivation_service_scenarios::hkdfDeriveBytes()
+{
+ psa_status_t status;
+ uint32_t op_handle = 0;
+
+ status = generateSecretKey();
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_setup(&op_handle, PSA_ALG_HKDF(PSA_ALG_SHA_256));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_input_key(op_handle,
+ PSA_KEY_DERIVATION_INPUT_SECRET, m_secret_keyid);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ static const uint8_t info[] = {50,51,52,53,54,55,56,57,58};
+ status = m_crypto_client->key_derivation_input_bytes(op_handle,
+ PSA_KEY_DERIVATION_INPUT_INFO, info, sizeof(info));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Derive some output bytes */
+ uint8_t derived_bytes[99];
+ status = m_crypto_client->key_derivation_output_bytes(op_handle,
+ derived_bytes, sizeof(derived_bytes));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_abort(op_handle);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+}
+
+void key_derivation_service_scenarios::deriveAbort()
+{
+ psa_status_t status;
+ uint32_t op_handle = 0;
+
+ status = generateSecretKey();
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_setup(&op_handle, PSA_ALG_HKDF(PSA_ALG_SHA_256));
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_input_key(op_handle,
+ PSA_KEY_DERIVATION_INPUT_SECRET, m_secret_keyid);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ status = m_crypto_client->key_derivation_abort(op_handle);
+ CHECK_EQUAL(PSA_SUCCESS, status);
+
+ /* Expect operation to have been aborted */
+ status = m_crypto_client->key_derivation_set_capacity(op_handle, 100);
+ CHECK_EQUAL(PSA_ERROR_BAD_STATE, status);
+}
diff --git a/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h
new file mode 100644
index 000000000..794311a2a
--- /dev/null
+++ b/components/service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef KEY_DERIVATION_SERVICE_SCENARIOS_H
+#define KEY_DERIVATION_SERVICE_SCENARIOS_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <service/crypto/client/cpp/crypto_client.h>
+
+/*
+ * Service-level test scenarios for the key_derivation extension to the
+ * crypto service that may be reused using different concrete
+ * crypto_clients to check end-to-end operation using different protocol
+ * serialization schemes.
+ */
+class key_derivation_service_scenarios
+{
+public:
+ key_derivation_service_scenarios(crypto_client *crypto_client);
+ ~key_derivation_service_scenarios();
+
+ void hkdfDeriveKey();
+ void hkdfDeriveBytes();
+ void deriveAbort();
+
+private:
+
+ psa_status_t generateSecretKey();
+ void destroySecretKey();
+
+ crypto_client *m_crypto_client;
+ psa_key_id_t m_secret_keyid;
+};
+
+#endif /* KEY_DERIVATION_SERVICE_SCENARIOS_H */
diff --git a/components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake b/components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake
new file mode 100644
index 000000000..35615f0c6
--- /dev/null
+++ b/components/service/crypto/test/service/extension/key_derivation/packed-c/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/key_derivation_service_packedc_tests.cpp"
+ )
diff --git a/components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp b/components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp
new file mode 100644
index 000000000..261bf988d
--- /dev/null
+++ b/components/service/crypto/test/service/extension/key_derivation/packed-c/key_derivation_service_packedc_tests.cpp
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h>
+#include <service/crypto/test/service/extension/key_derivation/key_derivation_service_scenarios.h>
+#include <protocols/rpc/common/packed-c/encoding.h>
+#include <service_locator.h>
+#include <CppUTest/TestHarness.h>
+
+/*
+ * Service-level key derivation tests that use the packed-c access protocol serialization
+ */
+TEST_GROUP(CryptoKeyDerivationServicePackedcTests)
+{
+ void setup()
+ {
+ struct rpc_caller *caller;
+ int status;
+
+ m_rpc_session_handle = NULL;
+ m_crypto_service_context = NULL;
+ m_scenarios = NULL;
+
+ service_locator_init();
+
+ m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0", &status);
+ CHECK_TRUE(m_crypto_service_context);
+
+ m_rpc_session_handle = service_context_open(m_crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller);
+ CHECK_TRUE(m_rpc_session_handle);
+
+ m_scenarios = new key_derivation_service_scenarios(new packedc_crypto_client(caller));
+ }
+
+ void teardown()
+ {
+ delete m_scenarios;
+ m_scenarios = NULL;
+
+ service_context_close(m_crypto_service_context, m_rpc_session_handle);
+ m_rpc_session_handle = NULL;
+
+ service_context_relinquish(m_crypto_service_context);
+ m_crypto_service_context = NULL;
+ }
+
+ rpc_session_handle m_rpc_session_handle;
+ struct service_context *m_crypto_service_context;
+ key_derivation_service_scenarios *m_scenarios;
+};
+
+TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey)
+{
+ m_scenarios->hkdfDeriveKey();
+}
+
+TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes)
+{
+ m_scenarios->hkdfDeriveBytes();
+}
+
+TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort)
+{
+ m_scenarios->deriveAbort();
+}