TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 4743e6731b0fe8a00ceebfd74da098c7676ac6e0 / . / test / suites / crypto / crypto_tests_common.c
blob: 36419dedd5fd908c7f24da8a76eeffc28bf2e564 [file] [log] [blame]
Antonio de Angelisd3142fd2019-03-28 16:25:14 +0000[diff] [blame]1/*
2 * Copyright (c) 2019, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#if DOMAIN_NS == 1
9#include <string.h>
10#else
11#include "secure_fw/core/tfm_memory_utils.h"
12#endif
13#include "crypto_tests_common.h"
14
15void psa_key_interface_test(const psa_key_type_t key_type,
16 struct test_result_t *ret)
17{
18 psa_status_t status = PSA_SUCCESS;
19 uint32_t i = 0;
20 const psa_key_slot_t slot = TEST_KEY_SLOT;
21 const uint8_t data[] = "THIS IS MY KEY1";
22 psa_key_type_t type = PSA_KEY_TYPE_NONE;
23 size_t bits = 0;
24 uint8_t exported_data[sizeof(data)] = {0};
25 size_t exported_data_size = 0;
26 psa_key_policy_t policy;
27
28 /* Setup the key policy */
29 psa_key_policy_init(&policy);
30 psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_EXPORT, 0);
31 status = psa_set_key_policy(slot, &policy);
32 if (status != PSA_SUCCESS) {
33 TEST_FAIL("Failed to set key policy");
34 return;
35 }
36
37 status = psa_import_key(slot, key_type, data, sizeof(data));
38 if (status != PSA_SUCCESS) {
39 TEST_FAIL("Error importing a key");
40 return;
41 }
42
43 status = psa_get_key_information(slot, &type, &bits);
44 if (status != PSA_SUCCESS) {
45 TEST_FAIL("Error getting key metadata");
46 return;
47 }
48
49 if (bits != BIT_SIZE_TEST_KEY) {
50 TEST_FAIL("The number of key bits is different from expected");
51 return;
52 }
53
54 if (type != PSA_KEY_TYPE_AES) {
55 TEST_FAIL("The type of the key is different from expected");
56 return;
57 }
58
59 status = psa_export_key(slot,
60 exported_data,
61 sizeof(data),
62 &exported_data_size);
63
64 if (status != PSA_SUCCESS) {
65 TEST_FAIL("Error exporting a key");
66 return;
67 }
68
69 if (exported_data_size != BYTE_SIZE_TEST_KEY) {
70 TEST_FAIL("Number of bytes of exported key different from expected");
71 return;
72 }
73
74 /* Check that the exported key is the same as the imported one */
75 for (i=0; i<exported_data_size; i++) {
76 if (exported_data[i] != data[i]) {
77 TEST_FAIL("Exported key doesn't match the imported key");
78 return;
79 }
80 }
81
82 status = psa_destroy_key(slot);
83 if (status != PSA_SUCCESS) {
84 TEST_FAIL("Error destroying the key");
85 return;
86 }
87
88 status = psa_get_key_information(slot, &type, &bits);
89 if (status != PSA_ERROR_EMPTY_SLOT) {
90 TEST_FAIL("Key slot should be empty now");
91 return;
92 }
93
94 ret->val = TEST_PASSED;
95}
96
97void psa_cipher_test(const psa_key_type_t key_type,
98 const psa_algorithm_t alg,
99 struct test_result_t *ret)
100{
101 psa_cipher_operation_t handle, handle_dec;
102 psa_status_t status = PSA_SUCCESS;
103 const psa_key_slot_t slot = TEST_KEY_SLOT;
104 const uint8_t data[] = "THIS IS MY KEY1";
105 psa_key_type_t type = PSA_KEY_TYPE_NONE;
106 size_t bits = 0;
107 const size_t iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type);
108 const uint8_t iv[] = "012345678901234";
109 const uint8_t plain_text[BYTE_SIZE_CHUNK] = "Sixteen bytes!!";
110 uint8_t decrypted_data[ENC_DEC_BUFFER_SIZE] = {0};
111 size_t output_length = 0, total_output_length = 0;
112 uint8_t encrypted_data[ENC_DEC_BUFFER_SIZE] = {0};
113 uint32_t comp_result;
114 psa_key_policy_t policy;
115 psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
116 uint32_t i;
117
118 /* Setup the key policy */
119 psa_key_policy_init(&policy);
120 psa_key_policy_set_usage(&policy, usage, alg);
121 status = psa_set_key_policy(slot, &policy);
122 if (status != PSA_SUCCESS) {
123 TEST_FAIL("Failed to set key policy");
124 return;
125 }
126
127 ret->val = TEST_PASSED;
128
129 /* Import a key on slot 0 */
130 status = psa_import_key(slot, key_type, data, sizeof(data));
131 if (status != PSA_SUCCESS) {
132 TEST_FAIL("Error importing a key");
133 return;
134 }
135
136 status = psa_get_key_information(slot, &type, &bits);
137 if (status != PSA_SUCCESS) {
138 TEST_FAIL("Error getting key metadata");
139 goto destroy_key;
140 }
141
142 if (bits != BIT_SIZE_TEST_KEY) {
143 TEST_FAIL("The number of key bits is different from expected");
144 goto destroy_key;
145 }
146
147 if (type != key_type) {
148 TEST_FAIL("The type of the key is different from expected");
149 goto destroy_key;
150 }
151
152 /* Setup the encryption object */
153 status = psa_cipher_encrypt_setup(&handle, slot, alg);
154 if (status != PSA_SUCCESS) {
155 if (status == PSA_ERROR_NOT_SUPPORTED) {
156 TEST_FAIL("Algorithm NOT SUPPORTED by the implementation");
157 } else {
158 TEST_FAIL("Error setting up cipher operation object");
159 }
160 goto destroy_key;
161 }
162
163 /* Set the IV */
164 status = psa_cipher_set_iv(&handle, iv, iv_length);
165 if (status != PSA_SUCCESS) {
166 TEST_FAIL("Error setting the IV on the cypher operation object");
167 status = psa_cipher_abort(&handle);
168 if (status != PSA_SUCCESS) {
169 TEST_FAIL("Error aborting the operation");
170 }
171 goto destroy_key;
172 }
173
174 /* Encrypt one chunk of information */
175 status = psa_cipher_update(&handle, plain_text, BYTE_SIZE_CHUNK,
176 encrypted_data, ENC_DEC_BUFFER_SIZE,
177 &output_length);
178
179 if (status != PSA_SUCCESS) {
180 TEST_FAIL("Error encrypting one chunk of information");
181 status = psa_cipher_abort(&handle);
182 if (status != PSA_SUCCESS) {
183 TEST_FAIL("Error aborting the operation");
184 }
185 goto destroy_key;
186 }
187
188 if (output_length != BYTE_SIZE_CHUNK) {
189 TEST_FAIL("Expected encrypted data length is different from expected");
190 status = psa_cipher_abort(&handle);
191 if (status != PSA_SUCCESS) {
192 TEST_FAIL("Error aborting the operation");
193 }
194 goto destroy_key;
195 }
196
197 /* Finalise the cipher operation */
198 status = psa_cipher_finish(&handle, &encrypted_data[output_length],
199 ENC_DEC_BUFFER_SIZE - output_length,
200 &output_length);
201
202 if (status != PSA_SUCCESS) {
203 TEST_FAIL("Error finalising the cipher operation");
204 status = psa_cipher_abort(&handle);
205 if (status != PSA_SUCCESS) {
206 TEST_FAIL("Error aborting the operation");
207 }
208 goto destroy_key;
209 }
210
211 if (output_length != 0) {
212 TEST_FAIL("Unexpected output length after finalisation");
213 goto destroy_key;
214 }
215
216 /* Setup the decryption object */
217 if (alg == PSA_ALG_CFB_BASE) {
218 /* In CFB mode the object is always in encryption mode */
219 status = psa_cipher_encrypt_setup(&handle_dec, slot, alg);
220 } else {
221 status = psa_cipher_decrypt_setup(&handle_dec, slot, alg);
222 }
223
224 if (status != PSA_SUCCESS) {
225 TEST_FAIL("Error setting up cipher operation object");
226 goto destroy_key;
227 }
228
229 /* Set the IV for decryption */
230 if (alg == PSA_ALG_CFB_BASE) {
231 /* In CFB mode the object is in encryption mode, so follow the
232 * encryption flow.
233 */
234 status = psa_cipher_set_iv(&handle_dec, iv, iv_length);
235 } else {
236 status = psa_cipher_update(&handle_dec, iv, iv_length,
237 encrypted_data, ENC_DEC_BUFFER_SIZE,
238 &output_length);
239 }
240
241 if (status != PSA_SUCCESS) {
242 TEST_FAIL("Error setting the IV for decryption");
243 status = psa_cipher_abort(&handle_dec);
244 if (status != PSA_SUCCESS) {
245 TEST_FAIL("Error aborting the operation");
246 }
247 goto destroy_key;
248 }
249
250 if (alg != PSA_ALG_CFB_BASE) {
251 if (output_length != 0) {
252 TEST_FAIL("Expected output length is different from expected");
253 status = psa_cipher_abort(&handle_dec);
254 if (status != PSA_SUCCESS) {
255 TEST_FAIL("Error aborting the operation");
256 }
257 goto destroy_key;
258 }
259 }
260
261 /* Decrypt */
262 for (i = 0; i < ENC_DEC_BUFFER_SIZE; i += BYTE_SIZE_CHUNK) {
263 status = psa_cipher_update(&handle_dec,
264 (encrypted_data + i), BYTE_SIZE_CHUNK,
265 (decrypted_data + total_output_length),
266 (ENC_DEC_BUFFER_SIZE - total_output_length),
267 &output_length);
268
269 if (status != PSA_SUCCESS) {
270 TEST_FAIL("Error during decryption");
271 status = psa_cipher_abort(&handle_dec);
272 if (status != PSA_SUCCESS) {
273 TEST_FAIL("Error aborting the operation");
274 }
275 goto destroy_key;
276 }
277
278 total_output_length += output_length;
279 }
280
281#if DOMAIN_NS == 1U
282 /* Check that the plain text matches the decrypted data */
283 comp_result = memcmp(plain_text, decrypted_data, sizeof(plain_text));
284#else
285 comp_result = tfm_memcmp(plain_text, decrypted_data, sizeof(plain_text));
286#endif
287 if (comp_result != 0) {
288 TEST_FAIL("Decrypted data doesn't match with plain text");
289 status = psa_cipher_abort(&handle_dec);
290 if (status != PSA_SUCCESS) {
291 TEST_FAIL("Error aborting the operation");
292 }
293 goto destroy_key;
294 }
295
296 /* Finalise the cipher operation for decryption (destroys decrypted data) */
297 status = psa_cipher_finish(&handle_dec, decrypted_data, BYTE_SIZE_CHUNK,
298 &output_length);
299
300 if (status != PSA_SUCCESS) {
301 TEST_FAIL("Error finalising the cipher operation");
302 status = psa_cipher_abort(&handle_dec);
303 if (status != PSA_SUCCESS) {
304 TEST_FAIL("Error aborting the operation");
305 }
306 goto destroy_key;
307 }
308
309 total_output_length += output_length;
310
311 /* Check that the decrypted length is equal to the original length */
312 if (total_output_length != ENC_DEC_BUFFER_SIZE) {
313 TEST_FAIL("After finalising, unexpected decrypted length");
314 goto destroy_key;
315 }
316
317destroy_key:
318 /* Destroy the key on slot 0 */
319 status = psa_destroy_key(slot);
320 if (status != PSA_SUCCESS) {
321 TEST_FAIL("Error destroying a key");
322 }
323}
324
325void psa_invalid_cipher_test(const psa_key_type_t key_type,
326 const psa_algorithm_t alg,
327 const size_t key_size,
328 struct test_result_t *ret)
329{
330 psa_status_t status;
331 psa_cipher_operation_t handle;
332 const psa_key_slot_t slot = TEST_KEY_SLOT;
333 uint8_t data[TEST_MAX_KEY_LENGTH];
334 psa_key_policy_t policy;
335 psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
336
337 /* Setup the key policy */
338 psa_key_policy_init(&policy);
339 psa_key_policy_set_usage(&policy, usage, alg);
340 status = psa_set_key_policy(slot, &policy);
341 if (status != PSA_SUCCESS) {
342 TEST_FAIL("Failed to set key policy");
343 return;
344 }
345
346#if DOMAIN_NS == 1U
347 /* Fill the key data */
348 (void)memset(data, 'A', key_size);
349#else
350 (void)tfm_memset(data, 'A', key_size);
351#endif
352
353 /* Import a key to slot 0 */
354 status = psa_import_key(slot, key_type, data, key_size);
355 if (status != PSA_SUCCESS) {
356 TEST_FAIL("Error importing a key");
357 return;
358 }
359
360 /* Setup the encryption object */
361 status = psa_cipher_encrypt_setup(&handle, slot, alg);
362 if (status == PSA_SUCCESS) {
363 TEST_FAIL("Should not successfully setup an invalid cipher");
364 psa_destroy_key(slot);
365 return;
366 }
367
368 /* Destroy the key in slot 0 */
369 status = psa_destroy_key(slot);
370 if (status != PSA_SUCCESS) {
371 TEST_FAIL("Error destroying a key");
372 return;
373 }
374
375 ret->val = TEST_PASSED;
376}
377
378/*
379 * \brief This is the list of algorithms supported by the current
380 * configuration of the crypto engine used by the crypto
381 * service. In case the crypto engine default capabilities
382 * is changed, this list needs to be updated accordingly
383 */
384static const psa_algorithm_t hash_alg[] = {
385 PSA_ALG_SHA_1,
386 PSA_ALG_SHA_224,
387 PSA_ALG_SHA_256,
388 PSA_ALG_SHA_384,
389 PSA_ALG_SHA_512,
390 PSA_ALG_MD5,
391 PSA_ALG_RIPEMD160,
392 PSA_ALG_MD2,
393 PSA_ALG_MD4
394};
395
396static const uint8_t hash_val[][PSA_HASH_SIZE(PSA_ALG_SHA_512)] = {
397 {0x56, 0x4A, 0x0E, 0x35, 0xF1, 0xC7, 0xBC, 0xD0, /*!< SHA-1 */
398 0x7D, 0xCF, 0xB1, 0xBC, 0xC9, 0x16, 0xFA, 0x2E,
399 0xF5, 0xBE, 0x96, 0xB2},
400 {0x00, 0xD2, 0x90, 0xE2, 0x0E, 0x4E, 0xC1, 0x7E, /*!< SHA-224 */
401 0x7A, 0x95, 0xF5, 0x10, 0x5C, 0x76, 0x74, 0x04,
402 0x6E, 0xB5, 0x56, 0x5E, 0xE5, 0xE7, 0xBA, 0x15,
403 0x6C, 0x23, 0x47, 0xF3},
404 {0x6B, 0x22, 0x09, 0x2A, 0x37, 0x1E, 0xF5, 0x14, /*!< SHA-256 */
405 0xF7, 0x39, 0x4D, 0xCF, 0xAD, 0x4D, 0x17, 0x46,
406 0x66, 0xCB, 0x33, 0xA0, 0x39, 0xD8, 0x41, 0x4E,
407 0xF1, 0x2A, 0xD3, 0x4D, 0x69, 0xC3, 0xB5, 0x3E},
408 {0x64, 0x79, 0x11, 0xBB, 0x47, 0x4E, 0x47, 0x59, /*!< SHA-384 */
409 0x3E, 0x4D, 0xBC, 0x60, 0xA5, 0xF9, 0xBF, 0x9C,
410 0xC0, 0xBA, 0x55, 0x0F, 0x93, 0xCA, 0x72, 0xDF,
411 0x57, 0x1E, 0x50, 0x56, 0xF9, 0x4A, 0x01, 0xD6,
412 0xA5, 0x6F, 0xF7, 0x62, 0x34, 0x4F, 0x48, 0xFD,
413 0x9D, 0x15, 0x07, 0x42, 0xB7, 0x72, 0x94, 0xB8},
414 {0xB4, 0x1C, 0xA3, 0x6C, 0xA9, 0x67, 0x1D, 0xAD, /*!< SHA-512 */
415 0x34, 0x1F, 0xBE, 0x1B, 0x83, 0xC4, 0x40, 0x2A,
416 0x47, 0x42, 0x79, 0xBB, 0x21, 0xCA, 0xF0, 0x60,
417 0xE4, 0xD2, 0x6E, 0x9B, 0x70, 0x12, 0x34, 0x3F,
418 0x55, 0x2C, 0x09, 0x31, 0x0A, 0x5B, 0x40, 0x21,
419 0x01, 0xA8, 0x3B, 0x58, 0xE7, 0x48, 0x13, 0x1A,
420 0x7E, 0xCD, 0xE1, 0xD2, 0x46, 0x10, 0x58, 0x34,
421 0x49, 0x14, 0x4B, 0xAA, 0x89, 0xA9, 0xF5, 0xB1},
422 {0x63, 0xFC, 0x11, 0x88, 0xB7, 0x03, 0xDD, 0xD5, /*!< MD-5 */
423 0x36, 0xB9, 0x2F, 0xD6, 0x9E, 0x91, 0x96, 0xF8},
424 {0xF5, 0x8E, 0xB3, 0xCB, 0xE5, 0xF0, 0x3B, 0xC5, /*!< RIPEMD-160 */
425 0x7C, 0x45, 0xE2, 0x49, 0xAA, 0x66, 0xC6, 0x5A,
426 0x47, 0xEA, 0x34, 0x91},
427 {0x7E, 0x28, 0x13, 0xAE, 0x98, 0xBD, 0x38, 0x6C, /*!< MD-2 */
428 0xDC, 0x8C, 0xF8, 0x04, 0xC6, 0x58, 0xA9, 0x69},
429 {0xA0, 0xB9, 0x82, 0x4E, 0xE0, 0x74, 0x4F, 0x1E, /*!< MD-4 */
430 0xA4, 0x7F, 0xA3, 0xDF, 0xD0, 0x0D, 0x97, 0xEB},
431};
432
433void psa_hash_test(const psa_algorithm_t alg,
434 struct test_result_t *ret)
435{
436 const char *msg[] = {"This is my test message, ",
437 "please generate a hash for this."};
438
439 const size_t msg_size[] = {25, 32}; /* Length in bytes of msg[0], msg[1] */
440 const uint32_t msg_num = sizeof(msg)/sizeof(msg[0]);
441 uint32_t idx;
442
443 psa_status_t status;
444 psa_hash_operation_t handle;
445
446 /* Setup the hash object for the desired hash*/
447 status = psa_hash_setup(&handle, alg);
448
449 if (status != PSA_SUCCESS) {
450 if (status == PSA_ERROR_NOT_SUPPORTED) {
451 TEST_FAIL("Algorithm NOT SUPPORTED by the implementation");
452 return;
453 }
454
455 TEST_FAIL("Error setting up hash operation object");
456 return;
457 }
458
459 /* Update object with all the chunks of message */
460 for (idx=0; idx<msg_num; idx++) {
461 status = psa_hash_update(&handle,
462 (const uint8_t *)msg[idx],msg_size[idx]);
463 if (status != PSA_SUCCESS) {
464 TEST_FAIL("Error updating the hash operation object");
465 return;
466 }
467 }
468
469 /* Cycle until idx points to the correct index in the algorithm table */
470 for (idx=0; hash_alg[idx] != alg; idx++);
471
472 /* Finalise and verify that the hash is as expected */
473 status = psa_hash_verify(&handle, &(hash_val[idx][0]), PSA_HASH_SIZE(alg));
474 if (status != PSA_SUCCESS) {
475 TEST_FAIL("Error verifying the hash operation object");
476 return;
477 }
478
479 ret->val = TEST_PASSED;
480}
481
482static const uint8_t hmac_val[][PSA_HASH_SIZE(PSA_ALG_SHA_512)] = {
483 {0x0d, 0xa6, 0x9d, 0x02, 0x43, 0x17, 0x3e, 0x7e, /*!< SHA-1 */
484 0xe7, 0x3b, 0xc6, 0xa9, 0x51, 0x06, 0x8a, 0xea,
485 0x12, 0xb0, 0xa7, 0x1d},
486 {0xc1, 0x9f, 0x19, 0xac, 0x05, 0x65, 0x5f, 0x02, /*!< SHA-224 */
487 0x1b, 0x64, 0x32, 0xd9, 0xb1, 0x49, 0xba, 0x75,
488 0x05, 0x60, 0x52, 0x4e, 0x78, 0xfa, 0x61, 0xc9,
489 0x37, 0x5d, 0x7f, 0x58},
490 {0x94, 0x37, 0xbe, 0xb5, 0x7f, 0x7c, 0x5c, 0xb0, /*!< SHA-256 */
491 0x0a, 0x92, 0x4d, 0xd3, 0xba, 0x7e, 0xb1, 0x1a,
492 0xdb, 0xa2, 0x25, 0xb2, 0x82, 0x8e, 0xdf, 0xbb,
493 0x61, 0xbf, 0x91, 0x1d, 0x28, 0x23, 0x4a, 0x04},
494 {0x94, 0x21, 0x9b, 0xc3, 0xd5, 0xed, 0xe6, 0xee, /*!< SHA-384 */
495 0x42, 0x10, 0x5a, 0x58, 0xa4, 0x4d, 0x67, 0x87,
496 0x16, 0xa2, 0xa7, 0x6c, 0x2e, 0xc5, 0x85, 0xb7,
497 0x6a, 0x4c, 0x90, 0xb2, 0x73, 0xee, 0x58, 0x3c,
498 0x59, 0x16, 0x67, 0xf3, 0x6f, 0x30, 0x99, 0x1c,
499 0x2a, 0xf7, 0xb1, 0x5f, 0x45, 0x83, 0xf5, 0x9f},
500 {0x8f, 0x76, 0xef, 0x12, 0x0b, 0x92, 0xc2, 0x06, /*!< SHA-512 */
501 0xce, 0x01, 0x18, 0x75, 0x84, 0x96, 0xd9, 0x6f,
502 0x23, 0x88, 0xd4, 0xf8, 0xcf, 0x79, 0xf8, 0xcf,
503 0x27, 0x12, 0x9f, 0xa6, 0x7e, 0x87, 0x9a, 0x68,
504 0xee, 0xe2, 0xe7, 0x1d, 0x4b, 0xf2, 0x87, 0xc0,
505 0x05, 0x6a, 0xbd, 0x7f, 0x9d, 0xff, 0xaa, 0xf3,
506 0x9a, 0x1c, 0xb7, 0xb7, 0xbd, 0x03, 0x61, 0xa3,
507 0xa9, 0x6a, 0x5d, 0xb2, 0x81, 0xe1, 0x6f, 0x1f},
508 {0x26, 0xfb, 0x68, 0xd2, 0x28, 0x17, 0xc2, 0x9c, /*!< MD-5 */
509 0xbe, 0xed, 0x95, 0x16, 0x82, 0xb0, 0xd8, 0x99},
510 {0x5c, 0xd9, 0x49, 0xc8, 0x66, 0x7a, 0xfa, 0x79, /*!< RIPEMD-160 */
511 0xa8, 0x88, 0x2e, 0x53, 0xf4, 0xee, 0xc0, 0x2d,
512 0x1e, 0xf0, 0x80, 0x25},
513 {0x0c, 0x8c, 0x8c, 0x16, 0x49, 0x92, 0x76, 0xf1, /*!< MD-2 */
514 0xc4, 0xcc, 0xdc, 0x9f, 0x7c, 0xb2, 0xeb, 0x87},
515 {0x44, 0xdf, 0x1b, 0x97, 0xe9, 0xe8, 0xd3, 0xb0, /*!< MD-4 */
516 0xe8, 0x8d, 0xad, 0xdb, 0x86, 0xab, 0xa6, 0xc6},
517};
518
519static const uint8_t long_key_hmac_val[PSA_HASH_SIZE(PSA_ALG_SHA_1)] = {
520 0xb5, 0x06, 0x7b, 0x9a, 0xb9, 0xe7, 0x47, 0x3c, /*!< SHA-1 */
521 0x2d, 0x44, 0x46, 0x1f, 0x4a, 0xbd, 0x22, 0x53,
522 0x9c, 0x05, 0x34, 0x34
523};
524
525void psa_mac_test(const psa_algorithm_t alg,
526 uint8_t use_long_key,
527 struct test_result_t *ret)
528{
529 const char *msg[] = {"This is my test message, ",
530 "please generate a hmac for this."};
531 const size_t msg_size[] = {25, 32}; /* Length in bytes of msg[0], msg[1] */
532 const uint32_t msg_num = sizeof(msg)/sizeof(msg[0]);
533 uint32_t idx;
534
535 const psa_key_slot_t slot = TEST_KEY_SLOT;
536 const uint8_t data[] = "THIS IS MY KEY1";
537 const uint8_t long_data[] = "THIS IS MY UNCOMMONLY LONG KEY1";
538 psa_key_type_t type = PSA_KEY_TYPE_NONE;
539 size_t bits = 0;
540 size_t bit_size_test_key = 0;
541 psa_status_t status;
542 psa_mac_operation_t handle;
543 psa_key_policy_t policy;
544 psa_key_usage_t usage = PSA_KEY_USAGE_VERIFY;
545
546 /* Setup the key policy */
547 psa_key_policy_init(&policy);
548 psa_key_policy_set_usage(&policy, usage, alg);
549 status = psa_set_key_policy(slot, &policy);
550 if (status != PSA_SUCCESS) {
551 TEST_FAIL("Failed to set key policy");
552 return;
553 }
554
555 ret->val = TEST_PASSED;
556
557 /* Import key on slot 0 */
558 if (use_long_key == 1) {
559 status = psa_import_key(slot,
560 PSA_KEY_TYPE_HMAC,
561 long_data,
562 sizeof(long_data));
563 } else {
564 status = psa_import_key(slot, PSA_KEY_TYPE_HMAC, data, sizeof(data));
565 }
566
567 if (status != PSA_SUCCESS) {
568 TEST_FAIL("Error importing a key");
569 return;
570 }
571
572 status = psa_get_key_information(slot, &type, &bits);
573 if (status != PSA_SUCCESS) {
574 TEST_FAIL("Error getting key metadata");
575 goto destroy_key_mac;
576 }
577
578 if (use_long_key == 1) {
579 bit_size_test_key = BIT_SIZE_TEST_LONG_KEY;
580 } else {
581 bit_size_test_key = BIT_SIZE_TEST_KEY;
582 }
583
584 if (bits != bit_size_test_key) {
585 TEST_FAIL("The number of key bits is different from expected");
586 goto destroy_key_mac;
587 }
588
589 if (type != PSA_KEY_TYPE_HMAC) {
590 TEST_FAIL("The type of the key is different from expected");
591 goto destroy_key_mac;
592 }
593
594 /* Setup the mac object for hmac */
595 status = psa_mac_verify_setup(&handle, slot, alg);
596 if (status != PSA_SUCCESS) {
597 TEST_FAIL("Error setting up mac operation object");
598 goto destroy_key_mac;
599 }
600
601 /* Update object with all the chunks of message */
602 for (idx=0; idx<msg_num; idx++) {
603 status = psa_mac_update(&handle,
604 (const uint8_t *)msg[idx],
605 msg_size[idx]);
606 if (status != PSA_SUCCESS) {
607 TEST_FAIL("Error during mac operation");
608 goto destroy_key_mac;
609 }
610 }
611
612 /* Cycle until idx points to the correct index in the algorithm table */
613 for (idx=0; hash_alg[idx] != PSA_ALG_HMAC_HASH(alg); idx++);
614
615 /* Finalise and verify the mac value */
616 if (use_long_key == 1) {
617 status = psa_mac_verify_finish(&handle,
618 &(long_key_hmac_val[0]),
619 PSA_HASH_SIZE(PSA_ALG_HMAC_HASH(alg)));
620 } else {
621 status = psa_mac_verify_finish(&handle,
622 &(hmac_val[idx][0]),
623 PSA_HASH_SIZE(PSA_ALG_HMAC_HASH(alg)));
624 }
625 if (status != PSA_SUCCESS) {
626 TEST_FAIL("Error during finalising the mac operation");
627 goto destroy_key_mac;
628 }
629
630destroy_key_mac:
631 /* Destroy the key */
632 status = psa_destroy_key(slot);
633 if (status != PSA_SUCCESS) {
634 TEST_FAIL("Error destroying the key");
635 }
636}
637
638void psa_aead_test(const psa_key_type_t key_type,
639 const psa_algorithm_t alg,
640 struct test_result_t *ret)
641{
642 const psa_key_slot_t slot = TEST_KEY_SLOT;
643 const size_t nonce_length = 12;
644 const uint8_t nonce[] = "01234567890";
645 const uint8_t plain_text[BYTE_SIZE_CHUNK] = "Sixteen bytes!!";
646 const uint8_t associated_data[ASSOCIATED_DATA_SIZE] =
647 "This is associated data";
648 uint8_t encrypted_data[ENC_DEC_BUFFER_SIZE] = {0};
649 size_t encrypted_data_length = 0, decrypted_data_length = 0;
650 uint8_t decrypted_data[ENC_DEC_BUFFER_SIZE] = {0};
651 psa_status_t status;
652 const uint8_t data[] = "THIS IS MY KEY1";
653 psa_key_type_t type = PSA_KEY_TYPE_NONE;
654 size_t bits = 0;
655 uint32_t comp_result;
656 psa_key_policy_t policy;
657 psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
658
659 /* Setup the key policy */
660 psa_key_policy_init(&policy);
661 psa_key_policy_set_usage(&policy, usage, alg);
662 status = psa_set_key_policy(slot, &policy);
663 if (status != PSA_SUCCESS) {
664 TEST_FAIL("Failed to set key policy");
665 return;
666 }
667
668 ret->val = TEST_PASSED;
669
670 /* Import a key on slot 0 */
671 status = psa_import_key(slot, key_type, data, sizeof(data));
672 if (status != PSA_SUCCESS) {
673 TEST_FAIL("Error importing a key");
674 return;
675 }
676
677 status = psa_get_key_information(slot, &type, &bits);
678 if (status != PSA_SUCCESS) {
679 TEST_FAIL("Error getting key metadata");
680 goto destroy_key_aead;
681 }
682
683 if (bits != BIT_SIZE_TEST_KEY) {
684 TEST_FAIL("The number of key bits is different from expected");
685 goto destroy_key_aead;
686 }
687
688 if (type != key_type) {
689 TEST_FAIL("The type of the key is different from expected");
690 goto destroy_key_aead;
691 }
692
693 /* Perform AEAD encryption */
694 status = psa_aead_encrypt(slot, alg, nonce, nonce_length,
695 associated_data,
696 sizeof(associated_data),
697 plain_text,
698 sizeof(plain_text),
699 encrypted_data,
700 sizeof(encrypted_data),
701 &encrypted_data_length );
702
703 if (status != PSA_SUCCESS) {
704 if (status == PSA_ERROR_NOT_SUPPORTED) {
705 TEST_FAIL("Algorithm NOT SUPPORTED by the implementation");
706 goto destroy_key_aead;
707 }
708
709 TEST_FAIL("Error performing AEAD encryption");
710 goto destroy_key_aead;
711 }
712
713 if (sizeof(plain_text) != (encrypted_data_length-PSA_AEAD_TAG_SIZE(alg))) {
714 TEST_FAIL("Encrypted data length is different than expected");
715 goto destroy_key_aead;
716 }
717
718 /* Perform AEAD decryption */
719 status = psa_aead_decrypt(slot, alg, nonce, nonce_length,
720 associated_data,
721 sizeof(associated_data),
722 encrypted_data,
723 encrypted_data_length,
724 decrypted_data,
725 sizeof(decrypted_data),
726 &decrypted_data_length );
727
728 if (status != PSA_SUCCESS) {
729 if (status == PSA_ERROR_NOT_SUPPORTED) {
730 TEST_FAIL("Algorithm NOT SUPPORTED by the implementation");
731 } else {
732 TEST_FAIL("Error performing AEAD decryption");
733 }
734
735 goto destroy_key_aead;
736 }
737
738 if (sizeof(plain_text) != decrypted_data_length) {
739 TEST_FAIL("Decrypted data length is different from plain text");
740 goto destroy_key_aead;
741 }
742
743#if DOMAIN_NS == 1U
744 /* Check that the decrypted data is the same as the original data */
745 comp_result = memcmp(plain_text, decrypted_data, sizeof(plain_text));
746#else
747 comp_result = tfm_memcmp(plain_text, decrypted_data, sizeof(plain_text));
748#endif
749 if (comp_result != 0) {
750 TEST_FAIL("Decrypted data doesn't match with plain text");
751 goto destroy_key_aead;
752 }
753
754
755destroy_key_aead:
756 /* Destroy the key on slot 0 */
757 status = psa_destroy_key(slot);
758 if (status != PSA_SUCCESS) {
759 TEST_FAIL("Error destroying a key");
760 }
761}
762
763void psa_invalid_key_length_test(struct test_result_t *ret)
764{
765 psa_status_t status;
766 psa_key_policy_t policy;
767 const psa_key_slot_t slot = TEST_KEY_SLOT;
768 const uint8_t data[19] = {0};
769
770 /* Setup the key policy */
771 psa_key_policy_init(&policy);
772 psa_key_policy_set_usage(&policy, PSA_KEY_USAGE_ENCRYPT, PSA_ALG_CBC_BASE);
773 status = psa_set_key_policy(slot, &policy);
774 if (status != PSA_SUCCESS) {
775 TEST_FAIL("Failed to set key policy");
776 return;
777 }
778
779 /* DES does not support 152-bit keys */
780 status = psa_import_key(slot, PSA_KEY_TYPE_DES, data, sizeof(data));
781 if (status != PSA_ERROR_NOT_SUPPORTED) {
782 TEST_FAIL("Should not successfully import with an invalid key length");
783 return;
784 }
785}
786
787void psa_policy_key_interface_test(struct test_result_t *ret)
788{
789 psa_status_t status;
790 psa_algorithm_t alg = PSA_ALG_CBC_BASE;
791 psa_algorithm_t alg_out;
792 psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
793 psa_key_lifetime_t lifetime_out;
794 psa_key_policy_t policy;
795 psa_key_policy_t policy_out;
796 psa_key_slot_t slot = TEST_KEY_SLOT;
797 psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT;
798 psa_key_usage_t usage_out;
799
800 /* Initialise the key policy */
801 psa_key_policy_init(&policy);
802
803 /* Verify that initialised policy forbids all usage */
804 usage_out = psa_key_policy_get_usage(&policy);
805 if (usage_out != 0) {
806 TEST_FAIL("Unexpected usage value");
807 return;
808 }
809
810 alg_out = psa_key_policy_get_algorithm(&policy);
811 if (alg_out != 0) {
812 TEST_FAIL("Unexpected algorithm value");
813 return;
814 }
815
816 /* Set the key policy values */
817 psa_key_policy_set_usage(&policy, usage, alg);
818
819 /* Check that the key policy has the correct usage */
820 usage_out = psa_key_policy_get_usage(&policy);
821 if (usage_out != usage) {
822 TEST_FAIL("Unexpected usage value");
823 return;
824 }
825
826 /* Check that the key policy has the correct algorithm */
827 alg_out = psa_key_policy_get_algorithm(&policy);
828 if (alg_out != alg) {
829 TEST_FAIL("Unexpected algorithm value");
830 return;
831 }
832
833 /* Set the key policy for the key slot */
834 status = psa_set_key_policy(slot, &policy);
835 if (status != PSA_SUCCESS) {
836 TEST_FAIL("Failed to set key policy");
837 return;
838 }
839
840 /* Check the key slot has the correct key policy */
841 status = psa_get_key_policy(slot, &policy_out);
842 if (status != PSA_SUCCESS) {
843 TEST_FAIL("Failed to get key policy");
844 return;
845 }
846
847 usage_out = psa_key_policy_get_usage(&policy_out);
848 if (usage_out != usage) {
849 TEST_FAIL("Unexpected usage value");
850 return;
851 }
852
853 alg_out = psa_key_policy_get_algorithm(&policy_out);
854 if (alg_out != alg) {
855 TEST_FAIL("Unexpected algorithm value");
856 return;
857 }
858
859 /* Set the key lifetime for the key slot */
860 status = psa_set_key_lifetime(slot, lifetime);
861 if (status != PSA_SUCCESS) {
862 TEST_FAIL("Failed to set key lifetime");
863 return;
864 }
865
866 /* Check the key slot has the correct key lifetime */
867 status = psa_get_key_lifetime(slot, &lifetime_out);
868 if (status != PSA_SUCCESS) {
869 TEST_FAIL("Failed to get key lifetime");
870 return;
871 }
872
873 if (lifetime_out != lifetime) {
874 TEST_FAIL("Unexpected key lifetime value");
875 return;
876 }
877
878 ret->val = TEST_PASSED;
879}
880
881void psa_policy_invalid_policy_usage_test(struct test_result_t *ret)
882{
883 psa_status_t status;
884 psa_algorithm_t alg = PSA_ALG_CBC_BASE;
885 psa_cipher_operation_t handle;
886 psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
887 psa_key_policy_t policy;
888 psa_key_slot_t slot = TEST_KEY_SLOT;
889 psa_key_usage_t usage = (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
890 size_t data_len;
891 const uint8_t data[] = "THIS IS MY KEY1";
892 uint8_t data_out[sizeof(data)];
893
894 ret->val = TEST_PASSED;
895
896 /* Setup the key policy */
897 psa_key_policy_init(&policy);
898 psa_key_policy_set_usage(&policy, usage, alg);
899 status = psa_set_key_policy(slot, &policy);
900 if (status != PSA_SUCCESS) {
901 TEST_FAIL("Failed to set key policy");
902 return;
903 }
904
905 /* Set the key lifetime for the key slot */
906 status = psa_set_key_lifetime(slot, lifetime);
907 if (status != PSA_SUCCESS) {
908 TEST_FAIL("Failed to set key lifetime");
909 return;
910 }
911
912 /* Import a key to the slot for which policy has been set */
913 status = psa_import_key(slot, PSA_KEY_TYPE_AES, data, sizeof(data));
914 if (status != PSA_SUCCESS) {
915 TEST_FAIL("Failed to import a key");
916 return;
917 }
918
919 /* Setup a cipher permitted by the key policy */
920 status = psa_cipher_encrypt_setup(&handle, slot, alg);
921 if (status != PSA_SUCCESS) {
922 TEST_FAIL("Failed to setup cipher operation");
923 goto destroy_key;
924 }
925
926 status = psa_cipher_abort(&handle);
927 if (status != PSA_SUCCESS) {
928 TEST_FAIL("Failed to abort cipher operation");
929 goto destroy_key;
930 }
931
932 /* Attempt to setup a cipher with an alg not permitted by the policy */
933 status = psa_cipher_encrypt_setup(&handle, slot, PSA_ALG_CFB_BASE);
934 if (status != PSA_ERROR_NOT_PERMITTED) {
935 TEST_FAIL("Was able to setup cipher operation with wrong alg");
936 goto destroy_key;
937 }
938
939 /* Attempt to export the key, which is forbidden by the key policy */
940 status = psa_export_key(slot, data_out, sizeof(data_out), &data_len);
941 if (status != PSA_ERROR_NOT_PERMITTED) {
942 TEST_FAIL("Should not be able to export key without correct usage");
943 goto destroy_key;
944 }
945
946destroy_key:
947 status = psa_destroy_key(slot);
948 if (status != PSA_SUCCESS) {
949 TEST_FAIL("Failed to destroy key");
950 }
951}