blob: 33e7c95328eaeaded3562f43ac9ebc0d140565be [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +01001/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +03002#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +03003
Gilles Peskinedd2f95b2018-08-11 01:22:42 +02004#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +02005#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +02006#include "mbedtls/oid.h"
7
Gilles Peskinebdc96fd2019-08-07 12:08:04 +02008/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
9 * uses mbedtls_ctr_drbg internally. */
10#include "mbedtls/ctr_drbg.h"
11
Gilles Peskinebdc96fd2019-08-07 12:08:04 +020012#include "psa/crypto.h"
Ronald Cron41841072020-09-17 15:28:26 +020013#include "psa_crypto_slot_management.h"
Gilles Peskinebdc96fd2019-08-07 12:08:04 +020014
Gilles Peskine8e94efe2021-02-13 00:25:53 +010015#include "test/asn1_helpers.h"
Ronald Cron28a45ed2021-02-09 20:35:42 +010016#include "test/psa_crypto_helpers.h"
Gilles Peskinee78b0022021-02-13 00:41:11 +010017#include "test/psa_exercise_key.h"
Ronald Cron28a45ed2021-02-09 20:35:42 +010018
Gilles Peskine4023c012021-05-27 13:21:20 +020019/* If this comes up, it's a bug in the test code or in the test data. */
20#define UNUSED 0xdeadbeef
21
Jaeden Amerof24c7f82018-06-27 17:20:43 +010022/** An invalid export length that will never be set by psa_export_key(). */
23static const size_t INVALID_EXPORT_LENGTH = ~0U;
24
Gilles Peskinea7aa4422018-08-14 15:17:54 +020025/** Test if a buffer contains a constant byte value.
26 *
27 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020028 *
29 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +020030 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020031 * \param size Size of the buffer in bytes.
32 *
Gilles Peskine3f669c32018-06-21 09:21:51 +020033 * \return 1 if the buffer is all-bits-zero.
34 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020035 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +020036static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020037{
38 size_t i;
39 for( i = 0; i < size; i++ )
40 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +020041 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +020042 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020043 }
Gilles Peskine3f669c32018-06-21 09:21:51 +020044 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020045}
Gilles Peskine818ca122018-06-20 18:16:48 +020046
Gilles Peskine0b352bc2018-06-28 00:16:11 +020047/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
48static int asn1_write_10x( unsigned char **p,
49 unsigned char *start,
50 size_t bits,
51 unsigned char x )
52{
53 int ret;
54 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +020055 if( bits == 0 )
56 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
57 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +020058 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +030059 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +020060 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
61 *p -= len;
62 ( *p )[len-1] = x;
63 if( bits % 8 == 0 )
64 ( *p )[1] |= 1;
65 else
66 ( *p )[0] |= 1 << ( bits % 8 );
67 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
68 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
69 MBEDTLS_ASN1_INTEGER ) );
70 return( len );
71}
72
73static int construct_fake_rsa_key( unsigned char *buffer,
74 size_t buffer_size,
75 unsigned char **p,
76 size_t bits,
77 int keypair )
78{
79 size_t half_bits = ( bits + 1 ) / 2;
80 int ret;
81 int len = 0;
82 /* Construct something that looks like a DER encoding of
83 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
84 * RSAPrivateKey ::= SEQUENCE {
85 * version Version,
86 * modulus INTEGER, -- n
87 * publicExponent INTEGER, -- e
88 * privateExponent INTEGER, -- d
89 * prime1 INTEGER, -- p
90 * prime2 INTEGER, -- q
91 * exponent1 INTEGER, -- d mod (p-1)
92 * exponent2 INTEGER, -- d mod (q-1)
93 * coefficient INTEGER, -- (inverse of q) mod p
94 * otherPrimeInfos OtherPrimeInfos OPTIONAL
95 * }
96 * Or, for a public key, the same structure with only
97 * version, modulus and publicExponent.
98 */
99 *p = buffer + buffer_size;
100 if( keypair )
101 {
102 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
103 asn1_write_10x( p, buffer, half_bits, 1 ) );
104 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
105 asn1_write_10x( p, buffer, half_bits, 1 ) );
106 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
107 asn1_write_10x( p, buffer, half_bits, 1 ) );
108 MBEDTLS_ASN1_CHK_ADD( len, /* q */
109 asn1_write_10x( p, buffer, half_bits, 1 ) );
110 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
111 asn1_write_10x( p, buffer, half_bits, 3 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* d */
113 asn1_write_10x( p, buffer, bits, 1 ) );
114 }
115 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
116 asn1_write_10x( p, buffer, 17, 1 ) );
117 MBEDTLS_ASN1_CHK_ADD( len, /* n */
118 asn1_write_10x( p, buffer, bits, 1 ) );
119 if( keypair )
120 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
121 mbedtls_asn1_write_int( p, buffer, 0 ) );
122 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
123 {
124 const unsigned char tag =
125 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
126 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
127 }
128 return( len );
129}
130
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100131int exercise_mac_setup( psa_key_type_t key_type,
132 const unsigned char *key_bytes,
133 size_t key_length,
134 psa_algorithm_t alg,
135 psa_mac_operation_t *operation,
136 psa_status_t *status )
137{
Ronald Cron5425a212020-08-04 14:58:35 +0200138 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200139 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100140
Gilles Peskine89d8c5c2019-11-26 17:01:59 +0100141 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200142 psa_set_key_algorithm( &attributes, alg );
143 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +0200144 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100145
Ronald Cron5425a212020-08-04 14:58:35 +0200146 *status = psa_mac_sign_setup( operation, key, alg );
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100147 /* Whether setup succeeded or failed, abort must succeed. */
148 PSA_ASSERT( psa_mac_abort( operation ) );
149 /* If setup failed, reproduce the failure, so that the caller can
150 * test the resulting state of the operation object. */
151 if( *status != PSA_SUCCESS )
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100152 {
Ronald Cron5425a212020-08-04 14:58:35 +0200153 TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100154 }
155
Ronald Cron5425a212020-08-04 14:58:35 +0200156 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100157 return( 1 );
158
159exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200160 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100161 return( 0 );
162}
163
164int exercise_cipher_setup( psa_key_type_t key_type,
165 const unsigned char *key_bytes,
166 size_t key_length,
167 psa_algorithm_t alg,
168 psa_cipher_operation_t *operation,
169 psa_status_t *status )
170{
Ronald Cron5425a212020-08-04 14:58:35 +0200171 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200172 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100173
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200174 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
175 psa_set_key_algorithm( &attributes, alg );
176 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +0200177 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100178
Ronald Cron5425a212020-08-04 14:58:35 +0200179 *status = psa_cipher_encrypt_setup( operation, key, alg );
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100180 /* Whether setup succeeded or failed, abort must succeed. */
181 PSA_ASSERT( psa_cipher_abort( operation ) );
182 /* If setup failed, reproduce the failure, so that the caller can
183 * test the resulting state of the operation object. */
184 if( *status != PSA_SUCCESS )
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100185 {
Ronald Cron5425a212020-08-04 14:58:35 +0200186 TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ),
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100187 *status );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100188 }
189
Ronald Cron5425a212020-08-04 14:58:35 +0200190 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100191 return( 1 );
192
193exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200194 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100195 return( 0 );
196}
197
Ronald Cron5425a212020-08-04 14:58:35 +0200198static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key )
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200199{
200 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cronecfb2372020-07-23 17:13:42 +0200201 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200202 uint8_t buffer[1];
203 size_t length;
204 int ok = 0;
205
Ronald Cronecfb2372020-07-23 17:13:42 +0200206 psa_set_key_id( &attributes, key_id );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200207 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
208 psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
209 psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
Ronald Cron5425a212020-08-04 14:58:35 +0200210 TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000211 PSA_ERROR_INVALID_HANDLE );
Ronald Cronecfb2372020-07-23 17:13:42 +0200212 TEST_EQUAL(
213 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
214 TEST_EQUAL(
215 MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
Gilles Peskine5c648ab2019-04-19 14:06:53 +0200216 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200217 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
218 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
219 TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
220 TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
221
Ronald Cron5425a212020-08-04 14:58:35 +0200222 TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000223 PSA_ERROR_INVALID_HANDLE );
Ronald Cron5425a212020-08-04 14:58:35 +0200224 TEST_EQUAL( psa_export_public_key( key,
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200225 buffer, sizeof( buffer ), &length ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000226 PSA_ERROR_INVALID_HANDLE );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200227
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200228 ok = 1;
229
230exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100231 /*
232 * Key attributes may have been returned by psa_get_key_attributes()
233 * thus reset them as required.
234 */
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200235 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100236
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200237 return( ok );
238}
239
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200240/* Assert that a key isn't reported as having a slot number. */
241#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
242#define ASSERT_NO_SLOT_NUMBER( attributes ) \
243 do \
244 { \
245 psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
246 TEST_EQUAL( psa_get_key_slot_number( \
247 attributes, \
248 &ASSERT_NO_SLOT_NUMBER_slot_number ), \
249 PSA_ERROR_INVALID_ARGUMENT ); \
250 } \
251 while( 0 )
252#else /* MBEDTLS_PSA_CRYPTO_SE_C */
253#define ASSERT_NO_SLOT_NUMBER( attributes ) \
254 ( (void) 0 )
255#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
256
Gilles Peskinebdf309c2018-12-03 15:36:32 +0100257/* An overapproximation of the amount of storage needed for a key of the
258 * given type and with the given content. The API doesn't make it easy
259 * to find a good value for the size. The current implementation doesn't
260 * care about the value anyway. */
261#define KEY_BITS_FROM_DATA( type, data ) \
262 ( data )->len
263
Darryl Green0c6575a2018-11-07 16:05:30 +0000264typedef enum {
265 IMPORT_KEY = 0,
266 GENERATE_KEY = 1,
267 DERIVE_KEY = 2
268} generate_method;
269
Gilles Peskinee59236f2018-01-27 23:32:46 +0100270/* END_HEADER */
271
272/* BEGIN_DEPENDENCIES
273 * depends_on:MBEDTLS_PSA_CRYPTO_C
274 * END_DEPENDENCIES
275 */
276
277/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200278void static_checks( )
279{
280 size_t max_truncated_mac_size =
281 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
282
283 /* Check that the length for a truncated MAC always fits in the algorithm
284 * encoding. The shifted mask is the maximum truncated value. The
285 * untruncated algorithm may be one byte larger. */
286 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
287}
288/* END_CASE */
289
290/* BEGIN_CASE */
Gilles Peskine6edfa292019-07-31 15:53:45 +0200291void import_with_policy( int type_arg,
292 int usage_arg, int alg_arg,
293 int expected_status_arg )
294{
295 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
296 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +0200297 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine6edfa292019-07-31 15:53:45 +0200298 psa_key_type_t type = type_arg;
299 psa_key_usage_t usage = usage_arg;
300 psa_algorithm_t alg = alg_arg;
301 psa_status_t expected_status = expected_status_arg;
302 const uint8_t key_material[16] = {0};
303 psa_status_t status;
304
305 PSA_ASSERT( psa_crypto_init( ) );
306
307 psa_set_key_type( &attributes, type );
308 psa_set_key_usage_flags( &attributes, usage );
309 psa_set_key_algorithm( &attributes, alg );
310
311 status = psa_import_key( &attributes,
312 key_material, sizeof( key_material ),
Ronald Cron5425a212020-08-04 14:58:35 +0200313 &key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200314 TEST_EQUAL( status, expected_status );
315 if( status != PSA_SUCCESS )
316 goto exit;
317
Ronald Cron5425a212020-08-04 14:58:35 +0200318 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200319 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
320 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
321 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200322 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200323
Ronald Cron5425a212020-08-04 14:58:35 +0200324 PSA_ASSERT( psa_destroy_key( key ) );
325 test_operations_on_invalid_key( key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200326
327exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100328 /*
329 * Key attributes may have been returned by psa_get_key_attributes()
330 * thus reset them as required.
331 */
Gilles Peskine6edfa292019-07-31 15:53:45 +0200332 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100333
334 psa_destroy_key( key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200335 PSA_DONE( );
336}
337/* END_CASE */
338
339/* BEGIN_CASE */
340void import_with_data( data_t *data, int type_arg,
341 int attr_bits_arg,
342 int expected_status_arg )
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200343{
344 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
345 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +0200346 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200347 psa_key_type_t type = type_arg;
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200348 size_t attr_bits = attr_bits_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200349 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100350 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100351
Gilles Peskine8817f612018-12-18 00:18:46 +0100352 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100353
Gilles Peskine4747d192019-04-17 15:05:45 +0200354 psa_set_key_type( &attributes, type );
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200355 psa_set_key_bits( &attributes, attr_bits );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200356
Ronald Cron5425a212020-08-04 14:58:35 +0200357 status = psa_import_key( &attributes, data->x, data->len, &key );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100358 TEST_EQUAL( status, expected_status );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200359 if( status != PSA_SUCCESS )
360 goto exit;
361
Ronald Cron5425a212020-08-04 14:58:35 +0200362 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200363 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200364 if( attr_bits != 0 )
Gilles Peskine7e0cff92019-07-30 13:48:52 +0200365 TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200366 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200367
Ronald Cron5425a212020-08-04 14:58:35 +0200368 PSA_ASSERT( psa_destroy_key( key ) );
369 test_operations_on_invalid_key( key );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100370
371exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100372 /*
373 * Key attributes may have been returned by psa_get_key_attributes()
374 * thus reset them as required.
375 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200376 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100377
378 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200379 PSA_DONE( );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100380}
381/* END_CASE */
382
383/* BEGIN_CASE */
Gilles Peskinec744d992019-07-30 17:26:54 +0200384void import_large_key( int type_arg, int byte_size_arg,
385 int expected_status_arg )
386{
387 psa_key_type_t type = type_arg;
388 size_t byte_size = byte_size_arg;
389 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
390 psa_status_t expected_status = expected_status_arg;
Ronald Cron5425a212020-08-04 14:58:35 +0200391 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec744d992019-07-30 17:26:54 +0200392 psa_status_t status;
393 uint8_t *buffer = NULL;
394 size_t buffer_size = byte_size + 1;
395 size_t n;
396
Steven Cooreman69967ce2021-01-18 18:01:08 +0100397 /* Skip the test case if the target running the test cannot
398 * accomodate large keys due to heap size constraints */
399 ASSERT_ALLOC_WEAK( buffer, buffer_size );
Gilles Peskinec744d992019-07-30 17:26:54 +0200400 memset( buffer, 'K', byte_size );
401
402 PSA_ASSERT( psa_crypto_init( ) );
403
404 /* Try importing the key */
405 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
406 psa_set_key_type( &attributes, type );
Ronald Cron5425a212020-08-04 14:58:35 +0200407 status = psa_import_key( &attributes, buffer, byte_size, &key );
Steven Cooreman83fdb702021-01-21 14:24:39 +0100408 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
Gilles Peskinec744d992019-07-30 17:26:54 +0200409 TEST_EQUAL( status, expected_status );
410
411 if( status == PSA_SUCCESS )
412 {
Ronald Cron5425a212020-08-04 14:58:35 +0200413 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskinec744d992019-07-30 17:26:54 +0200414 TEST_EQUAL( psa_get_key_type( &attributes ), type );
415 TEST_EQUAL( psa_get_key_bits( &attributes ),
416 PSA_BYTES_TO_BITS( byte_size ) );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200417 ASSERT_NO_SLOT_NUMBER( &attributes );
Gilles Peskinec744d992019-07-30 17:26:54 +0200418 memset( buffer, 0, byte_size + 1 );
Ronald Cron5425a212020-08-04 14:58:35 +0200419 PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) );
Gilles Peskinec744d992019-07-30 17:26:54 +0200420 for( n = 0; n < byte_size; n++ )
421 TEST_EQUAL( buffer[n], 'K' );
422 for( n = byte_size; n < buffer_size; n++ )
423 TEST_EQUAL( buffer[n], 0 );
424 }
425
426exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100427 /*
428 * Key attributes may have been returned by psa_get_key_attributes()
429 * thus reset them as required.
430 */
431 psa_reset_key_attributes( &attributes );
432
Ronald Cron5425a212020-08-04 14:58:35 +0200433 psa_destroy_key( key );
Gilles Peskinec744d992019-07-30 17:26:54 +0200434 PSA_DONE( );
435 mbedtls_free( buffer );
436}
437/* END_CASE */
438
439/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200440void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
441{
Ronald Cron5425a212020-08-04 14:58:35 +0200442 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200443 size_t bits = bits_arg;
444 psa_status_t expected_status = expected_status_arg;
445 psa_status_t status;
446 psa_key_type_t type =
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200447 keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200448 size_t buffer_size = /* Slight overapproximations */
449 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200450 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200451 unsigned char *p;
452 int ret;
453 size_t length;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200454 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200455
Gilles Peskine8817f612018-12-18 00:18:46 +0100456 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200457 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200458
459 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
460 bits, keypair ) ) >= 0 );
461 length = ret;
462
463 /* Try importing the key */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200464 psa_set_key_type( &attributes, type );
Ronald Cron5425a212020-08-04 14:58:35 +0200465 status = psa_import_key( &attributes, p, length, &key );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100466 TEST_EQUAL( status, expected_status );
Gilles Peskine76b29a72019-05-28 14:08:50 +0200467
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200468 if( status == PSA_SUCCESS )
Ronald Cron5425a212020-08-04 14:58:35 +0200469 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200470
471exit:
472 mbedtls_free( buffer );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200473 PSA_DONE( );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200474}
475/* END_CASE */
476
477/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300478void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300479 int type_arg,
Gilles Peskine1ecf92c22019-05-24 15:00:06 +0200480 int usage_arg, int alg_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100481 int expected_bits,
482 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200483 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100484 int canonical_input )
485{
Ronald Cron5425a212020-08-04 14:58:35 +0200486 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100487 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200488 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200489 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100490 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100491 unsigned char *exported = NULL;
492 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100493 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100494 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100495 size_t reexported_length;
Gilles Peskine4747d192019-04-17 15:05:45 +0200496 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200497 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100498
Moran Pekercb088e72018-07-17 17:36:59 +0300499 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200500 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100501 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200502 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine8817f612018-12-18 00:18:46 +0100503 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100504
Gilles Peskine4747d192019-04-17 15:05:45 +0200505 psa_set_key_usage_flags( &attributes, usage_arg );
506 psa_set_key_algorithm( &attributes, alg );
507 psa_set_key_type( &attributes, type );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700508
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100509 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200510 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100511
512 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +0200513 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200514 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
515 TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200516 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100517
518 /* Export the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200519 status = psa_export_key( key, exported, export_size, &exported_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100520 TEST_EQUAL( status, expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100521
522 /* The exported length must be set by psa_export_key() to a value between 0
523 * and export_size. On errors, the exported length must be 0. */
524 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
525 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
526 TEST_ASSERT( exported_length <= export_size );
527
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200528 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200529 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100530 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200531 {
Gilles Peskinefe11b722018-12-18 00:24:04 +0100532 TEST_EQUAL( exported_length, 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100533 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200534 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100535
Gilles Peskineea38a922021-02-13 00:05:16 +0100536 /* Run sanity checks on the exported key. For non-canonical inputs,
537 * this validates the canonical representations. For canonical inputs,
538 * this doesn't directly validate the implementation, but it still helps
539 * by cross-validating the test data with the sanity check code. */
540 if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) )
Gilles Peskine8f609232018-08-11 01:24:55 +0200541 goto exit;
542
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100543 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200544 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100545 else
546 {
Ronald Cron5425a212020-08-04 14:58:35 +0200547 mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine049c7532019-05-15 20:22:09 +0200548 PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
Ronald Cron5425a212020-08-04 14:58:35 +0200549 &key2 ) );
550 PSA_ASSERT( psa_export_key( key2,
Gilles Peskine8817f612018-12-18 00:18:46 +0100551 reexported,
552 export_size,
553 &reexported_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200554 ASSERT_COMPARE( exported, exported_length,
555 reexported, reexported_length );
Ronald Cron5425a212020-08-04 14:58:35 +0200556 PSA_ASSERT( psa_destroy_key( key2 ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100557 }
gabor-mezei-armceface22021-01-21 12:26:17 +0100558 TEST_ASSERT( exported_length <=
559 PSA_EXPORT_KEY_OUTPUT_SIZE( type,
560 psa_get_key_bits( &got_attributes ) ) );
561 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100562
563destroy:
564 /* Destroy the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200565 PSA_ASSERT( psa_destroy_key( key ) );
566 test_operations_on_invalid_key( key );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100567
568exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100569 /*
570 * Key attributes may have been returned by psa_get_key_attributes()
571 * thus reset them as required.
572 */
573 psa_reset_key_attributes( &got_attributes );
574
itayzafrir3e02b3b2018-06-12 17:06:52 +0300575 mbedtls_free( exported );
576 mbedtls_free( reexported );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200577 PSA_DONE( );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100578}
579/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100580
Moran Pekerf709f4a2018-06-06 17:26:04 +0300581/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300582void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200583 int type_arg,
584 int alg_arg,
Gilles Peskine49c25912018-10-29 15:15:31 +0100585 int export_size_delta,
586 int expected_export_status_arg,
587 data_t *expected_public_key )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300588{
Ronald Cron5425a212020-08-04 14:58:35 +0200589 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300590 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200591 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200592 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300593 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300594 unsigned char *exported = NULL;
Gilles Peskine49c25912018-10-29 15:15:31 +0100595 size_t export_size = expected_public_key->len + export_size_delta;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100596 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine4747d192019-04-17 15:05:45 +0200597 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300598
Gilles Peskine8817f612018-12-18 00:18:46 +0100599 PSA_ASSERT( psa_crypto_init( ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300600
Gilles Peskine4747d192019-04-17 15:05:45 +0200601 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
602 psa_set_key_algorithm( &attributes, alg );
603 psa_set_key_type( &attributes, type );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300604
605 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200606 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300607
Gilles Peskine49c25912018-10-29 15:15:31 +0100608 /* Export the public key */
609 ASSERT_ALLOC( exported, export_size );
Ronald Cron5425a212020-08-04 14:58:35 +0200610 status = psa_export_public_key( key,
Gilles Peskine2d277862018-06-18 15:41:12 +0200611 exported, export_size,
612 &exported_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100613 TEST_EQUAL( status, expected_export_status );
Gilles Peskine49c25912018-10-29 15:15:31 +0100614 if( status == PSA_SUCCESS )
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100615 {
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200616 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100617 size_t bits;
Ronald Cron5425a212020-08-04 14:58:35 +0200618 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200619 bits = psa_get_key_bits( &attributes );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100620 TEST_ASSERT( expected_public_key->len <=
gabor-mezei-armcbcec212020-12-18 14:23:51 +0100621 PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
gabor-mezei-armceface22021-01-21 12:26:17 +0100622 TEST_ASSERT( expected_public_key->len <=
623 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
624 TEST_ASSERT( expected_public_key->len <=
625 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
Gilles Peskine49c25912018-10-29 15:15:31 +0100626 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
627 exported, exported_length );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100628 }
Moran Pekerf709f4a2018-06-06 17:26:04 +0300629
630exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100631 /*
632 * Key attributes may have been returned by psa_get_key_attributes()
633 * thus reset them as required.
634 */
635 psa_reset_key_attributes( &attributes );
636
itayzafrir3e02b3b2018-06-12 17:06:52 +0300637 mbedtls_free( exported );
Ronald Cron5425a212020-08-04 14:58:35 +0200638 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200639 PSA_DONE( );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300640}
641/* END_CASE */
642
Gilles Peskine20035e32018-02-03 22:44:14 +0100643/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200644void import_and_exercise_key( data_t *data,
645 int type_arg,
646 int bits_arg,
647 int alg_arg )
648{
Ronald Cron5425a212020-08-04 14:58:35 +0200649 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200650 psa_key_type_t type = type_arg;
651 size_t bits = bits_arg;
652 psa_algorithm_t alg = alg_arg;
Gilles Peskinec18e25f2021-02-12 23:48:20 +0100653 psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg );
Gilles Peskine4747d192019-04-17 15:05:45 +0200654 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200655 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200656
Gilles Peskine8817f612018-12-18 00:18:46 +0100657 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200658
Gilles Peskine4747d192019-04-17 15:05:45 +0200659 psa_set_key_usage_flags( &attributes, usage );
660 psa_set_key_algorithm( &attributes, alg );
661 psa_set_key_type( &attributes, type );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200662
663 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200664 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200665
666 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +0200667 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200668 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
669 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200670
671 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +0100672 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine02b75072018-07-01 22:31:34 +0200673 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200674
Ronald Cron5425a212020-08-04 14:58:35 +0200675 PSA_ASSERT( psa_destroy_key( key ) );
676 test_operations_on_invalid_key( key );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200677
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200678exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100679 /*
680 * Key attributes may have been returned by psa_get_key_attributes()
681 * thus reset them as required.
682 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200683 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100684
685 psa_reset_key_attributes( &attributes );
686 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200687 PSA_DONE( );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200688}
689/* END_CASE */
690
691/* BEGIN_CASE */
Gilles Peskine06c28892019-11-26 18:07:46 +0100692void effective_key_attributes( int type_arg, int expected_type_arg,
693 int bits_arg, int expected_bits_arg,
694 int usage_arg, int expected_usage_arg,
695 int alg_arg, int expected_alg_arg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200696{
Ronald Cron5425a212020-08-04 14:58:35 +0200697 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine1a960492019-11-26 17:12:21 +0100698 psa_key_type_t key_type = type_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100699 psa_key_type_t expected_key_type = expected_type_arg;
Gilles Peskine1a960492019-11-26 17:12:21 +0100700 size_t bits = bits_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100701 size_t expected_bits = expected_bits_arg;
Gilles Peskined5b33222018-06-18 22:20:03 +0200702 psa_algorithm_t alg = alg_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100703 psa_algorithm_t expected_alg = expected_alg_arg;
Gilles Peskined5b33222018-06-18 22:20:03 +0200704 psa_key_usage_t usage = usage_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100705 psa_key_usage_t expected_usage = expected_usage_arg;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200706 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskined5b33222018-06-18 22:20:03 +0200707
Gilles Peskine8817f612018-12-18 00:18:46 +0100708 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200709
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200710 psa_set_key_usage_flags( &attributes, usage );
711 psa_set_key_algorithm( &attributes, alg );
712 psa_set_key_type( &attributes, key_type );
Gilles Peskine1a960492019-11-26 17:12:21 +0100713 psa_set_key_bits( &attributes, bits );
Gilles Peskined5b33222018-06-18 22:20:03 +0200714
Ronald Cron5425a212020-08-04 14:58:35 +0200715 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Gilles Peskine1a960492019-11-26 17:12:21 +0100716 psa_reset_key_attributes( &attributes );
Gilles Peskined5b33222018-06-18 22:20:03 +0200717
Ronald Cron5425a212020-08-04 14:58:35 +0200718 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine06c28892019-11-26 18:07:46 +0100719 TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type );
720 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
721 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
722 TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200723
724exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100725 /*
726 * Key attributes may have been returned by psa_get_key_attributes()
727 * thus reset them as required.
728 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200729 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100730
731 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200732 PSA_DONE( );
Gilles Peskined5b33222018-06-18 22:20:03 +0200733}
734/* END_CASE */
735
736/* BEGIN_CASE */
Gilles Peskine06c28892019-11-26 18:07:46 +0100737void check_key_policy( int type_arg, int bits_arg,
738 int usage_arg, int alg_arg )
739{
740 test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg,
741 usage_arg, usage_arg, alg_arg, alg_arg );
742 goto exit;
743}
744/* END_CASE */
745
746/* BEGIN_CASE */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200747void key_attributes_init( )
Jaeden Amero70261c52019-01-04 11:47:20 +0000748{
749 /* Test each valid way of initializing the object, except for `= {0}`, as
750 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
751 * though it's OK by the C standard. We could test for this, but we'd need
752 * to supress the Clang warning for the test. */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200753 psa_key_attributes_t func = psa_key_attributes_init( );
754 psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
755 psa_key_attributes_t zero;
Jaeden Amero70261c52019-01-04 11:47:20 +0000756
757 memset( &zero, 0, sizeof( zero ) );
758
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200759 TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE );
760 TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE );
761 TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE );
Jaeden Amero5229bbb2019-02-07 16:33:37 +0000762
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200763 TEST_EQUAL( psa_get_key_type( &func ), 0 );
764 TEST_EQUAL( psa_get_key_type( &init ), 0 );
765 TEST_EQUAL( psa_get_key_type( &zero ), 0 );
766
767 TEST_EQUAL( psa_get_key_bits( &func ), 0 );
768 TEST_EQUAL( psa_get_key_bits( &init ), 0 );
769 TEST_EQUAL( psa_get_key_bits( &zero ), 0 );
770
771 TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 );
772 TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 );
773 TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 );
774
775 TEST_EQUAL( psa_get_key_algorithm( &func ), 0 );
776 TEST_EQUAL( psa_get_key_algorithm( &init ), 0 );
777 TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 );
Jaeden Amero70261c52019-01-04 11:47:20 +0000778}
779/* END_CASE */
780
781/* BEGIN_CASE */
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200782void mac_key_policy( int policy_usage,
783 int policy_alg,
784 int key_type,
785 data_t *key_data,
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100786 int exercise_alg,
787 int expected_status_arg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200788{
Ronald Cron5425a212020-08-04 14:58:35 +0200789 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200790 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero769ce272019-01-04 11:48:03 +0000791 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200792 psa_status_t status;
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100793 psa_status_t expected_status = expected_status_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200794 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200795
Gilles Peskine8817f612018-12-18 00:18:46 +0100796 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200797
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200798 psa_set_key_usage_flags( &attributes, policy_usage );
799 psa_set_key_algorithm( &attributes, policy_alg );
800 psa_set_key_type( &attributes, key_type );
Gilles Peskined5b33222018-06-18 22:20:03 +0200801
Gilles Peskine049c7532019-05-15 20:22:09 +0200802 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200803 &key ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200804
Ronald Cron5425a212020-08-04 14:58:35 +0200805 status = psa_mac_sign_setup( &operation, key, exercise_alg );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100806 if( ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) == 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +0100807 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100808 else
809 TEST_EQUAL( status, expected_status );
810
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200811 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200812
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200813 memset( mac, 0, sizeof( mac ) );
Ronald Cron5425a212020-08-04 14:58:35 +0200814 status = psa_mac_verify_setup( &operation, key, exercise_alg );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100815 if( ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) == 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +0100816 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100817 else
818 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200819
820exit:
821 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +0200822 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200823 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200824}
825/* END_CASE */
826
827/* BEGIN_CASE */
828void cipher_key_policy( int policy_usage,
829 int policy_alg,
830 int key_type,
831 data_t *key_data,
832 int exercise_alg )
833{
Ronald Cron5425a212020-08-04 14:58:35 +0200834 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200835 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero5bae2272019-01-04 11:48:27 +0000836 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200837 psa_status_t status;
838
Gilles Peskine8817f612018-12-18 00:18:46 +0100839 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200840
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200841 psa_set_key_usage_flags( &attributes, policy_usage );
842 psa_set_key_algorithm( &attributes, policy_alg );
843 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200844
Gilles Peskine049c7532019-05-15 20:22:09 +0200845 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200846 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200847
Ronald Cron5425a212020-08-04 14:58:35 +0200848 status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200849 if( policy_alg == exercise_alg &&
850 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100851 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200852 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100853 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200854 psa_cipher_abort( &operation );
855
Ronald Cron5425a212020-08-04 14:58:35 +0200856 status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200857 if( policy_alg == exercise_alg &&
858 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100859 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200860 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100861 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200862
863exit:
864 psa_cipher_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +0200865 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200866 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200867}
868/* END_CASE */
869
870/* BEGIN_CASE */
871void aead_key_policy( int policy_usage,
872 int policy_alg,
873 int key_type,
874 data_t *key_data,
875 int nonce_length_arg,
876 int tag_length_arg,
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100877 int exercise_alg,
878 int expected_status_arg )
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200879{
Ronald Cron5425a212020-08-04 14:58:35 +0200880 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200881 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200882 psa_status_t status;
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100883 psa_status_t expected_status = expected_status_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200884 unsigned char nonce[16] = {0};
885 size_t nonce_length = nonce_length_arg;
886 unsigned char tag[16];
887 size_t tag_length = tag_length_arg;
888 size_t output_length;
889
890 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
891 TEST_ASSERT( tag_length <= sizeof( tag ) );
892
Gilles Peskine8817f612018-12-18 00:18:46 +0100893 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200894
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200895 psa_set_key_usage_flags( &attributes, policy_usage );
896 psa_set_key_algorithm( &attributes, policy_alg );
897 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200898
Gilles Peskine049c7532019-05-15 20:22:09 +0200899 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200900 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200901
Ronald Cron5425a212020-08-04 14:58:35 +0200902 status = psa_aead_encrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200903 nonce, nonce_length,
904 NULL, 0,
905 NULL, 0,
906 tag, tag_length,
907 &output_length );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100908 if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
909 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200910 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100911 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200912
913 memset( tag, 0, sizeof( tag ) );
Ronald Cron5425a212020-08-04 14:58:35 +0200914 status = psa_aead_decrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200915 nonce, nonce_length,
916 NULL, 0,
917 tag, tag_length,
918 NULL, 0,
919 &output_length );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100920 if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
921 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
922 else if( expected_status == PSA_SUCCESS )
Gilles Peskinefe11b722018-12-18 00:24:04 +0100923 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200924 else
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100925 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200926
927exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200928 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200929 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200930}
931/* END_CASE */
932
933/* BEGIN_CASE */
934void asymmetric_encryption_key_policy( int policy_usage,
935 int policy_alg,
936 int key_type,
937 data_t *key_data,
938 int exercise_alg )
939{
Ronald Cron5425a212020-08-04 14:58:35 +0200940 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200941 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200942 psa_status_t status;
943 size_t key_bits;
944 size_t buffer_length;
945 unsigned char *buffer = NULL;
946 size_t output_length;
947
Gilles Peskine8817f612018-12-18 00:18:46 +0100948 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200949
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200950 psa_set_key_usage_flags( &attributes, policy_usage );
951 psa_set_key_algorithm( &attributes, policy_alg );
952 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200953
Gilles Peskine049c7532019-05-15 20:22:09 +0200954 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200955 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200956
Ronald Cron5425a212020-08-04 14:58:35 +0200957 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200958 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200959 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
960 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200961 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200962
Ronald Cron5425a212020-08-04 14:58:35 +0200963 status = psa_asymmetric_encrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200964 NULL, 0,
965 NULL, 0,
966 buffer, buffer_length,
967 &output_length );
968 if( policy_alg == exercise_alg &&
969 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100970 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200971 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100972 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200973
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200974 if( buffer_length != 0 )
975 memset( buffer, 0, buffer_length );
Ronald Cron5425a212020-08-04 14:58:35 +0200976 status = psa_asymmetric_decrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200977 buffer, buffer_length,
978 NULL, 0,
979 buffer, buffer_length,
980 &output_length );
981 if( policy_alg == exercise_alg &&
982 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +0100983 TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200984 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100985 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200986
987exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100988 /*
989 * Key attributes may have been returned by psa_get_key_attributes()
990 * thus reset them as required.
991 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200992 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100993
994 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200995 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200996 mbedtls_free( buffer );
997}
998/* END_CASE */
999
1000/* BEGIN_CASE */
1001void asymmetric_signature_key_policy( int policy_usage,
1002 int policy_alg,
1003 int key_type,
1004 data_t *key_data,
Gilles Peskine30f77cd2019-01-14 16:06:39 +01001005 int exercise_alg,
1006 int payload_length_arg )
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001007{
Ronald Cron5425a212020-08-04 14:58:35 +02001008 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001009 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001010 psa_status_t status;
Gilles Peskine30f77cd2019-01-14 16:06:39 +01001011 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
1012 /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
1013 * compatible with the policy and `payload_length_arg` is supposed to be
1014 * a valid input length to sign. If `payload_length_arg <= 0`,
1015 * `exercise_alg` is supposed to be forbidden by the policy. */
1016 int compatible_alg = payload_length_arg > 0;
1017 size_t payload_length = compatible_alg ? payload_length_arg : 0;
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001018 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001019 size_t signature_length;
1020
Gilles Peskine8817f612018-12-18 00:18:46 +01001021 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001022
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001023 psa_set_key_usage_flags( &attributes, policy_usage );
1024 psa_set_key_algorithm( &attributes, policy_alg );
1025 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001026
Gilles Peskine049c7532019-05-15 20:22:09 +02001027 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001028 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001029
Ronald Cron5425a212020-08-04 14:58:35 +02001030 status = psa_sign_hash( key, exercise_alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001031 payload, payload_length,
1032 signature, sizeof( signature ),
1033 &signature_length );
1034 if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001035 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001036 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001037 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001038
1039 memset( signature, 0, sizeof( signature ) );
Ronald Cron5425a212020-08-04 14:58:35 +02001040 status = psa_verify_hash( key, exercise_alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001041 payload, payload_length,
1042 signature, sizeof( signature ) );
1043 if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +01001044 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001045 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001046 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +02001047
1048exit:
Ronald Cron5425a212020-08-04 14:58:35 +02001049 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001050 PSA_DONE( );
Gilles Peskined5b33222018-06-18 22:20:03 +02001051}
1052/* END_CASE */
1053
Janos Follathba3fab92019-06-11 14:50:16 +01001054/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +02001055void derive_key_policy( int policy_usage,
1056 int policy_alg,
1057 int key_type,
1058 data_t *key_data,
1059 int exercise_alg )
1060{
Ronald Cron5425a212020-08-04 14:58:35 +02001061 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001062 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001063 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineea0fb492018-07-12 17:17:20 +02001064 psa_status_t status;
1065
Gilles Peskine8817f612018-12-18 00:18:46 +01001066 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001067
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001068 psa_set_key_usage_flags( &attributes, policy_usage );
1069 psa_set_key_algorithm( &attributes, policy_alg );
1070 psa_set_key_type( &attributes, key_type );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001071
Gilles Peskine049c7532019-05-15 20:22:09 +02001072 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001073 &key ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001074
Janos Follathba3fab92019-06-11 14:50:16 +01001075 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
1076
1077 if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) ||
1078 PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) )
Janos Follath0c1ed842019-06-28 13:35:36 +01001079 {
Janos Follathba3fab92019-06-11 14:50:16 +01001080 PSA_ASSERT( psa_key_derivation_input_bytes(
1081 &operation,
1082 PSA_KEY_DERIVATION_INPUT_SEED,
1083 (const uint8_t*) "", 0) );
Janos Follath0c1ed842019-06-28 13:35:36 +01001084 }
Janos Follathba3fab92019-06-11 14:50:16 +01001085
1086 status = psa_key_derivation_input_key( &operation,
1087 PSA_KEY_DERIVATION_INPUT_SECRET,
Ronald Cron5425a212020-08-04 14:58:35 +02001088 key );
Janos Follathba3fab92019-06-11 14:50:16 +01001089
Gilles Peskineea0fb492018-07-12 17:17:20 +02001090 if( policy_alg == exercise_alg &&
1091 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001092 PSA_ASSERT( status );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001093 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001094 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001095
1096exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001097 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001098 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001099 PSA_DONE( );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001100}
1101/* END_CASE */
1102
1103/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +02001104void agreement_key_policy( int policy_usage,
1105 int policy_alg,
1106 int key_type_arg,
1107 data_t *key_data,
Steven Cooremance48e852020-10-05 16:02:45 +02001108 int exercise_alg,
1109 int expected_status_arg )
Gilles Peskine01d718c2018-09-18 12:01:02 +02001110{
Ronald Cron5425a212020-08-04 14:58:35 +02001111 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001112 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001113 psa_key_type_t key_type = key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001114 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001115 psa_status_t status;
Steven Cooremance48e852020-10-05 16:02:45 +02001116 psa_status_t expected_status = expected_status_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001117
Gilles Peskine8817f612018-12-18 00:18:46 +01001118 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001119
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001120 psa_set_key_usage_flags( &attributes, policy_usage );
1121 psa_set_key_algorithm( &attributes, policy_alg );
1122 psa_set_key_type( &attributes, key_type );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001123
Gilles Peskine049c7532019-05-15 20:22:09 +02001124 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001125 &key ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001126
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001127 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001128 status = mbedtls_test_psa_key_agreement_with_self( &operation, key );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001129
Steven Cooremance48e852020-10-05 16:02:45 +02001130 TEST_EQUAL( status, expected_status );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001131
1132exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001133 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001134 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001135 PSA_DONE( );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001136}
1137/* END_CASE */
1138
1139/* BEGIN_CASE */
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001140void key_policy_alg2( int key_type_arg, data_t *key_data,
1141 int usage_arg, int alg_arg, int alg2_arg )
1142{
Ronald Cron5425a212020-08-04 14:58:35 +02001143 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001144 psa_key_type_t key_type = key_type_arg;
1145 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1146 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
1147 psa_key_usage_t usage = usage_arg;
1148 psa_algorithm_t alg = alg_arg;
1149 psa_algorithm_t alg2 = alg2_arg;
1150
1151 PSA_ASSERT( psa_crypto_init( ) );
1152
1153 psa_set_key_usage_flags( &attributes, usage );
1154 psa_set_key_algorithm( &attributes, alg );
1155 psa_set_key_enrollment_algorithm( &attributes, alg2 );
1156 psa_set_key_type( &attributes, key_type );
1157 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001158 &key ) );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001159
Ronald Cron5425a212020-08-04 14:58:35 +02001160 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001161 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
1162 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
1163 TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
1164
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001165 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001166 goto exit;
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001167 if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) )
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001168 goto exit;
1169
1170exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001171 /*
1172 * Key attributes may have been returned by psa_get_key_attributes()
1173 * thus reset them as required.
1174 */
1175 psa_reset_key_attributes( &got_attributes );
1176
Ronald Cron5425a212020-08-04 14:58:35 +02001177 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001178 PSA_DONE( );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001179}
1180/* END_CASE */
1181
1182/* BEGIN_CASE */
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001183void raw_agreement_key_policy( int policy_usage,
1184 int policy_alg,
1185 int key_type_arg,
1186 data_t *key_data,
Steven Cooremance48e852020-10-05 16:02:45 +02001187 int exercise_alg,
1188 int expected_status_arg )
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001189{
Ronald Cron5425a212020-08-04 14:58:35 +02001190 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001191 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001192 psa_key_type_t key_type = key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001193 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001194 psa_status_t status;
Steven Cooremance48e852020-10-05 16:02:45 +02001195 psa_status_t expected_status = expected_status_arg;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001196
1197 PSA_ASSERT( psa_crypto_init( ) );
1198
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001199 psa_set_key_usage_flags( &attributes, policy_usage );
1200 psa_set_key_algorithm( &attributes, policy_alg );
1201 psa_set_key_type( &attributes, key_type );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001202
Gilles Peskine049c7532019-05-15 20:22:09 +02001203 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001204 &key ) );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001205
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001206 status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001207
Steven Cooremance48e852020-10-05 16:02:45 +02001208 TEST_EQUAL( status, expected_status );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001209
1210exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001211 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001212 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001213 PSA_DONE( );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001214}
1215/* END_CASE */
1216
1217/* BEGIN_CASE */
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001218void copy_success( int source_usage_arg,
1219 int source_alg_arg, int source_alg2_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001220 int type_arg, data_t *material,
1221 int copy_attributes,
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001222 int target_usage_arg,
1223 int target_alg_arg, int target_alg2_arg,
1224 int expected_usage_arg,
1225 int expected_alg_arg, int expected_alg2_arg )
Gilles Peskine57ab7212019-01-28 13:03:09 +01001226{
Gilles Peskineca25db92019-04-19 11:43:08 +02001227 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
1228 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001229 psa_key_usage_t expected_usage = expected_usage_arg;
1230 psa_algorithm_t expected_alg = expected_alg_arg;
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001231 psa_algorithm_t expected_alg2 = expected_alg2_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02001232 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
1233 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001234 uint8_t *export_buffer = NULL;
1235
Gilles Peskine57ab7212019-01-28 13:03:09 +01001236 PSA_ASSERT( psa_crypto_init( ) );
1237
Gilles Peskineca25db92019-04-19 11:43:08 +02001238 /* Prepare the source key. */
1239 psa_set_key_usage_flags( &source_attributes, source_usage_arg );
1240 psa_set_key_algorithm( &source_attributes, source_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001241 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
Gilles Peskineca25db92019-04-19 11:43:08 +02001242 psa_set_key_type( &source_attributes, type_arg );
Gilles Peskine049c7532019-05-15 20:22:09 +02001243 PSA_ASSERT( psa_import_key( &source_attributes,
1244 material->x, material->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001245 &source_key ) );
1246 PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001247
Gilles Peskineca25db92019-04-19 11:43:08 +02001248 /* Prepare the target attributes. */
1249 if( copy_attributes )
Ronald Cron65f38a32020-10-23 17:11:13 +02001250 {
Gilles Peskineca25db92019-04-19 11:43:08 +02001251 target_attributes = source_attributes;
Ronald Cron65f38a32020-10-23 17:11:13 +02001252 /* Set volatile lifetime to reset the key identifier to 0. */
1253 psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE );
1254 }
1255
Gilles Peskineca25db92019-04-19 11:43:08 +02001256 if( target_usage_arg != -1 )
1257 psa_set_key_usage_flags( &target_attributes, target_usage_arg );
1258 if( target_alg_arg != -1 )
1259 psa_set_key_algorithm( &target_attributes, target_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001260 if( target_alg2_arg != -1 )
1261 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001262
1263 /* Copy the key. */
Ronald Cron5425a212020-08-04 14:58:35 +02001264 PSA_ASSERT( psa_copy_key( source_key,
1265 &target_attributes, &target_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001266
1267 /* Destroy the source to ensure that this doesn't affect the target. */
Ronald Cron5425a212020-08-04 14:58:35 +02001268 PSA_ASSERT( psa_destroy_key( source_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001269
1270 /* Test that the target slot has the expected content and policy. */
Ronald Cron5425a212020-08-04 14:58:35 +02001271 PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) );
Gilles Peskineca25db92019-04-19 11:43:08 +02001272 TEST_EQUAL( psa_get_key_type( &source_attributes ),
1273 psa_get_key_type( &target_attributes ) );
1274 TEST_EQUAL( psa_get_key_bits( &source_attributes ),
1275 psa_get_key_bits( &target_attributes ) );
1276 TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
1277 TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001278 TEST_EQUAL( expected_alg2,
1279 psa_get_key_enrollment_algorithm( &target_attributes ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001280 if( expected_usage & PSA_KEY_USAGE_EXPORT )
1281 {
1282 size_t length;
1283 ASSERT_ALLOC( export_buffer, material->len );
Ronald Cron5425a212020-08-04 14:58:35 +02001284 PSA_ASSERT( psa_export_key( target_key, export_buffer,
Gilles Peskine57ab7212019-01-28 13:03:09 +01001285 material->len, &length ) );
1286 ASSERT_COMPARE( material->x, material->len,
1287 export_buffer, length );
1288 }
Steven Cooremanb3ce8152021-02-18 12:03:50 +01001289
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001290 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
Gilles Peskine57ab7212019-01-28 13:03:09 +01001291 goto exit;
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001292 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001293 goto exit;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001294
Ronald Cron5425a212020-08-04 14:58:35 +02001295 PSA_ASSERT( psa_destroy_key( target_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001296
1297exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001298 /*
1299 * Source and target key attributes may have been returned by
1300 * psa_get_key_attributes() thus reset them as required.
1301 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02001302 psa_reset_key_attributes( &source_attributes );
1303 psa_reset_key_attributes( &target_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001304
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001305 PSA_DONE( );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001306 mbedtls_free( export_buffer );
1307}
1308/* END_CASE */
1309
1310/* BEGIN_CASE */
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001311void copy_fail( int source_usage_arg,
1312 int source_alg_arg, int source_alg2_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001313 int type_arg, data_t *material,
1314 int target_type_arg, int target_bits_arg,
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001315 int target_usage_arg,
1316 int target_alg_arg, int target_alg2_arg,
Ronald Cron88a55462021-03-31 09:39:07 +02001317 int target_id_arg, int target_lifetime_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001318 int expected_status_arg )
1319{
1320 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
1321 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +02001322 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
1323 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
Ronald Cron88a55462021-03-31 09:39:07 +02001324 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, target_id_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001325
1326 PSA_ASSERT( psa_crypto_init( ) );
1327
1328 /* Prepare the source key. */
1329 psa_set_key_usage_flags( &source_attributes, source_usage_arg );
1330 psa_set_key_algorithm( &source_attributes, source_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001331 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001332 psa_set_key_type( &source_attributes, type_arg );
Gilles Peskine049c7532019-05-15 20:22:09 +02001333 PSA_ASSERT( psa_import_key( &source_attributes,
1334 material->x, material->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001335 &source_key ) );
Gilles Peskine4a644642019-05-03 17:14:08 +02001336
1337 /* Prepare the target attributes. */
Ronald Cron88a55462021-03-31 09:39:07 +02001338 psa_set_key_id( &target_attributes, key_id );
1339 psa_set_key_lifetime( &target_attributes, target_lifetime_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001340 psa_set_key_type( &target_attributes, target_type_arg );
1341 psa_set_key_bits( &target_attributes, target_bits_arg );
1342 psa_set_key_usage_flags( &target_attributes, target_usage_arg );
1343 psa_set_key_algorithm( &target_attributes, target_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001344 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001345
1346 /* Try to copy the key. */
Ronald Cron5425a212020-08-04 14:58:35 +02001347 TEST_EQUAL( psa_copy_key( source_key,
1348 &target_attributes, &target_key ),
Gilles Peskine4a644642019-05-03 17:14:08 +02001349 expected_status_arg );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001350
Ronald Cron5425a212020-08-04 14:58:35 +02001351 PSA_ASSERT( psa_destroy_key( source_key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001352
Gilles Peskine4a644642019-05-03 17:14:08 +02001353exit:
1354 psa_reset_key_attributes( &source_attributes );
1355 psa_reset_key_attributes( &target_attributes );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001356 PSA_DONE( );
Gilles Peskine4a644642019-05-03 17:14:08 +02001357}
1358/* END_CASE */
1359
1360/* BEGIN_CASE */
Jaeden Amero6a25b412019-01-04 11:47:44 +00001361void hash_operation_init( )
1362{
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001363 const uint8_t input[1] = { 0 };
Jaeden Amero6a25b412019-01-04 11:47:44 +00001364 /* Test each valid way of initializing the object, except for `= {0}`, as
1365 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
1366 * though it's OK by the C standard. We could test for this, but we'd need
1367 * to supress the Clang warning for the test. */
1368 psa_hash_operation_t func = psa_hash_operation_init( );
1369 psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
1370 psa_hash_operation_t zero;
1371
1372 memset( &zero, 0, sizeof( zero ) );
1373
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001374 /* A freshly-initialized hash operation should not be usable. */
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001375 TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ),
1376 PSA_ERROR_BAD_STATE );
1377 TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ),
1378 PSA_ERROR_BAD_STATE );
1379 TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ),
1380 PSA_ERROR_BAD_STATE );
1381
Jaeden Amero5229bbb2019-02-07 16:33:37 +00001382 /* A default hash operation should be abortable without error. */
1383 PSA_ASSERT( psa_hash_abort( &func ) );
1384 PSA_ASSERT( psa_hash_abort( &init ) );
1385 PSA_ASSERT( psa_hash_abort( &zero ) );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001386}
1387/* END_CASE */
1388
1389/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001390void hash_setup( int alg_arg,
1391 int expected_status_arg )
1392{
1393 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02001394 psa_status_t expected_status = expected_status_arg;
Jaeden Amero6a25b412019-01-04 11:47:44 +00001395 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001396 psa_status_t status;
1397
Gilles Peskine8817f612018-12-18 00:18:46 +01001398 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001399
Gilles Peskineda8191d1c2018-07-08 19:46:38 +02001400 status = psa_hash_setup( &operation, alg );
Gilles Peskinefe11b722018-12-18 00:24:04 +01001401 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001402
Gilles Peskine9e0a4a52019-02-25 22:11:18 +01001403 /* Whether setup succeeded or failed, abort must succeed. */
1404 PSA_ASSERT( psa_hash_abort( &operation ) );
1405
1406 /* If setup failed, reproduce the failure, so as to
1407 * test the resulting state of the operation object. */
1408 if( status != PSA_SUCCESS )
1409 TEST_EQUAL( psa_hash_setup( &operation, alg ), status );
1410
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001411 /* Now the operation object should be reusable. */
1412#if defined(KNOWN_SUPPORTED_HASH_ALG)
1413 PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) );
1414 PSA_ASSERT( psa_hash_abort( &operation ) );
1415#endif
1416
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001417exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001418 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001419}
1420/* END_CASE */
1421
1422/* BEGIN_CASE */
Gilles Peskine0a749c82019-11-28 19:33:58 +01001423void hash_compute_fail( int alg_arg, data_t *input,
1424 int output_size_arg, int expected_status_arg )
1425{
1426 psa_algorithm_t alg = alg_arg;
1427 uint8_t *output = NULL;
1428 size_t output_size = output_size_arg;
1429 size_t output_length = INVALID_EXPORT_LENGTH;
1430 psa_status_t expected_status = expected_status_arg;
1431 psa_status_t status;
1432
1433 ASSERT_ALLOC( output, output_size );
1434
1435 PSA_ASSERT( psa_crypto_init( ) );
1436
1437 status = psa_hash_compute( alg, input->x, input->len,
1438 output, output_size, &output_length );
1439 TEST_EQUAL( status, expected_status );
1440 TEST_ASSERT( output_length <= output_size );
1441
1442exit:
1443 mbedtls_free( output );
1444 PSA_DONE( );
1445}
1446/* END_CASE */
1447
1448/* BEGIN_CASE */
Gilles Peskine88e08462020-01-28 20:43:00 +01001449void hash_compare_fail( int alg_arg, data_t *input,
1450 data_t *reference_hash,
1451 int expected_status_arg )
1452{
1453 psa_algorithm_t alg = alg_arg;
1454 psa_status_t expected_status = expected_status_arg;
1455 psa_status_t status;
1456
1457 PSA_ASSERT( psa_crypto_init( ) );
1458
1459 status = psa_hash_compare( alg, input->x, input->len,
1460 reference_hash->x, reference_hash->len );
1461 TEST_EQUAL( status, expected_status );
1462
1463exit:
1464 PSA_DONE( );
1465}
1466/* END_CASE */
1467
1468/* BEGIN_CASE */
Gilles Peskine0a749c82019-11-28 19:33:58 +01001469void hash_compute_compare( int alg_arg, data_t *input,
1470 data_t *expected_output )
1471{
1472 psa_algorithm_t alg = alg_arg;
1473 uint8_t output[PSA_HASH_MAX_SIZE + 1];
1474 size_t output_length = INVALID_EXPORT_LENGTH;
1475 size_t i;
1476
1477 PSA_ASSERT( psa_crypto_init( ) );
1478
1479 /* Compute with tight buffer */
1480 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001481 output, PSA_HASH_LENGTH( alg ),
Gilles Peskine0a749c82019-11-28 19:33:58 +01001482 &output_length ) );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001483 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001484 ASSERT_COMPARE( output, output_length,
1485 expected_output->x, expected_output->len );
1486
1487 /* Compute with larger buffer */
1488 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
1489 output, sizeof( output ),
1490 &output_length ) );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001491 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001492 ASSERT_COMPARE( output, output_length,
1493 expected_output->x, expected_output->len );
1494
1495 /* Compare with correct hash */
1496 PSA_ASSERT( psa_hash_compare( alg, input->x, input->len,
1497 output, output_length ) );
1498
1499 /* Compare with trailing garbage */
1500 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1501 output, output_length + 1 ),
1502 PSA_ERROR_INVALID_SIGNATURE );
1503
1504 /* Compare with truncated hash */
1505 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1506 output, output_length - 1 ),
1507 PSA_ERROR_INVALID_SIGNATURE );
1508
1509 /* Compare with corrupted value */
1510 for( i = 0; i < output_length; i++ )
1511 {
Chris Jones9634bb12021-01-20 15:56:42 +00001512 mbedtls_test_set_step( i );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001513 output[i] ^= 1;
1514 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1515 output, output_length ),
1516 PSA_ERROR_INVALID_SIGNATURE );
1517 output[i] ^= 1;
1518 }
1519
1520exit:
1521 PSA_DONE( );
1522}
1523/* END_CASE */
1524
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001525/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrirf86548d2018-11-01 10:44:32 +02001526void hash_bad_order( )
1527{
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001528 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirf86548d2018-11-01 10:44:32 +02001529 unsigned char input[] = "";
1530 /* SHA-256 hash of an empty string */
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001531 const unsigned char valid_hash[] = {
itayzafrirf86548d2018-11-01 10:44:32 +02001532 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1533 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1534 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001535 unsigned char hash[sizeof(valid_hash)] = { 0 };
itayzafrirf86548d2018-11-01 10:44:32 +02001536 size_t hash_len;
Jaeden Amero6a25b412019-01-04 11:47:44 +00001537 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrirf86548d2018-11-01 10:44:32 +02001538
Gilles Peskine8817f612018-12-18 00:18:46 +01001539 PSA_ASSERT( psa_crypto_init( ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001540
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001541 /* Call setup twice in a row. */
1542 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1543 TEST_EQUAL( psa_hash_setup( &operation, alg ),
1544 PSA_ERROR_BAD_STATE );
1545 PSA_ASSERT( psa_hash_abort( &operation ) );
1546
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001547 /* Call update without calling setup beforehand. */
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001548 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001549 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001550 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001551
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001552 /* Call update after finish. */
1553 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1554 PSA_ASSERT( psa_hash_finish( &operation,
1555 hash, sizeof( hash ), &hash_len ) );
1556 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001557 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001558 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001559
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001560 /* Call verify without calling setup beforehand. */
1561 TEST_EQUAL( psa_hash_verify( &operation,
1562 valid_hash, sizeof( valid_hash ) ),
1563 PSA_ERROR_BAD_STATE );
1564 PSA_ASSERT( psa_hash_abort( &operation ) );
1565
1566 /* Call verify after finish. */
1567 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1568 PSA_ASSERT( psa_hash_finish( &operation,
1569 hash, sizeof( hash ), &hash_len ) );
1570 TEST_EQUAL( psa_hash_verify( &operation,
1571 valid_hash, sizeof( valid_hash ) ),
1572 PSA_ERROR_BAD_STATE );
1573 PSA_ASSERT( psa_hash_abort( &operation ) );
1574
1575 /* Call verify twice in a row. */
1576 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1577 PSA_ASSERT( psa_hash_verify( &operation,
1578 valid_hash, sizeof( valid_hash ) ) );
1579 TEST_EQUAL( psa_hash_verify( &operation,
1580 valid_hash, sizeof( valid_hash ) ),
1581 PSA_ERROR_BAD_STATE );
1582 PSA_ASSERT( psa_hash_abort( &operation ) );
1583
1584 /* Call finish without calling setup beforehand. */
Gilles Peskinefe11b722018-12-18 00:24:04 +01001585 TEST_EQUAL( psa_hash_finish( &operation,
1586 hash, sizeof( hash ), &hash_len ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001587 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001588 PSA_ASSERT( psa_hash_abort( &operation ) );
1589
1590 /* Call finish twice in a row. */
1591 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1592 PSA_ASSERT( psa_hash_finish( &operation,
1593 hash, sizeof( hash ), &hash_len ) );
1594 TEST_EQUAL( psa_hash_finish( &operation,
1595 hash, sizeof( hash ), &hash_len ),
1596 PSA_ERROR_BAD_STATE );
1597 PSA_ASSERT( psa_hash_abort( &operation ) );
1598
1599 /* Call finish after calling verify. */
1600 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1601 PSA_ASSERT( psa_hash_verify( &operation,
1602 valid_hash, sizeof( valid_hash ) ) );
1603 TEST_EQUAL( psa_hash_finish( &operation,
1604 hash, sizeof( hash ), &hash_len ),
1605 PSA_ERROR_BAD_STATE );
1606 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001607
1608exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001609 PSA_DONE( );
itayzafrirf86548d2018-11-01 10:44:32 +02001610}
1611/* END_CASE */
1612
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001613/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrir27e69452018-11-01 14:26:34 +02001614void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +03001615{
1616 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +02001617 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1618 * appended to it */
1619 unsigned char hash[] = {
1620 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1621 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1622 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001623 size_t expected_size = PSA_HASH_LENGTH( alg );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001624 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrirec93d302018-10-18 18:01:10 +03001625
Gilles Peskine8817f612018-12-18 00:18:46 +01001626 PSA_ASSERT( psa_crypto_init( ) );
itayzafrirec93d302018-10-18 18:01:10 +03001627
itayzafrir27e69452018-11-01 14:26:34 +02001628 /* psa_hash_verify with a smaller hash than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001629 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001630 TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001631 PSA_ERROR_INVALID_SIGNATURE );
itayzafrirec93d302018-10-18 18:01:10 +03001632
itayzafrir27e69452018-11-01 14:26:34 +02001633 /* psa_hash_verify with a non-matching hash */
Gilles Peskine8817f612018-12-18 00:18:46 +01001634 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001635 TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001636 PSA_ERROR_INVALID_SIGNATURE );
itayzafrirec93d302018-10-18 18:01:10 +03001637
itayzafrir27e69452018-11-01 14:26:34 +02001638 /* psa_hash_verify with a hash longer than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001639 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001640 TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001641 PSA_ERROR_INVALID_SIGNATURE );
itayzafrir4271df92018-10-24 18:16:19 +03001642
itayzafrirec93d302018-10-18 18:01:10 +03001643exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001644 PSA_DONE( );
itayzafrirec93d302018-10-18 18:01:10 +03001645}
1646/* END_CASE */
1647
Ronald Cronee414c72021-03-18 18:50:08 +01001648/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrirb2dd5ed2018-11-01 11:58:59 +02001649void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +03001650{
1651 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +02001652 unsigned char hash[PSA_HASH_MAX_SIZE];
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001653 size_t expected_size = PSA_HASH_LENGTH( alg );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001654 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrir58028322018-10-25 10:22:01 +03001655 size_t hash_len;
1656
Gilles Peskine8817f612018-12-18 00:18:46 +01001657 PSA_ASSERT( psa_crypto_init( ) );
itayzafrir58028322018-10-25 10:22:01 +03001658
itayzafrir58028322018-10-25 10:22:01 +03001659 /* psa_hash_finish with a smaller hash buffer than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001660 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01001661 TEST_EQUAL( psa_hash_finish( &operation,
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001662 hash, expected_size - 1, &hash_len ),
1663 PSA_ERROR_BUFFER_TOO_SMALL );
itayzafrir58028322018-10-25 10:22:01 +03001664
1665exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001666 PSA_DONE( );
itayzafrir58028322018-10-25 10:22:01 +03001667}
1668/* END_CASE */
1669
Ronald Cronee414c72021-03-18 18:50:08 +01001670/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001671void hash_clone_source_state( )
1672{
1673 psa_algorithm_t alg = PSA_ALG_SHA_256;
1674 unsigned char hash[PSA_HASH_MAX_SIZE];
1675 psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT;
1676 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
1677 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
1678 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
1679 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
1680 size_t hash_len;
1681
1682 PSA_ASSERT( psa_crypto_init( ) );
1683 PSA_ASSERT( psa_hash_setup( &op_source, alg ) );
1684
1685 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
1686 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
1687 PSA_ASSERT( psa_hash_finish( &op_finished,
1688 hash, sizeof( hash ), &hash_len ) );
1689 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
1690 PSA_ASSERT( psa_hash_abort( &op_aborted ) );
1691
1692 TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ),
1693 PSA_ERROR_BAD_STATE );
1694
1695 PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) );
1696 PSA_ASSERT( psa_hash_finish( &op_init,
1697 hash, sizeof( hash ), &hash_len ) );
1698 PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) );
1699 PSA_ASSERT( psa_hash_finish( &op_finished,
1700 hash, sizeof( hash ), &hash_len ) );
1701 PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) );
1702 PSA_ASSERT( psa_hash_finish( &op_aborted,
1703 hash, sizeof( hash ), &hash_len ) );
1704
1705exit:
1706 psa_hash_abort( &op_source );
1707 psa_hash_abort( &op_init );
1708 psa_hash_abort( &op_setup );
1709 psa_hash_abort( &op_finished );
1710 psa_hash_abort( &op_aborted );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001711 PSA_DONE( );
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001712}
1713/* END_CASE */
1714
Ronald Cronee414c72021-03-18 18:50:08 +01001715/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001716void hash_clone_target_state( )
1717{
1718 psa_algorithm_t alg = PSA_ALG_SHA_256;
1719 unsigned char hash[PSA_HASH_MAX_SIZE];
1720 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
1721 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
1722 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
1723 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
1724 psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT;
1725 size_t hash_len;
1726
1727 PSA_ASSERT( psa_crypto_init( ) );
1728
1729 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
1730 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
1731 PSA_ASSERT( psa_hash_finish( &op_finished,
1732 hash, sizeof( hash ), &hash_len ) );
1733 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
1734 PSA_ASSERT( psa_hash_abort( &op_aborted ) );
1735
1736 PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) );
1737 PSA_ASSERT( psa_hash_finish( &op_target,
1738 hash, sizeof( hash ), &hash_len ) );
1739
1740 TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE );
1741 TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ),
1742 PSA_ERROR_BAD_STATE );
1743 TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ),
1744 PSA_ERROR_BAD_STATE );
1745
1746exit:
1747 psa_hash_abort( &op_target );
1748 psa_hash_abort( &op_init );
1749 psa_hash_abort( &op_setup );
1750 psa_hash_abort( &op_finished );
1751 psa_hash_abort( &op_aborted );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001752 PSA_DONE( );
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001753}
1754/* END_CASE */
1755
itayzafrir58028322018-10-25 10:22:01 +03001756/* BEGIN_CASE */
Jaeden Amero769ce272019-01-04 11:48:03 +00001757void mac_operation_init( )
1758{
Jaeden Amero252ef282019-02-15 14:05:35 +00001759 const uint8_t input[1] = { 0 };
1760
Jaeden Amero769ce272019-01-04 11:48:03 +00001761 /* Test each valid way of initializing the object, except for `= {0}`, as
1762 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
1763 * though it's OK by the C standard. We could test for this, but we'd need
1764 * to supress the Clang warning for the test. */
1765 psa_mac_operation_t func = psa_mac_operation_init( );
1766 psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
1767 psa_mac_operation_t zero;
1768
1769 memset( &zero, 0, sizeof( zero ) );
1770
Jaeden Amero252ef282019-02-15 14:05:35 +00001771 /* A freshly-initialized MAC operation should not be usable. */
1772 TEST_EQUAL( psa_mac_update( &func,
1773 input, sizeof( input ) ),
1774 PSA_ERROR_BAD_STATE );
1775 TEST_EQUAL( psa_mac_update( &init,
1776 input, sizeof( input ) ),
1777 PSA_ERROR_BAD_STATE );
1778 TEST_EQUAL( psa_mac_update( &zero,
1779 input, sizeof( input ) ),
1780 PSA_ERROR_BAD_STATE );
1781
Jaeden Amero5229bbb2019-02-07 16:33:37 +00001782 /* A default MAC operation should be abortable without error. */
1783 PSA_ASSERT( psa_mac_abort( &func ) );
1784 PSA_ASSERT( psa_mac_abort( &init ) );
1785 PSA_ASSERT( psa_mac_abort( &zero ) );
Jaeden Amero769ce272019-01-04 11:48:03 +00001786}
1787/* END_CASE */
1788
1789/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001790void mac_setup( int key_type_arg,
1791 data_t *key,
1792 int alg_arg,
1793 int expected_status_arg )
1794{
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001795 psa_key_type_t key_type = key_type_arg;
1796 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02001797 psa_status_t expected_status = expected_status_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00001798 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001799 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
1800#if defined(KNOWN_SUPPORTED_MAC_ALG)
1801 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
1802#endif
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001803
Gilles Peskine8817f612018-12-18 00:18:46 +01001804 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001805
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001806 if( ! exercise_mac_setup( key_type, key->x, key->len, alg,
1807 &operation, &status ) )
1808 goto exit;
Gilles Peskinefe11b722018-12-18 00:24:04 +01001809 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001810
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001811 /* The operation object should be reusable. */
1812#if defined(KNOWN_SUPPORTED_MAC_ALG)
1813 if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE,
1814 smoke_test_key_data,
1815 sizeof( smoke_test_key_data ),
1816 KNOWN_SUPPORTED_MAC_ALG,
1817 &operation, &status ) )
1818 goto exit;
1819 TEST_EQUAL( status, PSA_SUCCESS );
1820#endif
1821
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001822exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001823 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001824}
1825/* END_CASE */
1826
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001827/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */
Jaeden Amero252ef282019-02-15 14:05:35 +00001828void mac_bad_order( )
1829{
Ronald Cron5425a212020-08-04 14:58:35 +02001830 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Jaeden Amero252ef282019-02-15 14:05:35 +00001831 psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
1832 psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
Ronald Cron5425a212020-08-04 14:58:35 +02001833 const uint8_t key_data[] = {
Jaeden Amero252ef282019-02-15 14:05:35 +00001834 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1835 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1836 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001837 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero252ef282019-02-15 14:05:35 +00001838 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
1839 uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
1840 size_t sign_mac_length = 0;
1841 const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb };
1842 const uint8_t verify_mac[] = {
1843 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd,
1844 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a,
1845 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
1846
1847 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001848 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001849 psa_set_key_algorithm( &attributes, alg );
1850 psa_set_key_type( &attributes, key_type );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001851
Ronald Cron5425a212020-08-04 14:58:35 +02001852 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
1853 &key ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001854
Jaeden Amero252ef282019-02-15 14:05:35 +00001855 /* Call update without calling setup beforehand. */
1856 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
1857 PSA_ERROR_BAD_STATE );
1858 PSA_ASSERT( psa_mac_abort( &operation ) );
1859
1860 /* Call sign finish without calling setup beforehand. */
1861 TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ),
1862 &sign_mac_length),
1863 PSA_ERROR_BAD_STATE );
1864 PSA_ASSERT( psa_mac_abort( &operation ) );
1865
1866 /* Call verify finish without calling setup beforehand. */
1867 TEST_EQUAL( psa_mac_verify_finish( &operation,
1868 verify_mac, sizeof( verify_mac ) ),
1869 PSA_ERROR_BAD_STATE );
1870 PSA_ASSERT( psa_mac_abort( &operation ) );
1871
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001872 /* Call setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02001873 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
1874 TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001875 PSA_ERROR_BAD_STATE );
1876 PSA_ASSERT( psa_mac_abort( &operation ) );
1877
Jaeden Amero252ef282019-02-15 14:05:35 +00001878 /* Call update after sign finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02001879 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001880 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1881 PSA_ASSERT( psa_mac_sign_finish( &operation,
1882 sign_mac, sizeof( sign_mac ),
1883 &sign_mac_length ) );
1884 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
1885 PSA_ERROR_BAD_STATE );
1886 PSA_ASSERT( psa_mac_abort( &operation ) );
1887
1888 /* Call update after verify finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02001889 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001890 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1891 PSA_ASSERT( psa_mac_verify_finish( &operation,
1892 verify_mac, sizeof( verify_mac ) ) );
1893 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
1894 PSA_ERROR_BAD_STATE );
1895 PSA_ASSERT( psa_mac_abort( &operation ) );
1896
1897 /* Call sign finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02001898 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001899 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1900 PSA_ASSERT( psa_mac_sign_finish( &operation,
1901 sign_mac, sizeof( sign_mac ),
1902 &sign_mac_length ) );
1903 TEST_EQUAL( psa_mac_sign_finish( &operation,
1904 sign_mac, sizeof( sign_mac ),
1905 &sign_mac_length ),
1906 PSA_ERROR_BAD_STATE );
1907 PSA_ASSERT( psa_mac_abort( &operation ) );
1908
1909 /* Call verify finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02001910 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001911 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1912 PSA_ASSERT( psa_mac_verify_finish( &operation,
1913 verify_mac, sizeof( verify_mac ) ) );
1914 TEST_EQUAL( psa_mac_verify_finish( &operation,
1915 verify_mac, sizeof( verify_mac ) ),
1916 PSA_ERROR_BAD_STATE );
1917 PSA_ASSERT( psa_mac_abort( &operation ) );
1918
1919 /* Setup sign but try verify. */
Ronald Cron5425a212020-08-04 14:58:35 +02001920 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001921 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1922 TEST_EQUAL( psa_mac_verify_finish( &operation,
1923 verify_mac, sizeof( verify_mac ) ),
1924 PSA_ERROR_BAD_STATE );
1925 PSA_ASSERT( psa_mac_abort( &operation ) );
1926
1927 /* Setup verify but try sign. */
Ronald Cron5425a212020-08-04 14:58:35 +02001928 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001929 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1930 TEST_EQUAL( psa_mac_sign_finish( &operation,
1931 sign_mac, sizeof( sign_mac ),
1932 &sign_mac_length ),
1933 PSA_ERROR_BAD_STATE );
1934 PSA_ASSERT( psa_mac_abort( &operation ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001935
Ronald Cron5425a212020-08-04 14:58:35 +02001936 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001937
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001938exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001939 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001940}
1941/* END_CASE */
1942
1943/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001944void mac_sign( int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02001945 data_t *key_data,
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001946 int alg_arg,
1947 data_t *input,
1948 data_t *expected_mac )
1949{
Ronald Cron5425a212020-08-04 14:58:35 +02001950 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001951 psa_key_type_t key_type = key_type_arg;
1952 psa_algorithm_t alg = alg_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00001953 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001954 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine5e65cec2020-08-25 23:38:39 +02001955 uint8_t *actual_mac = NULL;
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001956 size_t mac_buffer_size =
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001957 PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001958 size_t mac_length = 0;
Gilles Peskine8b356b52020-08-25 23:44:59 +02001959 const size_t output_sizes_to_test[] = {
1960 0,
1961 1,
1962 expected_mac->len - 1,
1963 expected_mac->len,
1964 expected_mac->len + 1,
1965 };
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001966
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001967 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001968 /* We expect PSA_MAC_LENGTH to be exact. */
Gilles Peskine3d404d62020-08-25 23:47:36 +02001969 TEST_ASSERT( expected_mac->len == mac_buffer_size );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001970
Gilles Peskine8817f612018-12-18 00:18:46 +01001971 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001972
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001973 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001974 psa_set_key_algorithm( &attributes, alg );
1975 psa_set_key_type( &attributes, key_type );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001976
Ronald Cron5425a212020-08-04 14:58:35 +02001977 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
1978 &key ) );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001979
Gilles Peskine8b356b52020-08-25 23:44:59 +02001980 for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ )
1981 {
1982 const size_t output_size = output_sizes_to_test[i];
1983 psa_status_t expected_status =
1984 ( output_size >= expected_mac->len ? PSA_SUCCESS :
1985 PSA_ERROR_BUFFER_TOO_SMALL );
Gilles Peskine5e65cec2020-08-25 23:38:39 +02001986
Chris Jones9634bb12021-01-20 15:56:42 +00001987 mbedtls_test_set_step( output_size );
Gilles Peskine8b356b52020-08-25 23:44:59 +02001988 ASSERT_ALLOC( actual_mac, output_size );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02001989
gabor-mezei-arm534bb992021-03-01 15:35:48 +01001990 /* Calculate the MAC, one-shot case. */
1991 TEST_EQUAL( psa_mac_compute( key, alg,
1992 input->x, input->len,
1993 actual_mac, output_size, &mac_length ),
1994 expected_status );
1995 if( expected_status == PSA_SUCCESS )
1996 {
1997 ASSERT_COMPARE( expected_mac->x, expected_mac->len,
1998 actual_mac, mac_length );
1999 }
2000
2001 if( output_size > 0 )
2002 memset( actual_mac, 0, output_size );
2003
2004 /* Calculate the MAC, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002005 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Gilles Peskine8b356b52020-08-25 23:44:59 +02002006 PSA_ASSERT( psa_mac_update( &operation,
2007 input->x, input->len ) );
2008 TEST_EQUAL( psa_mac_sign_finish( &operation,
2009 actual_mac, output_size,
2010 &mac_length ),
2011 expected_status );
2012 PSA_ASSERT( psa_mac_abort( &operation ) );
2013
2014 if( expected_status == PSA_SUCCESS )
2015 {
2016 ASSERT_COMPARE( expected_mac->x, expected_mac->len,
2017 actual_mac, mac_length );
2018 }
2019 mbedtls_free( actual_mac );
2020 actual_mac = NULL;
2021 }
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002022
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002023exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002024 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002025 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002026 PSA_DONE( );
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002027 mbedtls_free( actual_mac );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002028}
2029/* END_CASE */
2030
2031/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002032void mac_verify( int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002033 data_t *key_data,
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002034 int alg_arg,
2035 data_t *input,
2036 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +01002037{
Ronald Cron5425a212020-08-04 14:58:35 +02002038 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine8c9def32018-02-08 10:02:12 +01002039 psa_key_type_t key_type = key_type_arg;
2040 psa_algorithm_t alg = alg_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00002041 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002042 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002043 uint8_t *perturbed_mac = NULL;
Gilles Peskine8c9def32018-02-08 10:02:12 +01002044
Gilles Peskine69c12672018-06-28 00:07:19 +02002045 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
2046
Gilles Peskine8817f612018-12-18 00:18:46 +01002047 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002048
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01002049 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002050 psa_set_key_algorithm( &attributes, alg );
2051 psa_set_key_type( &attributes, key_type );
mohammad16036df908f2018-04-02 08:34:15 -07002052
Ronald Cron5425a212020-08-04 14:58:35 +02002053 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2054 &key ) );
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002055
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002056 /* Verify correct MAC, one-shot case. */
2057 PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len,
2058 expected_mac->x, expected_mac->len ) );
2059
2060 /* Verify correct MAC, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002061 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine8817f612018-12-18 00:18:46 +01002062 PSA_ASSERT( psa_mac_update( &operation,
2063 input->x, input->len ) );
2064 PSA_ASSERT( psa_mac_verify_finish( &operation,
2065 expected_mac->x,
2066 expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002067
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002068 /* Test a MAC that's too short, one-shot case. */
2069 TEST_EQUAL( psa_mac_verify( key, alg,
2070 input->x, input->len,
2071 expected_mac->x,
2072 expected_mac->len - 1 ),
2073 PSA_ERROR_INVALID_SIGNATURE );
2074
2075 /* Test a MAC that's too short, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002076 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002077 PSA_ASSERT( psa_mac_update( &operation,
2078 input->x, input->len ) );
2079 TEST_EQUAL( psa_mac_verify_finish( &operation,
2080 expected_mac->x,
2081 expected_mac->len - 1 ),
2082 PSA_ERROR_INVALID_SIGNATURE );
2083
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002084 /* Test a MAC that's too long, one-shot case. */
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002085 ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
2086 memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002087 TEST_EQUAL( psa_mac_verify( key, alg,
2088 input->x, input->len,
2089 perturbed_mac, expected_mac->len + 1 ),
2090 PSA_ERROR_INVALID_SIGNATURE );
2091
2092 /* Test a MAC that's too long, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002093 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002094 PSA_ASSERT( psa_mac_update( &operation,
2095 input->x, input->len ) );
2096 TEST_EQUAL( psa_mac_verify_finish( &operation,
2097 perturbed_mac,
2098 expected_mac->len + 1 ),
2099 PSA_ERROR_INVALID_SIGNATURE );
2100
2101 /* Test changing one byte. */
2102 for( size_t i = 0; i < expected_mac->len; i++ )
2103 {
Chris Jones9634bb12021-01-20 15:56:42 +00002104 mbedtls_test_set_step( i );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002105 perturbed_mac[i] ^= 1;
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002106
2107 TEST_EQUAL( psa_mac_verify( key, alg,
2108 input->x, input->len,
2109 perturbed_mac, expected_mac->len ),
2110 PSA_ERROR_INVALID_SIGNATURE );
2111
Ronald Cron5425a212020-08-04 14:58:35 +02002112 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002113 PSA_ASSERT( psa_mac_update( &operation,
2114 input->x, input->len ) );
2115 TEST_EQUAL( psa_mac_verify_finish( &operation,
2116 perturbed_mac,
2117 expected_mac->len ),
2118 PSA_ERROR_INVALID_SIGNATURE );
2119 perturbed_mac[i] ^= 1;
2120 }
2121
Gilles Peskine8c9def32018-02-08 10:02:12 +01002122exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002123 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002124 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002125 PSA_DONE( );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002126 mbedtls_free( perturbed_mac );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002127}
2128/* END_CASE */
2129
2130/* BEGIN_CASE */
Jaeden Amero5bae2272019-01-04 11:48:27 +00002131void cipher_operation_init( )
2132{
Jaeden Ameroab439972019-02-15 14:12:05 +00002133 const uint8_t input[1] = { 0 };
2134 unsigned char output[1] = { 0 };
2135 size_t output_length;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002136 /* Test each valid way of initializing the object, except for `= {0}`, as
2137 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
2138 * though it's OK by the C standard. We could test for this, but we'd need
2139 * to supress the Clang warning for the test. */
2140 psa_cipher_operation_t func = psa_cipher_operation_init( );
2141 psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
2142 psa_cipher_operation_t zero;
2143
2144 memset( &zero, 0, sizeof( zero ) );
2145
Jaeden Ameroab439972019-02-15 14:12:05 +00002146 /* A freshly-initialized cipher operation should not be usable. */
2147 TEST_EQUAL( psa_cipher_update( &func,
2148 input, sizeof( input ),
2149 output, sizeof( output ),
2150 &output_length ),
2151 PSA_ERROR_BAD_STATE );
2152 TEST_EQUAL( psa_cipher_update( &init,
2153 input, sizeof( input ),
2154 output, sizeof( output ),
2155 &output_length ),
2156 PSA_ERROR_BAD_STATE );
2157 TEST_EQUAL( psa_cipher_update( &zero,
2158 input, sizeof( input ),
2159 output, sizeof( output ),
2160 &output_length ),
2161 PSA_ERROR_BAD_STATE );
2162
Jaeden Amero5229bbb2019-02-07 16:33:37 +00002163 /* A default cipher operation should be abortable without error. */
2164 PSA_ASSERT( psa_cipher_abort( &func ) );
2165 PSA_ASSERT( psa_cipher_abort( &init ) );
2166 PSA_ASSERT( psa_cipher_abort( &zero ) );
Jaeden Amero5bae2272019-01-04 11:48:27 +00002167}
2168/* END_CASE */
2169
2170/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002171void cipher_setup( int key_type_arg,
2172 data_t *key,
2173 int alg_arg,
2174 int expected_status_arg )
2175{
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002176 psa_key_type_t key_type = key_type_arg;
2177 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002178 psa_status_t expected_status = expected_status_arg;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002179 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002180 psa_status_t status;
Gilles Peskine612ffd22021-01-20 18:51:00 +01002181#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002182 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
2183#endif
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002184
Gilles Peskine8817f612018-12-18 00:18:46 +01002185 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002186
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002187 if( ! exercise_cipher_setup( key_type, key->x, key->len, alg,
2188 &operation, &status ) )
2189 goto exit;
Gilles Peskinefe11b722018-12-18 00:24:04 +01002190 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002191
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002192 /* The operation object should be reusable. */
2193#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
2194 if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
2195 smoke_test_key_data,
2196 sizeof( smoke_test_key_data ),
2197 KNOWN_SUPPORTED_CIPHER_ALG,
2198 &operation, &status ) )
2199 goto exit;
2200 TEST_EQUAL( status, PSA_SUCCESS );
2201#endif
2202
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002203exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002204 psa_cipher_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002205 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002206}
2207/* END_CASE */
2208
Ronald Cronee414c72021-03-18 18:50:08 +01002209/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */
Jaeden Ameroab439972019-02-15 14:12:05 +00002210void cipher_bad_order( )
2211{
Ronald Cron5425a212020-08-04 14:58:35 +02002212 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Jaeden Ameroab439972019-02-15 14:12:05 +00002213 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
2214 psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002215 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Ameroab439972019-02-15 14:12:05 +00002216 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002217 unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
Ronald Cron5425a212020-08-04 14:58:35 +02002218 const uint8_t key_data[] = {
Jaeden Ameroab439972019-02-15 14:12:05 +00002219 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2220 0xaa, 0xaa, 0xaa, 0xaa };
2221 const uint8_t text[] = {
2222 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2223 0xbb, 0xbb, 0xbb, 0xbb };
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002224 uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
Jaeden Ameroab439972019-02-15 14:12:05 +00002225 size_t length = 0;
2226
2227 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002228 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
2229 psa_set_key_algorithm( &attributes, alg );
2230 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +02002231 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
2232 &key ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002233
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002234 /* Call encrypt setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002235 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
2236 TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002237 PSA_ERROR_BAD_STATE );
2238 PSA_ASSERT( psa_cipher_abort( &operation ) );
2239
2240 /* Call decrypt setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002241 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
2242 TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002243 PSA_ERROR_BAD_STATE );
2244 PSA_ASSERT( psa_cipher_abort( &operation ) );
2245
Jaeden Ameroab439972019-02-15 14:12:05 +00002246 /* Generate an IV without calling setup beforehand. */
2247 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2248 buffer, sizeof( buffer ),
2249 &length ),
2250 PSA_ERROR_BAD_STATE );
2251 PSA_ASSERT( psa_cipher_abort( &operation ) );
2252
2253 /* Generate an IV twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002254 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002255 PSA_ASSERT( psa_cipher_generate_iv( &operation,
2256 buffer, sizeof( buffer ),
2257 &length ) );
2258 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2259 buffer, sizeof( buffer ),
2260 &length ),
2261 PSA_ERROR_BAD_STATE );
2262 PSA_ASSERT( psa_cipher_abort( &operation ) );
2263
2264 /* Generate an IV after it's already set. */
Ronald Cron5425a212020-08-04 14:58:35 +02002265 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002266 PSA_ASSERT( psa_cipher_set_iv( &operation,
2267 iv, sizeof( iv ) ) );
2268 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2269 buffer, sizeof( buffer ),
2270 &length ),
2271 PSA_ERROR_BAD_STATE );
2272 PSA_ASSERT( psa_cipher_abort( &operation ) );
2273
2274 /* Set an IV without calling setup beforehand. */
2275 TEST_EQUAL( psa_cipher_set_iv( &operation,
2276 iv, sizeof( iv ) ),
2277 PSA_ERROR_BAD_STATE );
2278 PSA_ASSERT( psa_cipher_abort( &operation ) );
2279
2280 /* Set an IV after it's already set. */
Ronald Cron5425a212020-08-04 14:58:35 +02002281 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002282 PSA_ASSERT( psa_cipher_set_iv( &operation,
2283 iv, sizeof( iv ) ) );
2284 TEST_EQUAL( psa_cipher_set_iv( &operation,
2285 iv, sizeof( iv ) ),
2286 PSA_ERROR_BAD_STATE );
2287 PSA_ASSERT( psa_cipher_abort( &operation ) );
2288
2289 /* Set an IV after it's already generated. */
Ronald Cron5425a212020-08-04 14:58:35 +02002290 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002291 PSA_ASSERT( psa_cipher_generate_iv( &operation,
2292 buffer, sizeof( buffer ),
2293 &length ) );
2294 TEST_EQUAL( psa_cipher_set_iv( &operation,
2295 iv, sizeof( iv ) ),
2296 PSA_ERROR_BAD_STATE );
2297 PSA_ASSERT( psa_cipher_abort( &operation ) );
2298
2299 /* Call update without calling setup beforehand. */
2300 TEST_EQUAL( psa_cipher_update( &operation,
2301 text, sizeof( text ),
2302 buffer, sizeof( buffer ),
2303 &length ),
2304 PSA_ERROR_BAD_STATE );
2305 PSA_ASSERT( psa_cipher_abort( &operation ) );
2306
2307 /* Call update without an IV where an IV is required. */
2308 TEST_EQUAL( psa_cipher_update( &operation,
2309 text, sizeof( text ),
2310 buffer, sizeof( buffer ),
2311 &length ),
2312 PSA_ERROR_BAD_STATE );
2313 PSA_ASSERT( psa_cipher_abort( &operation ) );
2314
2315 /* Call update after finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02002316 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002317 PSA_ASSERT( psa_cipher_set_iv( &operation,
2318 iv, sizeof( iv ) ) );
2319 PSA_ASSERT( psa_cipher_finish( &operation,
2320 buffer, sizeof( buffer ), &length ) );
2321 TEST_EQUAL( psa_cipher_update( &operation,
2322 text, sizeof( text ),
2323 buffer, sizeof( buffer ),
2324 &length ),
2325 PSA_ERROR_BAD_STATE );
2326 PSA_ASSERT( psa_cipher_abort( &operation ) );
2327
2328 /* Call finish without calling setup beforehand. */
2329 TEST_EQUAL( psa_cipher_finish( &operation,
2330 buffer, sizeof( buffer ), &length ),
2331 PSA_ERROR_BAD_STATE );
2332 PSA_ASSERT( psa_cipher_abort( &operation ) );
2333
2334 /* Call finish without an IV where an IV is required. */
Ronald Cron5425a212020-08-04 14:58:35 +02002335 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002336 /* Not calling update means we are encrypting an empty buffer, which is OK
2337 * for cipher modes with padding. */
2338 TEST_EQUAL( psa_cipher_finish( &operation,
2339 buffer, sizeof( buffer ), &length ),
2340 PSA_ERROR_BAD_STATE );
2341 PSA_ASSERT( psa_cipher_abort( &operation ) );
2342
2343 /* Call finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002344 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002345 PSA_ASSERT( psa_cipher_set_iv( &operation,
2346 iv, sizeof( iv ) ) );
2347 PSA_ASSERT( psa_cipher_finish( &operation,
2348 buffer, sizeof( buffer ), &length ) );
2349 TEST_EQUAL( psa_cipher_finish( &operation,
2350 buffer, sizeof( buffer ), &length ),
2351 PSA_ERROR_BAD_STATE );
2352 PSA_ASSERT( psa_cipher_abort( &operation ) );
2353
Ronald Cron5425a212020-08-04 14:58:35 +02002354 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02002355
Jaeden Ameroab439972019-02-15 14:12:05 +00002356exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002357 psa_cipher_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002358 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002359}
2360/* END_CASE */
2361
2362/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +02002363void cipher_encrypt( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002364 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002365 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002366 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002367{
Ronald Cron5425a212020-08-04 14:58:35 +02002368 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002369 psa_status_t status;
2370 psa_key_type_t key_type = key_type_arg;
2371 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002372 psa_status_t expected_status = expected_status_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002373 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002374 size_t output_buffer_size = 0;
2375 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002376 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002377 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002378 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002379
Gilles Peskine8817f612018-12-18 00:18:46 +01002380 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002381
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002382 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2383 psa_set_key_algorithm( &attributes, alg );
2384 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002385
Ronald Cron5425a212020-08-04 14:58:35 +02002386 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2387 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002388
Ronald Cron5425a212020-08-04 14:58:35 +02002389 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002390
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002391 if( iv->len > 0 )
2392 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002393 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002394 }
2395
gabor-mezei-armceface22021-01-21 12:26:17 +01002396 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2397 TEST_ASSERT( output_buffer_size <=
2398 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002399 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002400
Gilles Peskine8817f612018-12-18 00:18:46 +01002401 PSA_ASSERT( psa_cipher_update( &operation,
2402 input->x, input->len,
2403 output, output_buffer_size,
2404 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002405 TEST_ASSERT( function_output_length <=
2406 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
2407 TEST_ASSERT( function_output_length <=
2408 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002409 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002410
Gilles Peskine50e586b2018-06-08 14:28:46 +02002411 status = psa_cipher_finish( &operation,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002412 ( output_buffer_size == 0 ? NULL :
2413 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002414 output_buffer_size - total_output_length,
Gilles Peskine50e586b2018-06-08 14:28:46 +02002415 &function_output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002416 TEST_ASSERT( function_output_length <=
2417 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2418 TEST_ASSERT( function_output_length <=
2419 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002420 total_output_length += function_output_length;
2421
Gilles Peskinefe11b722018-12-18 00:24:04 +01002422 TEST_EQUAL( status, expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002423 if( expected_status == PSA_SUCCESS )
2424 {
Gilles Peskine8817f612018-12-18 00:18:46 +01002425 PSA_ASSERT( psa_cipher_abort( &operation ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002426 ASSERT_COMPARE( expected_output->x, expected_output->len,
2427 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002428 }
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002429
Gilles Peskine50e586b2018-06-08 14:28:46 +02002430exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002431 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002432 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002433 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002434 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002435}
2436/* END_CASE */
2437
2438/* BEGIN_CASE */
2439void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002440 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002441 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002442 int first_part_size_arg,
2443 int output1_length_arg, int output2_length_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002444 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002445{
Ronald Cron5425a212020-08-04 14:58:35 +02002446 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002447 psa_key_type_t key_type = key_type_arg;
2448 psa_algorithm_t alg = alg_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002449 size_t first_part_size = first_part_size_arg;
2450 size_t output1_length = output1_length_arg;
2451 size_t output2_length = output2_length_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002452 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002453 size_t output_buffer_size = 0;
2454 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002455 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002456 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002457 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002458
Gilles Peskine8817f612018-12-18 00:18:46 +01002459 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002460
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002461 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2462 psa_set_key_algorithm( &attributes, alg );
2463 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002464
Ronald Cron5425a212020-08-04 14:58:35 +02002465 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2466 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002467
Ronald Cron5425a212020-08-04 14:58:35 +02002468 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002469
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002470 if( iv->len > 0 )
2471 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002472 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002473 }
2474
gabor-mezei-armceface22021-01-21 12:26:17 +01002475 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2476 TEST_ASSERT( output_buffer_size <=
2477 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002478 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002479
Gilles Peskinee0866522019-02-19 19:44:00 +01002480 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine8817f612018-12-18 00:18:46 +01002481 PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
2482 output, output_buffer_size,
2483 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002484 TEST_ASSERT( function_output_length == output1_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002485 TEST_ASSERT( function_output_length <=
2486 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2487 TEST_ASSERT( function_output_length <=
2488 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002489 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002490
Gilles Peskine8817f612018-12-18 00:18:46 +01002491 PSA_ASSERT( psa_cipher_update( &operation,
2492 input->x + first_part_size,
2493 input->len - first_part_size,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002494 ( output_buffer_size == 0 ? NULL :
2495 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002496 output_buffer_size - total_output_length,
Gilles Peskine8817f612018-12-18 00:18:46 +01002497 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002498 TEST_ASSERT( function_output_length == output2_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002499 TEST_ASSERT( function_output_length <=
2500 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2501 alg,
2502 input->len - first_part_size ) );
2503 TEST_ASSERT( function_output_length <=
2504 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002505 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002506
Gilles Peskine8817f612018-12-18 00:18:46 +01002507 PSA_ASSERT( psa_cipher_finish( &operation,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002508 ( output_buffer_size == 0 ? NULL :
2509 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002510 output_buffer_size - total_output_length,
Gilles Peskine8817f612018-12-18 00:18:46 +01002511 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002512 TEST_ASSERT( function_output_length <=
2513 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2514 TEST_ASSERT( function_output_length <=
2515 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002516 total_output_length += function_output_length;
Gilles Peskine8817f612018-12-18 00:18:46 +01002517 PSA_ASSERT( psa_cipher_abort( &operation ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002518
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002519 ASSERT_COMPARE( expected_output->x, expected_output->len,
2520 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002521
2522exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002523 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002524 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002525 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002526 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002527}
2528/* END_CASE */
2529
2530/* BEGIN_CASE */
2531void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002532 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002533 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002534 int first_part_size_arg,
2535 int output1_length_arg, int output2_length_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002536 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002537{
Ronald Cron5425a212020-08-04 14:58:35 +02002538 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002539 psa_key_type_t key_type = key_type_arg;
2540 psa_algorithm_t alg = alg_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002541 size_t first_part_size = first_part_size_arg;
2542 size_t output1_length = output1_length_arg;
2543 size_t output2_length = output2_length_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002544 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002545 size_t output_buffer_size = 0;
2546 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002547 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002548 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002549 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002550
Gilles Peskine8817f612018-12-18 00:18:46 +01002551 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002552
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002553 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2554 psa_set_key_algorithm( &attributes, alg );
2555 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002556
Ronald Cron5425a212020-08-04 14:58:35 +02002557 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2558 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002559
Ronald Cron5425a212020-08-04 14:58:35 +02002560 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002561
Steven Cooreman177deba2020-09-07 17:14:14 +02002562 if( iv->len > 0 )
2563 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002564 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002565 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002566
gabor-mezei-armceface22021-01-21 12:26:17 +01002567 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2568 TEST_ASSERT( output_buffer_size <=
2569 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002570 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002571
Gilles Peskinee0866522019-02-19 19:44:00 +01002572 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine8817f612018-12-18 00:18:46 +01002573 PSA_ASSERT( psa_cipher_update( &operation,
2574 input->x, first_part_size,
2575 output, output_buffer_size,
2576 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002577 TEST_ASSERT( function_output_length == output1_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002578 TEST_ASSERT( function_output_length <=
2579 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2580 TEST_ASSERT( function_output_length <=
2581 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002582 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002583
Gilles Peskine8817f612018-12-18 00:18:46 +01002584 PSA_ASSERT( psa_cipher_update( &operation,
2585 input->x + first_part_size,
2586 input->len - first_part_size,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002587 ( output_buffer_size == 0 ? NULL :
2588 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002589 output_buffer_size - total_output_length,
Gilles Peskine8817f612018-12-18 00:18:46 +01002590 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002591 TEST_ASSERT( function_output_length == output2_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002592 TEST_ASSERT( function_output_length <=
2593 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2594 alg,
2595 input->len - first_part_size ) );
2596 TEST_ASSERT( function_output_length <=
2597 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002598 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002599
Gilles Peskine8817f612018-12-18 00:18:46 +01002600 PSA_ASSERT( psa_cipher_finish( &operation,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002601 ( output_buffer_size == 0 ? NULL :
2602 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002603 output_buffer_size - total_output_length,
Gilles Peskine8817f612018-12-18 00:18:46 +01002604 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002605 TEST_ASSERT( function_output_length <=
2606 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2607 TEST_ASSERT( function_output_length <=
2608 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002609 total_output_length += function_output_length;
Gilles Peskine8817f612018-12-18 00:18:46 +01002610 PSA_ASSERT( psa_cipher_abort( &operation ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002611
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002612 ASSERT_COMPARE( expected_output->x, expected_output->len,
2613 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002614
2615exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002616 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002617 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002618 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002619 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002620}
2621/* END_CASE */
2622
Gilles Peskine50e586b2018-06-08 14:28:46 +02002623/* BEGIN_CASE */
2624void cipher_decrypt( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002625 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002626 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002627 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002628{
Ronald Cron5425a212020-08-04 14:58:35 +02002629 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002630 psa_status_t status;
2631 psa_key_type_t key_type = key_type_arg;
2632 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002633 psa_status_t expected_status = expected_status_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002634 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002635 size_t output_buffer_size = 0;
2636 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002637 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002638 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002639 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002640
Gilles Peskine8817f612018-12-18 00:18:46 +01002641 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002642
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002643 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2644 psa_set_key_algorithm( &attributes, alg );
2645 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002646
Ronald Cron5425a212020-08-04 14:58:35 +02002647 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2648 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002649
Ronald Cron5425a212020-08-04 14:58:35 +02002650 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002651
Steven Cooreman177deba2020-09-07 17:14:14 +02002652 if( iv->len > 0 )
2653 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002654 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002655 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002656
gabor-mezei-armceface22021-01-21 12:26:17 +01002657 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2658 TEST_ASSERT( output_buffer_size <=
2659 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002660 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002661
Gilles Peskine8817f612018-12-18 00:18:46 +01002662 PSA_ASSERT( psa_cipher_update( &operation,
2663 input->x, input->len,
2664 output, output_buffer_size,
2665 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002666 TEST_ASSERT( function_output_length <=
2667 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
2668 TEST_ASSERT( function_output_length <=
2669 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002670 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002671
Gilles Peskine50e586b2018-06-08 14:28:46 +02002672 status = psa_cipher_finish( &operation,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002673 ( output_buffer_size == 0 ? NULL :
2674 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002675 output_buffer_size - total_output_length,
Gilles Peskine50e586b2018-06-08 14:28:46 +02002676 &function_output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002677 TEST_ASSERT( function_output_length <=
2678 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2679 TEST_ASSERT( function_output_length <=
2680 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002681 total_output_length += function_output_length;
Gilles Peskinefe11b722018-12-18 00:24:04 +01002682 TEST_EQUAL( status, expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002683
2684 if( expected_status == PSA_SUCCESS )
2685 {
Gilles Peskine8817f612018-12-18 00:18:46 +01002686 PSA_ASSERT( psa_cipher_abort( &operation ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002687 ASSERT_COMPARE( expected_output->x, expected_output->len,
2688 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002689 }
2690
Gilles Peskine50e586b2018-06-08 14:28:46 +02002691exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002692 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002693 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002694 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002695 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002696}
2697/* END_CASE */
2698
Gilles Peskine50e586b2018-06-08 14:28:46 +02002699/* BEGIN_CASE */
2700void cipher_verify_output( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002701 data_t *key_data,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002702 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +02002703{
Ronald Cron5425a212020-08-04 14:58:35 +02002704 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
mohammad1603d7d7ba52018-03-12 18:51:53 +02002705 psa_key_type_t key_type = key_type_arg;
2706 psa_algorithm_t alg = alg_arg;
mohammad1603e6b67a12018-03-12 10:38:49 -07002707 unsigned char iv[16] = {0};
mohammad1603d7d7ba52018-03-12 18:51:53 +02002708 size_t iv_size = 16;
2709 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002710 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +02002711 size_t output1_size = 0;
2712 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002713 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +02002714 size_t output2_size = 0;
2715 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +02002716 size_t function_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002717 psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
2718 psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002719 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mohammad1603d7d7ba52018-03-12 18:51:53 +02002720
Gilles Peskine8817f612018-12-18 00:18:46 +01002721 PSA_ASSERT( psa_crypto_init( ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002722
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002723 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
2724 psa_set_key_algorithm( &attributes, alg );
2725 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002726
Ronald Cron5425a212020-08-04 14:58:35 +02002727 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2728 &key ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002729
Ronald Cron5425a212020-08-04 14:58:35 +02002730 PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
2731 PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002732
Steven Cooreman177deba2020-09-07 17:14:14 +02002733 if( alg != PSA_ALG_ECB_NO_PADDING )
2734 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002735 PSA_ASSERT( psa_cipher_generate_iv( &operation1,
2736 iv, iv_size,
2737 &iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002738 }
gabor-mezei-armceface22021-01-21 12:26:17 +01002739 output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2740 TEST_ASSERT( output1_size <=
2741 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002742 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +03002743
Gilles Peskine8817f612018-12-18 00:18:46 +01002744 PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
2745 output1, output1_size,
2746 &output1_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002747 TEST_ASSERT( output1_length <=
2748 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
2749 TEST_ASSERT( output1_length <=
2750 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
2751
Gilles Peskine8817f612018-12-18 00:18:46 +01002752 PSA_ASSERT( psa_cipher_finish( &operation1,
Gilles Peskineee46fe72019-02-19 19:05:33 +01002753 output1 + output1_length,
2754 output1_size - output1_length,
Gilles Peskine8817f612018-12-18 00:18:46 +01002755 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002756 TEST_ASSERT( function_output_length <=
2757 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2758 TEST_ASSERT( function_output_length <=
2759 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02002760
Gilles Peskine048b7f02018-06-08 14:20:49 +02002761 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03002762
Gilles Peskine8817f612018-12-18 00:18:46 +01002763 PSA_ASSERT( psa_cipher_abort( &operation1 ) );
Moran Pekerded84402018-06-06 16:36:50 +03002764
2765 output2_size = output1_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002766 TEST_ASSERT( output2_size <=
2767 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
2768 TEST_ASSERT( output2_size <=
2769 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002770 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +03002771
Steven Cooreman177deba2020-09-07 17:14:14 +02002772 if( iv_length > 0 )
2773 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002774 PSA_ASSERT( psa_cipher_set_iv( &operation2,
2775 iv, iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002776 }
2777
Gilles Peskine8817f612018-12-18 00:18:46 +01002778 PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
2779 output2, output2_size,
2780 &output2_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002781 TEST_ASSERT( output2_length <=
2782 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, output1_length ) );
2783 TEST_ASSERT( output2_length <=
2784 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length ) );
2785
Gilles Peskine048b7f02018-06-08 14:20:49 +02002786 function_output_length = 0;
Gilles Peskine8817f612018-12-18 00:18:46 +01002787 PSA_ASSERT( psa_cipher_finish( &operation2,
2788 output2 + output2_length,
Gilles Peskineee46fe72019-02-19 19:05:33 +01002789 output2_size - output2_length,
Gilles Peskine8817f612018-12-18 00:18:46 +01002790 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002791 TEST_ASSERT( function_output_length <=
2792 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2793 TEST_ASSERT( function_output_length <=
2794 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Moran Pekerded84402018-06-06 16:36:50 +03002795
Gilles Peskine048b7f02018-06-08 14:20:49 +02002796 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02002797
Gilles Peskine8817f612018-12-18 00:18:46 +01002798 PSA_ASSERT( psa_cipher_abort( &operation2 ) );
Moran Pekerded84402018-06-06 16:36:50 +03002799
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002800 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +03002801
2802exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002803 psa_cipher_abort( &operation1 );
2804 psa_cipher_abort( &operation2 );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002805 mbedtls_free( output1 );
2806 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02002807 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002808 PSA_DONE( );
Moran Pekerded84402018-06-06 16:36:50 +03002809}
2810/* END_CASE */
2811
2812/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +02002813void cipher_verify_output_multipart( int alg_arg,
2814 int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002815 data_t *key_data,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002816 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002817 int first_part_size_arg )
Moran Pekerded84402018-06-06 16:36:50 +03002818{
Ronald Cron5425a212020-08-04 14:58:35 +02002819 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Moran Pekerded84402018-06-06 16:36:50 +03002820 psa_key_type_t key_type = key_type_arg;
2821 psa_algorithm_t alg = alg_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002822 size_t first_part_size = first_part_size_arg;
Moran Pekerded84402018-06-06 16:36:50 +03002823 unsigned char iv[16] = {0};
2824 size_t iv_size = 16;
2825 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002826 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +02002827 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +03002828 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002829 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +02002830 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +03002831 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +02002832 size_t function_output_length;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002833 psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
2834 psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002835 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Moran Pekerded84402018-06-06 16:36:50 +03002836
Gilles Peskine8817f612018-12-18 00:18:46 +01002837 PSA_ASSERT( psa_crypto_init( ) );
Moran Pekerded84402018-06-06 16:36:50 +03002838
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002839 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
2840 psa_set_key_algorithm( &attributes, alg );
2841 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002842
Ronald Cron5425a212020-08-04 14:58:35 +02002843 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2844 &key ) );
Moran Pekerded84402018-06-06 16:36:50 +03002845
Ronald Cron5425a212020-08-04 14:58:35 +02002846 PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
2847 PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
Moran Pekerded84402018-06-06 16:36:50 +03002848
Steven Cooreman177deba2020-09-07 17:14:14 +02002849 if( alg != PSA_ALG_ECB_NO_PADDING )
2850 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002851 PSA_ASSERT( psa_cipher_generate_iv( &operation1,
2852 iv, iv_size,
2853 &iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002854 }
2855
gabor-mezei-armceface22021-01-21 12:26:17 +01002856 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2857 TEST_ASSERT( output1_buffer_size <=
2858 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002859 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +03002860
Gilles Peskinee0866522019-02-19 19:44:00 +01002861 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02002862
Gilles Peskine8817f612018-12-18 00:18:46 +01002863 PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
2864 output1, output1_buffer_size,
2865 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002866 TEST_ASSERT( function_output_length <=
2867 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2868 TEST_ASSERT( function_output_length <=
2869 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02002870 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03002871
Gilles Peskine8817f612018-12-18 00:18:46 +01002872 PSA_ASSERT( psa_cipher_update( &operation1,
2873 input->x + first_part_size,
2874 input->len - first_part_size,
2875 output1, output1_buffer_size,
2876 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002877 TEST_ASSERT( function_output_length <=
2878 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2879 alg,
2880 input->len - first_part_size ) );
2881 TEST_ASSERT( function_output_length <=
2882 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02002883 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03002884
Gilles Peskine8817f612018-12-18 00:18:46 +01002885 PSA_ASSERT( psa_cipher_finish( &operation1,
2886 output1 + output1_length,
2887 output1_buffer_size - output1_length,
2888 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002889 TEST_ASSERT( function_output_length <=
2890 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2891 TEST_ASSERT( function_output_length <=
2892 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine048b7f02018-06-08 14:20:49 +02002893 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +02002894
Gilles Peskine8817f612018-12-18 00:18:46 +01002895 PSA_ASSERT( psa_cipher_abort( &operation1 ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002896
Gilles Peskine048b7f02018-06-08 14:20:49 +02002897 output2_buffer_size = output1_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002898 TEST_ASSERT( output2_buffer_size <=
2899 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
2900 TEST_ASSERT( output2_buffer_size <=
2901 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002902 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002903
Steven Cooreman177deba2020-09-07 17:14:14 +02002904 if( iv_length > 0 )
2905 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002906 PSA_ASSERT( psa_cipher_set_iv( &operation2,
2907 iv, iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002908 }
Moran Pekerded84402018-06-06 16:36:50 +03002909
Gilles Peskine8817f612018-12-18 00:18:46 +01002910 PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
2911 output2, output2_buffer_size,
2912 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002913 TEST_ASSERT( function_output_length <=
2914 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2915 TEST_ASSERT( function_output_length <=
2916 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02002917 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03002918
Gilles Peskine8817f612018-12-18 00:18:46 +01002919 PSA_ASSERT( psa_cipher_update( &operation2,
2920 output1 + first_part_size,
2921 output1_length - first_part_size,
2922 output2, output2_buffer_size,
2923 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002924 TEST_ASSERT( function_output_length <=
2925 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2926 alg,
2927 output1_length - first_part_size ) );
2928 TEST_ASSERT( function_output_length <=
2929 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02002930 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03002931
Gilles Peskine8817f612018-12-18 00:18:46 +01002932 PSA_ASSERT( psa_cipher_finish( &operation2,
2933 output2 + output2_length,
2934 output2_buffer_size - output2_length,
2935 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002936 TEST_ASSERT( function_output_length <=
2937 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2938 TEST_ASSERT( function_output_length <=
2939 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine048b7f02018-06-08 14:20:49 +02002940 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02002941
Gilles Peskine8817f612018-12-18 00:18:46 +01002942 PSA_ASSERT( psa_cipher_abort( &operation2 ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002943
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002944 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002945
2946exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002947 psa_cipher_abort( &operation1 );
2948 psa_cipher_abort( &operation2 );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002949 mbedtls_free( output1 );
2950 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02002951 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002952 PSA_DONE( );
mohammad1603d7d7ba52018-03-12 18:51:53 +02002953}
2954/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +02002955
Gilles Peskine20035e32018-02-03 22:44:14 +01002956/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02002957void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02002958 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +02002959 data_t *nonce,
2960 data_t *additional_data,
2961 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02002962 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +02002963{
Ronald Cron5425a212020-08-04 14:58:35 +02002964 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02002965 psa_key_type_t key_type = key_type_arg;
2966 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01002967 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02002968 unsigned char *output_data = NULL;
2969 size_t output_size = 0;
2970 size_t output_length = 0;
2971 unsigned char *output_data2 = NULL;
2972 size_t output_length2 = 0;
Steven Cooremanf49478b2021-02-15 15:19:25 +01002973 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskine4abf7412018-06-18 16:35:34 +02002974 psa_status_t expected_result = expected_result_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002975 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02002976
Gilles Peskine8817f612018-12-18 00:18:46 +01002977 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02002978
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002979 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
2980 psa_set_key_algorithm( &attributes, alg );
2981 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02002982
Gilles Peskine049c7532019-05-15 20:22:09 +02002983 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02002984 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01002985 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
2986 key_bits = psa_get_key_bits( &attributes );
2987
2988 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
2989 alg );
2990 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
2991 * should be exact. */
2992 if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
2993 expected_result != PSA_ERROR_NOT_SUPPORTED )
2994 {
2995 TEST_EQUAL( output_size,
2996 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
2997 TEST_ASSERT( output_size <=
2998 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
2999 }
3000 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003001
Steven Cooremanf49478b2021-02-15 15:19:25 +01003002 status = psa_aead_encrypt( key, alg,
3003 nonce->x, nonce->len,
3004 additional_data->x,
3005 additional_data->len,
3006 input_data->x, input_data->len,
3007 output_data, output_size,
3008 &output_length );
3009
3010 /* If the operation is not supported, just skip and not fail in case the
3011 * encryption involves a common limitation of cryptography hardwares and
3012 * an alternative implementation. */
3013 if( status == PSA_ERROR_NOT_SUPPORTED )
3014 {
3015 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3016 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
3017 }
3018
3019 TEST_EQUAL( status, expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003020
3021 if( PSA_SUCCESS == expected_result )
3022 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003023 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003024
Gilles Peskine003a4a92019-05-14 16:09:40 +02003025 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
3026 * should be exact. */
3027 TEST_EQUAL( input_data->len,
Bence Szépkútiec174e22021-03-19 18:46:15 +01003028 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
Gilles Peskine003a4a92019-05-14 16:09:40 +02003029
gabor-mezei-armceface22021-01-21 12:26:17 +01003030 TEST_ASSERT( input_data->len <=
3031 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
3032
Ronald Cron5425a212020-08-04 14:58:35 +02003033 TEST_EQUAL( psa_aead_decrypt( key, alg,
Gilles Peskinefe11b722018-12-18 00:24:04 +01003034 nonce->x, nonce->len,
3035 additional_data->x,
3036 additional_data->len,
3037 output_data, output_length,
3038 output_data2, output_length,
Gilles Peskinef812dcf2018-12-18 00:33:25 +01003039 &output_length2 ),
3040 expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +02003041
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003042 ASSERT_COMPARE( input_data->x, input_data->len,
3043 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003044 }
Gilles Peskine2d277862018-06-18 15:41:12 +02003045
Gilles Peskinea1cac842018-06-11 19:33:02 +02003046exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003047 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003048 mbedtls_free( output_data );
3049 mbedtls_free( output_data2 );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003050 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003051}
3052/* END_CASE */
3053
3054/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003055void aead_encrypt( int key_type_arg, data_t *key_data,
3056 int alg_arg,
3057 data_t *nonce,
3058 data_t *additional_data,
3059 data_t *input_data,
3060 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003061{
Ronald Cron5425a212020-08-04 14:58:35 +02003062 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003063 psa_key_type_t key_type = key_type_arg;
3064 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003065 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003066 unsigned char *output_data = NULL;
3067 size_t output_size = 0;
3068 size_t output_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003069 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Steven Cooremand588ea12021-01-11 19:36:04 +01003070 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003071
Gilles Peskine8817f612018-12-18 00:18:46 +01003072 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003073
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003074 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
3075 psa_set_key_algorithm( &attributes, alg );
3076 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003077
Gilles Peskine049c7532019-05-15 20:22:09 +02003078 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003079 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003080 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3081 key_bits = psa_get_key_bits( &attributes );
3082
3083 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3084 alg );
3085 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
3086 * should be exact. */
3087 TEST_EQUAL( output_size,
3088 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3089 TEST_ASSERT( output_size <=
3090 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3091 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003092
Steven Cooremand588ea12021-01-11 19:36:04 +01003093 status = psa_aead_encrypt( key, alg,
3094 nonce->x, nonce->len,
3095 additional_data->x, additional_data->len,
3096 input_data->x, input_data->len,
3097 output_data, output_size,
3098 &output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003099
Ronald Cron28a45ed2021-02-09 20:35:42 +01003100 /* If the operation is not supported, just skip and not fail in case the
3101 * encryption involves a common limitation of cryptography hardwares and
3102 * an alternative implementation. */
3103 if( status == PSA_ERROR_NOT_SUPPORTED )
Steven Cooremand588ea12021-01-11 19:36:04 +01003104 {
Ronald Cron28a45ed2021-02-09 20:35:42 +01003105 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3106 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
Steven Cooremand588ea12021-01-11 19:36:04 +01003107 }
Steven Cooremand588ea12021-01-11 19:36:04 +01003108
3109 PSA_ASSERT( status );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003110 ASSERT_COMPARE( expected_result->x, expected_result->len,
3111 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +02003112
Gilles Peskinea1cac842018-06-11 19:33:02 +02003113exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003114 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003115 mbedtls_free( output_data );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003116 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003117}
3118/* END_CASE */
3119
3120/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003121void aead_decrypt( int key_type_arg, data_t *key_data,
3122 int alg_arg,
3123 data_t *nonce,
3124 data_t *additional_data,
3125 data_t *input_data,
3126 data_t *expected_data,
3127 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003128{
Ronald Cron5425a212020-08-04 14:58:35 +02003129 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003130 psa_key_type_t key_type = key_type_arg;
3131 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003132 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003133 unsigned char *output_data = NULL;
3134 size_t output_size = 0;
3135 size_t output_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003136 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine4abf7412018-06-18 16:35:34 +02003137 psa_status_t expected_result = expected_result_arg;
Steven Cooremand588ea12021-01-11 19:36:04 +01003138 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003139
Gilles Peskine8817f612018-12-18 00:18:46 +01003140 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003141
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003142 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
3143 psa_set_key_algorithm( &attributes, alg );
3144 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003145
Gilles Peskine049c7532019-05-15 20:22:09 +02003146 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003147 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003148 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3149 key_bits = psa_get_key_bits( &attributes );
3150
3151 output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3152 alg );
3153 if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
3154 expected_result != PSA_ERROR_NOT_SUPPORTED )
3155 {
3156 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
3157 * should be exact. */
3158 TEST_EQUAL( output_size,
3159 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3160 TEST_ASSERT( output_size <=
3161 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3162 }
3163 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003164
Steven Cooremand588ea12021-01-11 19:36:04 +01003165 status = psa_aead_decrypt( key, alg,
3166 nonce->x, nonce->len,
3167 additional_data->x,
3168 additional_data->len,
3169 input_data->x, input_data->len,
3170 output_data, output_size,
3171 &output_length );
3172
Ronald Cron28a45ed2021-02-09 20:35:42 +01003173 /* If the operation is not supported, just skip and not fail in case the
3174 * decryption involves a common limitation of cryptography hardwares and
3175 * an alternative implementation. */
3176 if( status == PSA_ERROR_NOT_SUPPORTED )
Steven Cooremand588ea12021-01-11 19:36:04 +01003177 {
Ronald Cron28a45ed2021-02-09 20:35:42 +01003178 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3179 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
Steven Cooremand588ea12021-01-11 19:36:04 +01003180 }
Steven Cooremand588ea12021-01-11 19:36:04 +01003181
3182 TEST_EQUAL( status, expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003183
Gilles Peskine2d277862018-06-18 15:41:12 +02003184 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003185 ASSERT_COMPARE( expected_data->x, expected_data->len,
3186 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003187
Gilles Peskinea1cac842018-06-11 19:33:02 +02003188exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003189 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003190 mbedtls_free( output_data );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003191 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003192}
3193/* END_CASE */
3194
3195/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003196void signature_size( int type_arg,
3197 int bits,
3198 int alg_arg,
3199 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +01003200{
3201 psa_key_type_t type = type_arg;
3202 psa_algorithm_t alg = alg_arg;
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003203 size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskine841b14b2019-11-26 17:37:37 +01003204
Gilles Peskinefe11b722018-12-18 00:24:04 +01003205 TEST_EQUAL( actual_size, (size_t) expected_size_arg );
Gilles Peskine841b14b2019-11-26 17:37:37 +01003206
Gilles Peskinee59236f2018-01-27 23:32:46 +01003207exit:
3208 ;
3209}
3210/* END_CASE */
3211
3212/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003213void sign_hash_deterministic( int key_type_arg, data_t *key_data,
3214 int alg_arg, data_t *input_data,
3215 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +01003216{
Ronald Cron5425a212020-08-04 14:58:35 +02003217 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinee59236f2018-01-27 23:32:46 +01003218 psa_key_type_t key_type = key_type_arg;
3219 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +01003220 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +01003221 unsigned char *signature = NULL;
3222 size_t signature_size;
3223 size_t signature_length = 0xdeadbeef;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003224 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003225
Gilles Peskine8817f612018-12-18 00:18:46 +01003226 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003227
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003228 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003229 psa_set_key_algorithm( &attributes, alg );
3230 psa_set_key_type( &attributes, key_type );
mohammad1603a97cb8c2018-03-28 03:46:26 -07003231
Gilles Peskine049c7532019-05-15 20:22:09 +02003232 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003233 &key ) );
3234 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003235 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine20035e32018-02-03 22:44:14 +01003236
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003237 /* Allocate a buffer which has the size advertized by the
3238 * library. */
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003239 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003240 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +01003241 TEST_ASSERT( signature_size != 0 );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003242 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003243 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003244
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003245 /* Perform the signature. */
Ronald Cron5425a212020-08-04 14:58:35 +02003246 PSA_ASSERT( psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003247 input_data->x, input_data->len,
3248 signature, signature_size,
3249 &signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003250 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003251 ASSERT_COMPARE( output_data->x, output_data->len,
3252 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +01003253
3254exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003255 /*
3256 * Key attributes may have been returned by psa_get_key_attributes()
3257 * thus reset them as required.
3258 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003259 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003260
Ronald Cron5425a212020-08-04 14:58:35 +02003261 psa_destroy_key( key );
Gilles Peskine0189e752018-02-03 23:57:22 +01003262 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003263 PSA_DONE( );
Gilles Peskine20035e32018-02-03 22:44:14 +01003264}
3265/* END_CASE */
3266
3267/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003268void sign_hash_fail( int key_type_arg, data_t *key_data,
3269 int alg_arg, data_t *input_data,
3270 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +01003271{
Ronald Cron5425a212020-08-04 14:58:35 +02003272 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003273 psa_key_type_t key_type = key_type_arg;
3274 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003275 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +01003276 psa_status_t actual_status;
3277 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +01003278 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +01003279 size_t signature_length = 0xdeadbeef;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003280 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003281
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003282 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003283
Gilles Peskine8817f612018-12-18 00:18:46 +01003284 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003285
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003286 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003287 psa_set_key_algorithm( &attributes, alg );
3288 psa_set_key_type( &attributes, key_type );
mohammad1603a97cb8c2018-03-28 03:46:26 -07003289
Gilles Peskine049c7532019-05-15 20:22:09 +02003290 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003291 &key ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003292
Ronald Cron5425a212020-08-04 14:58:35 +02003293 actual_status = psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003294 input_data->x, input_data->len,
3295 signature, signature_size,
3296 &signature_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003297 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003298 /* The value of *signature_length is unspecified on error, but
3299 * whatever it is, it should be less than signature_size, so that
3300 * if the caller tries to read *signature_length bytes without
3301 * checking the error code then they don't overflow a buffer. */
3302 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003303
3304exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003305 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003306 psa_destroy_key( key );
Gilles Peskine20035e32018-02-03 22:44:14 +01003307 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003308 PSA_DONE( );
Gilles Peskine20035e32018-02-03 22:44:14 +01003309}
3310/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +03003311
3312/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003313void sign_verify_hash( int key_type_arg, data_t *key_data,
3314 int alg_arg, data_t *input_data )
Gilles Peskine9911b022018-06-29 17:30:48 +02003315{
Ronald Cron5425a212020-08-04 14:58:35 +02003316 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine9911b022018-06-29 17:30:48 +02003317 psa_key_type_t key_type = key_type_arg;
3318 psa_algorithm_t alg = alg_arg;
3319 size_t key_bits;
3320 unsigned char *signature = NULL;
3321 size_t signature_size;
3322 size_t signature_length = 0xdeadbeef;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003323 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine9911b022018-06-29 17:30:48 +02003324
Gilles Peskine8817f612018-12-18 00:18:46 +01003325 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003326
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003327 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003328 psa_set_key_algorithm( &attributes, alg );
3329 psa_set_key_type( &attributes, key_type );
Gilles Peskine9911b022018-06-29 17:30:48 +02003330
Gilles Peskine049c7532019-05-15 20:22:09 +02003331 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003332 &key ) );
3333 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003334 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine9911b022018-06-29 17:30:48 +02003335
3336 /* Allocate a buffer which has the size advertized by the
3337 * library. */
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003338 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
Gilles Peskine9911b022018-06-29 17:30:48 +02003339 key_bits, alg );
3340 TEST_ASSERT( signature_size != 0 );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003341 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003342 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +02003343
3344 /* Perform the signature. */
Ronald Cron5425a212020-08-04 14:58:35 +02003345 PSA_ASSERT( psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003346 input_data->x, input_data->len,
3347 signature, signature_size,
3348 &signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003349 /* Check that the signature length looks sensible. */
3350 TEST_ASSERT( signature_length <= signature_size );
3351 TEST_ASSERT( signature_length > 0 );
3352
3353 /* Use the library to verify that the signature is correct. */
Ronald Cron5425a212020-08-04 14:58:35 +02003354 PSA_ASSERT( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003355 input_data->x, input_data->len,
3356 signature, signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003357
3358 if( input_data->len != 0 )
3359 {
3360 /* Flip a bit in the input and verify that the signature is now
3361 * detected as invalid. Flip a bit at the beginning, not at the end,
3362 * because ECDSA may ignore the last few bits of the input. */
3363 input_data->x[0] ^= 1;
Ronald Cron5425a212020-08-04 14:58:35 +02003364 TEST_EQUAL( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003365 input_data->x, input_data->len,
3366 signature, signature_length ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01003367 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine9911b022018-06-29 17:30:48 +02003368 }
3369
3370exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003371 /*
3372 * Key attributes may have been returned by psa_get_key_attributes()
3373 * thus reset them as required.
3374 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003375 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003376
Ronald Cron5425a212020-08-04 14:58:35 +02003377 psa_destroy_key( key );
Gilles Peskine9911b022018-06-29 17:30:48 +02003378 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003379 PSA_DONE( );
Gilles Peskine9911b022018-06-29 17:30:48 +02003380}
3381/* END_CASE */
3382
3383/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003384void verify_hash( int key_type_arg, data_t *key_data,
3385 int alg_arg, data_t *hash_data,
3386 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +03003387{
Ronald Cron5425a212020-08-04 14:58:35 +02003388 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
itayzafrir5c753392018-05-08 11:18:38 +03003389 psa_key_type_t key_type = key_type_arg;
3390 psa_algorithm_t alg = alg_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003391 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
itayzafrir5c753392018-05-08 11:18:38 +03003392
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003393 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine69c12672018-06-28 00:07:19 +02003394
Gilles Peskine8817f612018-12-18 00:18:46 +01003395 PSA_ASSERT( psa_crypto_init( ) );
itayzafrir5c753392018-05-08 11:18:38 +03003396
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003397 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003398 psa_set_key_algorithm( &attributes, alg );
3399 psa_set_key_type( &attributes, key_type );
itayzafrir5c753392018-05-08 11:18:38 +03003400
Gilles Peskine049c7532019-05-15 20:22:09 +02003401 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003402 &key ) );
itayzafrir5c753392018-05-08 11:18:38 +03003403
Ronald Cron5425a212020-08-04 14:58:35 +02003404 PSA_ASSERT( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003405 hash_data->x, hash_data->len,
3406 signature_data->x, signature_data->len ) );
Gilles Peskine0627f982019-11-26 19:12:16 +01003407
itayzafrir5c753392018-05-08 11:18:38 +03003408exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003409 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003410 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003411 PSA_DONE( );
itayzafrir5c753392018-05-08 11:18:38 +03003412}
3413/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003414
3415/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003416void verify_hash_fail( int key_type_arg, data_t *key_data,
3417 int alg_arg, data_t *hash_data,
3418 data_t *signature_data,
3419 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003420{
Ronald Cron5425a212020-08-04 14:58:35 +02003421 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003422 psa_key_type_t key_type = key_type_arg;
3423 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003424 psa_status_t actual_status;
3425 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003426 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003427
Gilles Peskine8817f612018-12-18 00:18:46 +01003428 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003429
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003430 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003431 psa_set_key_algorithm( &attributes, alg );
3432 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03003433
Gilles Peskine049c7532019-05-15 20:22:09 +02003434 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003435 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003436
Ronald Cron5425a212020-08-04 14:58:35 +02003437 actual_status = psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003438 hash_data->x, hash_data->len,
3439 signature_data->x, signature_data->len );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003440 TEST_EQUAL( actual_status, expected_status );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003441
3442exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003443 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003444 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003445 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003446}
3447/* END_CASE */
3448
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003449/* BEGIN_CASE */
gabor-mezei-arm53028482021-04-15 18:19:50 +02003450void sign_message_deterministic( int key_type_arg,
3451 data_t *key_data,
3452 int alg_arg,
3453 data_t *input_data,
3454 data_t *output_data )
3455{
3456 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3457 psa_key_type_t key_type = key_type_arg;
3458 psa_algorithm_t alg = alg_arg;
3459 size_t key_bits;
3460 unsigned char *signature = NULL;
3461 size_t signature_size;
3462 size_t signature_length = 0xdeadbeef;
3463 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3464
3465 PSA_ASSERT( psa_crypto_init( ) );
3466
3467 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3468 psa_set_key_algorithm( &attributes, alg );
3469 psa_set_key_type( &attributes, key_type );
3470
3471 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3472 &key ) );
3473 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3474 key_bits = psa_get_key_bits( &attributes );
3475
3476 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
3477 TEST_ASSERT( signature_size != 0 );
3478 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
3479 ASSERT_ALLOC( signature, signature_size );
3480
3481 PSA_ASSERT( psa_sign_message( key, alg,
3482 input_data->x, input_data->len,
3483 signature, signature_size,
3484 &signature_length ) );
3485
3486 ASSERT_COMPARE( output_data->x, output_data->len,
3487 signature, signature_length );
3488
3489exit:
3490 psa_reset_key_attributes( &attributes );
3491
3492 psa_destroy_key( key );
3493 mbedtls_free( signature );
3494 PSA_DONE( );
3495
3496}
3497/* END_CASE */
3498
3499/* BEGIN_CASE */
3500void sign_message_fail( int key_type_arg,
3501 data_t *key_data,
3502 int alg_arg,
3503 data_t *input_data,
3504 int signature_size_arg,
3505 int expected_status_arg )
3506{
3507 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3508 psa_key_type_t key_type = key_type_arg;
3509 psa_algorithm_t alg = alg_arg;
3510 size_t signature_size = signature_size_arg;
3511 psa_status_t actual_status;
3512 psa_status_t expected_status = expected_status_arg;
3513 unsigned char *signature = NULL;
3514 size_t signature_length = 0xdeadbeef;
3515 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3516
3517 ASSERT_ALLOC( signature, signature_size );
3518
3519 PSA_ASSERT( psa_crypto_init( ) );
3520
3521 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3522 psa_set_key_algorithm( &attributes, alg );
3523 psa_set_key_type( &attributes, key_type );
3524
3525 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3526 &key ) );
3527
3528 actual_status = psa_sign_message( key, alg,
3529 input_data->x, input_data->len,
3530 signature, signature_size,
3531 &signature_length );
3532 TEST_EQUAL( actual_status, expected_status );
3533 /* The value of *signature_length is unspecified on error, but
3534 * whatever it is, it should be less than signature_size, so that
3535 * if the caller tries to read *signature_length bytes without
3536 * checking the error code then they don't overflow a buffer. */
3537 TEST_ASSERT( signature_length <= signature_size );
3538
3539exit:
3540 psa_reset_key_attributes( &attributes );
3541 psa_destroy_key( key );
3542 mbedtls_free( signature );
3543 PSA_DONE( );
3544}
3545/* END_CASE */
3546
3547/* BEGIN_CASE */
3548void sign_verify_message( int key_type_arg,
3549 data_t *key_data,
3550 int alg_arg,
3551 data_t *input_data )
3552{
3553 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3554 psa_key_type_t key_type = key_type_arg;
3555 psa_algorithm_t alg = alg_arg;
3556 size_t key_bits;
3557 unsigned char *signature = NULL;
3558 size_t signature_size;
3559 size_t signature_length = 0xdeadbeef;
3560 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3561
3562 PSA_ASSERT( psa_crypto_init( ) );
3563
3564 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE |
3565 PSA_KEY_USAGE_VERIFY_MESSAGE );
3566 psa_set_key_algorithm( &attributes, alg );
3567 psa_set_key_type( &attributes, key_type );
3568
3569 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3570 &key ) );
3571 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3572 key_bits = psa_get_key_bits( &attributes );
3573
3574 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
3575 TEST_ASSERT( signature_size != 0 );
3576 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
3577 ASSERT_ALLOC( signature, signature_size );
3578
3579 PSA_ASSERT( psa_sign_message( key, alg,
3580 input_data->x, input_data->len,
3581 signature, signature_size,
3582 &signature_length ) );
3583 TEST_ASSERT( signature_length <= signature_size );
3584 TEST_ASSERT( signature_length > 0 );
3585
3586 PSA_ASSERT( psa_verify_message( key, alg,
3587 input_data->x, input_data->len,
3588 signature, signature_length ) );
3589
3590 if( input_data->len != 0 )
3591 {
3592 /* Flip a bit in the input and verify that the signature is now
3593 * detected as invalid. Flip a bit at the beginning, not at the end,
3594 * because ECDSA may ignore the last few bits of the input. */
3595 input_data->x[0] ^= 1;
3596 TEST_EQUAL( psa_verify_message( key, alg,
3597 input_data->x, input_data->len,
3598 signature, signature_length ),
3599 PSA_ERROR_INVALID_SIGNATURE );
3600 }
3601
3602exit:
3603 psa_reset_key_attributes( &attributes );
3604
3605 psa_destroy_key( key );
3606 mbedtls_free( signature );
3607 PSA_DONE( );
3608}
3609/* END_CASE */
3610
3611/* BEGIN_CASE */
3612void verify_message( int key_type_arg,
3613 data_t *key_data,
3614 int alg_arg,
3615 data_t *input_data,
3616 data_t *signature_data )
3617{
3618 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3619 psa_key_type_t key_type = key_type_arg;
3620 psa_algorithm_t alg = alg_arg;
3621 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3622
3623 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
3624
3625 PSA_ASSERT( psa_crypto_init( ) );
3626
3627 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
3628 psa_set_key_algorithm( &attributes, alg );
3629 psa_set_key_type( &attributes, key_type );
3630
3631 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3632 &key ) );
3633
3634 PSA_ASSERT( psa_verify_message( key, alg,
3635 input_data->x, input_data->len,
3636 signature_data->x, signature_data->len ) );
3637
3638exit:
3639 psa_reset_key_attributes( &attributes );
3640 psa_destroy_key( key );
3641 PSA_DONE( );
3642}
3643/* END_CASE */
3644
3645/* BEGIN_CASE */
3646void verify_message_fail( int key_type_arg,
3647 data_t *key_data,
3648 int alg_arg,
3649 data_t *hash_data,
3650 data_t *signature_data,
3651 int expected_status_arg )
3652{
3653 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3654 psa_key_type_t key_type = key_type_arg;
3655 psa_algorithm_t alg = alg_arg;
3656 psa_status_t actual_status;
3657 psa_status_t expected_status = expected_status_arg;
3658 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3659
3660 PSA_ASSERT( psa_crypto_init( ) );
3661
3662 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
3663 psa_set_key_algorithm( &attributes, alg );
3664 psa_set_key_type( &attributes, key_type );
3665
3666 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3667 &key ) );
3668
3669 actual_status = psa_verify_message( key, alg,
3670 hash_data->x, hash_data->len,
3671 signature_data->x,
3672 signature_data->len );
3673 TEST_EQUAL( actual_status, expected_status );
3674
3675exit:
3676 psa_reset_key_attributes( &attributes );
3677 psa_destroy_key( key );
3678 PSA_DONE( );
3679}
3680/* END_CASE */
3681
3682/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +02003683void asymmetric_encrypt( int key_type_arg,
3684 data_t *key_data,
3685 int alg_arg,
3686 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +02003687 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +02003688 int expected_output_length_arg,
3689 int expected_status_arg )
3690{
Ronald Cron5425a212020-08-04 14:58:35 +02003691 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine656896e2018-06-29 19:12:28 +02003692 psa_key_type_t key_type = key_type_arg;
3693 psa_algorithm_t alg = alg_arg;
3694 size_t expected_output_length = expected_output_length_arg;
3695 size_t key_bits;
3696 unsigned char *output = NULL;
3697 size_t output_size;
3698 size_t output_length = ~0;
3699 psa_status_t actual_status;
3700 psa_status_t expected_status = expected_status_arg;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003701 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine656896e2018-06-29 19:12:28 +02003702
Gilles Peskine8817f612018-12-18 00:18:46 +01003703 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinebdf309c2018-12-03 15:36:32 +01003704
Gilles Peskine656896e2018-06-29 19:12:28 +02003705 /* Import the key */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003706 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
3707 psa_set_key_algorithm( &attributes, alg );
3708 psa_set_key_type( &attributes, key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02003709 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003710 &key ) );
Gilles Peskine656896e2018-06-29 19:12:28 +02003711
3712 /* Determine the maximum output length */
Ronald Cron5425a212020-08-04 14:58:35 +02003713 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003714 key_bits = psa_get_key_bits( &attributes );
gabor-mezei-armceface22021-01-21 12:26:17 +01003715
Gilles Peskine656896e2018-06-29 19:12:28 +02003716 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
gabor-mezei-armceface22021-01-21 12:26:17 +01003717 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003718 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +02003719
3720 /* Encrypt the input */
Ronald Cron5425a212020-08-04 14:58:35 +02003721 actual_status = psa_asymmetric_encrypt( key, alg,
Gilles Peskine656896e2018-06-29 19:12:28 +02003722 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +02003723 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +02003724 output, output_size,
3725 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003726 TEST_EQUAL( actual_status, expected_status );
3727 TEST_EQUAL( output_length, expected_output_length );
Gilles Peskine656896e2018-06-29 19:12:28 +02003728
Gilles Peskine68428122018-06-30 18:42:41 +02003729 /* If the label is empty, the test framework puts a non-null pointer
3730 * in label->x. Test that a null pointer works as well. */
3731 if( label->len == 0 )
3732 {
3733 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02003734 if( output_size != 0 )
3735 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02003736 actual_status = psa_asymmetric_encrypt( key, alg,
Gilles Peskine68428122018-06-30 18:42:41 +02003737 input_data->x, input_data->len,
3738 NULL, label->len,
3739 output, output_size,
3740 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003741 TEST_EQUAL( actual_status, expected_status );
3742 TEST_EQUAL( output_length, expected_output_length );
Gilles Peskine68428122018-06-30 18:42:41 +02003743 }
3744
Gilles Peskine656896e2018-06-29 19:12:28 +02003745exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003746 /*
3747 * Key attributes may have been returned by psa_get_key_attributes()
3748 * thus reset them as required.
3749 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003750 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003751
Ronald Cron5425a212020-08-04 14:58:35 +02003752 psa_destroy_key( key );
Gilles Peskine656896e2018-06-29 19:12:28 +02003753 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003754 PSA_DONE( );
Gilles Peskine656896e2018-06-29 19:12:28 +02003755}
3756/* END_CASE */
3757
3758/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02003759void asymmetric_encrypt_decrypt( int key_type_arg,
3760 data_t *key_data,
3761 int alg_arg,
3762 data_t *input_data,
3763 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003764{
Ronald Cron5425a212020-08-04 14:58:35 +02003765 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003766 psa_key_type_t key_type = key_type_arg;
3767 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003768 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003769 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003770 size_t output_size;
3771 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +03003772 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003773 size_t output2_size;
3774 size_t output2_length = ~0;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003775 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003776
Gilles Peskine8817f612018-12-18 00:18:46 +01003777 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003778
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003779 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3780 psa_set_key_algorithm( &attributes, alg );
3781 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03003782
Gilles Peskine049c7532019-05-15 20:22:09 +02003783 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003784 &key ) );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003785
3786 /* Determine the maximum ciphertext length */
Ronald Cron5425a212020-08-04 14:58:35 +02003787 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003788 key_bits = psa_get_key_bits( &attributes );
gabor-mezei-armceface22021-01-21 12:26:17 +01003789
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003790 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
gabor-mezei-armceface22021-01-21 12:26:17 +01003791 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003792 ASSERT_ALLOC( output, output_size );
gabor-mezei-armceface22021-01-21 12:26:17 +01003793
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003794 output2_size = input_data->len;
gabor-mezei-armceface22021-01-21 12:26:17 +01003795 TEST_ASSERT( output2_size <=
3796 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
3797 TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003798 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003799
Gilles Peskineeebd7382018-06-08 18:11:54 +02003800 /* We test encryption by checking that encrypt-then-decrypt gives back
3801 * the original plaintext because of the non-optional random
3802 * part of encryption process which prevents using fixed vectors. */
Ronald Cron5425a212020-08-04 14:58:35 +02003803 PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01003804 input_data->x, input_data->len,
3805 label->x, label->len,
3806 output, output_size,
3807 &output_length ) );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003808 /* We don't know what ciphertext length to expect, but check that
3809 * it looks sensible. */
3810 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +03003811
Ronald Cron5425a212020-08-04 14:58:35 +02003812 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01003813 output, output_length,
3814 label->x, label->len,
3815 output2, output2_size,
3816 &output2_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003817 ASSERT_COMPARE( input_data->x, input_data->len,
3818 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003819
3820exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003821 /*
3822 * Key attributes may have been returned by psa_get_key_attributes()
3823 * thus reset them as required.
3824 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003825 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003826
Ronald Cron5425a212020-08-04 14:58:35 +02003827 psa_destroy_key( key );
itayzafrir3e02b3b2018-06-12 17:06:52 +03003828 mbedtls_free( output );
3829 mbedtls_free( output2 );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003830 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003831}
3832/* END_CASE */
3833
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003834/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02003835void asymmetric_decrypt( int key_type_arg,
3836 data_t *key_data,
3837 int alg_arg,
3838 data_t *input_data,
3839 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +02003840 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003841{
Ronald Cron5425a212020-08-04 14:58:35 +02003842 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003843 psa_key_type_t key_type = key_type_arg;
3844 psa_algorithm_t alg = alg_arg;
gabor-mezei-armceface22021-01-21 12:26:17 +01003845 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003846 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +03003847 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003848 size_t output_length = ~0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003849 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003850
Gilles Peskine8817f612018-12-18 00:18:46 +01003851 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003852
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003853 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
3854 psa_set_key_algorithm( &attributes, alg );
3855 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03003856
Gilles Peskine049c7532019-05-15 20:22:09 +02003857 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003858 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003859
gabor-mezei-armceface22021-01-21 12:26:17 +01003860 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3861 key_bits = psa_get_key_bits( &attributes );
3862
3863 /* Determine the maximum ciphertext length */
3864 output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
3865 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
3866 ASSERT_ALLOC( output, output_size );
3867
Ronald Cron5425a212020-08-04 14:58:35 +02003868 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01003869 input_data->x, input_data->len,
3870 label->x, label->len,
3871 output,
3872 output_size,
3873 &output_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003874 ASSERT_COMPARE( expected_data->x, expected_data->len,
3875 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003876
Gilles Peskine68428122018-06-30 18:42:41 +02003877 /* If the label is empty, the test framework puts a non-null pointer
3878 * in label->x. Test that a null pointer works as well. */
3879 if( label->len == 0 )
3880 {
3881 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02003882 if( output_size != 0 )
3883 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02003884 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01003885 input_data->x, input_data->len,
3886 NULL, label->len,
3887 output,
3888 output_size,
3889 &output_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003890 ASSERT_COMPARE( expected_data->x, expected_data->len,
3891 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +02003892 }
3893
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003894exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003895 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003896 psa_destroy_key( key );
itayzafrir3e02b3b2018-06-12 17:06:52 +03003897 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003898 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003899}
3900/* END_CASE */
3901
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003902/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02003903void asymmetric_decrypt_fail( int key_type_arg,
3904 data_t *key_data,
3905 int alg_arg,
3906 data_t *input_data,
3907 data_t *label,
Jaeden Amerof8daab72019-02-06 12:57:46 +00003908 int output_size_arg,
Gilles Peskine2d277862018-06-18 15:41:12 +02003909 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003910{
Ronald Cron5425a212020-08-04 14:58:35 +02003911 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003912 psa_key_type_t key_type = key_type_arg;
3913 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003914 unsigned char *output = NULL;
Jaeden Amerof8daab72019-02-06 12:57:46 +00003915 size_t output_size = output_size_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003916 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003917 psa_status_t actual_status;
3918 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003919 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003920
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003921 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +02003922
Gilles Peskine8817f612018-12-18 00:18:46 +01003923 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003924
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003925 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
3926 psa_set_key_algorithm( &attributes, alg );
3927 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03003928
Gilles Peskine049c7532019-05-15 20:22:09 +02003929 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003930 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003931
Ronald Cron5425a212020-08-04 14:58:35 +02003932 actual_status = psa_asymmetric_decrypt( key, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +02003933 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +02003934 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +02003935 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +02003936 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003937 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003938 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003939
Gilles Peskine68428122018-06-30 18:42:41 +02003940 /* If the label is empty, the test framework puts a non-null pointer
3941 * in label->x. Test that a null pointer works as well. */
3942 if( label->len == 0 )
3943 {
3944 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02003945 if( output_size != 0 )
3946 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02003947 actual_status = psa_asymmetric_decrypt( key, alg,
Gilles Peskine68428122018-06-30 18:42:41 +02003948 input_data->x, input_data->len,
3949 NULL, label->len,
3950 output, output_size,
3951 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003952 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02003953 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +02003954 }
3955
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003956exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003957 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003958 psa_destroy_key( key );
Gilles Peskine2d277862018-06-18 15:41:12 +02003959 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003960 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003961}
Gilles Peskine5b051bc2018-05-31 13:25:48 +02003962/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +02003963
3964/* BEGIN_CASE */
Gilles Peskinecbe66502019-05-16 16:59:18 +02003965void key_derivation_init( )
Jaeden Amerod94d6712019-01-04 14:11:48 +00003966{
3967 /* Test each valid way of initializing the object, except for `= {0}`, as
3968 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
3969 * though it's OK by the C standard. We could test for this, but we'd need
3970 * to supress the Clang warning for the test. */
Jaeden Amero5229bbb2019-02-07 16:33:37 +00003971 size_t capacity;
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02003972 psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
3973 psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
3974 psa_key_derivation_operation_t zero;
Jaeden Amerod94d6712019-01-04 14:11:48 +00003975
3976 memset( &zero, 0, sizeof( zero ) );
3977
Gilles Peskine51ae0e42019-05-16 17:31:03 +02003978 /* A default operation should not be able to report its capacity. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02003979 TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00003980 PSA_ERROR_BAD_STATE );
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02003981 TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00003982 PSA_ERROR_BAD_STATE );
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02003983 TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00003984 PSA_ERROR_BAD_STATE );
Jaeden Amero5229bbb2019-02-07 16:33:37 +00003985
Gilles Peskine51ae0e42019-05-16 17:31:03 +02003986 /* A default operation should be abortable without error. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02003987 PSA_ASSERT( psa_key_derivation_abort(&func) );
3988 PSA_ASSERT( psa_key_derivation_abort(&init) );
3989 PSA_ASSERT( psa_key_derivation_abort(&zero) );
Jaeden Amerod94d6712019-01-04 14:11:48 +00003990}
3991/* END_CASE */
3992
Janos Follath16de4a42019-06-13 16:32:24 +01003993/* BEGIN_CASE */
3994void derive_setup( int alg_arg, int expected_status_arg )
Gilles Peskineea0fb492018-07-12 17:17:20 +02003995{
Gilles Peskineea0fb492018-07-12 17:17:20 +02003996 psa_algorithm_t alg = alg_arg;
Gilles Peskineea0fb492018-07-12 17:17:20 +02003997 psa_status_t expected_status = expected_status_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02003998 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineea0fb492018-07-12 17:17:20 +02003999
Gilles Peskine8817f612018-12-18 00:18:46 +01004000 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004001
Janos Follath16de4a42019-06-13 16:32:24 +01004002 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01004003 expected_status );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004004
4005exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004006 psa_key_derivation_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004007 PSA_DONE( );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004008}
4009/* END_CASE */
4010
Janos Follathaf3c2a02019-06-12 12:34:34 +01004011/* BEGIN_CASE */
Janos Follatha27c9272019-06-14 09:59:36 +01004012void derive_set_capacity( int alg_arg, int capacity_arg,
4013 int expected_status_arg )
4014{
4015 psa_algorithm_t alg = alg_arg;
4016 size_t capacity = capacity_arg;
4017 psa_status_t expected_status = expected_status_arg;
4018 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4019
4020 PSA_ASSERT( psa_crypto_init( ) );
4021
4022 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4023
4024 TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ),
4025 expected_status );
4026
4027exit:
4028 psa_key_derivation_abort( &operation );
4029 PSA_DONE( );
4030}
4031/* END_CASE */
4032
4033/* BEGIN_CASE */
Janos Follathaf3c2a02019-06-12 12:34:34 +01004034void derive_input( int alg_arg,
Gilles Peskine6842ba42019-09-23 13:49:33 +02004035 int step_arg1, int key_type_arg1, data_t *input1,
Janos Follathaf3c2a02019-06-12 12:34:34 +01004036 int expected_status_arg1,
Gilles Peskine2058c072019-09-24 17:19:33 +02004037 int step_arg2, int key_type_arg2, data_t *input2,
Janos Follathaf3c2a02019-06-12 12:34:34 +01004038 int expected_status_arg2,
Gilles Peskine2058c072019-09-24 17:19:33 +02004039 int step_arg3, int key_type_arg3, data_t *input3,
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004040 int expected_status_arg3,
4041 int output_key_type_arg, int expected_output_status_arg )
Janos Follathaf3c2a02019-06-12 12:34:34 +01004042{
4043 psa_algorithm_t alg = alg_arg;
Gilles Peskine6842ba42019-09-23 13:49:33 +02004044 psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3};
4045 psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3};
Janos Follathaf3c2a02019-06-12 12:34:34 +01004046 psa_status_t expected_statuses[] = {expected_status_arg1,
4047 expected_status_arg2,
4048 expected_status_arg3};
4049 data_t *inputs[] = {input1, input2, input3};
Ronald Cron5425a212020-08-04 14:58:35 +02004050 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
4051 MBEDTLS_SVC_KEY_ID_INIT,
4052 MBEDTLS_SVC_KEY_ID_INIT };
Janos Follathaf3c2a02019-06-12 12:34:34 +01004053 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4054 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
4055 size_t i;
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004056 psa_key_type_t output_key_type = output_key_type_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02004057 mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004058 psa_status_t expected_output_status = expected_output_status_arg;
4059 psa_status_t actual_output_status;
Janos Follathaf3c2a02019-06-12 12:34:34 +01004060
4061 PSA_ASSERT( psa_crypto_init( ) );
4062
4063 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4064 psa_set_key_algorithm( &attributes, alg );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004065
4066 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4067
4068 for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
4069 {
Gilles Peskine4023c012021-05-27 13:21:20 +02004070 mbedtls_test_set_step( i );
4071 if( steps[i] == 0 )
4072 {
4073 /* Skip this step */
4074 }
4075 else if( key_types[i] != PSA_KEY_TYPE_NONE )
Janos Follathaf3c2a02019-06-12 12:34:34 +01004076 {
Gilles Peskine6842ba42019-09-23 13:49:33 +02004077 psa_set_key_type( &attributes, key_types[i] );
4078 PSA_ASSERT( psa_import_key( &attributes,
4079 inputs[i]->x, inputs[i]->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004080 &keys[i] ) );
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004081 if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
4082 steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
4083 {
4084 // When taking a private key as secret input, use key agreement
4085 // to add the shared secret to the derivation
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004086 TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self(
4087 &operation, keys[i] ),
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004088 expected_statuses[i] );
4089 }
4090 else
4091 {
4092 TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
Ronald Cron5425a212020-08-04 14:58:35 +02004093 keys[i] ),
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004094 expected_statuses[i] );
4095 }
Gilles Peskine6842ba42019-09-23 13:49:33 +02004096 }
4097 else
4098 {
4099 TEST_EQUAL( psa_key_derivation_input_bytes(
4100 &operation, steps[i],
4101 inputs[i]->x, inputs[i]->len ),
4102 expected_statuses[i] );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004103 }
4104 }
4105
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004106 if( output_key_type != PSA_KEY_TYPE_NONE )
4107 {
4108 psa_reset_key_attributes( &attributes );
4109 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
4110 psa_set_key_bits( &attributes, 8 );
4111 actual_output_status =
4112 psa_key_derivation_output_key( &attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004113 &output_key );
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004114 }
4115 else
4116 {
4117 uint8_t buffer[1];
4118 actual_output_status =
4119 psa_key_derivation_output_bytes( &operation,
4120 buffer, sizeof( buffer ) );
4121 }
4122 TEST_EQUAL( actual_output_status, expected_output_status );
4123
Janos Follathaf3c2a02019-06-12 12:34:34 +01004124exit:
4125 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004126 for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
4127 psa_destroy_key( keys[i] );
4128 psa_destroy_key( output_key );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004129 PSA_DONE( );
4130}
4131/* END_CASE */
4132
Janos Follathd958bb72019-07-03 15:02:16 +01004133/* BEGIN_CASE */
Gilles Peskine1c77edd2021-05-27 11:55:02 +02004134void derive_over_capacity( int alg_arg )
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004135{
Janos Follathd958bb72019-07-03 15:02:16 +01004136 psa_algorithm_t alg = alg_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02004137 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein4eda37b2018-10-31 12:15:58 +02004138 size_t key_type = PSA_KEY_TYPE_DERIVE;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004139 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Janos Follathd958bb72019-07-03 15:02:16 +01004140 unsigned char input1[] = "Input 1";
4141 size_t input1_length = sizeof( input1 );
4142 unsigned char input2[] = "Input 2";
4143 size_t input2_length = sizeof( input2 );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004144 uint8_t buffer[42];
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +02004145 size_t capacity = sizeof( buffer );
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +02004146 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4147 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4148 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004149 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004150
Gilles Peskine8817f612018-12-18 00:18:46 +01004151 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004152
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004153 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4154 psa_set_key_algorithm( &attributes, alg );
4155 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004156
Gilles Peskine73676cb2019-05-15 20:15:10 +02004157 PSA_ASSERT( psa_import_key( &attributes,
4158 key_data, sizeof( key_data ),
Ronald Cron5425a212020-08-04 14:58:35 +02004159 &key ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004160
4161 /* valid key derivation */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004162 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
4163 input1, input1_length,
4164 input2, input2_length,
4165 capacity ) )
Janos Follathd958bb72019-07-03 15:02:16 +01004166 goto exit;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004167
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004168 /* state of operation shouldn't allow additional generation */
Janos Follathd958bb72019-07-03 15:02:16 +01004169 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01004170 PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004171
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004172 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004173
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004174 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
David Saadab4ecc272019-02-14 13:48:10 +02004175 PSA_ERROR_INSUFFICIENT_DATA );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004176
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004177exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004178 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004179 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004180 PSA_DONE( );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004181}
4182/* END_CASE */
4183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004184/* BEGIN_CASE */
Gilles Peskine1c77edd2021-05-27 11:55:02 +02004185void derive_actions_without_setup( )
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004186{
4187 uint8_t output_buffer[16];
4188 size_t buffer_size = 16;
4189 size_t capacity = 0;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004190 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004191
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004192 TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
4193 output_buffer, buffer_size )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004194 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004195
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004196 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004197 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004198
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004199 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004200
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004201 TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
4202 output_buffer, buffer_size )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004203 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004204
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004205 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004206 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004207
4208exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004209 psa_key_derivation_abort( &operation );
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004210}
4211/* END_CASE */
4212
4213/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004214void derive_output( int alg_arg,
Gilles Peskine1468da72019-05-29 17:35:49 +02004215 int step1_arg, data_t *input1,
4216 int step2_arg, data_t *input2,
4217 int step3_arg, data_t *input3,
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004218 int requested_capacity_arg,
4219 data_t *expected_output1,
4220 data_t *expected_output2 )
4221{
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004222 psa_algorithm_t alg = alg_arg;
Gilles Peskine1468da72019-05-29 17:35:49 +02004223 psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
4224 data_t *inputs[] = {input1, input2, input3};
Ronald Cron5425a212020-08-04 14:58:35 +02004225 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
4226 MBEDTLS_SVC_KEY_ID_INIT,
4227 MBEDTLS_SVC_KEY_ID_INIT };
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004228 size_t requested_capacity = requested_capacity_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004229 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004230 uint8_t *expected_outputs[2] =
4231 {expected_output1->x, expected_output2->x};
4232 size_t output_sizes[2] =
4233 {expected_output1->len, expected_output2->len};
4234 size_t output_buffer_size = 0;
4235 uint8_t *output_buffer = NULL;
4236 size_t expected_capacity;
4237 size_t current_capacity;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004238 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004239 psa_status_t status;
Gilles Peskine1468da72019-05-29 17:35:49 +02004240 size_t i;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004241
4242 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
4243 {
4244 if( output_sizes[i] > output_buffer_size )
4245 output_buffer_size = output_sizes[i];
4246 if( output_sizes[i] == 0 )
4247 expected_outputs[i] = NULL;
4248 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004249 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine8817f612018-12-18 00:18:46 +01004250 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004251
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004252 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4253 psa_set_key_algorithm( &attributes, alg );
4254 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004255
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004256 /* Extraction phase. */
Gilles Peskine1468da72019-05-29 17:35:49 +02004257 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4258 PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
4259 requested_capacity ) );
4260 for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
Gilles Peskineb70a0fd2019-01-07 22:59:38 +01004261 {
Gilles Peskine1468da72019-05-29 17:35:49 +02004262 switch( steps[i] )
4263 {
4264 case 0:
4265 break;
4266 case PSA_KEY_DERIVATION_INPUT_SECRET:
4267 PSA_ASSERT( psa_import_key( &attributes,
4268 inputs[i]->x, inputs[i]->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004269 &keys[i] ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01004270
4271 if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
4272 {
4273 PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
4274 TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
4275 PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
4276 }
4277
Gilles Peskine1468da72019-05-29 17:35:49 +02004278 PSA_ASSERT( psa_key_derivation_input_key(
Ronald Cron5425a212020-08-04 14:58:35 +02004279 &operation, steps[i], keys[i] ) );
Gilles Peskine1468da72019-05-29 17:35:49 +02004280 break;
4281 default:
4282 PSA_ASSERT( psa_key_derivation_input_bytes(
4283 &operation, steps[i],
4284 inputs[i]->x, inputs[i]->len ) );
4285 break;
4286 }
Gilles Peskineb70a0fd2019-01-07 22:59:38 +01004287 }
Gilles Peskine1468da72019-05-29 17:35:49 +02004288
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004289 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004290 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004291 TEST_EQUAL( current_capacity, requested_capacity );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004292 expected_capacity = requested_capacity;
4293
4294 /* Expansion phase. */
4295 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
4296 {
4297 /* Read some bytes. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004298 status = psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004299 output_buffer, output_sizes[i] );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004300 if( expected_capacity == 0 && output_sizes[i] == 0 )
4301 {
4302 /* Reading 0 bytes when 0 bytes are available can go either way. */
4303 TEST_ASSERT( status == PSA_SUCCESS ||
David Saadab4ecc272019-02-14 13:48:10 +02004304 status == PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004305 continue;
4306 }
4307 else if( expected_capacity == 0 ||
4308 output_sizes[i] > expected_capacity )
4309 {
4310 /* Capacity exceeded. */
David Saadab4ecc272019-02-14 13:48:10 +02004311 TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004312 expected_capacity = 0;
4313 continue;
4314 }
4315 /* Success. Check the read data. */
Gilles Peskine8817f612018-12-18 00:18:46 +01004316 PSA_ASSERT( status );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004317 if( output_sizes[i] != 0 )
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004318 ASSERT_COMPARE( output_buffer, output_sizes[i],
4319 expected_outputs[i], output_sizes[i] );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004320 /* Check the operation status. */
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004321 expected_capacity -= output_sizes[i];
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004322 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004323 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004324 TEST_EQUAL( expected_capacity, current_capacity );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004325 }
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004326 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004327
4328exit:
4329 mbedtls_free( output_buffer );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004330 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004331 for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
4332 psa_destroy_key( keys[i] );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004333 PSA_DONE( );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004334}
4335/* END_CASE */
4336
4337/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +02004338void derive_full( int alg_arg,
4339 data_t *key_data,
Janos Follath47f27ed2019-06-25 13:24:52 +01004340 data_t *input1,
4341 data_t *input2,
Gilles Peskined54931c2018-07-17 21:06:59 +02004342 int requested_capacity_arg )
4343{
Ronald Cron5425a212020-08-04 14:58:35 +02004344 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004345 psa_algorithm_t alg = alg_arg;
4346 size_t requested_capacity = requested_capacity_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004347 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004348 unsigned char output_buffer[16];
4349 size_t expected_capacity = requested_capacity;
4350 size_t current_capacity;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004351 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004352
Gilles Peskine8817f612018-12-18 00:18:46 +01004353 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004354
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004355 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4356 psa_set_key_algorithm( &attributes, alg );
4357 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskined54931c2018-07-17 21:06:59 +02004358
Gilles Peskine049c7532019-05-15 20:22:09 +02004359 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004360 &key ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004361
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004362 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
4363 input1->x, input1->len,
4364 input2->x, input2->len,
4365 requested_capacity ) )
Janos Follathf2815ea2019-07-03 12:41:36 +01004366 goto exit;
Janos Follath47f27ed2019-06-25 13:24:52 +01004367
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004368 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004369 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004370 TEST_EQUAL( current_capacity, expected_capacity );
Gilles Peskined54931c2018-07-17 21:06:59 +02004371
4372 /* Expansion phase. */
4373 while( current_capacity > 0 )
4374 {
4375 size_t read_size = sizeof( output_buffer );
4376 if( read_size > current_capacity )
4377 read_size = current_capacity;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004378 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004379 output_buffer,
4380 read_size ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004381 expected_capacity -= read_size;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004382 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004383 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004384 TEST_EQUAL( current_capacity, expected_capacity );
Gilles Peskined54931c2018-07-17 21:06:59 +02004385 }
4386
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004387 /* Check that the operation refuses to go over capacity. */
4388 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
David Saadab4ecc272019-02-14 13:48:10 +02004389 PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskined54931c2018-07-17 21:06:59 +02004390
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004391 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004392
4393exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004394 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004395 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004396 PSA_DONE( );
Gilles Peskined54931c2018-07-17 21:06:59 +02004397}
4398/* END_CASE */
4399
Janos Follathe60c9052019-07-03 13:51:30 +01004400/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +02004401void derive_key_exercise( int alg_arg,
4402 data_t *key_data,
Janos Follathe60c9052019-07-03 13:51:30 +01004403 data_t *input1,
4404 data_t *input2,
Gilles Peskine0386fba2018-07-12 17:29:22 +02004405 int derived_type_arg,
4406 int derived_bits_arg,
4407 int derived_usage_arg,
4408 int derived_alg_arg )
4409{
Ronald Cron5425a212020-08-04 14:58:35 +02004410 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4411 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004412 psa_algorithm_t alg = alg_arg;
4413 psa_key_type_t derived_type = derived_type_arg;
4414 size_t derived_bits = derived_bits_arg;
4415 psa_key_usage_t derived_usage = derived_usage_arg;
4416 psa_algorithm_t derived_alg = derived_alg_arg;
4417 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004418 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004419 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004420 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004421
Gilles Peskine8817f612018-12-18 00:18:46 +01004422 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004423
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004424 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4425 psa_set_key_algorithm( &attributes, alg );
4426 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02004427 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004428 &base_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004429
4430 /* Derive a key. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004431 if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4432 input1->x, input1->len,
4433 input2->x, input2->len,
4434 capacity ) )
Janos Follathe60c9052019-07-03 13:51:30 +01004435 goto exit;
4436
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004437 psa_set_key_usage_flags( &attributes, derived_usage );
4438 psa_set_key_algorithm( &attributes, derived_alg );
4439 psa_set_key_type( &attributes, derived_type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004440 psa_set_key_bits( &attributes, derived_bits );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004441 PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004442 &derived_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004443
4444 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02004445 PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004446 TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
4447 TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004448
4449 /* Exercise the derived key. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004450 if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) )
Gilles Peskine0386fba2018-07-12 17:29:22 +02004451 goto exit;
4452
4453exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004454 /*
4455 * Key attributes may have been returned by psa_get_key_attributes()
4456 * thus reset them as required.
4457 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004458 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004459
4460 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004461 psa_destroy_key( base_key );
4462 psa_destroy_key( derived_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004463 PSA_DONE( );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004464}
4465/* END_CASE */
4466
Janos Follath42fd8882019-07-03 14:17:09 +01004467/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +02004468void derive_key_export( int alg_arg,
4469 data_t *key_data,
Janos Follath42fd8882019-07-03 14:17:09 +01004470 data_t *input1,
4471 data_t *input2,
Gilles Peskine0386fba2018-07-12 17:29:22 +02004472 int bytes1_arg,
4473 int bytes2_arg )
4474{
Ronald Cron5425a212020-08-04 14:58:35 +02004475 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4476 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004477 psa_algorithm_t alg = alg_arg;
4478 size_t bytes1 = bytes1_arg;
4479 size_t bytes2 = bytes2_arg;
4480 size_t capacity = bytes1 + bytes2;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004481 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004482 uint8_t *output_buffer = NULL;
4483 uint8_t *export_buffer = NULL;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004484 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
4485 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004486 size_t length;
4487
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004488 ASSERT_ALLOC( output_buffer, capacity );
4489 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine8817f612018-12-18 00:18:46 +01004490 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004491
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004492 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
4493 psa_set_key_algorithm( &base_attributes, alg );
4494 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02004495 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004496 &base_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004497
4498 /* Derive some material and output it. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004499 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4500 input1->x, input1->len,
4501 input2->x, input2->len,
4502 capacity ) )
Janos Follath42fd8882019-07-03 14:17:09 +01004503 goto exit;
4504
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004505 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004506 output_buffer,
4507 capacity ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004508 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004509
4510 /* Derive the same output again, but this time store it in key objects. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004511 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4512 input1->x, input1->len,
4513 input2->x, input2->len,
4514 capacity ) )
Janos Follath42fd8882019-07-03 14:17:09 +01004515 goto exit;
4516
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004517 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
4518 psa_set_key_algorithm( &derived_attributes, 0 );
4519 psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004520 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004521 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004522 &derived_key ) );
4523 PSA_ASSERT( psa_export_key( derived_key,
Gilles Peskine8817f612018-12-18 00:18:46 +01004524 export_buffer, bytes1,
4525 &length ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004526 TEST_EQUAL( length, bytes1 );
Ronald Cron5425a212020-08-04 14:58:35 +02004527 PSA_ASSERT( psa_destroy_key( derived_key ) );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004528 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004529 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004530 &derived_key ) );
4531 PSA_ASSERT( psa_export_key( derived_key,
Gilles Peskine8817f612018-12-18 00:18:46 +01004532 export_buffer + bytes1, bytes2,
4533 &length ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004534 TEST_EQUAL( length, bytes2 );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004535
4536 /* Compare the outputs from the two runs. */
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004537 ASSERT_COMPARE( output_buffer, bytes1 + bytes2,
4538 export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004539
4540exit:
4541 mbedtls_free( output_buffer );
4542 mbedtls_free( export_buffer );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004543 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004544 psa_destroy_key( base_key );
4545 psa_destroy_key( derived_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004546 PSA_DONE( );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004547}
4548/* END_CASE */
4549
4550/* BEGIN_CASE */
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004551void derive_key( int alg_arg,
4552 data_t *key_data, data_t *input1, data_t *input2,
4553 int type_arg, int bits_arg,
Steven Cooreman83fdb702021-01-21 14:24:39 +01004554 int expected_status_arg,
4555 int is_large_output )
Gilles Peskinec744d992019-07-30 17:26:54 +02004556{
Ronald Cron5425a212020-08-04 14:58:35 +02004557 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4558 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec744d992019-07-30 17:26:54 +02004559 psa_algorithm_t alg = alg_arg;
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004560 psa_key_type_t type = type_arg;
Gilles Peskinec744d992019-07-30 17:26:54 +02004561 size_t bits = bits_arg;
4562 psa_status_t expected_status = expected_status_arg;
4563 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4564 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
4565 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
4566
4567 PSA_ASSERT( psa_crypto_init( ) );
4568
4569 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
4570 psa_set_key_algorithm( &base_attributes, alg );
4571 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
4572 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004573 &base_key ) );
Gilles Peskinec744d992019-07-30 17:26:54 +02004574
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004575 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4576 input1->x, input1->len,
4577 input2->x, input2->len,
4578 SIZE_MAX ) )
Gilles Peskinec744d992019-07-30 17:26:54 +02004579 goto exit;
4580
4581 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
4582 psa_set_key_algorithm( &derived_attributes, 0 );
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004583 psa_set_key_type( &derived_attributes, type );
Gilles Peskinec744d992019-07-30 17:26:54 +02004584 psa_set_key_bits( &derived_attributes, bits );
Steven Cooreman83fdb702021-01-21 14:24:39 +01004585
4586 psa_status_t status =
4587 psa_key_derivation_output_key( &derived_attributes,
4588 &operation,
4589 &derived_key );
4590 if( is_large_output > 0 )
4591 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
4592 TEST_EQUAL( status, expected_status );
Gilles Peskinec744d992019-07-30 17:26:54 +02004593
4594exit:
4595 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004596 psa_destroy_key( base_key );
4597 psa_destroy_key( derived_key );
Gilles Peskinec744d992019-07-30 17:26:54 +02004598 PSA_DONE( );
4599}
4600/* END_CASE */
4601
4602/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +02004603void key_agreement_setup( int alg_arg,
Steven Cooremance48e852020-10-05 16:02:45 +02004604 int our_key_type_arg, int our_key_alg_arg,
4605 data_t *our_key_data, data_t *peer_key_data,
Gilles Peskine01d718c2018-09-18 12:01:02 +02004606 int expected_status_arg )
4607{
Ronald Cron5425a212020-08-04 14:58:35 +02004608 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004609 psa_algorithm_t alg = alg_arg;
Steven Cooremanfa5e6312020-10-15 17:07:12 +02004610 psa_algorithm_t our_key_alg = our_key_alg_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004611 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004612 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004613 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine77f40d82019-04-11 21:27:06 +02004614 psa_status_t expected_status = expected_status_arg;
4615 psa_status_t status;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004616
Gilles Peskine8817f612018-12-18 00:18:46 +01004617 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004618
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004619 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
Steven Cooremanfa5e6312020-10-15 17:07:12 +02004620 psa_set_key_algorithm( &attributes, our_key_alg );
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004621 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004622 PSA_ASSERT( psa_import_key( &attributes,
4623 our_key_data->x, our_key_data->len,
4624 &our_key ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004625
Gilles Peskine77f40d82019-04-11 21:27:06 +02004626 /* The tests currently include inputs that should fail at either step.
4627 * Test cases that fail at the setup step should be changed to call
4628 * key_derivation_setup instead, and this function should be renamed
4629 * to key_agreement_fail. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004630 status = psa_key_derivation_setup( &operation, alg );
Gilles Peskine77f40d82019-04-11 21:27:06 +02004631 if( status == PSA_SUCCESS )
4632 {
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004633 TEST_EQUAL( psa_key_derivation_key_agreement(
4634 &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
4635 our_key,
4636 peer_key_data->x, peer_key_data->len ),
Gilles Peskine77f40d82019-04-11 21:27:06 +02004637 expected_status );
4638 }
4639 else
4640 {
4641 TEST_ASSERT( status == expected_status );
4642 }
Gilles Peskine01d718c2018-09-18 12:01:02 +02004643
4644exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004645 psa_key_derivation_abort( &operation );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004646 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004647 PSA_DONE( );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004648}
4649/* END_CASE */
4650
4651/* BEGIN_CASE */
Gilles Peskinef0cba732019-04-11 22:12:38 +02004652void raw_key_agreement( int alg_arg,
4653 int our_key_type_arg, data_t *our_key_data,
4654 data_t *peer_key_data,
4655 data_t *expected_output )
4656{
Ronald Cron5425a212020-08-04 14:58:35 +02004657 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinef0cba732019-04-11 22:12:38 +02004658 psa_algorithm_t alg = alg_arg;
4659 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004660 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef0cba732019-04-11 22:12:38 +02004661 unsigned char *output = NULL;
4662 size_t output_length = ~0;
gabor-mezei-armceface22021-01-21 12:26:17 +01004663 size_t key_bits;
Gilles Peskinef0cba732019-04-11 22:12:38 +02004664
4665 ASSERT_ALLOC( output, expected_output->len );
4666 PSA_ASSERT( psa_crypto_init( ) );
4667
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004668 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4669 psa_set_key_algorithm( &attributes, alg );
4670 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004671 PSA_ASSERT( psa_import_key( &attributes,
4672 our_key_data->x, our_key_data->len,
4673 &our_key ) );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004674
gabor-mezei-armceface22021-01-21 12:26:17 +01004675 PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
4676 key_bits = psa_get_key_bits( &attributes );
4677
Gilles Peskinebe697d82019-05-16 18:00:41 +02004678 PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
4679 peer_key_data->x, peer_key_data->len,
4680 output, expected_output->len,
4681 &output_length ) );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004682 ASSERT_COMPARE( output, output_length,
4683 expected_output->x, expected_output->len );
gabor-mezei-armceface22021-01-21 12:26:17 +01004684 TEST_ASSERT( output_length <=
4685 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
4686 TEST_ASSERT( output_length <=
4687 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004688
4689exit:
4690 mbedtls_free( output );
4691 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004692 PSA_DONE( );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004693}
4694/* END_CASE */
4695
4696/* BEGIN_CASE */
Gilles Peskine59685592018-09-18 12:11:34 +02004697void key_agreement_capacity( int alg_arg,
4698 int our_key_type_arg, data_t *our_key_data,
4699 data_t *peer_key_data,
4700 int expected_capacity_arg )
4701{
Ronald Cron5425a212020-08-04 14:58:35 +02004702 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02004703 psa_algorithm_t alg = alg_arg;
4704 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004705 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004706 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02004707 size_t actual_capacity;
Gilles Peskinebf491972018-10-25 22:36:12 +02004708 unsigned char output[16];
Gilles Peskine59685592018-09-18 12:11:34 +02004709
Gilles Peskine8817f612018-12-18 00:18:46 +01004710 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004711
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004712 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4713 psa_set_key_algorithm( &attributes, alg );
4714 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004715 PSA_ASSERT( psa_import_key( &attributes,
4716 our_key_data->x, our_key_data->len,
4717 &our_key ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004718
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004719 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004720 PSA_ASSERT( psa_key_derivation_key_agreement(
4721 &operation,
4722 PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
4723 peer_key_data->x, peer_key_data->len ) );
Gilles Peskinef8a9d942019-04-11 22:13:20 +02004724 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
4725 {
4726 /* The test data is for info="" */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004727 PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
Gilles Peskine03410b52019-05-16 16:05:19 +02004728 PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskinef8a9d942019-04-11 22:13:20 +02004729 NULL, 0 ) );
4730 }
Gilles Peskine59685592018-09-18 12:11:34 +02004731
Gilles Peskinebf491972018-10-25 22:36:12 +02004732 /* Test the advertized capacity. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004733 PSA_ASSERT( psa_key_derivation_get_capacity(
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004734 &operation, &actual_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004735 TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
Gilles Peskine59685592018-09-18 12:11:34 +02004736
Gilles Peskinebf491972018-10-25 22:36:12 +02004737 /* Test the actual capacity by reading the output. */
4738 while( actual_capacity > sizeof( output ) )
4739 {
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004740 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004741 output, sizeof( output ) ) );
Gilles Peskinebf491972018-10-25 22:36:12 +02004742 actual_capacity -= sizeof( output );
4743 }
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004744 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004745 output, actual_capacity ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004746 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
David Saadab4ecc272019-02-14 13:48:10 +02004747 PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskinebf491972018-10-25 22:36:12 +02004748
Gilles Peskine59685592018-09-18 12:11:34 +02004749exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004750 psa_key_derivation_abort( &operation );
Gilles Peskine59685592018-09-18 12:11:34 +02004751 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004752 PSA_DONE( );
Gilles Peskine59685592018-09-18 12:11:34 +02004753}
4754/* END_CASE */
4755
4756/* BEGIN_CASE */
4757void key_agreement_output( int alg_arg,
4758 int our_key_type_arg, data_t *our_key_data,
4759 data_t *peer_key_data,
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02004760 data_t *expected_output1, data_t *expected_output2 )
Gilles Peskine59685592018-09-18 12:11:34 +02004761{
Ronald Cron5425a212020-08-04 14:58:35 +02004762 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02004763 psa_algorithm_t alg = alg_arg;
4764 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004765 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004766 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02004767 uint8_t *actual_output = NULL;
Gilles Peskine59685592018-09-18 12:11:34 +02004768
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02004769 ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
4770 expected_output2->len ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004771
Gilles Peskine8817f612018-12-18 00:18:46 +01004772 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004773
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004774 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4775 psa_set_key_algorithm( &attributes, alg );
4776 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004777 PSA_ASSERT( psa_import_key( &attributes,
4778 our_key_data->x, our_key_data->len,
4779 &our_key ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004780
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004781 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004782 PSA_ASSERT( psa_key_derivation_key_agreement(
4783 &operation,
4784 PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
4785 peer_key_data->x, peer_key_data->len ) );
Gilles Peskinef8a9d942019-04-11 22:13:20 +02004786 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
4787 {
4788 /* The test data is for info="" */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004789 PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
Gilles Peskine03410b52019-05-16 16:05:19 +02004790 PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskinef8a9d942019-04-11 22:13:20 +02004791 NULL, 0 ) );
4792 }
Gilles Peskine59685592018-09-18 12:11:34 +02004793
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004794 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004795 actual_output,
4796 expected_output1->len ) );
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004797 ASSERT_COMPARE( actual_output, expected_output1->len,
4798 expected_output1->x, expected_output1->len );
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02004799 if( expected_output2->len != 0 )
4800 {
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004801 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004802 actual_output,
4803 expected_output2->len ) );
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004804 ASSERT_COMPARE( actual_output, expected_output2->len,
4805 expected_output2->x, expected_output2->len );
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02004806 }
Gilles Peskine59685592018-09-18 12:11:34 +02004807
4808exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004809 psa_key_derivation_abort( &operation );
Gilles Peskine59685592018-09-18 12:11:34 +02004810 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004811 PSA_DONE( );
Gilles Peskine59685592018-09-18 12:11:34 +02004812 mbedtls_free( actual_output );
4813}
4814/* END_CASE */
4815
4816/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +02004817void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +02004818{
Gilles Peskinea50d7392018-06-21 10:22:13 +02004819 size_t bytes = bytes_arg;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004820 unsigned char *output = NULL;
4821 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +02004822 size_t i;
4823 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +02004824
Simon Butcher49f8e312020-03-03 15:51:50 +00004825 TEST_ASSERT( bytes_arg >= 0 );
4826
Gilles Peskine91892022021-02-08 19:50:26 +01004827 ASSERT_ALLOC( output, bytes );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004828 ASSERT_ALLOC( changed, bytes );
Gilles Peskine05d69892018-06-19 22:00:52 +02004829
Gilles Peskine8817f612018-12-18 00:18:46 +01004830 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine05d69892018-06-19 22:00:52 +02004831
Gilles Peskinea50d7392018-06-21 10:22:13 +02004832 /* Run several times, to ensure that every output byte will be
4833 * nonzero at least once with overwhelming probability
4834 * (2^(-8*number_of_runs)). */
4835 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +02004836 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004837 if( bytes != 0 )
4838 memset( output, 0, bytes );
Gilles Peskine8817f612018-12-18 00:18:46 +01004839 PSA_ASSERT( psa_generate_random( output, bytes ) );
Gilles Peskinea50d7392018-06-21 10:22:13 +02004840
Gilles Peskinea50d7392018-06-21 10:22:13 +02004841 for( i = 0; i < bytes; i++ )
4842 {
4843 if( output[i] != 0 )
4844 ++changed[i];
4845 }
Gilles Peskine05d69892018-06-19 22:00:52 +02004846 }
Gilles Peskinea50d7392018-06-21 10:22:13 +02004847
4848 /* Check that every byte was changed to nonzero at least once. This
4849 * validates that psa_generate_random is overwriting every byte of
4850 * the output buffer. */
4851 for( i = 0; i < bytes; i++ )
4852 {
4853 TEST_ASSERT( changed[i] != 0 );
4854 }
Gilles Peskine05d69892018-06-19 22:00:52 +02004855
4856exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004857 PSA_DONE( );
Gilles Peskinea50d7392018-06-21 10:22:13 +02004858 mbedtls_free( output );
4859 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +02004860}
4861/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +02004862
4863/* BEGIN_CASE */
4864void generate_key( int type_arg,
4865 int bits_arg,
4866 int usage_arg,
4867 int alg_arg,
Steven Cooreman83fdb702021-01-21 14:24:39 +01004868 int expected_status_arg,
4869 int is_large_key )
Gilles Peskine12313cd2018-06-20 00:20:32 +02004870{
Ronald Cron5425a212020-08-04 14:58:35 +02004871 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine12313cd2018-06-20 00:20:32 +02004872 psa_key_type_t type = type_arg;
4873 psa_key_usage_t usage = usage_arg;
4874 size_t bits = bits_arg;
4875 psa_algorithm_t alg = alg_arg;
4876 psa_status_t expected_status = expected_status_arg;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004877 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004878 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine12313cd2018-06-20 00:20:32 +02004879
Gilles Peskine8817f612018-12-18 00:18:46 +01004880 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine12313cd2018-06-20 00:20:32 +02004881
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004882 psa_set_key_usage_flags( &attributes, usage );
4883 psa_set_key_algorithm( &attributes, alg );
4884 psa_set_key_type( &attributes, type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004885 psa_set_key_bits( &attributes, bits );
Gilles Peskine12313cd2018-06-20 00:20:32 +02004886
4887 /* Generate a key */
Steven Cooreman83fdb702021-01-21 14:24:39 +01004888 psa_status_t status = psa_generate_key( &attributes, &key );
4889
4890 if( is_large_key > 0 )
4891 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
4892 TEST_EQUAL( status , expected_status );
Gilles Peskinee56e8782019-04-26 17:34:02 +02004893 if( expected_status != PSA_SUCCESS )
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004894 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +02004895
4896 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02004897 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004898 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
4899 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
Gilles Peskine12313cd2018-06-20 00:20:32 +02004900
Gilles Peskine818ca122018-06-20 18:16:48 +02004901 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004902 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine02b75072018-07-01 22:31:34 +02004903 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +02004904
4905exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004906 /*
4907 * Key attributes may have been returned by psa_get_key_attributes()
4908 * thus reset them as required.
4909 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004910 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004911
Ronald Cron5425a212020-08-04 14:58:35 +02004912 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004913 PSA_DONE( );
Gilles Peskine12313cd2018-06-20 00:20:32 +02004914}
4915/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +03004916
Ronald Cronee414c72021-03-18 18:50:08 +01004917/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */
Gilles Peskinee56e8782019-04-26 17:34:02 +02004918void generate_key_rsa( int bits_arg,
4919 data_t *e_arg,
4920 int expected_status_arg )
4921{
Ronald Cron5425a212020-08-04 14:58:35 +02004922 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec93b80c2019-05-16 19:39:54 +02004923 psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
Gilles Peskinee56e8782019-04-26 17:34:02 +02004924 size_t bits = bits_arg;
4925 psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
4926 psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
4927 psa_status_t expected_status = expected_status_arg;
4928 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
4929 uint8_t *exported = NULL;
4930 size_t exported_size =
gabor-mezei-armcbcec212020-12-18 14:23:51 +01004931 PSA_EXPORT_KEY_OUTPUT_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits );
Gilles Peskinee56e8782019-04-26 17:34:02 +02004932 size_t exported_length = SIZE_MAX;
4933 uint8_t *e_read_buffer = NULL;
4934 int is_default_public_exponent = 0;
Gilles Peskineaa02c172019-04-28 11:44:17 +02004935 size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits );
Gilles Peskinee56e8782019-04-26 17:34:02 +02004936 size_t e_read_length = SIZE_MAX;
4937
4938 if( e_arg->len == 0 ||
4939 ( e_arg->len == 3 &&
4940 e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) )
4941 {
4942 is_default_public_exponent = 1;
4943 e_read_size = 0;
4944 }
4945 ASSERT_ALLOC( e_read_buffer, e_read_size );
4946 ASSERT_ALLOC( exported, exported_size );
4947
4948 PSA_ASSERT( psa_crypto_init( ) );
4949
4950 psa_set_key_usage_flags( &attributes, usage );
4951 psa_set_key_algorithm( &attributes, alg );
4952 PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type,
4953 e_arg->x, e_arg->len ) );
4954 psa_set_key_bits( &attributes, bits );
4955
4956 /* Generate a key */
Ronald Cron5425a212020-08-04 14:58:35 +02004957 TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
Gilles Peskinee56e8782019-04-26 17:34:02 +02004958 if( expected_status != PSA_SUCCESS )
4959 goto exit;
4960
4961 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02004962 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskinee56e8782019-04-26 17:34:02 +02004963 TEST_EQUAL( psa_get_key_type( &attributes ), type );
4964 TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
4965 PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
4966 e_read_buffer, e_read_size,
4967 &e_read_length ) );
4968 if( is_default_public_exponent )
4969 TEST_EQUAL( e_read_length, 0 );
4970 else
4971 ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
4972
4973 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004974 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskinee56e8782019-04-26 17:34:02 +02004975 goto exit;
4976
4977 /* Export the key and check the public exponent. */
Ronald Cron5425a212020-08-04 14:58:35 +02004978 PSA_ASSERT( psa_export_public_key( key,
Gilles Peskinee56e8782019-04-26 17:34:02 +02004979 exported, exported_size,
4980 &exported_length ) );
4981 {
4982 uint8_t *p = exported;
4983 uint8_t *end = exported + exported_length;
4984 size_t len;
4985 /* RSAPublicKey ::= SEQUENCE {
4986 * modulus INTEGER, -- n
4987 * publicExponent INTEGER } -- e
4988 */
4989 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004990 MBEDTLS_ASN1_SEQUENCE |
4991 MBEDTLS_ASN1_CONSTRUCTED ) );
Gilles Peskine8e94efe2021-02-13 00:25:53 +01004992 TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) );
Gilles Peskinee56e8782019-04-26 17:34:02 +02004993 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
4994 MBEDTLS_ASN1_INTEGER ) );
4995 if( len >= 1 && p[0] == 0 )
4996 {
4997 ++p;
4998 --len;
4999 }
5000 if( e_arg->len == 0 )
5001 {
5002 TEST_EQUAL( len, 3 );
5003 TEST_EQUAL( p[0], 1 );
5004 TEST_EQUAL( p[1], 0 );
5005 TEST_EQUAL( p[2], 1 );
5006 }
5007 else
5008 ASSERT_COMPARE( p, len, e_arg->x, e_arg->len );
5009 }
5010
5011exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005012 /*
5013 * Key attributes may have been returned by psa_get_key_attributes() or
5014 * set by psa_set_key_domain_parameters() thus reset them as required.
5015 */
Gilles Peskinee56e8782019-04-26 17:34:02 +02005016 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005017
Ronald Cron5425a212020-08-04 14:58:35 +02005018 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005019 PSA_DONE( );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005020 mbedtls_free( e_read_buffer );
5021 mbedtls_free( exported );
5022}
5023/* END_CASE */
5024
Darryl Greend49a4992018-06-18 17:27:26 +01005025/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005026void persistent_key_load_key_from_storage( data_t *data,
5027 int type_arg, int bits_arg,
5028 int usage_flags_arg, int alg_arg,
5029 int generation_method )
Darryl Greend49a4992018-06-18 17:27:26 +01005030{
Ronald Cron71016a92020-08-28 19:01:50 +02005031 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005032 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +02005033 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
5034 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005035 psa_key_type_t type = type_arg;
5036 size_t bits = bits_arg;
5037 psa_key_usage_t usage_flags = usage_flags_arg;
5038 psa_algorithm_t alg = alg_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005039 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Darryl Greend49a4992018-06-18 17:27:26 +01005040 unsigned char *first_export = NULL;
5041 unsigned char *second_export = NULL;
gabor-mezei-armcbcec212020-12-18 14:23:51 +01005042 size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits );
Darryl Greend49a4992018-06-18 17:27:26 +01005043 size_t first_exported_length;
5044 size_t second_exported_length;
5045
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005046 if( usage_flags & PSA_KEY_USAGE_EXPORT )
5047 {
5048 ASSERT_ALLOC( first_export, export_size );
5049 ASSERT_ALLOC( second_export, export_size );
5050 }
Darryl Greend49a4992018-06-18 17:27:26 +01005051
Gilles Peskine8817f612018-12-18 00:18:46 +01005052 PSA_ASSERT( psa_crypto_init() );
Darryl Greend49a4992018-06-18 17:27:26 +01005053
Gilles Peskinec87af662019-05-15 16:12:22 +02005054 psa_set_key_id( &attributes, key_id );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005055 psa_set_key_usage_flags( &attributes, usage_flags );
5056 psa_set_key_algorithm( &attributes, alg );
5057 psa_set_key_type( &attributes, type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02005058 psa_set_key_bits( &attributes, bits );
Darryl Greend49a4992018-06-18 17:27:26 +01005059
Darryl Green0c6575a2018-11-07 16:05:30 +00005060 switch( generation_method )
5061 {
5062 case IMPORT_KEY:
5063 /* Import the key */
Gilles Peskine049c7532019-05-15 20:22:09 +02005064 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02005065 &key ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005066 break;
Darryl Greend49a4992018-06-18 17:27:26 +01005067
Darryl Green0c6575a2018-11-07 16:05:30 +00005068 case GENERATE_KEY:
5069 /* Generate a key */
Ronald Cron5425a212020-08-04 14:58:35 +02005070 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005071 break;
5072
5073 case DERIVE_KEY:
Steven Cooreman70f654a2021-02-15 10:51:43 +01005074#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005075 {
5076 /* Create base key */
5077 psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
5078 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
5079 psa_set_key_usage_flags( &base_attributes,
5080 PSA_KEY_USAGE_DERIVE );
5081 psa_set_key_algorithm( &base_attributes, derive_alg );
5082 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02005083 PSA_ASSERT( psa_import_key( &base_attributes,
5084 data->x, data->len,
5085 &base_key ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005086 /* Derive a key. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005087 PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005088 PSA_ASSERT( psa_key_derivation_input_key(
5089 &operation,
5090 PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005091 PSA_ASSERT( psa_key_derivation_input_bytes(
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005092 &operation, PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005093 NULL, 0 ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005094 PSA_ASSERT( psa_key_derivation_output_key( &attributes,
5095 &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02005096 &key ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005097 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005098 PSA_ASSERT( psa_destroy_key( base_key ) );
Ronald Cron5425a212020-08-04 14:58:35 +02005099 base_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005100 }
Gilles Peskine6fea21d2021-01-12 00:02:15 +01005101#else
5102 TEST_ASSUME( ! "KDF not supported in this configuration" );
5103#endif
5104 break;
5105
5106 default:
5107 TEST_ASSERT( ! "generation_method not implemented in test" );
5108 break;
Darryl Green0c6575a2018-11-07 16:05:30 +00005109 }
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005110 psa_reset_key_attributes( &attributes );
Darryl Greend49a4992018-06-18 17:27:26 +01005111
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005112 /* Export the key if permitted by the key policy. */
5113 if( usage_flags & PSA_KEY_USAGE_EXPORT )
5114 {
Ronald Cron5425a212020-08-04 14:58:35 +02005115 PSA_ASSERT( psa_export_key( key,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005116 first_export, export_size,
5117 &first_exported_length ) );
5118 if( generation_method == IMPORT_KEY )
5119 ASSERT_COMPARE( data->x, data->len,
5120 first_export, first_exported_length );
5121 }
Darryl Greend49a4992018-06-18 17:27:26 +01005122
5123 /* Shutdown and restart */
Ronald Cron5425a212020-08-04 14:58:35 +02005124 PSA_ASSERT( psa_purge_key( key ) );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005125 PSA_DONE();
Gilles Peskine8817f612018-12-18 00:18:46 +01005126 PSA_ASSERT( psa_crypto_init() );
Darryl Greend49a4992018-06-18 17:27:26 +01005127
Darryl Greend49a4992018-06-18 17:27:26 +01005128 /* Check key slot still contains key data */
Ronald Cron5425a212020-08-04 14:58:35 +02005129 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Ronald Cronecfb2372020-07-23 17:13:42 +02005130 TEST_ASSERT( mbedtls_svc_key_id_equal(
5131 psa_get_key_id( &attributes ), key_id ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005132 TEST_EQUAL( psa_get_key_lifetime( &attributes ),
5133 PSA_KEY_LIFETIME_PERSISTENT );
5134 TEST_EQUAL( psa_get_key_type( &attributes ), type );
5135 TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
5136 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
5137 TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
Darryl Greend49a4992018-06-18 17:27:26 +01005138
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005139 /* Export the key again if permitted by the key policy. */
5140 if( usage_flags & PSA_KEY_USAGE_EXPORT )
Darryl Green0c6575a2018-11-07 16:05:30 +00005141 {
Ronald Cron5425a212020-08-04 14:58:35 +02005142 PSA_ASSERT( psa_export_key( key,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005143 second_export, export_size,
5144 &second_exported_length ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005145 ASSERT_COMPARE( first_export, first_exported_length,
5146 second_export, second_exported_length );
Darryl Green0c6575a2018-11-07 16:05:30 +00005147 }
5148
5149 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005150 if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) )
Darryl Green0c6575a2018-11-07 16:05:30 +00005151 goto exit;
Darryl Greend49a4992018-06-18 17:27:26 +01005152
5153exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005154 /*
5155 * Key attributes may have been returned by psa_get_key_attributes()
5156 * thus reset them as required.
5157 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02005158 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005159
Darryl Greend49a4992018-06-18 17:27:26 +01005160 mbedtls_free( first_export );
5161 mbedtls_free( second_export );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005162 psa_key_derivation_abort( &operation );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005163 psa_destroy_key( base_key );
Ronald Cron5425a212020-08-04 14:58:35 +02005164 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005165 PSA_DONE();
Darryl Greend49a4992018-06-18 17:27:26 +01005166}
5167/* END_CASE */