TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0c6575a84dd77076b9f976396b07e3b39f56d316 / . / tests / suites / test_suite_psa_crypto.function
blob: 53295befa4cdd97692f29c7a29d8807a4d15164f [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +0300[diff] [blame]3
4#if defined(MBEDTLS_PSA_CRYPTO_SPM)
5#include "spm/psa_defs.h"
6#endif
7
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]8#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]9#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]10#include "mbedtls/oid.h"
11
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]12#include "psa/crypto.h"
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]13
Gilles Peskinefc411f12018-10-25 22:34:48 +0200[diff] [blame]14#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
15
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]16#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
17
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]18#if(UINT32_MAX > SIZE_MAX)
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]19#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX )
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]20#else
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]21#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]22#endif
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]23
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]24/** An invalid export length that will never be set by psa_export_key(). */
25static const size_t INVALID_EXPORT_LENGTH = ~0U;
26
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]27/** Test if a buffer contains a constant byte value.
28 *
29 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]30 *
31 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]32 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]33 * \param size Size of the buffer in bytes.
34 *
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]35 * \return 1 if the buffer is all-bits-zero.
36 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]37 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]38static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]39{
40 size_t i;
41 for( i = 0; i < size; i++ )
42 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]43 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]44 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]45 }
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]46 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]47}
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]48
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]49/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
50static int asn1_write_10x( unsigned char **p,
51 unsigned char *start,
52 size_t bits,
53 unsigned char x )
54{
55 int ret;
56 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +0200[diff] [blame]57 if( bits == 0 )
58 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
59 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]60 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]61 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]62 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
63 *p -= len;
64 ( *p )[len-1] = x;
65 if( bits % 8 == 0 )
66 ( *p )[1] |= 1;
67 else
68 ( *p )[0] |= 1 << ( bits % 8 );
69 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
70 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
71 MBEDTLS_ASN1_INTEGER ) );
72 return( len );
73}
74
75static int construct_fake_rsa_key( unsigned char *buffer,
76 size_t buffer_size,
77 unsigned char **p,
78 size_t bits,
79 int keypair )
80{
81 size_t half_bits = ( bits + 1 ) / 2;
82 int ret;
83 int len = 0;
84 /* Construct something that looks like a DER encoding of
85 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
86 * RSAPrivateKey ::= SEQUENCE {
87 * version Version,
88 * modulus INTEGER, -- n
89 * publicExponent INTEGER, -- e
90 * privateExponent INTEGER, -- d
91 * prime1 INTEGER, -- p
92 * prime2 INTEGER, -- q
93 * exponent1 INTEGER, -- d mod (p-1)
94 * exponent2 INTEGER, -- d mod (q-1)
95 * coefficient INTEGER, -- (inverse of q) mod p
96 * otherPrimeInfos OtherPrimeInfos OPTIONAL
97 * }
98 * Or, for a public key, the same structure with only
99 * version, modulus and publicExponent.
100 */
101 *p = buffer + buffer_size;
102 if( keypair )
103 {
104 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
105 asn1_write_10x( p, buffer, half_bits, 1 ) );
106 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
107 asn1_write_10x( p, buffer, half_bits, 1 ) );
108 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
109 asn1_write_10x( p, buffer, half_bits, 1 ) );
110 MBEDTLS_ASN1_CHK_ADD( len, /* q */
111 asn1_write_10x( p, buffer, half_bits, 1 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
113 asn1_write_10x( p, buffer, half_bits, 3 ) );
114 MBEDTLS_ASN1_CHK_ADD( len, /* d */
115 asn1_write_10x( p, buffer, bits, 1 ) );
116 }
117 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
118 asn1_write_10x( p, buffer, 17, 1 ) );
119 MBEDTLS_ASN1_CHK_ADD( len, /* n */
120 asn1_write_10x( p, buffer, bits, 1 ) );
121 if( keypair )
122 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
123 mbedtls_asn1_write_int( p, buffer, 0 ) );
124 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
125 {
126 const unsigned char tag =
127 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
128 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
129 }
130 return( len );
131}
132
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]133static int exercise_mac_key( psa_key_slot_t key,
134 psa_key_usage_t usage,
135 psa_algorithm_t alg )
136{
137 psa_mac_operation_t operation;
138 const unsigned char input[] = "foo";
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]139 unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]140 size_t mac_length = sizeof( mac );
141
142 if( usage & PSA_KEY_USAGE_SIGN )
143 {
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]144 TEST_ASSERT( psa_mac_sign_setup( &operation,
145 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]146 TEST_ASSERT( psa_mac_update( &operation,
147 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]148 TEST_ASSERT( psa_mac_sign_finish( &operation,
Gilles Peskineef0cb402018-07-12 16:55:59 +0200[diff] [blame]149 mac, sizeof( mac ),
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]150 &mac_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]151 }
152
153 if( usage & PSA_KEY_USAGE_VERIFY )
154 {
155 psa_status_t verify_status =
156 ( usage & PSA_KEY_USAGE_SIGN ?
157 PSA_SUCCESS :
158 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]159 TEST_ASSERT( psa_mac_verify_setup( &operation,
160 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]161 TEST_ASSERT( psa_mac_update( &operation,
162 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]163 TEST_ASSERT( psa_mac_verify_finish( &operation,
164 mac,
165 mac_length ) == verify_status );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]166 }
167
168 return( 1 );
169
170exit:
171 psa_mac_abort( &operation );
172 return( 0 );
173}
174
175static int exercise_cipher_key( psa_key_slot_t key,
176 psa_key_usage_t usage,
177 psa_algorithm_t alg )
178{
179 psa_cipher_operation_t operation;
180 unsigned char iv[16] = {0};
181 size_t iv_length = sizeof( iv );
182 const unsigned char plaintext[16] = "Hello, world...";
183 unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
184 size_t ciphertext_length = sizeof( ciphertext );
185 unsigned char decrypted[sizeof( ciphertext )];
186 size_t part_length;
187
188 if( usage & PSA_KEY_USAGE_ENCRYPT )
189 {
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]190 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
191 key, alg ) == PSA_SUCCESS );
192 TEST_ASSERT( psa_cipher_generate_iv( &operation,
193 iv, sizeof( iv ),
194 &iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]195 TEST_ASSERT( psa_cipher_update( &operation,
196 plaintext, sizeof( plaintext ),
197 ciphertext, sizeof( ciphertext ),
198 &ciphertext_length ) == PSA_SUCCESS );
199 TEST_ASSERT( psa_cipher_finish( &operation,
200 ciphertext + ciphertext_length,
201 sizeof( ciphertext ) - ciphertext_length,
202 &part_length ) == PSA_SUCCESS );
203 ciphertext_length += part_length;
204 }
205
206 if( usage & PSA_KEY_USAGE_DECRYPT )
207 {
208 psa_status_t status;
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]209 psa_key_type_t type = PSA_KEY_TYPE_NONE;
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]210 if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
211 {
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]212 size_t bits;
213 TEST_ASSERT( psa_get_key_information( key, &type, &bits ) );
214 iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
215 }
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]216 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
217 key, alg ) == PSA_SUCCESS );
218 TEST_ASSERT( psa_cipher_set_iv( &operation,
219 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]220 TEST_ASSERT( psa_cipher_update( &operation,
221 ciphertext, ciphertext_length,
222 decrypted, sizeof( decrypted ),
223 &part_length ) == PSA_SUCCESS );
224 status = psa_cipher_finish( &operation,
225 decrypted + part_length,
226 sizeof( decrypted ) - part_length,
227 &part_length );
228 /* For a stream cipher, all inputs are valid. For a block cipher,
229 * if the input is some aribtrary data rather than an actual
230 ciphertext, a padding error is likely. */
Mohammad AboMokh65fa0b82018-06-28 02:14:00 -0700[diff] [blame]231 if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]232 PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]233 TEST_ASSERT( status == PSA_SUCCESS );
234 else
235 TEST_ASSERT( status == PSA_SUCCESS ||
236 status == PSA_ERROR_INVALID_PADDING );
237 }
238
239 return( 1 );
240
241exit:
242 psa_cipher_abort( &operation );
243 return( 0 );
244}
245
246static int exercise_aead_key( psa_key_slot_t key,
247 psa_key_usage_t usage,
248 psa_algorithm_t alg )
249{
250 unsigned char nonce[16] = {0};
251 size_t nonce_length = sizeof( nonce );
252 unsigned char plaintext[16] = "Hello, world...";
253 unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
254 size_t ciphertext_length = sizeof( ciphertext );
255 size_t plaintext_length = sizeof( ciphertext );
256
257 if( usage & PSA_KEY_USAGE_ENCRYPT )
258 {
259 TEST_ASSERT( psa_aead_encrypt( key, alg,
260 nonce, nonce_length,
261 NULL, 0,
262 plaintext, sizeof( plaintext ),
263 ciphertext, sizeof( ciphertext ),
264 &ciphertext_length ) == PSA_SUCCESS );
265 }
266
267 if( usage & PSA_KEY_USAGE_DECRYPT )
268 {
269 psa_status_t verify_status =
270 ( usage & PSA_KEY_USAGE_ENCRYPT ?
271 PSA_SUCCESS :
272 PSA_ERROR_INVALID_SIGNATURE );
273 TEST_ASSERT( psa_aead_decrypt( key, alg,
274 nonce, nonce_length,
275 NULL, 0,
276 ciphertext, ciphertext_length,
277 plaintext, sizeof( plaintext ),
278 &plaintext_length ) == verify_status );
279 }
280
281 return( 1 );
282
283exit:
284 return( 0 );
285}
286
287static int exercise_signature_key( psa_key_slot_t key,
288 psa_key_usage_t usage,
289 psa_algorithm_t alg )
290{
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]291 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
292 size_t payload_length = 16;
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]293 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]294 size_t signature_length = sizeof( signature );
295
296 if( usage & PSA_KEY_USAGE_SIGN )
297 {
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]298 /* Some algorithms require the payload to have the size of
299 * the hash encoded in the algorithm. Use this input size
300 * even for algorithms that allow other input sizes. */
301 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
302 if( hash_alg != 0 )
303 payload_length = PSA_HASH_SIZE( hash_alg );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]304 TEST_ASSERT( psa_asymmetric_sign( key, alg,
305 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]306 signature, sizeof( signature ),
307 &signature_length ) == PSA_SUCCESS );
308 }
309
310 if( usage & PSA_KEY_USAGE_VERIFY )
311 {
312 psa_status_t verify_status =
313 ( usage & PSA_KEY_USAGE_SIGN ?
314 PSA_SUCCESS :
315 PSA_ERROR_INVALID_SIGNATURE );
316 TEST_ASSERT( psa_asymmetric_verify( key, alg,
317 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]318 signature, signature_length ) ==
319 verify_status );
320 }
321
322 return( 1 );
323
324exit:
325 return( 0 );
326}
327
328static int exercise_asymmetric_encryption_key( psa_key_slot_t key,
329 psa_key_usage_t usage,
330 psa_algorithm_t alg )
331{
332 unsigned char plaintext[256] = "Hello, world...";
333 unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
334 size_t ciphertext_length = sizeof( ciphertext );
335 size_t plaintext_length = 16;
336
337 if( usage & PSA_KEY_USAGE_ENCRYPT )
338 {
339 TEST_ASSERT(
340 psa_asymmetric_encrypt( key, alg,
341 plaintext, plaintext_length,
342 NULL, 0,
343 ciphertext, sizeof( ciphertext ),
344 &ciphertext_length ) == PSA_SUCCESS );
345 }
346
347 if( usage & PSA_KEY_USAGE_DECRYPT )
348 {
349 psa_status_t status =
350 psa_asymmetric_decrypt( key, alg,
351 ciphertext, ciphertext_length,
352 NULL, 0,
353 plaintext, sizeof( plaintext ),
354 &plaintext_length );
355 TEST_ASSERT( status == PSA_SUCCESS ||
356 ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
357 ( status == PSA_ERROR_INVALID_ARGUMENT ||
358 status == PSA_ERROR_INVALID_PADDING ) ) );
359 }
360
361 return( 1 );
362
363exit:
364 return( 0 );
365}
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]366
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]367static int exercise_key_derivation_key( psa_key_slot_t key,
368 psa_key_usage_t usage,
369 psa_algorithm_t alg )
370{
371 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
372 unsigned char label[16] = "This is a label.";
373 size_t label_length = sizeof( label );
374 unsigned char seed[16] = "abcdefghijklmnop";
375 size_t seed_length = sizeof( seed );
376 unsigned char output[1];
377
378 if( usage & PSA_KEY_USAGE_DERIVE )
379 {
380 TEST_ASSERT( psa_key_derivation( &generator,
381 key, alg,
382 label, label_length,
383 seed, seed_length,
384 sizeof( output ) ) == PSA_SUCCESS );
385 TEST_ASSERT( psa_generator_read( &generator,
386 output,
387 sizeof( output ) ) == PSA_SUCCESS );
388 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
389 }
390
391 return( 1 );
392
393exit:
394 return( 0 );
395}
396
Gilles Peskinec7998b72018-11-07 18:45:02 +0100[diff] [blame]397/* We need two keys to exercise key agreement. Exercise the
398 * private key against its own public key. */
399static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
400 psa_key_type_t key_slot,
401 psa_algorithm_t alg )
402{
403 psa_key_type_t private_key_type;
404 psa_key_type_t public_key_type;
405 size_t key_bits;
406 uint8_t *public_key = NULL;
407 size_t public_key_length;
408 /* Return UNKNOWN_ERROR if something other than the final call to
409 * psa_key_agreement fails. This isn't fully satisfactory, but it's
410 * good enough: callers will report it as a failed test anyway. */
411 psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
412
413 TEST_ASSERT( psa_get_key_information( key_slot,
414 &private_key_type,
415 &key_bits ) == PSA_SUCCESS );
416 public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
417 public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
418 ASSERT_ALLOC( public_key, public_key_length );
419 TEST_ASSERT( public_key != NULL );
420 TEST_ASSERT( psa_export_public_key( key_slot,
421 public_key, public_key_length,
422 &public_key_length ) == PSA_SUCCESS );
423
424 status = psa_key_agreement( generator, key_slot,
425 public_key, public_key_length,
426 alg );
427exit:
428 mbedtls_free( public_key );
429 return( status );
430}
431
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]432static int exercise_key_agreement_key( psa_key_slot_t key,
433 psa_key_usage_t usage,
434 psa_algorithm_t alg )
435{
436 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]437 unsigned char output[1];
438 int ok = 0;
439
440 if( usage & PSA_KEY_USAGE_DERIVE )
441 {
442 /* We need two keys to exercise key agreement. Exercise the
443 * private key against its own public key. */
Gilles Peskinec7998b72018-11-07 18:45:02 +0100[diff] [blame]444 TEST_ASSERT( key_agreement_with_self( &generator, key, alg ) ==
445 PSA_SUCCESS );
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]446 TEST_ASSERT( psa_generator_read( &generator,
447 output,
448 sizeof( output ) ) == PSA_SUCCESS );
449 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
450 }
451 ok = 1;
452
453exit:
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]454 return( ok );
455}
456
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]457static int is_oid_of_key_type( psa_key_type_t type,
458 const uint8_t *oid, size_t oid_length )
459{
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]460 const uint8_t *expected_oid = NULL;
461 size_t expected_oid_length = 0;
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]462#if defined(MBEDTLS_RSA_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]463 if( PSA_KEY_TYPE_IS_RSA( type ) )
464 {
465 expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
466 expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
467 }
468 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]469#endif /* MBEDTLS_RSA_C */
470#if defined(MBEDTLS_ECP_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]471 if( PSA_KEY_TYPE_IS_ECC( type ) )
472 {
473 expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
474 expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
475 }
476 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]477#endif /* MBEDTLS_ECP_C */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]478 {
479 char message[40];
480 mbedtls_snprintf( message, sizeof( message ),
481 "OID not known for key type=0x%08lx",
482 (unsigned long) type );
483 test_fail( message, __LINE__, __FILE__ );
484 return( 0 );
485 }
486
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]487 ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]488 return( 1 );
489
490exit:
491 return( 0 );
492}
493
494static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
495 size_t min_bits, size_t max_bits,
496 int must_be_odd )
497{
498 size_t len;
499 size_t actual_bits;
500 unsigned char msb;
501 TEST_ASSERT( mbedtls_asn1_get_tag( p, end, &len,
502 MBEDTLS_ASN1_INTEGER ) == 0 );
503 /* Tolerate a slight departure from DER encoding:
504 * - 0 may be represented by an empty string or a 1-byte string.
505 * - The sign bit may be used as a value bit. */
506 if( ( len == 1 && ( *p )[0] == 0 ) ||
507 ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
508 {
509 ++( *p );
510 --len;
511 }
512 if( min_bits == 0 && len == 0 )
513 return( 1 );
514 msb = ( *p )[0];
515 TEST_ASSERT( msb != 0 );
516 actual_bits = 8 * ( len - 1 );
517 while( msb != 0 )
518 {
519 msb >>= 1;
520 ++actual_bits;
521 }
522 TEST_ASSERT( actual_bits >= min_bits );
523 TEST_ASSERT( actual_bits <= max_bits );
524 if( must_be_odd )
525 TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
526 *p += len;
527 return( 1 );
528exit:
529 return( 0 );
530}
531
532static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
533 size_t *len,
534 unsigned char n, unsigned char tag )
535{
536 int ret;
537 ret = mbedtls_asn1_get_tag( p, end, len,
538 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
539 MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
540 if( ret != 0 )
541 return( ret );
542 end = *p + *len;
543 ret = mbedtls_asn1_get_tag( p, end, len, tag );
544 if( ret != 0 )
545 return( ret );
546 if( *p + *len != end )
547 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
548 return( 0 );
549}
550
551static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
552 uint8_t *exported, size_t exported_length )
553{
554 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]555 TEST_ASSERT( exported_length == ( bits + 7 ) / 8 );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]556 else
557 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, bits ) );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]558
559#if defined(MBEDTLS_DES_C)
560 if( type == PSA_KEY_TYPE_DES )
561 {
562 /* Check the parity bits. */
563 unsigned i;
564 for( i = 0; i < bits / 8; i++ )
565 {
566 unsigned bit_count = 0;
567 unsigned m;
568 for( m = 1; m <= 0x100; m <<= 1 )
569 {
570 if( exported[i] & m )
571 ++bit_count;
572 }
573 TEST_ASSERT( bit_count % 2 != 0 );
574 }
575 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]576 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]577#endif
578
579#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
580 if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
581 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]582 uint8_t *p = exported;
583 uint8_t *end = exported + exported_length;
584 size_t len;
585 /* RSAPrivateKey ::= SEQUENCE {
Gilles Peskinedea46cf2018-08-21 16:12:54 +0200[diff] [blame]586 * version INTEGER, -- must be 0
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]587 * modulus INTEGER, -- n
588 * publicExponent INTEGER, -- e
589 * privateExponent INTEGER, -- d
590 * prime1 INTEGER, -- p
591 * prime2 INTEGER, -- q
592 * exponent1 INTEGER, -- d mod (p-1)
593 * exponent2 INTEGER, -- d mod (q-1)
594 * coefficient INTEGER, -- (inverse of q) mod p
595 * }
596 */
597 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
598 MBEDTLS_ASN1_SEQUENCE |
599 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
600 TEST_ASSERT( p + len == end );
601 if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) )
602 goto exit;
603 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
604 goto exit;
605 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
606 goto exit;
607 /* Require d to be at least half the size of n. */
608 if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
609 goto exit;
610 /* Require p and q to be at most half the size of n, rounded up. */
611 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
612 goto exit;
613 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
614 goto exit;
615 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
616 goto exit;
617 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
618 goto exit;
619 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
620 goto exit;
621 TEST_ASSERT( p == end );
622 }
623 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]624#endif /* MBEDTLS_RSA_C */
625
626#if defined(MBEDTLS_ECP_C)
627 if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
628 {
Gilles Peskine5b802a32018-10-29 19:21:41 +0100[diff] [blame]629 /* Just the secret value */
630 TEST_ASSERT( exported_length == PSA_BITS_TO_BYTES( bits ) );
631 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]632 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]633#endif /* MBEDTLS_ECP_C */
634
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]635 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
636 {
637 uint8_t *p = exported;
638 uint8_t *end = exported + exported_length;
639 size_t len;
640 mbedtls_asn1_buf alg;
641 mbedtls_asn1_buf params;
642 mbedtls_asn1_bitstring bitstring;
643 /* SubjectPublicKeyInfo ::= SEQUENCE {
644 * algorithm AlgorithmIdentifier,
645 * subjectPublicKey BIT STRING }
646 * AlgorithmIdentifier ::= SEQUENCE {
647 * algorithm OBJECT IDENTIFIER,
648 * parameters ANY DEFINED BY algorithm OPTIONAL }
649 */
650 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
651 MBEDTLS_ASN1_SEQUENCE |
652 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
653 TEST_ASSERT( p + len == end );
654 TEST_ASSERT( mbedtls_asn1_get_alg( &p, end, &alg, &params ) == 0 );
655 if( ! is_oid_of_key_type( type, alg.p, alg.len ) )
656 goto exit;
657 TEST_ASSERT( mbedtls_asn1_get_bitstring( &p, end, &bitstring ) == 0 );
658 TEST_ASSERT( p == end );
659 p = bitstring.p;
660#if defined(MBEDTLS_RSA_C)
661 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
662 {
663 /* RSAPublicKey ::= SEQUENCE {
664 * modulus INTEGER, -- n
665 * publicExponent INTEGER } -- e
666 */
667 TEST_ASSERT( bitstring.unused_bits == 0 );
668 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
669 MBEDTLS_ASN1_SEQUENCE |
670 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
671 TEST_ASSERT( p + len == end );
672 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
673 goto exit;
674 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
675 goto exit;
676 TEST_ASSERT( p == end );
677 }
678 else
679#endif /* MBEDTLS_RSA_C */
680#if defined(MBEDTLS_ECP_C)
681 if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
682 {
683 /* ECPoint ::= ...
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]684 * -- first 8 bits: 0x04 (uncompressed representation);
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]685 * -- then x_P as an n-bit string, big endian;
686 * -- then y_P as a n-bit string, big endian,
687 * -- where n is the order of the curve.
688 */
689 TEST_ASSERT( bitstring.unused_bits == 0 );
690 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
691 TEST_ASSERT( p[0] == 4 );
692 }
693 else
694#endif /* MBEDTLS_ECP_C */
695 {
Jaeden Amero594a3302018-10-26 17:07:22 +0100[diff] [blame]696 char message[47];
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]697 mbedtls_snprintf( message, sizeof( message ),
698 "No sanity check for public key type=0x%08lx",
699 (unsigned long) type );
700 test_fail( message, __LINE__, __FILE__ );
701 return( 0 );
702 }
703 }
704 else
705
706 {
707 /* No sanity checks for other types */
708 }
709
710 return( 1 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]711
712exit:
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]713 return( 0 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]714}
715
716static int exercise_export_key( psa_key_slot_t slot,
717 psa_key_usage_t usage )
718{
719 psa_key_type_t type;
720 size_t bits;
721 uint8_t *exported = NULL;
722 size_t exported_size = 0;
723 size_t exported_length = 0;
724 int ok = 0;
725
Gilles Peskineacec7b6f2018-09-13 20:34:11 +0200[diff] [blame]726 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
727
728 if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
729 ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]730 {
731 TEST_ASSERT( psa_export_key( slot, NULL, 0, &exported_length ) ==
732 PSA_ERROR_NOT_PERMITTED );
733 return( 1 );
734 }
735
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]736 exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]737 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]738
739 TEST_ASSERT( psa_export_key( slot,
740 exported, exported_size,
741 &exported_length ) == PSA_SUCCESS );
742 ok = exported_key_sanity_check( type, bits, exported, exported_length );
743
744exit:
745 mbedtls_free( exported );
746 return( ok );
747}
748
749static int exercise_export_public_key( psa_key_slot_t slot )
750{
751 psa_key_type_t type;
752 psa_key_type_t public_type;
753 size_t bits;
754 uint8_t *exported = NULL;
755 size_t exported_size = 0;
756 size_t exported_length = 0;
757 int ok = 0;
758
759 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
760 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
761 {
762 TEST_ASSERT( psa_export_public_key( slot,
763 NULL, 0, &exported_length ) ==
764 PSA_ERROR_INVALID_ARGUMENT );
765 return( 1 );
766 }
767
768 public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
769 exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]770 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]771
772 TEST_ASSERT( psa_export_public_key( slot,
773 exported, exported_size,
774 &exported_length ) == PSA_SUCCESS );
775 ok = exported_key_sanity_check( public_type, bits,
776 exported, exported_length );
777
778exit:
779 mbedtls_free( exported );
780 return( ok );
781}
782
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]783static int exercise_key( psa_key_slot_t slot,
784 psa_key_usage_t usage,
785 psa_algorithm_t alg )
786{
787 int ok;
788 if( alg == 0 )
789 ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
790 else if( PSA_ALG_IS_MAC( alg ) )
791 ok = exercise_mac_key( slot, usage, alg );
792 else if( PSA_ALG_IS_CIPHER( alg ) )
793 ok = exercise_cipher_key( slot, usage, alg );
794 else if( PSA_ALG_IS_AEAD( alg ) )
795 ok = exercise_aead_key( slot, usage, alg );
796 else if( PSA_ALG_IS_SIGN( alg ) )
797 ok = exercise_signature_key( slot, usage, alg );
798 else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
799 ok = exercise_asymmetric_encryption_key( slot, usage, alg );
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]800 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
801 ok = exercise_key_derivation_key( slot, usage, alg );
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]802 else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
803 ok = exercise_key_agreement_key( slot, usage, alg );
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]804 else
805 {
806 char message[40];
807 mbedtls_snprintf( message, sizeof( message ),
808 "No code to exercise alg=0x%08lx",
809 (unsigned long) alg );
810 test_fail( message, __LINE__, __FILE__ );
811 ok = 0;
812 }
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]813
814 ok = ok && exercise_export_key( slot, usage );
815 ok = ok && exercise_export_public_key( slot );
816
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]817 return( ok );
818}
819
Gilles Peskine10df3412018-10-25 22:35:43 +0200[diff] [blame]820static psa_key_usage_t usage_to_exercise( psa_key_type_t type,
821 psa_algorithm_t alg )
822{
823 if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
824 {
825 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
826 PSA_KEY_USAGE_VERIFY :
827 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
828 }
829 else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
830 PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
831 {
832 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
833 PSA_KEY_USAGE_ENCRYPT :
834 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
835 }
836 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ||
837 PSA_ALG_IS_KEY_AGREEMENT( alg ) )
838 {
839 return( PSA_KEY_USAGE_DERIVE );
840 }
841 else
842 {
843 return( 0 );
844 }
845
846}
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]847
848typedef enum {
849 IMPORT_KEY = 0,
850 GENERATE_KEY = 1,
851 DERIVE_KEY = 2
852} generate_method;
853
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]854/* END_HEADER */
855
856/* BEGIN_DEPENDENCIES
857 * depends_on:MBEDTLS_PSA_CRYPTO_C
858 * END_DEPENDENCIES
859 */
860
861/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200[diff] [blame]862void static_checks( )
863{
864 size_t max_truncated_mac_size =
865 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
866
867 /* Check that the length for a truncated MAC always fits in the algorithm
868 * encoding. The shifted mask is the maximum truncated value. The
869 * untruncated algorithm may be one byte larger. */
870 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
871}
872/* END_CASE */
873
874/* BEGIN_CASE */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]875void init_deinit( )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]876{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]877 psa_status_t status;
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]878 int i;
879 for( i = 0; i <= 1; i++ )
880 {
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]881 status = psa_crypto_init( );
882 TEST_ASSERT( status == PSA_SUCCESS );
883 status = psa_crypto_init( );
884 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]885 mbedtls_psa_crypto_free( );
886 }
887}
888/* END_CASE */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]889
890/* BEGIN_CASE */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]891void fill_slots( int max_arg )
892{
893 /* Fill all the slots until we run out of memory or out of slots,
894 * or until some limit specified in the test data for the sake of
895 * implementations with an essentially unlimited number of slots.
896 * This test assumes that available slots are numbered from 1. */
897
898 psa_key_slot_t slot;
899 psa_key_slot_t max = 0;
900 psa_key_policy_t policy;
901 uint8_t exported[sizeof( max )];
902 size_t exported_size;
903 psa_status_t status;
904
905 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
906
907 psa_key_policy_init( &policy );
908 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
909
910 for( max = 1; max <= (size_t) max_arg; max++ )
911 {
912 status = psa_set_key_policy( max, &policy );
913 /* Stop filling slots if we run out of memory or out of
914 * available slots. */
915 TEST_ASSERT( status == PSA_SUCCESS ||
916 status == PSA_ERROR_INSUFFICIENT_MEMORY ||
917 status == PSA_ERROR_INVALID_ARGUMENT );
918 if( status != PSA_SUCCESS )
919 break;
920 status = psa_import_key( max, PSA_KEY_TYPE_RAW_DATA,
921 (uint8_t*) &max, sizeof( max ) );
922 /* Since psa_set_key_policy succeeded, we know that the slot
923 * number is valid. But we may legitimately run out of memory. */
924 TEST_ASSERT( status == PSA_SUCCESS ||
925 status == PSA_ERROR_INSUFFICIENT_MEMORY );
926 if( status != PSA_SUCCESS )
927 break;
928 }
929 /* `max` is now the first slot number that wasn't filled. */
930 max -= 1;
931
932 for( slot = 1; slot <= max; slot++ )
933 {
934 TEST_ASSERT( psa_export_key( slot,
935 exported, sizeof( exported ),
936 &exported_size ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]937 ASSERT_COMPARE( &slot, sizeof( slot ), exported, exported_size );
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]938 }
939
940exit:
Gilles Peskine9a056342018-08-01 15:46:54 +0200[diff] [blame]941 /* Do not destroy the keys. mbedtls_psa_crypto_free() should do it. */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]942 mbedtls_psa_crypto_free( );
943}
944/* END_CASE */
945
946/* BEGIN_CASE */
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]947void import( data_t *data, int type, int expected_status_arg )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]948{
949 int slot = 1;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]950 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]951 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]952
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]953 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]954 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]955 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
956
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]957 status = psa_import_key( slot, type, data->x, data->len );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]958 TEST_ASSERT( status == expected_status );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]959 if( status == PSA_SUCCESS )
960 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
961
962exit:
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]963 mbedtls_psa_crypto_free( );
964}
965/* END_CASE */
966
967/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]968void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
969{
970 int slot = 1;
971 size_t bits = bits_arg;
972 psa_status_t expected_status = expected_status_arg;
973 psa_status_t status;
974 psa_key_type_t type =
975 keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
976 size_t buffer_size = /* Slight overapproximations */
977 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]978 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]979 unsigned char *p;
980 int ret;
981 size_t length;
982
983 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]984 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]985
986 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
987 bits, keypair ) ) >= 0 );
988 length = ret;
989
990 /* Try importing the key */
991 status = psa_import_key( slot, type, p, length );
992 TEST_ASSERT( status == expected_status );
993 if( status == PSA_SUCCESS )
994 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
995
996exit:
997 mbedtls_free( buffer );
998 mbedtls_psa_crypto_free( );
999}
1000/* END_CASE */
1001
1002/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1003void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300[diff] [blame]1004 int type_arg,
1005 int alg_arg,
1006 int usage_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1007 int expected_bits,
1008 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1009 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1010 int canonical_input )
1011{
1012 int slot = 1;
1013 int slot2 = slot + 1;
1014 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1015 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1016 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1017 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1018 unsigned char *exported = NULL;
1019 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1020 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]1021 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1022 size_t reexported_length;
1023 psa_key_type_t got_type;
1024 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1025 psa_key_policy_t policy;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1026
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1027 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1028 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]1029 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1030 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1031 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1032 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1033 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1034
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1035 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1036 psa_key_policy_set_usage( &policy, usage_arg, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1037 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1038
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1039 /* Import the key */
1040 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1041 data->x, data->len ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1042
1043 /* Test the key information */
1044 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1045 &got_type,
1046 &got_bits ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1047 TEST_ASSERT( got_type == type );
1048 TEST_ASSERT( got_bits == (size_t) expected_bits );
1049
1050 /* Export the key */
1051 status = psa_export_key( slot,
1052 exported, export_size,
1053 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1054 TEST_ASSERT( status == expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]1055
1056 /* The exported length must be set by psa_export_key() to a value between 0
1057 * and export_size. On errors, the exported length must be 0. */
1058 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
1059 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
1060 TEST_ASSERT( exported_length <= export_size );
1061
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1062 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]1063 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1064 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1065 {
1066 TEST_ASSERT( exported_length == 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1067 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1068 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1069
Gilles Peskine8f609232018-08-11 01:24:55 +0200[diff] [blame]1070 if( ! exercise_export_key( slot, usage_arg ) )
1071 goto exit;
1072
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1073 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1074 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1075 else
1076 {
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1077 TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );
1078
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1079 TEST_ASSERT( psa_import_key( slot2, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1080 exported,
Gilles Peskineb67f3082018-08-07 15:33:10 +0200[diff] [blame]1081 exported_length ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1082 TEST_ASSERT( psa_export_key( slot2,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1083 reexported,
1084 export_size,
1085 &reexported_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1086 ASSERT_COMPARE( exported, exported_length,
1087 reexported, reexported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1088 }
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1089 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1090
1091destroy:
1092 /* Destroy the key */
1093 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1094 TEST_ASSERT( psa_get_key_information(
1095 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
1096
1097exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1098 mbedtls_free( exported );
1099 mbedtls_free( reexported );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1100 mbedtls_psa_crypto_free( );
1101}
1102/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1103
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1104/* BEGIN_CASE */
Moran Peker28a38e62018-11-07 16:18:24 +0200[diff] [blame]1105void import_key_nonempty_slot( )
1106{
1107 int slot = 1;
1108 psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
1109 psa_status_t status;
1110 const uint8_t data[] = { 0x1, 0x2, 0x3, 0x4, 0x5 };
1111 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1112
1113 /* Import the key */
1114 TEST_ASSERT( psa_import_key( slot, type,
1115 data, sizeof( data ) ) == PSA_SUCCESS );
1116
1117 /* Import the key again */
1118 status = psa_import_key( slot, type, data, sizeof( data ) );
1119 TEST_ASSERT( status == PSA_ERROR_OCCUPIED_SLOT );
1120
1121exit:
1122 mbedtls_psa_crypto_free( );
1123}
1124/* END_CASE */
1125
1126/* BEGIN_CASE */
1127void export_invalid_slot( int slot, int expected_export_status_arg )
1128{
1129 psa_status_t status;
1130 unsigned char *exported = NULL;
1131 size_t export_size = 0;
1132 size_t exported_length = INVALID_EXPORT_LENGTH;
1133 psa_status_t expected_export_status = expected_export_status_arg;
1134
1135 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1136
1137 /* Export the key */
1138 status = psa_export_key( slot,
1139 exported, export_size,
1140 &exported_length );
1141 TEST_ASSERT( status == expected_export_status );
1142
1143exit:
1144 mbedtls_psa_crypto_free( );
1145}
1146/* END_CASE */
1147
1148/* BEGIN_CASE */
Moran Peker34550092018-11-07 16:19:34 +0200[diff] [blame]1149void export_with_no_key_activity( )
1150{
1151 int slot = 1;
1152 psa_algorithm_t alg = PSA_ALG_CTR;
1153 psa_status_t status;
1154 psa_key_policy_t policy;
1155 unsigned char *exported = NULL;
1156 size_t export_size = 0;
1157 size_t exported_length = INVALID_EXPORT_LENGTH;
1158
1159 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1160
1161 psa_key_policy_init( &policy );
1162 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
1163 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1164
1165 /* Export the key */
1166 status = psa_export_key( slot,
1167 exported, export_size,
1168 &exported_length );
1169 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1170
1171exit:
1172 mbedtls_psa_crypto_free( );
1173}
1174/* END_CASE */
1175
1176/* BEGIN_CASE */
Moran Pekerce500072018-11-07 16:20:07 +0200[diff] [blame]1177void cipher_with_no_key_activity( )
1178{
1179 int slot = 1;
1180 psa_status_t status;
1181 psa_key_policy_t policy;
1182 psa_cipher_operation_t operation;
1183 int exercise_alg = PSA_ALG_CTR;
1184
1185 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1186
1187 psa_key_policy_init( &policy );
1188 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg );
1189 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1190
1191 status = psa_cipher_encrypt_setup( &operation, slot, exercise_alg );
1192 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1193
1194exit:
1195 psa_cipher_abort( &operation );
1196 mbedtls_psa_crypto_free( );
1197}
1198/* END_CASE */
1199
1200/* BEGIN_CASE */
Moran Peker34550092018-11-07 16:19:34 +0200[diff] [blame]1201void export_after_import_failure( data_t *data, int type_arg,
1202 int expected_import_status_arg )
1203{
1204 int slot = 1;
1205 psa_key_type_t type = type_arg;
1206 psa_status_t status;
1207 unsigned char *exported = NULL;
1208 size_t export_size = 0;
1209 psa_status_t expected_import_status = expected_import_status_arg;
1210 size_t exported_length = INVALID_EXPORT_LENGTH;
1211
1212 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1213
1214 /* Import the key - expect failure */
1215 status = psa_import_key( slot, type,
1216 data->x, data->len );
1217 TEST_ASSERT( status == expected_import_status );
1218
1219 /* Export the key */
1220 status = psa_export_key( slot,
1221 exported, export_size,
1222 &exported_length );
1223 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1224
1225exit:
1226 mbedtls_psa_crypto_free( );
1227}
1228/* END_CASE */
1229
1230/* BEGIN_CASE */
Moran Pekerce500072018-11-07 16:20:07 +0200[diff] [blame]1231void cipher_after_import_failure( data_t *data, int type_arg,
1232 int expected_import_status_arg )
1233{
1234 int slot = 1;
1235 psa_cipher_operation_t operation;
1236 psa_key_type_t type = type_arg;
1237 psa_status_t status;
1238 psa_status_t expected_import_status = expected_import_status_arg;
1239 int exercise_alg = PSA_ALG_CTR;
1240
1241 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1242
1243 /* Import the key - expect failure */
1244 status = psa_import_key( slot, type,
1245 data->x, data->len );
1246 TEST_ASSERT( status == expected_import_status );
1247
1248 status = psa_cipher_encrypt_setup( &operation, slot, exercise_alg );
1249 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1250
1251exit:
1252 psa_cipher_abort( &operation );
1253 mbedtls_psa_crypto_free( );
1254}
1255/* END_CASE */
1256
1257/* BEGIN_CASE */
Moran Peker34550092018-11-07 16:19:34 +0200[diff] [blame]1258void export_after_destroy_key( data_t *data, int type_arg )
1259{
1260 int slot = 1;
1261 psa_key_type_t type = type_arg;
1262 psa_status_t status;
1263 psa_key_policy_t policy;
1264 psa_algorithm_t alg = PSA_ALG_CTR;
1265 unsigned char *exported = NULL;
1266 size_t export_size = 0;
1267 size_t exported_length = INVALID_EXPORT_LENGTH;
1268
1269 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1270
1271 psa_key_policy_init( &policy );
1272 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
1273 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1274 export_size = (ptrdiff_t) data->len;
1275 ASSERT_ALLOC( exported, export_size );
1276
1277 /* Import the key */
1278 TEST_ASSERT( psa_import_key( slot, type,
1279 data->x, data->len ) == PSA_SUCCESS );
1280
1281 TEST_ASSERT( psa_export_key( slot, exported, export_size,
1282 &exported_length ) == PSA_SUCCESS );
1283
1284 /* Destroy the key */
1285 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1286
1287 /* Export the key */
1288 status = psa_export_key( slot, exported, export_size,
1289 &exported_length );
1290 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1291
1292exit:
1293 mbedtls_free( exported );
1294 mbedtls_psa_crypto_free( );
1295}
1296/* END_CASE */
1297
1298/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1299void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1300 int type_arg,
1301 int alg_arg,
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1302 int export_size_delta,
1303 int expected_export_status_arg,
1304 data_t *expected_public_key )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1305{
1306 int slot = 1;
1307 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1308 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1309 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1310 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1311 unsigned char *exported = NULL;
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1312 size_t export_size = expected_public_key->len + export_size_delta;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1313 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1314 psa_key_policy_t policy;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1315
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1316 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1317
1318 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1319 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1320 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1321
1322 /* Import the key */
1323 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1324 data->x, data->len ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1325
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1326 /* Export the public key */
1327 ASSERT_ALLOC( exported, export_size );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1328 status = psa_export_public_key( slot,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1329 exported, export_size,
1330 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1331 TEST_ASSERT( status == expected_export_status );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1332 if( status == PSA_SUCCESS )
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1333 {
1334 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
1335 size_t bits;
1336 TEST_ASSERT( psa_get_key_information( slot, NULL, &bits ) ==
1337 PSA_SUCCESS );
1338 TEST_ASSERT( expected_public_key->len <=
1339 PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1340 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
1341 exported, exported_length );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1342 }
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1343
1344exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1345 mbedtls_free( exported );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1346 psa_destroy_key( slot );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1347 mbedtls_psa_crypto_free( );
1348}
1349/* END_CASE */
1350
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1351/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1352void import_and_exercise_key( data_t *data,
1353 int type_arg,
1354 int bits_arg,
1355 int alg_arg )
1356{
1357 int slot = 1;
1358 psa_key_type_t type = type_arg;
1359 size_t bits = bits_arg;
1360 psa_algorithm_t alg = alg_arg;
Gilles Peskine10df3412018-10-25 22:35:43 +0200[diff] [blame]1361 psa_key_usage_t usage = usage_to_exercise( type, alg );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1362 psa_key_policy_t policy;
1363 psa_key_type_t got_type;
1364 size_t got_bits;
1365 psa_status_t status;
1366
1367 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1368
1369 psa_key_policy_init( &policy );
1370 psa_key_policy_set_usage( &policy, usage, alg );
1371 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1372
1373 /* Import the key */
1374 status = psa_import_key( slot, type, data->x, data->len );
1375 TEST_ASSERT( status == PSA_SUCCESS );
1376
1377 /* Test the key information */
1378 TEST_ASSERT( psa_get_key_information( slot,
1379 &got_type,
1380 &got_bits ) == PSA_SUCCESS );
1381 TEST_ASSERT( got_type == type );
1382 TEST_ASSERT( got_bits == bits );
1383
1384 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]1385 if( ! exercise_key( slot, usage, alg ) )
1386 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1387
1388exit:
1389 psa_destroy_key( slot );
1390 mbedtls_psa_crypto_free( );
1391}
1392/* END_CASE */
1393
1394/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1395void key_policy( int usage_arg, int alg_arg )
1396{
1397 int key_slot = 1;
1398 psa_algorithm_t alg = alg_arg;
1399 psa_key_usage_t usage = usage_arg;
1400 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
1401 unsigned char key[32] = {0};
1402 psa_key_policy_t policy_set;
1403 psa_key_policy_t policy_get;
1404
1405 memset( key, 0x2a, sizeof( key ) );
1406
1407 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1408
1409 psa_key_policy_init( &policy_set );
1410 psa_key_policy_init( &policy_get );
1411
1412 psa_key_policy_set_usage( &policy_set, usage, alg );
1413
1414 TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage );
1415 TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg );
1416 TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );
1417
1418 TEST_ASSERT( psa_import_key( key_slot, key_type,
1419 key, sizeof( key ) ) == PSA_SUCCESS );
1420
1421 TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );
1422
1423 TEST_ASSERT( policy_get.usage == policy_set.usage );
1424 TEST_ASSERT( policy_get.alg == policy_set.alg );
1425
1426exit:
1427 psa_destroy_key( key_slot );
1428 mbedtls_psa_crypto_free( );
1429}
1430/* END_CASE */
1431
1432/* BEGIN_CASE */
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1433void mac_key_policy( int policy_usage,
1434 int policy_alg,
1435 int key_type,
1436 data_t *key_data,
1437 int exercise_alg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1438{
1439 int key_slot = 1;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1440 psa_key_policy_t policy;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1441 psa_mac_operation_t operation;
1442 psa_status_t status;
1443 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1444
1445 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1446
1447 psa_key_policy_init( &policy );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1448 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1449 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1450
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1451 TEST_ASSERT( psa_import_key( key_slot, key_type,
1452 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1453
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1454 status = psa_mac_sign_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1455 if( policy_alg == exercise_alg &&
1456 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1457 TEST_ASSERT( status == PSA_SUCCESS );
1458 else
1459 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1460 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1461
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1462 memset( mac, 0, sizeof( mac ) );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1463 status = psa_mac_verify_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1464 if( policy_alg == exercise_alg &&
1465 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1466 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1467 else
1468 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1469
1470exit:
1471 psa_mac_abort( &operation );
1472 psa_destroy_key( key_slot );
1473 mbedtls_psa_crypto_free( );
1474}
1475/* END_CASE */
1476
1477/* BEGIN_CASE */
1478void cipher_key_policy( int policy_usage,
1479 int policy_alg,
1480 int key_type,
1481 data_t *key_data,
1482 int exercise_alg )
1483{
1484 int key_slot = 1;
1485 psa_key_policy_t policy;
1486 psa_cipher_operation_t operation;
1487 psa_status_t status;
1488
1489 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1490
1491 psa_key_policy_init( &policy );
1492 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1493 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1494
1495 TEST_ASSERT( psa_import_key( key_slot, key_type,
1496 key_data->x, key_data->len ) == PSA_SUCCESS );
1497
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1498 status = psa_cipher_encrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1499 if( policy_alg == exercise_alg &&
1500 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1501 TEST_ASSERT( status == PSA_SUCCESS );
1502 else
1503 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1504 psa_cipher_abort( &operation );
1505
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1506 status = psa_cipher_decrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1507 if( policy_alg == exercise_alg &&
1508 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1509 TEST_ASSERT( status == PSA_SUCCESS );
1510 else
1511 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1512
1513exit:
1514 psa_cipher_abort( &operation );
1515 psa_destroy_key( key_slot );
1516 mbedtls_psa_crypto_free( );
1517}
1518/* END_CASE */
1519
1520/* BEGIN_CASE */
1521void aead_key_policy( int policy_usage,
1522 int policy_alg,
1523 int key_type,
1524 data_t *key_data,
1525 int nonce_length_arg,
1526 int tag_length_arg,
1527 int exercise_alg )
1528{
1529 int key_slot = 1;
1530 psa_key_policy_t policy;
1531 psa_status_t status;
1532 unsigned char nonce[16] = {0};
1533 size_t nonce_length = nonce_length_arg;
1534 unsigned char tag[16];
1535 size_t tag_length = tag_length_arg;
1536 size_t output_length;
1537
1538 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
1539 TEST_ASSERT( tag_length <= sizeof( tag ) );
1540
1541 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1542
1543 psa_key_policy_init( &policy );
1544 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1545 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1546
1547 TEST_ASSERT( psa_import_key( key_slot, key_type,
1548 key_data->x, key_data->len ) == PSA_SUCCESS );
1549
1550 status = psa_aead_encrypt( key_slot, exercise_alg,
1551 nonce, nonce_length,
1552 NULL, 0,
1553 NULL, 0,
1554 tag, tag_length,
1555 &output_length );
1556 if( policy_alg == exercise_alg &&
1557 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1558 TEST_ASSERT( status == PSA_SUCCESS );
1559 else
1560 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1561
1562 memset( tag, 0, sizeof( tag ) );
1563 status = psa_aead_decrypt( key_slot, exercise_alg,
1564 nonce, nonce_length,
1565 NULL, 0,
1566 tag, tag_length,
1567 NULL, 0,
1568 &output_length );
1569 if( policy_alg == exercise_alg &&
1570 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1571 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1572 else
1573 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1574
1575exit:
1576 psa_destroy_key( key_slot );
1577 mbedtls_psa_crypto_free( );
1578}
1579/* END_CASE */
1580
1581/* BEGIN_CASE */
1582void asymmetric_encryption_key_policy( int policy_usage,
1583 int policy_alg,
1584 int key_type,
1585 data_t *key_data,
1586 int exercise_alg )
1587{
1588 int key_slot = 1;
1589 psa_key_policy_t policy;
1590 psa_status_t status;
1591 size_t key_bits;
1592 size_t buffer_length;
1593 unsigned char *buffer = NULL;
1594 size_t output_length;
1595
1596 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1597
1598 psa_key_policy_init( &policy );
1599 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1600 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1601
1602 TEST_ASSERT( psa_import_key( key_slot, key_type,
1603 key_data->x, key_data->len ) == PSA_SUCCESS );
1604
1605 TEST_ASSERT( psa_get_key_information( key_slot,
1606 NULL,
1607 &key_bits ) == PSA_SUCCESS );
1608 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1609 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1610 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1611
1612 status = psa_asymmetric_encrypt( key_slot, exercise_alg,
1613 NULL, 0,
1614 NULL, 0,
1615 buffer, buffer_length,
1616 &output_length );
1617 if( policy_alg == exercise_alg &&
1618 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1619 TEST_ASSERT( status == PSA_SUCCESS );
1620 else
1621 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1622
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]1623 if( buffer_length != 0 )
1624 memset( buffer, 0, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1625 status = psa_asymmetric_decrypt( key_slot, exercise_alg,
1626 buffer, buffer_length,
1627 NULL, 0,
1628 buffer, buffer_length,
1629 &output_length );
1630 if( policy_alg == exercise_alg &&
1631 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1632 TEST_ASSERT( status == PSA_ERROR_INVALID_PADDING );
1633 else
1634 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1635
1636exit:
1637 psa_destroy_key( key_slot );
1638 mbedtls_psa_crypto_free( );
1639 mbedtls_free( buffer );
1640}
1641/* END_CASE */
1642
1643/* BEGIN_CASE */
1644void asymmetric_signature_key_policy( int policy_usage,
1645 int policy_alg,
1646 int key_type,
1647 data_t *key_data,
1648 int exercise_alg )
1649{
1650 int key_slot = 1;
1651 psa_key_policy_t policy;
1652 psa_status_t status;
1653 unsigned char payload[16] = {1};
1654 size_t payload_length = sizeof( payload );
1655 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
1656 size_t signature_length;
1657
1658 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1659
1660 psa_key_policy_init( &policy );
1661 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1662 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1663
1664 TEST_ASSERT( psa_import_key( key_slot, key_type,
1665 key_data->x, key_data->len ) == PSA_SUCCESS );
1666
1667 status = psa_asymmetric_sign( key_slot, exercise_alg,
1668 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1669 signature, sizeof( signature ),
1670 &signature_length );
1671 if( policy_alg == exercise_alg &&
1672 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1673 TEST_ASSERT( status == PSA_SUCCESS );
1674 else
1675 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1676
1677 memset( signature, 0, sizeof( signature ) );
1678 status = psa_asymmetric_verify( key_slot, exercise_alg,
1679 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1680 signature, sizeof( signature ) );
1681 if( policy_alg == exercise_alg &&
1682 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1683 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1684 else
1685 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1686
1687exit:
1688 psa_destroy_key( key_slot );
1689 mbedtls_psa_crypto_free( );
1690}
1691/* END_CASE */
1692
1693/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1694void derive_key_policy( int policy_usage,
1695 int policy_alg,
1696 int key_type,
1697 data_t *key_data,
1698 int exercise_alg )
1699{
1700 int key_slot = 1;
1701 psa_key_policy_t policy;
1702 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1703 psa_status_t status;
1704
1705 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1706
1707 psa_key_policy_init( &policy );
1708 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1709 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1710
1711 TEST_ASSERT( psa_import_key( key_slot, key_type,
1712 key_data->x, key_data->len ) == PSA_SUCCESS );
1713
1714 status = psa_key_derivation( &generator, key_slot,
1715 exercise_alg,
1716 NULL, 0,
1717 NULL, 0,
1718 1 );
1719 if( policy_alg == exercise_alg &&
1720 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1721 TEST_ASSERT( status == PSA_SUCCESS );
1722 else
1723 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1724
1725exit:
1726 psa_generator_abort( &generator );
1727 psa_destroy_key( key_slot );
1728 mbedtls_psa_crypto_free( );
1729}
1730/* END_CASE */
1731
1732/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1733void agreement_key_policy( int policy_usage,
1734 int policy_alg,
1735 int key_type_arg,
1736 data_t *key_data,
1737 int exercise_alg )
1738{
1739 int key_slot = 1;
1740 psa_key_policy_t policy;
1741 psa_key_type_t key_type = key_type_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1742 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1743 psa_status_t status;
1744
1745 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1746
1747 psa_key_policy_init( &policy );
1748 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1749 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1750
1751 TEST_ASSERT( psa_import_key( key_slot, key_type,
1752 key_data->x, key_data->len ) == PSA_SUCCESS );
1753
Gilles Peskinec7998b72018-11-07 18:45:02 +0100[diff] [blame]1754 status = key_agreement_with_self( &generator, key_slot, exercise_alg );
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1755
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1756 if( policy_alg == exercise_alg &&
1757 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1758 TEST_ASSERT( status == PSA_SUCCESS );
1759 else
1760 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1761
1762exit:
1763 psa_generator_abort( &generator );
1764 psa_destroy_key( key_slot );
1765 mbedtls_psa_crypto_free( );
1766}
1767/* END_CASE */
1768
1769/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1770void key_lifetime( int lifetime_arg )
1771{
1772 int key_slot = 1;
Gilles Peskinec32f0302018-08-10 16:02:11 +0200[diff] [blame]1773 psa_key_type_t key_type = PSA_KEY_TYPE_RAW_DATA;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1774 unsigned char key[32] = {0};
1775 psa_key_lifetime_t lifetime_set = lifetime_arg;
1776 psa_key_lifetime_t lifetime_get;
1777
1778 memset( key, 0x2a, sizeof( key ) );
1779
1780 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1781
1782 TEST_ASSERT( psa_set_key_lifetime( key_slot,
1783 lifetime_set ) == PSA_SUCCESS );
1784
1785 TEST_ASSERT( psa_import_key( key_slot, key_type,
1786 key, sizeof( key ) ) == PSA_SUCCESS );
1787
1788 TEST_ASSERT( psa_get_key_lifetime( key_slot,
1789 &lifetime_get ) == PSA_SUCCESS );
1790
1791 TEST_ASSERT( lifetime_get == lifetime_set );
1792
1793exit:
1794 psa_destroy_key( key_slot );
1795 mbedtls_psa_crypto_free( );
1796}
1797/* END_CASE */
1798
1799/* BEGIN_CASE */
1800void key_lifetime_set_fail( int key_slot_arg,
1801 int lifetime_arg,
1802 int expected_status_arg )
1803{
1804 psa_key_slot_t key_slot = key_slot_arg;
1805 psa_key_lifetime_t lifetime_set = lifetime_arg;
1806 psa_status_t actual_status;
1807 psa_status_t expected_status = expected_status_arg;
1808
1809 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1810
1811 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1812
1813 if( actual_status == PSA_SUCCESS )
1814 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1815
1816 TEST_ASSERT( expected_status == actual_status );
1817
1818exit:
1819 psa_destroy_key( key_slot );
1820 mbedtls_psa_crypto_free( );
1821}
1822/* END_CASE */
1823
1824/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1825void hash_setup( int alg_arg,
1826 int expected_status_arg )
1827{
1828 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1829 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1830 psa_hash_operation_t operation;
1831 psa_status_t status;
1832
1833 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1834
Gilles Peskineda8191d1c2018-07-08 19:46:38 +0200[diff] [blame]1835 status = psa_hash_setup( &operation, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1836 psa_hash_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1837 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1838
1839exit:
1840 mbedtls_psa_crypto_free( );
1841}
1842/* END_CASE */
1843
1844/* BEGIN_CASE */
itayzafrirf86548d2018-11-01 10:44:32 +0200[diff] [blame]1845void hash_bad_order( )
1846{
1847 unsigned char input[] = "";
1848 /* SHA-256 hash of an empty string */
1849 unsigned char hash[] = {
1850 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1851 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1852 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
1853 size_t hash_len;
1854 psa_hash_operation_t operation;
1855
1856 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1857
1858 /* psa_hash_update without calling psa_hash_setup beforehand */
1859 memset( &operation, 0, sizeof( operation ) );
1860 TEST_ASSERT( psa_hash_update( &operation,
1861 input, sizeof( input ) ) ==
1862 PSA_ERROR_INVALID_ARGUMENT );
1863
1864 /* psa_hash_verify without calling psa_hash_setup beforehand */
1865 memset( &operation, 0, sizeof( operation ) );
1866 TEST_ASSERT( psa_hash_verify( &operation,
1867 hash, sizeof( hash ) ) ==
1868 PSA_ERROR_INVALID_ARGUMENT );
1869
1870 /* psa_hash_finish without calling psa_hash_setup beforehand */
1871 memset( &operation, 0, sizeof( operation ) );
1872 TEST_ASSERT( psa_hash_finish( &operation,
1873 hash, sizeof( hash ), &hash_len ) ==
1874 PSA_ERROR_INVALID_ARGUMENT );
1875
1876exit:
1877 mbedtls_psa_crypto_free( );
1878}
1879/* END_CASE */
1880
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1881/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1882void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1883{
1884 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1885 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1886 * appended to it */
1887 unsigned char hash[] = {
1888 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1889 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1890 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1891 size_t expected_size = PSA_HASH_SIZE( alg );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1892 psa_hash_operation_t operation;
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1893
1894 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1895
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1896 /* psa_hash_verify with a smaller hash than expected */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1897 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1898 TEST_ASSERT( psa_hash_verify( &operation,
1899 hash, expected_size - 1 ) ==
1900 PSA_ERROR_INVALID_SIGNATURE );
1901
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1902 /* psa_hash_verify with a non-matching hash */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1903 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1904 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1905 hash + 1, expected_size ) ==
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1906 PSA_ERROR_INVALID_SIGNATURE );
1907
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1908 /* psa_hash_verify with a hash longer than expected */
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1909 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1910 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1911 hash, sizeof( hash ) ) ==
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1912 PSA_ERROR_INVALID_SIGNATURE );
1913
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1914exit:
1915 mbedtls_psa_crypto_free( );
1916}
1917/* END_CASE */
1918
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1919/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1920void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1921{
1922 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1923 unsigned char hash[PSA_HASH_MAX_SIZE];
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1924 size_t expected_size = PSA_HASH_SIZE( alg );
1925 psa_hash_operation_t operation;
1926 size_t hash_len;
1927
1928 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1929
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1930 /* psa_hash_finish with a smaller hash buffer than expected */
1931 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1932 TEST_ASSERT( psa_hash_finish( &operation,
1933 hash, expected_size - 1,
1934 &hash_len ) == PSA_ERROR_BUFFER_TOO_SMALL );
1935
1936exit:
1937 mbedtls_psa_crypto_free( );
1938}
1939/* END_CASE */
1940
1941/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1942void mac_setup( int key_type_arg,
1943 data_t *key,
1944 int alg_arg,
1945 int expected_status_arg )
1946{
1947 int key_slot = 1;
1948 psa_key_type_t key_type = key_type_arg;
1949 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1950 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1951 psa_mac_operation_t operation;
1952 psa_key_policy_t policy;
1953 psa_status_t status;
1954
1955 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1956
1957 psa_key_policy_init( &policy );
1958 psa_key_policy_set_usage( &policy,
1959 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
1960 alg );
1961 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1962
1963 TEST_ASSERT( psa_import_key( key_slot, key_type,
1964 key->x, key->len ) == PSA_SUCCESS );
1965
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1966 status = psa_mac_sign_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1967 psa_mac_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1968 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1969
1970exit:
1971 psa_destroy_key( key_slot );
1972 mbedtls_psa_crypto_free( );
1973}
1974/* END_CASE */
1975
1976/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1977void mac_sign( int key_type_arg,
1978 data_t *key,
1979 int alg_arg,
1980 data_t *input,
1981 data_t *expected_mac )
1982{
1983 int key_slot = 1;
1984 psa_key_type_t key_type = key_type_arg;
1985 psa_algorithm_t alg = alg_arg;
1986 psa_mac_operation_t operation;
1987 psa_key_policy_t policy;
1988 /* Leave a little extra room in the output buffer. At the end of the
1989 * test, we'll check that the implementation didn't overwrite onto
1990 * this extra room. */
1991 uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10];
1992 size_t mac_buffer_size =
1993 PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
1994 size_t mac_length = 0;
1995
1996 memset( actual_mac, '+', sizeof( actual_mac ) );
1997 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
1998 TEST_ASSERT( expected_mac->len <= mac_buffer_size );
1999
2000 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2001
2002 psa_key_policy_init( &policy );
2003 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
2004 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2005
2006 TEST_ASSERT( psa_import_key( key_slot, key_type,
2007 key->x, key->len ) == PSA_SUCCESS );
2008
2009 /* Calculate the MAC. */
2010 TEST_ASSERT( psa_mac_sign_setup( &operation,
2011 key_slot, alg ) == PSA_SUCCESS );
2012 TEST_ASSERT( psa_mac_update( &operation,
2013 input->x, input->len ) == PSA_SUCCESS );
2014 TEST_ASSERT( psa_mac_sign_finish( &operation,
2015 actual_mac, mac_buffer_size,
2016 &mac_length ) == PSA_SUCCESS );
2017
2018 /* Compare with the expected value. */
2019 TEST_ASSERT( mac_length == expected_mac->len );
2020 TEST_ASSERT( memcmp( actual_mac, expected_mac->x, mac_length ) == 0 );
2021
2022 /* Verify that the end of the buffer is untouched. */
2023 TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+',
2024 sizeof( actual_mac ) - mac_length ) );
2025
2026exit:
2027 psa_destroy_key( key_slot );
2028 mbedtls_psa_crypto_free( );
2029}
2030/* END_CASE */
2031
2032/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]2033void mac_verify( int key_type_arg,
2034 data_t *key,
2035 int alg_arg,
2036 data_t *input,
2037 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2038{
2039 int key_slot = 1;
2040 psa_key_type_t key_type = key_type_arg;
2041 psa_algorithm_t alg = alg_arg;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2042 psa_mac_operation_t operation;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]2043 psa_key_policy_t policy;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2044
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2045 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
2046
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2047 TEST_ASSERT( key != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2048 TEST_ASSERT( input != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2049 TEST_ASSERT( expected_mac != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2050 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2051 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2052 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2053
2054 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2055
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]2056 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2057 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]2058 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2059
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2060 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2061 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]2062
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]2063 TEST_ASSERT( psa_mac_verify_setup( &operation,
2064 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2065 TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
2066 TEST_ASSERT( psa_mac_update( &operation,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2067 input->x, input->len ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]2068 TEST_ASSERT( psa_mac_verify_finish( &operation,
2069 expected_mac->x,
2070 expected_mac->len ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2071
2072exit:
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2073 psa_destroy_key( key_slot );
2074 mbedtls_psa_crypto_free( );
2075}
2076/* END_CASE */
2077
2078/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2079void cipher_setup( int key_type_arg,
2080 data_t *key,
2081 int alg_arg,
2082 int expected_status_arg )
2083{
2084 int key_slot = 1;
2085 psa_key_type_t key_type = key_type_arg;
2086 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2087 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2088 psa_cipher_operation_t operation;
2089 psa_key_policy_t policy;
2090 psa_status_t status;
2091
2092 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2093
2094 psa_key_policy_init( &policy );
2095 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2096 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2097
2098 TEST_ASSERT( psa_import_key( key_slot, key_type,
2099 key->x, key->len ) == PSA_SUCCESS );
2100
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2101 status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2102 psa_cipher_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2103 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2104
2105exit:
2106 psa_destroy_key( key_slot );
2107 mbedtls_psa_crypto_free( );
2108}
2109/* END_CASE */
2110
2111/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2112void cipher_encrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2113 data_t *key,
2114 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2115 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2116{
2117 int key_slot = 1;
2118 psa_status_t status;
2119 psa_key_type_t key_type = key_type_arg;
2120 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2121 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2122 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2123 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2124 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2125 size_t output_buffer_size = 0;
2126 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2127 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2128 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2129 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2130
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2131 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2132 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2133 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2134 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2135 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2136 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2137
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2138 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2139 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2140
2141 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2142
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2143 psa_key_policy_init( &policy );
2144 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2145 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2146
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2147 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2148 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2149
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2150 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
2151 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2152
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2153 TEST_ASSERT( psa_cipher_set_iv( &operation,
2154 iv, iv_size ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2155 output_buffer_size = (size_t) input->len +
2156 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2157 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2158
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2159 TEST_ASSERT( psa_cipher_update( &operation,
2160 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2161 output, output_buffer_size,
2162 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2163 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2164 status = psa_cipher_finish( &operation,
2165 output + function_output_length,
2166 output_buffer_size,
2167 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2168 total_output_length += function_output_length;
2169
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2170 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2171 if( expected_status == PSA_SUCCESS )
2172 {
2173 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2174 ASSERT_COMPARE( expected_output->x, expected_output->len,
2175 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2176 }
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2177
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2178exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2179 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2180 psa_destroy_key( key_slot );
2181 mbedtls_psa_crypto_free( );
2182}
2183/* END_CASE */
2184
2185/* BEGIN_CASE */
2186void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2187 data_t *key,
2188 data_t *input,
2189 int first_part_size,
2190 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2191{
2192 int key_slot = 1;
2193 psa_key_type_t key_type = key_type_arg;
2194 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2195 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2196 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2197 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2198 size_t output_buffer_size = 0;
2199 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2200 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2201 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2202 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2203
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2204 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2205 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2206 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2207 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2208 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2209 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2210
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2211 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2212 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2213
2214 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2215
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2216 psa_key_policy_init( &policy );
2217 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2218 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2219
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2220 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2221 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2222
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2223 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
2224 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2225
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2226 TEST_ASSERT( psa_cipher_set_iv( &operation,
2227 iv, sizeof( iv ) ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2228 output_buffer_size = (size_t) input->len +
2229 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2230 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2231
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2232 TEST_ASSERT( (unsigned int) first_part_size < input->len );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2233 TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2234 output, output_buffer_size,
2235 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2236 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2237 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2238 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2239 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2240 output, output_buffer_size,
2241 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2242 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2243 TEST_ASSERT( psa_cipher_finish( &operation,
2244 output + function_output_length,
2245 output_buffer_size,
2246 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2247 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2248 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2249
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2250 ASSERT_COMPARE( expected_output->x, expected_output->len,
2251 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2252
2253exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2254 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2255 psa_destroy_key( key_slot );
2256 mbedtls_psa_crypto_free( );
2257}
2258/* END_CASE */
2259
2260/* BEGIN_CASE */
2261void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2262 data_t *key,
2263 data_t *input,
2264 int first_part_size,
2265 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2266{
2267 int key_slot = 1;
2268
2269 psa_key_type_t key_type = key_type_arg;
2270 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2271 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2272 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2273 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2274 size_t output_buffer_size = 0;
2275 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2276 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2277 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2278 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2279
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2280 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2281 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2282 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2283 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2284 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2285 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2286
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2287 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2288 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2289
2290 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2291
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2292 psa_key_policy_init( &policy );
2293 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2294 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2295
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2296 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2297 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2298
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2299 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2300 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2301
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2302 TEST_ASSERT( psa_cipher_set_iv( &operation,
2303 iv, sizeof( iv ) ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2304
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2305 output_buffer_size = (size_t) input->len +
2306 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2307 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2308
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2309 TEST_ASSERT( (unsigned int) first_part_size < input->len );
2310 TEST_ASSERT( psa_cipher_update( &operation,
2311 input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2312 output, output_buffer_size,
2313 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2314 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2315 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2316 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2317 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2318 output, output_buffer_size,
2319 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2320 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2321 TEST_ASSERT( psa_cipher_finish( &operation,
2322 output + function_output_length,
2323 output_buffer_size,
2324 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2325 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2326 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2327
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2328 ASSERT_COMPARE( expected_output->x, expected_output->len,
2329 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2330
2331exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2332 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2333 psa_destroy_key( key_slot );
2334 mbedtls_psa_crypto_free( );
2335}
2336/* END_CASE */
2337
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2338/* BEGIN_CASE */
2339void cipher_decrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2340 data_t *key,
2341 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2342 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2343{
2344 int key_slot = 1;
2345 psa_status_t status;
2346 psa_key_type_t key_type = key_type_arg;
2347 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2348 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2349 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2350 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2351 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2352 size_t output_buffer_size = 0;
2353 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2354 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2355 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2356 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2357
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2358 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2359 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2360 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2361 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2362 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2363 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2364
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2365 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2366 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2367
2368 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2369
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2370 psa_key_policy_init( &policy );
2371 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2372 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2373
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2374 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2375 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2376
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2377 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2378 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2379
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2380 TEST_ASSERT( psa_cipher_set_iv( &operation,
2381 iv, iv_size ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2382
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2383 output_buffer_size = (size_t) input->len +
2384 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2385 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2386
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2387 TEST_ASSERT( psa_cipher_update( &operation,
2388 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2389 output, output_buffer_size,
2390 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2391 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2392 status = psa_cipher_finish( &operation,
2393 output + function_output_length,
2394 output_buffer_size,
2395 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2396 total_output_length += function_output_length;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2397 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2398
2399 if( expected_status == PSA_SUCCESS )
2400 {
2401 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2402 ASSERT_COMPARE( expected_output->x, expected_output->len,
2403 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2404 }
2405
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2406exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2407 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2408 psa_destroy_key( key_slot );
2409 mbedtls_psa_crypto_free( );
2410}
2411/* END_CASE */
2412
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2413/* BEGIN_CASE */
2414void cipher_verify_output( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2415 data_t *key,
2416 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2417{
2418 int key_slot = 1;
2419 psa_key_type_t key_type = key_type_arg;
2420 psa_algorithm_t alg = alg_arg;
mohammad1603e6b67a12018-03-12 10:38:49 -0700[diff] [blame]2421 unsigned char iv[16] = {0};
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2422 size_t iv_size = 16;
2423 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2424 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2425 size_t output1_size = 0;
2426 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2427 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2428 size_t output2_size = 0;
2429 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2430 size_t function_output_length = 0;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2431 psa_cipher_operation_t operation1;
2432 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2433 psa_key_policy_t policy;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2434
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2435 TEST_ASSERT( key != NULL );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2436 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2437 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2438 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2439
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2440 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2441
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2442 psa_key_policy_init( &policy );
2443 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2444 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2445
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2446 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2447 key->x, key->len ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2448
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2449 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2450 key_slot, alg ) == PSA_SUCCESS );
2451 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2452 key_slot, alg ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2453
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2454 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2455 iv, iv_size,
2456 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2457 output1_size = (size_t) input->len +
2458 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2459 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2460
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2461 TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2462 output1, output1_size,
2463 &output1_length ) == PSA_SUCCESS );
2464 TEST_ASSERT( psa_cipher_finish( &operation1,
2465 output1 + output1_length, output1_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2466 &function_output_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2467
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2468 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2469
2470 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2471
2472 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2473 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2474
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2475 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2476 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2477 TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
2478 output2, output2_size,
2479 &output2_length ) == PSA_SUCCESS );
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2480 function_output_length = 0;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2481 TEST_ASSERT( psa_cipher_finish( &operation2,
2482 output2 + output2_length,
2483 output2_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2484 &function_output_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2485
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2486 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2487
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2488 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2489
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2490 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2491
2492exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2493 mbedtls_free( output1 );
2494 mbedtls_free( output2 );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2495 psa_destroy_key( key_slot );
2496 mbedtls_psa_crypto_free( );
2497}
2498/* END_CASE */
2499
2500/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2501void cipher_verify_output_multipart( int alg_arg,
2502 int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2503 data_t *key,
2504 data_t *input,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2505 int first_part_size )
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2506{
2507 int key_slot = 1;
2508 psa_key_type_t key_type = key_type_arg;
2509 psa_algorithm_t alg = alg_arg;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2510 unsigned char iv[16] = {0};
2511 size_t iv_size = 16;
2512 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2513 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2514 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2515 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2516 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2517 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2518 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2519 size_t function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2520 psa_cipher_operation_t operation1;
2521 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2522 psa_key_policy_t policy;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2523
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2524 TEST_ASSERT( key != NULL );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2525 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2526 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2527 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2528
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2529 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2530
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2531 psa_key_policy_init( &policy );
2532 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2533 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2534
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2535 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2536 key->x, key->len ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2537
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2538 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2539 key_slot, alg ) == PSA_SUCCESS );
2540 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2541 key_slot, alg ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2542
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2543 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2544 iv, iv_size,
2545 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2546 output1_buffer_size = (size_t) input->len +
2547 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2548 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2549
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2550 TEST_ASSERT( (unsigned int) first_part_size < input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2551
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2552 TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2553 output1, output1_buffer_size,
2554 &function_output_length ) == PSA_SUCCESS );
2555 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2556
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2557 TEST_ASSERT( psa_cipher_update( &operation1,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2558 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2559 input->len - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2560 output1, output1_buffer_size,
2561 &function_output_length ) == PSA_SUCCESS );
2562 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2563
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2564 TEST_ASSERT( psa_cipher_finish( &operation1,
2565 output1 + output1_length,
2566 output1_buffer_size - output1_length,
2567 &function_output_length ) == PSA_SUCCESS );
2568 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2569
2570 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2571
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2572 output2_buffer_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2573 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2574
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2575 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2576 iv, iv_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2577
2578 TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2579 output2, output2_buffer_size,
2580 &function_output_length ) == PSA_SUCCESS );
2581 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2582
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2583 TEST_ASSERT( psa_cipher_update( &operation2,
2584 output1 + first_part_size,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2585 output1_length - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2586 output2, output2_buffer_size,
2587 &function_output_length ) == PSA_SUCCESS );
2588 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2589
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2590 TEST_ASSERT( psa_cipher_finish( &operation2,
2591 output2 + output2_length,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2592 output2_buffer_size - output2_length,
2593 &function_output_length ) == PSA_SUCCESS );
2594 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2595
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2596 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2597
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2598 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2599
2600exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2601 mbedtls_free( output1 );
2602 mbedtls_free( output2 );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2603 psa_destroy_key( key_slot );
2604 mbedtls_psa_crypto_free( );
2605}
2606/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +0200[diff] [blame]2607
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2608/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2609void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2610 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2611 data_t *nonce,
2612 data_t *additional_data,
2613 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2614 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2615{
2616 int slot = 1;
2617 psa_key_type_t key_type = key_type_arg;
2618 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2619 unsigned char *output_data = NULL;
2620 size_t output_size = 0;
2621 size_t output_length = 0;
2622 unsigned char *output_data2 = NULL;
2623 size_t output_length2 = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2624 size_t tag_length = 16;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2625 psa_status_t expected_result = expected_result_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2626 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2627
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2628 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2629 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2630 TEST_ASSERT( nonce != NULL );
2631 TEST_ASSERT( additional_data != NULL );
2632 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2633 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2634 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2635 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2636
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2637 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2638 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2639
2640 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2641
2642 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2643 psa_key_policy_set_usage( &policy,
2644 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
2645 alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2646 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2647
2648 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2649 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2650
2651 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2652 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2653 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2654 additional_data->len,
2655 input_data->x, input_data->len,
2656 output_data, output_size,
2657 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2658
2659 if( PSA_SUCCESS == expected_result )
2660 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2661 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2662
2663 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2664 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2665 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2666 additional_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2667 output_data, output_length,
2668 output_data2, output_length,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2669 &output_length2 ) == expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2670
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2671 ASSERT_COMPARE( input_data->x, input_data->len,
2672 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2673 }
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2674
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2675exit:
2676 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2677 mbedtls_free( output_data );
2678 mbedtls_free( output_data2 );
2679 mbedtls_psa_crypto_free( );
2680}
2681/* END_CASE */
2682
2683/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2684void aead_encrypt( int key_type_arg, data_t *key_data,
2685 int alg_arg,
2686 data_t *nonce,
2687 data_t *additional_data,
2688 data_t *input_data,
2689 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2690{
2691 int slot = 1;
2692 psa_key_type_t key_type = key_type_arg;
2693 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2694 unsigned char *output_data = NULL;
2695 size_t output_size = 0;
2696 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2697 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2698 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2699
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2700 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2701 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2702 TEST_ASSERT( additional_data != NULL );
2703 TEST_ASSERT( nonce != NULL );
2704 TEST_ASSERT( expected_result != NULL );
2705 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2706 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2707 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2708 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2709 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) );
2710
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2711 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2712 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2713
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2714 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2715
2716 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2717 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2718 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2719
2720 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2721 key_data->x,
2722 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2723
2724 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2725 nonce->x, nonce->len,
2726 additional_data->x, additional_data->len,
2727 input_data->x, input_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2728 output_data, output_size,
2729 &output_length ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2730
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2731 ASSERT_COMPARE( expected_result->x, expected_result->len,
2732 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2733
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2734exit:
2735 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2736 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2737 mbedtls_psa_crypto_free( );
2738}
2739/* END_CASE */
2740
2741/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2742void aead_decrypt( int key_type_arg, data_t *key_data,
2743 int alg_arg,
2744 data_t *nonce,
2745 data_t *additional_data,
2746 data_t *input_data,
2747 data_t *expected_data,
2748 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2749{
2750 int slot = 1;
2751 psa_key_type_t key_type = key_type_arg;
2752 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2753 unsigned char *output_data = NULL;
2754 size_t output_size = 0;
2755 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2756 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2757 psa_key_policy_t policy;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2758 psa_status_t expected_result = expected_result_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2759
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2760 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2761 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2762 TEST_ASSERT( additional_data != NULL );
2763 TEST_ASSERT( nonce != NULL );
2764 TEST_ASSERT( expected_data != NULL );
2765 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2766 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2767 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2768 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2769 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2770
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2771 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2772 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2773
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2774 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2775
2776 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2777 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2778 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2779
2780 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2781 key_data->x,
2782 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2783
2784 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2785 nonce->x, nonce->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2786 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2787 additional_data->len,
2788 input_data->x, input_data->len,
2789 output_data, output_size,
2790 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2791
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2792 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2793 ASSERT_COMPARE( expected_data->x, expected_data->len,
2794 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2795
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2796exit:
2797 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2798 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2799 mbedtls_psa_crypto_free( );
2800}
2801/* END_CASE */
2802
2803/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2804void signature_size( int type_arg,
2805 int bits,
2806 int alg_arg,
2807 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2808{
2809 psa_key_type_t type = type_arg;
2810 psa_algorithm_t alg = alg_arg;
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2811 size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2812 TEST_ASSERT( actual_size == (size_t) expected_size_arg );
2813exit:
2814 ;
2815}
2816/* END_CASE */
2817
2818/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2819void sign_deterministic( int key_type_arg, data_t *key_data,
2820 int alg_arg, data_t *input_data,
2821 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2822{
2823 int slot = 1;
2824 psa_key_type_t key_type = key_type_arg;
2825 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2826 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2827 unsigned char *signature = NULL;
2828 size_t signature_size;
2829 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2830 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2831
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2832 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2833 TEST_ASSERT( input_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2834 TEST_ASSERT( output_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2835 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2836 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2837 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2838
2839 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2840
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2841 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2842 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2843 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2844
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2845 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2846 key_data->x,
2847 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2848 TEST_ASSERT( psa_get_key_information( slot,
2849 NULL,
2850 &key_bits ) == PSA_SUCCESS );
2851
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2852 /* Allocate a buffer which has the size advertized by the
2853 * library. */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2854 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2855 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2856 TEST_ASSERT( signature_size != 0 );
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2857 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2858 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2859
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2860 /* Perform the signature. */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2861 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2862 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2863 signature, signature_size,
2864 &signature_length ) == PSA_SUCCESS );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2865 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2866 ASSERT_COMPARE( output_data->x, output_data->len,
2867 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2868
2869exit:
2870 psa_destroy_key( slot );
Gilles Peskine0189e752018-02-03 23:57:22 +0100[diff] [blame]2871 mbedtls_free( signature );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2872 mbedtls_psa_crypto_free( );
2873}
2874/* END_CASE */
2875
2876/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2877void sign_fail( int key_type_arg, data_t *key_data,
2878 int alg_arg, data_t *input_data,
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2879 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2880{
2881 int slot = 1;
2882 psa_key_type_t key_type = key_type_arg;
2883 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2884 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2885 psa_status_t actual_status;
2886 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +0100[diff] [blame]2887 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]2888 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2889 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2890
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2891 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2892 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2893 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2894 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2895
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2896 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2897
2898 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2899
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2900 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2901 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2902 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2903
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2904 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2905 key_data->x,
2906 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2907
2908 actual_status = psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2909 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2910 signature, signature_size,
2911 &signature_length );
2912 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2913 /* The value of *signature_length is unspecified on error, but
2914 * whatever it is, it should be less than signature_size, so that
2915 * if the caller tries to read *signature_length bytes without
2916 * checking the error code then they don't overflow a buffer. */
2917 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2918
2919exit:
2920 psa_destroy_key( slot );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2921 mbedtls_free( signature );
2922 mbedtls_psa_crypto_free( );
2923}
2924/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]2925
2926/* BEGIN_CASE */
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2927void sign_verify( int key_type_arg, data_t *key_data,
2928 int alg_arg, data_t *input_data )
2929{
2930 int slot = 1;
2931 psa_key_type_t key_type = key_type_arg;
2932 psa_algorithm_t alg = alg_arg;
2933 size_t key_bits;
2934 unsigned char *signature = NULL;
2935 size_t signature_size;
2936 size_t signature_length = 0xdeadbeef;
2937 psa_key_policy_t policy;
2938
2939 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2940
2941 psa_key_policy_init( &policy );
2942 psa_key_policy_set_usage( &policy,
2943 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
2944 alg );
2945 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2946
2947 TEST_ASSERT( psa_import_key( slot, key_type,
2948 key_data->x,
2949 key_data->len ) == PSA_SUCCESS );
2950 TEST_ASSERT( psa_get_key_information( slot,
2951 NULL,
2952 &key_bits ) == PSA_SUCCESS );
2953
2954 /* Allocate a buffer which has the size advertized by the
2955 * library. */
2956 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2957 key_bits, alg );
2958 TEST_ASSERT( signature_size != 0 );
2959 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2960 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2961
2962 /* Perform the signature. */
2963 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
2964 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2965 signature, signature_size,
2966 &signature_length ) == PSA_SUCCESS );
2967 /* Check that the signature length looks sensible. */
2968 TEST_ASSERT( signature_length <= signature_size );
2969 TEST_ASSERT( signature_length > 0 );
2970
2971 /* Use the library to verify that the signature is correct. */
2972 TEST_ASSERT( psa_asymmetric_verify(
2973 slot, alg,
2974 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2975 signature, signature_length ) == PSA_SUCCESS );
2976
2977 if( input_data->len != 0 )
2978 {
2979 /* Flip a bit in the input and verify that the signature is now
2980 * detected as invalid. Flip a bit at the beginning, not at the end,
2981 * because ECDSA may ignore the last few bits of the input. */
2982 input_data->x[0] ^= 1;
2983 TEST_ASSERT( psa_asymmetric_verify(
2984 slot, alg,
2985 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2986 signature,
2987 signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
2988 }
2989
2990exit:
2991 psa_destroy_key( slot );
2992 mbedtls_free( signature );
2993 mbedtls_psa_crypto_free( );
2994}
2995/* END_CASE */
2996
2997/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2998void asymmetric_verify( int key_type_arg, data_t *key_data,
2999 int alg_arg, data_t *hash_data,
3000 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3001{
3002 int slot = 1;
3003 psa_key_type_t key_type = key_type_arg;
3004 psa_algorithm_t alg = alg_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3005 psa_key_policy_t policy;
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3006
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]3007 TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
3008
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3009 TEST_ASSERT( key_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3010 TEST_ASSERT( hash_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3011 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3012 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3013 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
3014 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3015
3016 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3017
3018 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3019 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3020 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3021
3022 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3023 key_data->x,
3024 key_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3025
3026 TEST_ASSERT( psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3027 hash_data->x, hash_data->len,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3028 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3029 signature_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3030exit:
3031 psa_destroy_key( slot );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3032 mbedtls_psa_crypto_free( );
3033}
3034/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3035
3036/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3037void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
3038 int alg_arg, data_t *hash_data,
3039 data_t *signature_data,
3040 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3041{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3042 int slot = 1;
3043 psa_key_type_t key_type = key_type_arg;
3044 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3045 psa_status_t actual_status;
3046 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3047 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3048
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3049 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3050 TEST_ASSERT( hash_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3051 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3052 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3053 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
3054 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3055
3056 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3057
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3058 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3059 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3060 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3061
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3062 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3063 key_data->x,
3064 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3065
3066 actual_status = psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3067 hash_data->x, hash_data->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3068 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3069 signature_data->len );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3070
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3071 TEST_ASSERT( actual_status == expected_status );
3072
3073exit:
3074 psa_destroy_key( slot );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3075 mbedtls_psa_crypto_free( );
3076}
3077/* END_CASE */
3078
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3079/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3080void asymmetric_encrypt( int key_type_arg,
3081 data_t *key_data,
3082 int alg_arg,
3083 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3084 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3085 int expected_output_length_arg,
3086 int expected_status_arg )
3087{
3088 int slot = 1;
3089 psa_key_type_t key_type = key_type_arg;
3090 psa_algorithm_t alg = alg_arg;
3091 size_t expected_output_length = expected_output_length_arg;
3092 size_t key_bits;
3093 unsigned char *output = NULL;
3094 size_t output_size;
3095 size_t output_length = ~0;
3096 psa_status_t actual_status;
3097 psa_status_t expected_status = expected_status_arg;
3098 psa_key_policy_t policy;
3099
3100 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3101
3102 /* Import the key */
3103 psa_key_policy_init( &policy );
3104 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
3105 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3106 TEST_ASSERT( psa_import_key( slot, key_type,
3107 key_data->x,
3108 key_data->len ) == PSA_SUCCESS );
3109
3110 /* Determine the maximum output length */
3111 TEST_ASSERT( psa_get_key_information( slot,
3112 NULL,
3113 &key_bits ) == PSA_SUCCESS );
3114 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3115 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3116
3117 /* Encrypt the input */
3118 actual_status = psa_asymmetric_encrypt( slot, alg,
3119 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3120 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3121 output, output_size,
3122 &output_length );
3123 TEST_ASSERT( actual_status == expected_status );
3124 TEST_ASSERT( output_length == expected_output_length );
3125
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3126 /* If the label is empty, the test framework puts a non-null pointer
3127 * in label->x. Test that a null pointer works as well. */
3128 if( label->len == 0 )
3129 {
3130 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3131 if( output_size != 0 )
3132 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3133 actual_status = psa_asymmetric_encrypt( slot, alg,
3134 input_data->x, input_data->len,
3135 NULL, label->len,
3136 output, output_size,
3137 &output_length );
3138 TEST_ASSERT( actual_status == expected_status );
3139 TEST_ASSERT( output_length == expected_output_length );
3140 }
3141
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3142exit:
3143 psa_destroy_key( slot );
3144 mbedtls_free( output );
3145 mbedtls_psa_crypto_free( );
3146}
3147/* END_CASE */
3148
3149/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3150void asymmetric_encrypt_decrypt( int key_type_arg,
3151 data_t *key_data,
3152 int alg_arg,
3153 data_t *input_data,
3154 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3155{
3156 int slot = 1;
3157 psa_key_type_t key_type = key_type_arg;
3158 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3159 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3160 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3161 size_t output_size;
3162 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]3163 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3164 size_t output2_size;
3165 size_t output2_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3166 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3167
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3168 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3169 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3170 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3171 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3172
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3173 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3174
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3175 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]3176 psa_key_policy_set_usage( &policy,
3177 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3178 alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3179 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3180
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3181 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3182 key_data->x,
3183 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3184
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3185
3186 /* Determine the maximum ciphertext length */
3187 TEST_ASSERT( psa_get_key_information( slot,
3188 NULL,
3189 &key_bits ) == PSA_SUCCESS );
3190 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3191 ASSERT_ALLOC( output, output_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3192 output2_size = input_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3193 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3194
Gilles Peskineeebd7382018-06-08 18:11:54 +0200[diff] [blame]3195 /* We test encryption by checking that encrypt-then-decrypt gives back
3196 * the original plaintext because of the non-optional random
3197 * part of encryption process which prevents using fixed vectors. */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3198 TEST_ASSERT( psa_asymmetric_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3199 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3200 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3201 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3202 &output_length ) == PSA_SUCCESS );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3203 /* We don't know what ciphertext length to expect, but check that
3204 * it looks sensible. */
3205 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]3206
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3207 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3208 output, output_length,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3209 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3210 output2, output2_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3211 &output2_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3212 ASSERT_COMPARE( input_data->x, input_data->len,
3213 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3214
3215exit:
3216 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3217 mbedtls_free( output );
3218 mbedtls_free( output2 );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3219 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3220}
3221/* END_CASE */
3222
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3223/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3224void asymmetric_decrypt( int key_type_arg,
3225 data_t *key_data,
3226 int alg_arg,
3227 data_t *input_data,
3228 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +0200[diff] [blame]3229 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3230{
3231 int slot = 1;
3232 psa_key_type_t key_type = key_type_arg;
3233 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3234 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]3235 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3236 size_t output_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3237 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3238
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3239 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3240 TEST_ASSERT( input_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3241 TEST_ASSERT( expected_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3242 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3243 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3244 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
3245
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3246 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3247 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3248
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3249 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3250
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3251 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3252 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3253 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3254
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3255 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3256 key_data->x,
3257 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3258
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]3259 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3260 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3261 label->x, label->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3262 output,
3263 output_size,
3264 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3265 ASSERT_COMPARE( expected_data->x, expected_data->len,
3266 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3267
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3268 /* If the label is empty, the test framework puts a non-null pointer
3269 * in label->x. Test that a null pointer works as well. */
3270 if( label->len == 0 )
3271 {
3272 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3273 if( output_size != 0 )
3274 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3275 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
3276 input_data->x, input_data->len,
3277 NULL, label->len,
3278 output,
3279 output_size,
3280 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3281 ASSERT_COMPARE( expected_data->x, expected_data->len,
3282 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3283 }
3284
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3285exit:
3286 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3287 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3288 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3289}
3290/* END_CASE */
3291
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3292/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3293void asymmetric_decrypt_fail( int key_type_arg,
3294 data_t *key_data,
3295 int alg_arg,
3296 data_t *input_data,
3297 data_t *label,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3298 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3299{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3300 int slot = 1;
3301 psa_key_type_t key_type = key_type_arg;
3302 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3303 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]3304 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3305 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3306 psa_status_t actual_status;
3307 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3308 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3309
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3310 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3311 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3312 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3313 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3314
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3315 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3316 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3317
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3318 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3319
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3320 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3321 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3322 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3323
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3324 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3325 key_data->x,
3326 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3327
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3328 actual_status = psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3329 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3330 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3331 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3332 &output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3333 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3334 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3335
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3336 /* If the label is empty, the test framework puts a non-null pointer
3337 * in label->x. Test that a null pointer works as well. */
3338 if( label->len == 0 )
3339 {
3340 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3341 if( output_size != 0 )
3342 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3343 actual_status = psa_asymmetric_decrypt( slot, alg,
3344 input_data->x, input_data->len,
3345 NULL, label->len,
3346 output, output_size,
3347 &output_length );
3348 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3349 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3350 }
3351
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3352exit:
3353 psa_destroy_key( slot );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3354 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3355 mbedtls_psa_crypto_free( );
3356}
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3357/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3358
3359/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]3360void derive_setup( int key_type_arg,
3361 data_t *key_data,
3362 int alg_arg,
3363 data_t *salt,
3364 data_t *label,
3365 int requested_capacity_arg,
3366 int expected_status_arg )
3367{
3368 psa_key_slot_t slot = 1;
3369 size_t key_type = key_type_arg;
3370 psa_algorithm_t alg = alg_arg;
3371 size_t requested_capacity = requested_capacity_arg;
3372 psa_status_t expected_status = expected_status_arg;
3373 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3374 psa_key_policy_t policy;
3375
3376 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3377
3378 psa_key_policy_init( &policy );
3379 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3380 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3381
3382 TEST_ASSERT( psa_import_key( slot, key_type,
3383 key_data->x,
3384 key_data->len ) == PSA_SUCCESS );
3385
3386 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3387 salt->x, salt->len,
3388 label->x, label->len,
3389 requested_capacity ) == expected_status );
3390
3391exit:
3392 psa_generator_abort( &generator );
3393 psa_destroy_key( slot );
3394 mbedtls_psa_crypto_free( );
3395}
3396/* END_CASE */
3397
3398/* BEGIN_CASE */
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3399void test_derive_invalid_generator_state( )
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3400{
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3401 psa_key_slot_t base_key = 1;
Nir Sonnenschein4eda37b2018-10-31 12:15:58 +0200[diff] [blame]3402 size_t key_type = PSA_KEY_TYPE_DERIVE;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3403 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3404 psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3405 uint8_t buffer[42];
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3406 size_t capacity = sizeof( buffer );
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3407 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
3408 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
3409 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3410 psa_key_policy_t policy;
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3411
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3412 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3413
3414 psa_key_policy_init( &policy );
3415 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3416 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3417
3418 TEST_ASSERT( psa_import_key( base_key, key_type,
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3419 key_data,
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3420 sizeof( key_data ) ) == PSA_SUCCESS );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3421
3422 /* valid key derivation */
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3423 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3424 NULL, 0,
3425 NULL, 0,
3426 capacity ) == PSA_SUCCESS );
3427
3428 /* state of generator shouldn't allow additional generation */
3429 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3430 NULL, 0,
3431 NULL, 0,
3432 capacity ) == PSA_ERROR_BAD_STATE );
3433
3434 TEST_ASSERT( psa_generator_read( &generator, buffer, capacity )
3435 == PSA_SUCCESS );
3436
3437 TEST_ASSERT( psa_generator_read( &generator, buffer, capacity )
3438 == PSA_ERROR_INSUFFICIENT_CAPACITY );
3439
3440
3441exit:
3442 psa_generator_abort( &generator );
3443 psa_destroy_key( base_key );
3444 mbedtls_psa_crypto_free( );
3445}
3446/* END_CASE */
3447
3448
3449/* BEGIN_CASE */
3450void test_derive_invalid_generator_tests( )
3451{
3452 uint8_t output_buffer[16];
3453 size_t buffer_size = 16;
3454 size_t capacity = 0;
3455 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3456
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3457 TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3458 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3459
3460 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3461 == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3462
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3463 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3464
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3465 TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3466 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3467
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3468 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3469 == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3470
3471exit:
3472 psa_generator_abort( &generator );
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3473}
3474/* END_CASE */
3475
3476/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3477void derive_output( int alg_arg,
3478 data_t *key_data,
3479 data_t *salt,
3480 data_t *label,
3481 int requested_capacity_arg,
3482 data_t *expected_output1,
3483 data_t *expected_output2 )
3484{
3485 psa_key_slot_t slot = 1;
3486 psa_algorithm_t alg = alg_arg;
3487 size_t requested_capacity = requested_capacity_arg;
3488 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3489 uint8_t *expected_outputs[2] =
3490 {expected_output1->x, expected_output2->x};
3491 size_t output_sizes[2] =
3492 {expected_output1->len, expected_output2->len};
3493 size_t output_buffer_size = 0;
3494 uint8_t *output_buffer = NULL;
3495 size_t expected_capacity;
3496 size_t current_capacity;
3497 psa_key_policy_t policy;
3498 psa_status_t status;
3499 unsigned i;
3500
3501 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3502 {
3503 if( output_sizes[i] > output_buffer_size )
3504 output_buffer_size = output_sizes[i];
3505 if( output_sizes[i] == 0 )
3506 expected_outputs[i] = NULL;
3507 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3508 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3509 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3510
3511 psa_key_policy_init( &policy );
3512 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3513 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3514
3515 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3516 key_data->x,
3517 key_data->len ) == PSA_SUCCESS );
3518
3519 /* Extraction phase. */
3520 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3521 salt->x, salt->len,
3522 label->x, label->len,
3523 requested_capacity ) == PSA_SUCCESS );
3524 TEST_ASSERT( psa_get_generator_capacity( &generator,
3525 &current_capacity ) ==
3526 PSA_SUCCESS );
3527 TEST_ASSERT( current_capacity == requested_capacity );
3528 expected_capacity = requested_capacity;
3529
3530 /* Expansion phase. */
3531 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3532 {
3533 /* Read some bytes. */
3534 status = psa_generator_read( &generator,
3535 output_buffer, output_sizes[i] );
3536 if( expected_capacity == 0 && output_sizes[i] == 0 )
3537 {
3538 /* Reading 0 bytes when 0 bytes are available can go either way. */
3539 TEST_ASSERT( status == PSA_SUCCESS ||
3540 status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3541 continue;
3542 }
3543 else if( expected_capacity == 0 ||
3544 output_sizes[i] > expected_capacity )
3545 {
3546 /* Capacity exceeded. */
3547 TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3548 expected_capacity = 0;
3549 continue;
3550 }
3551 /* Success. Check the read data. */
3552 TEST_ASSERT( status == PSA_SUCCESS );
3553 if( output_sizes[i] != 0 )
3554 TEST_ASSERT( memcmp( output_buffer, expected_outputs[i],
3555 output_sizes[i] ) == 0 );
3556 /* Check the generator status. */
3557 expected_capacity -= output_sizes[i];
3558 TEST_ASSERT( psa_get_generator_capacity( &generator,
3559 &current_capacity ) ==
3560 PSA_SUCCESS );
3561 TEST_ASSERT( expected_capacity == current_capacity );
3562 }
3563 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3564
3565exit:
3566 mbedtls_free( output_buffer );
3567 psa_generator_abort( &generator );
3568 psa_destroy_key( slot );
3569 mbedtls_psa_crypto_free( );
3570}
3571/* END_CASE */
3572
3573/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +0200[diff] [blame]3574void derive_full( int alg_arg,
3575 data_t *key_data,
3576 data_t *salt,
3577 data_t *label,
3578 int requested_capacity_arg )
3579{
3580 psa_key_slot_t slot = 1;
3581 psa_algorithm_t alg = alg_arg;
3582 size_t requested_capacity = requested_capacity_arg;
3583 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3584 unsigned char output_buffer[16];
3585 size_t expected_capacity = requested_capacity;
3586 size_t current_capacity;
3587 psa_key_policy_t policy;
3588
3589 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3590
3591 psa_key_policy_init( &policy );
3592 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3593 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3594
3595 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3596 key_data->x,
3597 key_data->len ) == PSA_SUCCESS );
3598
3599 /* Extraction phase. */
3600 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3601 salt->x, salt->len,
3602 label->x, label->len,
3603 requested_capacity ) == PSA_SUCCESS );
3604 TEST_ASSERT( psa_get_generator_capacity( &generator,
3605 &current_capacity ) ==
3606 PSA_SUCCESS );
3607 TEST_ASSERT( current_capacity == expected_capacity );
3608
3609 /* Expansion phase. */
3610 while( current_capacity > 0 )
3611 {
3612 size_t read_size = sizeof( output_buffer );
3613 if( read_size > current_capacity )
3614 read_size = current_capacity;
3615 TEST_ASSERT( psa_generator_read( &generator,
3616 output_buffer,
3617 read_size ) == PSA_SUCCESS );
3618 expected_capacity -= read_size;
3619 TEST_ASSERT( psa_get_generator_capacity( &generator,
3620 &current_capacity ) ==
3621 PSA_SUCCESS );
3622 TEST_ASSERT( current_capacity == expected_capacity );
3623 }
3624
3625 /* Check that the generator refuses to go over capacity. */
3626 TEST_ASSERT( psa_generator_read( &generator,
3627 output_buffer,
3628 1 ) == PSA_ERROR_INSUFFICIENT_CAPACITY );
3629
3630 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3631
3632exit:
3633 psa_generator_abort( &generator );
3634 psa_destroy_key( slot );
3635 mbedtls_psa_crypto_free( );
3636}
3637/* END_CASE */
3638
3639/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3640void derive_key_exercise( int alg_arg,
3641 data_t *key_data,
3642 data_t *salt,
3643 data_t *label,
3644 int derived_type_arg,
3645 int derived_bits_arg,
3646 int derived_usage_arg,
3647 int derived_alg_arg )
3648{
3649 psa_key_slot_t base_key = 1;
3650 psa_key_slot_t derived_key = 2;
3651 psa_algorithm_t alg = alg_arg;
3652 psa_key_type_t derived_type = derived_type_arg;
3653 size_t derived_bits = derived_bits_arg;
3654 psa_key_usage_t derived_usage = derived_usage_arg;
3655 psa_algorithm_t derived_alg = derived_alg_arg;
3656 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
3657 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3658 psa_key_policy_t policy;
3659 psa_key_type_t got_type;
3660 size_t got_bits;
3661
3662 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3663
3664 psa_key_policy_init( &policy );
3665 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3666 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3667 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3668 key_data->x,
3669 key_data->len ) == PSA_SUCCESS );
3670
3671 /* Derive a key. */
3672 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3673 salt->x, salt->len,
3674 label->x, label->len,
3675 capacity ) == PSA_SUCCESS );
3676 psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
3677 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3678 TEST_ASSERT( psa_generator_import_key( derived_key,
3679 derived_type,
3680 derived_bits,
3681 &generator ) == PSA_SUCCESS );
3682
3683 /* Test the key information */
3684 TEST_ASSERT( psa_get_key_information( derived_key,
3685 &got_type,
3686 &got_bits ) == PSA_SUCCESS );
3687 TEST_ASSERT( got_type == derived_type );
3688 TEST_ASSERT( got_bits == derived_bits );
3689
3690 /* Exercise the derived key. */
3691 if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
3692 goto exit;
3693
3694exit:
3695 psa_generator_abort( &generator );
3696 psa_destroy_key( base_key );
3697 psa_destroy_key( derived_key );
3698 mbedtls_psa_crypto_free( );
3699}
3700/* END_CASE */
3701
3702/* BEGIN_CASE */
3703void derive_key_export( int alg_arg,
3704 data_t *key_data,
3705 data_t *salt,
3706 data_t *label,
3707 int bytes1_arg,
3708 int bytes2_arg )
3709{
3710 psa_key_slot_t base_key = 1;
3711 psa_key_slot_t derived_key = 2;
3712 psa_algorithm_t alg = alg_arg;
3713 size_t bytes1 = bytes1_arg;
3714 size_t bytes2 = bytes2_arg;
3715 size_t capacity = bytes1 + bytes2;
3716 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3717 uint8_t *output_buffer = NULL;
3718 uint8_t *export_buffer = NULL;
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3719 psa_key_policy_t policy;
3720 size_t length;
3721
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3722 ASSERT_ALLOC( output_buffer, capacity );
3723 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3724 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3725
3726 psa_key_policy_init( &policy );
3727 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3728 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3729 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3730 key_data->x,
3731 key_data->len ) == PSA_SUCCESS );
3732
3733 /* Derive some material and output it. */
3734 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3735 salt->x, salt->len,
3736 label->x, label->len,
3737 capacity ) == PSA_SUCCESS );
3738 TEST_ASSERT( psa_generator_read( &generator,
3739 output_buffer,
3740 capacity ) == PSA_SUCCESS );
3741 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3742
3743 /* Derive the same output again, but this time store it in key objects. */
3744 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3745 salt->x, salt->len,
3746 label->x, label->len,
3747 capacity ) == PSA_SUCCESS );
3748 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
3749 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3750 TEST_ASSERT( psa_generator_import_key( derived_key,
3751 PSA_KEY_TYPE_RAW_DATA,
3752 PSA_BYTES_TO_BITS( bytes1 ),
3753 &generator ) == PSA_SUCCESS );
3754 TEST_ASSERT( psa_export_key( derived_key,
3755 export_buffer, bytes1,
3756 &length ) == PSA_SUCCESS );
3757 TEST_ASSERT( length == bytes1 );
3758 TEST_ASSERT( psa_destroy_key( derived_key ) == PSA_SUCCESS );
3759 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3760 TEST_ASSERT( psa_generator_import_key( derived_key,
3761 PSA_KEY_TYPE_RAW_DATA,
3762 PSA_BYTES_TO_BITS( bytes2 ),
3763 &generator ) == PSA_SUCCESS );
3764 TEST_ASSERT( psa_export_key( derived_key,
3765 export_buffer + bytes1, bytes2,
3766 &length ) == PSA_SUCCESS );
3767 TEST_ASSERT( length == bytes2 );
3768
3769 /* Compare the outputs from the two runs. */
3770 TEST_ASSERT( memcmp( output_buffer, export_buffer, capacity ) == 0 );
3771
3772exit:
3773 mbedtls_free( output_buffer );
3774 mbedtls_free( export_buffer );
3775 psa_generator_abort( &generator );
3776 psa_destroy_key( base_key );
3777 psa_destroy_key( derived_key );
3778 mbedtls_psa_crypto_free( );
3779}
3780/* END_CASE */
3781
3782/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]3783void key_agreement_setup( int alg_arg,
3784 int our_key_type_arg, data_t *our_key_data,
3785 data_t *peer_key_data,
3786 int expected_status_arg )
3787{
3788 psa_key_slot_t our_key = 1;
3789 psa_algorithm_t alg = alg_arg;
3790 psa_key_type_t our_key_type = our_key_type_arg;
3791 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3792 psa_key_policy_t policy;
3793
3794 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3795
3796 psa_key_policy_init( &policy );
3797 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3798 TEST_ASSERT( psa_set_key_policy( our_key, &policy ) == PSA_SUCCESS );
3799 TEST_ASSERT( psa_import_key( our_key, our_key_type,
3800 our_key_data->x,
3801 our_key_data->len ) == PSA_SUCCESS );
3802
3803 TEST_ASSERT( psa_key_agreement( &generator,
3804 our_key,
3805 peer_key_data->x, peer_key_data->len,
3806 alg ) == expected_status_arg );
3807
3808exit:
3809 psa_generator_abort( &generator );
3810 psa_destroy_key( our_key );
3811 mbedtls_psa_crypto_free( );
3812}
3813/* END_CASE */
3814
3815/* BEGIN_CASE */
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3816void key_agreement_capacity( int alg_arg,
3817 int our_key_type_arg, data_t *our_key_data,
3818 data_t *peer_key_data,
3819 int expected_capacity_arg )
3820{
3821 psa_key_slot_t our_key = 1;
3822 psa_algorithm_t alg = alg_arg;
3823 psa_key_type_t our_key_type = our_key_type_arg;
3824 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3825 psa_key_policy_t policy;
3826 size_t actual_capacity;
Gilles Peskinebf491972018-10-25 22:36:12 +0200[diff] [blame]3827 unsigned char output[16];
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3828
3829 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3830
3831 psa_key_policy_init( &policy );
3832 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3833 TEST_ASSERT( psa_set_key_policy( our_key, &policy ) == PSA_SUCCESS );
3834 TEST_ASSERT( psa_import_key( our_key, our_key_type,
3835 our_key_data->x,
3836 our_key_data->len ) == PSA_SUCCESS );
3837
3838 TEST_ASSERT( psa_key_agreement( &generator,
3839 our_key,
3840 peer_key_data->x, peer_key_data->len,
3841 alg ) == PSA_SUCCESS );
3842
Gilles Peskinebf491972018-10-25 22:36:12 +0200[diff] [blame]3843 /* Test the advertized capacity. */
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3844 TEST_ASSERT( psa_get_generator_capacity(
3845 &generator, &actual_capacity ) == PSA_SUCCESS );
3846 TEST_ASSERT( actual_capacity == (size_t) expected_capacity_arg );
3847
Gilles Peskinebf491972018-10-25 22:36:12 +0200[diff] [blame]3848 /* Test the actual capacity by reading the output. */
3849 while( actual_capacity > sizeof( output ) )
3850 {
3851 TEST_ASSERT( psa_generator_read( &generator,
3852 output, sizeof( output ) ) ==
3853 PSA_SUCCESS );
3854 actual_capacity -= sizeof( output );
3855 }
3856 TEST_ASSERT( psa_generator_read( &generator,
3857 output, actual_capacity ) ==
3858 PSA_SUCCESS );
3859 TEST_ASSERT( psa_generator_read( &generator, output, 1 ) ==
3860 PSA_ERROR_INSUFFICIENT_CAPACITY );
3861
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3862exit:
3863 psa_generator_abort( &generator );
3864 psa_destroy_key( our_key );
3865 mbedtls_psa_crypto_free( );
3866}
3867/* END_CASE */
3868
3869/* BEGIN_CASE */
3870void key_agreement_output( int alg_arg,
3871 int our_key_type_arg, data_t *our_key_data,
3872 data_t *peer_key_data,
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3873 data_t *expected_output1, data_t *expected_output2 )
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3874{
3875 psa_key_slot_t our_key = 1;
3876 psa_algorithm_t alg = alg_arg;
3877 psa_key_type_t our_key_type = our_key_type_arg;
3878 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3879 psa_key_policy_t policy;
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3880 uint8_t *actual_output = NULL;
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3881
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3882 ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
3883 expected_output2->len ) );
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3884
3885 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3886
3887 psa_key_policy_init( &policy );
3888 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3889 TEST_ASSERT( psa_set_key_policy( our_key, &policy ) == PSA_SUCCESS );
3890 TEST_ASSERT( psa_import_key( our_key, our_key_type,
3891 our_key_data->x,
3892 our_key_data->len ) == PSA_SUCCESS );
3893
3894 TEST_ASSERT( psa_key_agreement( &generator,
3895 our_key,
3896 peer_key_data->x, peer_key_data->len,
3897 alg ) == PSA_SUCCESS );
3898
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3899 TEST_ASSERT(
3900 psa_generator_read( &generator,
3901 actual_output,
3902 expected_output1->len ) == PSA_SUCCESS );
3903 TEST_ASSERT( memcmp( actual_output, expected_output1->x,
3904 expected_output1->len ) == 0 );
3905 if( expected_output2->len != 0 )
3906 {
3907 TEST_ASSERT(
3908 psa_generator_read( &generator,
3909 actual_output,
3910 expected_output2->len ) == PSA_SUCCESS );
3911 TEST_ASSERT( memcmp( actual_output, expected_output2->x,
3912 expected_output2->len ) == 0 );
3913 }
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3914
3915exit:
3916 psa_generator_abort( &generator );
3917 psa_destroy_key( our_key );
3918 mbedtls_psa_crypto_free( );
3919 mbedtls_free( actual_output );
3920}
3921/* END_CASE */
3922
3923/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3924void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3925{
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3926 size_t bytes = bytes_arg;
3927 const unsigned char trail[] = "don't overwrite me";
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3928 unsigned char *output = NULL;
3929 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3930 size_t i;
3931 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3932
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3933 ASSERT_ALLOC( output, bytes + sizeof( trail ) );
3934 ASSERT_ALLOC( changed, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3935 memcpy( output + bytes, trail, sizeof( trail ) );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3936
3937 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3938
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3939 /* Run several times, to ensure that every output byte will be
3940 * nonzero at least once with overwhelming probability
3941 * (2^(-8*number_of_runs)). */
3942 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3943 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3944 if( bytes != 0 )
3945 memset( output, 0, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3946 TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS );
3947
3948 /* Check that no more than bytes have been overwritten */
3949 TEST_ASSERT( memcmp( output + bytes, trail, sizeof( trail ) ) == 0 );
3950
3951 for( i = 0; i < bytes; i++ )
3952 {
3953 if( output[i] != 0 )
3954 ++changed[i];
3955 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3956 }
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3957
3958 /* Check that every byte was changed to nonzero at least once. This
3959 * validates that psa_generate_random is overwriting every byte of
3960 * the output buffer. */
3961 for( i = 0; i < bytes; i++ )
3962 {
3963 TEST_ASSERT( changed[i] != 0 );
3964 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3965
3966exit:
3967 mbedtls_psa_crypto_free( );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3968 mbedtls_free( output );
3969 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3970}
3971/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3972
3973/* BEGIN_CASE */
3974void generate_key( int type_arg,
3975 int bits_arg,
3976 int usage_arg,
3977 int alg_arg,
3978 int expected_status_arg )
3979{
3980 int slot = 1;
3981 psa_key_type_t type = type_arg;
3982 psa_key_usage_t usage = usage_arg;
3983 size_t bits = bits_arg;
3984 psa_algorithm_t alg = alg_arg;
3985 psa_status_t expected_status = expected_status_arg;
3986 psa_key_type_t got_type;
3987 size_t got_bits;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3988 psa_status_t expected_info_status =
3989 expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
3990 psa_key_policy_t policy;
3991
3992 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3993
3994 psa_key_policy_init( &policy );
3995 psa_key_policy_set_usage( &policy, usage, alg );
3996 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3997
3998 /* Generate a key */
3999 TEST_ASSERT( psa_generate_key( slot, type, bits,
4000 NULL, 0 ) == expected_status );
4001
4002 /* Test the key information */
4003 TEST_ASSERT( psa_get_key_information( slot,
4004 &got_type,
4005 &got_bits ) == expected_info_status );
4006 if( expected_info_status != PSA_SUCCESS )
4007 goto exit;
4008 TEST_ASSERT( got_type == type );
4009 TEST_ASSERT( got_bits == bits );
4010
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]4011 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]4012 if( ! exercise_key( slot, usage, alg ) )
4013 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]4014
4015exit:
4016 psa_destroy_key( slot );
4017 mbedtls_psa_crypto_free( );
4018}
4019/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +0300[diff] [blame]4020
4021/* BEGIN_CASE */
4022void validate_module_init_generate_random( )
4023{
4024 psa_status_t status;
4025 uint8_t random[10] = { 0 };
4026 status = psa_generate_random( random, sizeof( random ) );
4027 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
4028}
4029/* END_CASE */
itayzafrir90d8c7a2018-09-12 11:44:52 +0300[diff] [blame]4030
4031/* BEGIN_CASE */
4032void validate_module_init_key_based( )
4033{
4034 psa_status_t status;
4035 uint8_t data[10] = { 0 };
4036 status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
4037 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
4038}
4039/* END_CASE */
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4040
4041/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
4042void persistent_key_load_key_from_storage( data_t *data, int type_arg,
4043 int bits, int usage_arg,
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4044 int alg_arg, int generation_method,
4045 int export_status )
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4046{
4047 psa_key_slot_t slot = 1;
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4048 psa_key_slot_t base_key = 2;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4049 psa_key_type_t type = (psa_key_type_t) type_arg;
4050 psa_key_type_t type_get;
4051 size_t bits_get;
4052 psa_key_policy_t policy_set;
4053 psa_key_policy_t policy_get;
4054 psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
4055 psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4056 psa_key_policy_t base_policy_set;
4057 psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
4058 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4059 unsigned char *first_export = NULL;
4060 unsigned char *second_export = NULL;
4061 size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
4062 size_t first_exported_length;
4063 size_t second_exported_length;
4064
4065 ASSERT_ALLOC( first_export, export_size );
4066 ASSERT_ALLOC( second_export, export_size );
4067
4068 TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
4069
4070 TEST_ASSERT( psa_set_key_lifetime(
4071 slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
4072
4073 psa_key_policy_init( &policy_set );
4074
4075 psa_key_policy_set_usage( &policy_set, policy_usage,
4076 policy_alg );
4077
4078 TEST_ASSERT( psa_set_key_policy( slot, &policy_set ) == PSA_SUCCESS );
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4079 switch( generation_method )
4080 {
4081 case IMPORT_KEY:
4082 /* Import the key */
4083 TEST_ASSERT( psa_import_key( slot, type,
4084 data->x, data->len ) == PSA_SUCCESS );
4085 break;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4086
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4087 case GENERATE_KEY:
4088 /* Generate a key */
4089 TEST_ASSERT( psa_generate_key( slot, type, bits,
4090 NULL, 0 ) == PSA_SUCCESS );
4091 break;
4092
4093 case DERIVE_KEY:
4094 /* Create base key */
4095 psa_key_policy_init( &base_policy_set );
4096
4097 psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE,
4098 base_policy_alg );
4099 TEST_ASSERT( psa_set_key_policy(
4100 base_key, &base_policy_set ) == PSA_SUCCESS );
4101 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
4102 data->x, data->len ) == PSA_SUCCESS );
4103 /* Derive a key. */
4104 TEST_ASSERT( psa_key_derivation( &generator, base_key,
4105 base_policy_alg,
4106 NULL, 0, NULL, 0,
4107 export_size ) == PSA_SUCCESS );
4108 TEST_ASSERT( psa_generator_import_key(
4109 slot, PSA_KEY_TYPE_RAW_DATA,
4110 bits, &generator ) == PSA_SUCCESS );
4111 break;
4112 }
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4113
4114 /* Export the key */
4115 TEST_ASSERT( psa_export_key( slot, first_export, export_size,
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4116 &first_exported_length ) == export_status );
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4117
4118 /* Shutdown and restart */
4119 mbedtls_psa_crypto_free();
4120
4121 TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
4122
4123 /* Mark slot as persistent again */
4124 TEST_ASSERT( psa_set_key_lifetime(
4125 slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
4126
4127 /* Check key slot still contains key data */
4128 TEST_ASSERT( psa_get_key_information(
4129 slot, &type_get, &bits_get ) == PSA_SUCCESS );
4130 TEST_ASSERT( type_get == type );
4131 TEST_ASSERT( bits_get == (size_t) bits );
4132
4133 TEST_ASSERT( psa_get_key_policy( slot, &policy_get ) == PSA_SUCCESS );
4134 TEST_ASSERT( psa_key_policy_get_usage(
4135 &policy_get ) == policy_usage );
4136 TEST_ASSERT( psa_key_policy_get_algorithm(
4137 &policy_get ) == policy_alg );
4138
4139 /* Export the key again */
4140 TEST_ASSERT( psa_export_key( slot, second_export, export_size,
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4141 &second_exported_length ) == export_status );
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4142
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4143 if( export_status == PSA_SUCCESS )
4144 {
4145 ASSERT_COMPARE( first_export, first_exported_length,
4146 second_export, second_exported_length );
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4147
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame^]4148 switch( generation_method )
4149 {
4150 case IMPORT_KEY:
4151 ASSERT_COMPARE( data->x, data->len,
4152 first_export, first_exported_length );
4153 break;
4154 default:
4155 break;
4156 }
4157 }
4158
4159 /* Do something with the key according to its type and permitted usage. */
4160 if( ! exercise_key( slot, policy_usage, policy_alg ) )
4161 goto exit;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4162
4163exit:
4164 mbedtls_free( first_export );
4165 mbedtls_free( second_export );
4166 psa_destroy_key( slot );
4167 mbedtls_psa_crypto_free();
4168}
4169/* END_CASE */