TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2773f26971b220492906bb070b4e9d4b9beb6d67 / . / tests / src / psa_exercise_key.c
blob: 3d2dfc69a722040262ff911a482aaf8dc20a6248 [file] [log] [blame]
Gilles Peskine66e7b902021-02-12 23:40:58 +0100[diff] [blame]1/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
2 * and can do what it is supposed to do.
3 */
4
5/*
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22#include <test/helpers.h>
23#include <test/macros.h>
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]24#include <test/psa_exercise_key.h>
Gilles Peskine66e7b902021-02-12 23:40:58 +0100[diff] [blame]25
26#if defined(MBEDTLS_PSA_CRYPTO_C)
27
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]28#include <mbedtls/asn1.h>
Gilles Peskine66e7b902021-02-12 23:40:58 +0100[diff] [blame]29#include <psa/crypto.h>
30
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]31#include <test/asn1_helpers.h>
Przemyslaw Stekiel53de2622021-11-03 09:35:35 +0100[diff] [blame]32#include <psa_crypto_slot_management.h>
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]33#include <test/psa_crypto_helpers.h>
34
35#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
36static int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime )
37{
38 return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) !=
39 PSA_KEY_LOCATION_LOCAL_STORAGE );
40}
41#endif
42
43static int check_key_attributes_sanity( mbedtls_svc_key_id_t key )
44{
45 int ok = 0;
46 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
47 psa_key_lifetime_t lifetime;
48 mbedtls_svc_key_id_t id;
49 psa_key_type_t type;
Gilles Peskine6b362e62021-02-15 12:03:16 +0100[diff] [blame]50 size_t bits;
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]51
52 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
53 lifetime = psa_get_key_lifetime( &attributes );
54 id = psa_get_key_id( &attributes );
55 type = psa_get_key_type( &attributes );
56 bits = psa_get_key_bits( &attributes );
57
58 /* Persistence */
59 if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
60 {
61 TEST_ASSERT(
62 ( PSA_KEY_ID_VOLATILE_MIN <=
63 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
64 ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <=
65 PSA_KEY_ID_VOLATILE_MAX ) );
66 }
67 else
68 {
69 TEST_ASSERT(
70 ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) &&
71 ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) );
72 }
73#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
74 /* randomly-generated 64-bit constant, should never appear in test data */
75 psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
76 psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number );
77 if( lifetime_is_dynamic_secure_element( lifetime ) )
78 {
79 /* Mbed Crypto currently always exposes the slot number to
80 * applications. This is not mandated by the PSA specification
81 * and may change in future versions. */
82 TEST_EQUAL( status, 0 );
83 TEST_ASSERT( slot_number != 0xec94d4a5058a1a21 );
84 }
85 else
86 {
87 TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
88 }
89#endif
90
91 /* Type and size */
92 TEST_ASSERT( type != 0 );
93 TEST_ASSERT( bits != 0 );
94 TEST_ASSERT( bits <= PSA_MAX_KEY_BITS );
95 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
96 TEST_ASSERT( bits % 8 == 0 );
97
98 /* MAX macros concerning specific key types */
99 if( PSA_KEY_TYPE_IS_ECC( type ) )
100 TEST_ASSERT( bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
101 else if( PSA_KEY_TYPE_IS_RSA( type ) )
102 TEST_ASSERT( bits <= PSA_VENDOR_RSA_MAX_KEY_BITS );
103 TEST_ASSERT( PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE );
104
105 ok = 1;
106
107exit:
108 /*
109 * Key attributes may have been returned by psa_get_key_attributes()
110 * thus reset them as required.
111 */
112 psa_reset_key_attributes( &attributes );
113
114 return( ok );
115}
116
117static int exercise_mac_key( mbedtls_svc_key_id_t key,
118 psa_key_usage_t usage,
119 psa_algorithm_t alg )
120{
121 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
122 const unsigned char input[] = "foo";
123 unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
124 size_t mac_length = sizeof( mac );
125
Steven Cooremanfb9cb922021-02-23 14:37:38 +0100[diff] [blame]126 /* Convert wildcard algorithm to exercisable algorithm */
127 if( alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
128 {
129 alg = PSA_ALG_TRUNCATED_MAC( alg, PSA_MAC_TRUNCATED_LENGTH( alg ) );
130 }
131
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]132 if( usage & PSA_KEY_USAGE_SIGN_HASH )
133 {
134 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
135 PSA_ASSERT( psa_mac_update( &operation,
136 input, sizeof( input ) ) );
137 PSA_ASSERT( psa_mac_sign_finish( &operation,
138 mac, sizeof( mac ),
139 &mac_length ) );
140 }
141
142 if( usage & PSA_KEY_USAGE_VERIFY_HASH )
143 {
144 psa_status_t verify_status =
145 ( usage & PSA_KEY_USAGE_SIGN_HASH ?
146 PSA_SUCCESS :
147 PSA_ERROR_INVALID_SIGNATURE );
148 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
149 PSA_ASSERT( psa_mac_update( &operation,
150 input, sizeof( input ) ) );
151 TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ),
152 verify_status );
153 }
154
155 return( 1 );
156
157exit:
158 psa_mac_abort( &operation );
159 return( 0 );
160}
161
162static int exercise_cipher_key( mbedtls_svc_key_id_t key,
163 psa_key_usage_t usage,
164 psa_algorithm_t alg )
165{
166 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
167 unsigned char iv[16] = {0};
168 size_t iv_length = sizeof( iv );
Gilles Peskinebbf452c2022-03-18 18:40:47 +0100[diff] [blame]169 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
170 psa_key_type_t key_type;
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]171 const unsigned char plaintext[16] = "Hello, world...";
172 unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
173 size_t ciphertext_length = sizeof( ciphertext );
174 unsigned char decrypted[sizeof( ciphertext )];
175 size_t part_length;
176
Gilles Peskinebbf452c2022-03-18 18:40:47 +0100[diff] [blame]177 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
178 key_type = psa_get_key_type( &attributes );
179 iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
180
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]181 if( usage & PSA_KEY_USAGE_ENCRYPT )
182 {
183 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Gilles Peskinebbf452c2022-03-18 18:40:47 +0100[diff] [blame]184 if( PSA_CIPHER_IV_LENGTH( key_type, alg ) != 0 )
185 {
186 PSA_ASSERT( psa_cipher_generate_iv( &operation,
187 iv, sizeof( iv ),
188 &iv_length ) );
189 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]190 PSA_ASSERT( psa_cipher_update( &operation,
191 plaintext, sizeof( plaintext ),
192 ciphertext, sizeof( ciphertext ),
193 &ciphertext_length ) );
194 PSA_ASSERT( psa_cipher_finish( &operation,
195 ciphertext + ciphertext_length,
196 sizeof( ciphertext ) - ciphertext_length,
197 &part_length ) );
198 ciphertext_length += part_length;
199 }
200
201 if( usage & PSA_KEY_USAGE_DECRYPT )
202 {
203 psa_status_t status;
204 int maybe_invalid_padding = 0;
205 if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
206 {
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]207 maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]208 }
209 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Gilles Peskinebbf452c2022-03-18 18:40:47 +0100[diff] [blame]210 if( iv_length != 0 )
211 {
212 PSA_ASSERT( psa_cipher_set_iv( &operation,
213 iv, iv_length ) );
214 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]215 PSA_ASSERT( psa_cipher_update( &operation,
216 ciphertext, ciphertext_length,
217 decrypted, sizeof( decrypted ),
218 &part_length ) );
219 status = psa_cipher_finish( &operation,
220 decrypted + part_length,
221 sizeof( decrypted ) - part_length,
222 &part_length );
223 /* For a stream cipher, all inputs are valid. For a block cipher,
224 * if the input is some aribtrary data rather than an actual
225 ciphertext, a padding error is likely. */
226 if( maybe_invalid_padding )
227 TEST_ASSERT( status == PSA_SUCCESS ||
228 status == PSA_ERROR_INVALID_PADDING );
229 else
230 PSA_ASSERT( status );
231 }
232
233 return( 1 );
234
235exit:
236 psa_cipher_abort( &operation );
Gilles Peskinebbf452c2022-03-18 18:40:47 +0100[diff] [blame]237 psa_reset_key_attributes( &attributes );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]238 return( 0 );
239}
240
241static int exercise_aead_key( mbedtls_svc_key_id_t key,
242 psa_key_usage_t usage,
243 psa_algorithm_t alg )
244{
245 unsigned char nonce[16] = {0};
Gilles Peskine7acb1982022-03-19 11:03:32 +0100[diff] [blame]246 size_t nonce_length;
247 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
248 psa_key_type_t key_type;
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]249 unsigned char plaintext[16] = "Hello, world...";
250 unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
251 size_t ciphertext_length = sizeof( ciphertext );
252 size_t plaintext_length = sizeof( ciphertext );
253
Steven Cooremanfb9cb922021-02-23 14:37:38 +0100[diff] [blame]254 /* Convert wildcard algorithm to exercisable algorithm */
255 if( alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
256 {
257 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) );
258 }
259
Gilles Peskine7acb1982022-03-19 11:03:32 +0100[diff] [blame]260 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
261 key_type = psa_get_key_type( &attributes );
262 nonce_length = PSA_AEAD_NONCE_LENGTH( key_type, alg );
Steven Cooremanaaec3412021-02-18 13:30:34 +0100[diff] [blame]263
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]264 if( usage & PSA_KEY_USAGE_ENCRYPT )
265 {
266 PSA_ASSERT( psa_aead_encrypt( key, alg,
267 nonce, nonce_length,
268 NULL, 0,
269 plaintext, sizeof( plaintext ),
270 ciphertext, sizeof( ciphertext ),
271 &ciphertext_length ) );
272 }
273
274 if( usage & PSA_KEY_USAGE_DECRYPT )
275 {
276 psa_status_t verify_status =
277 ( usage & PSA_KEY_USAGE_ENCRYPT ?
278 PSA_SUCCESS :
279 PSA_ERROR_INVALID_SIGNATURE );
280 TEST_EQUAL( psa_aead_decrypt( key, alg,
281 nonce, nonce_length,
282 NULL, 0,
283 ciphertext, ciphertext_length,
284 plaintext, sizeof( plaintext ),
285 &plaintext_length ),
286 verify_status );
287 }
288
289 return( 1 );
290
291exit:
Gilles Peskine7acb1982022-03-19 11:03:32 +0100[diff] [blame]292 psa_reset_key_attributes( &attributes );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]293 return( 0 );
294}
295
Gilles Peskined586b822022-03-19 11:15:41 +0100[diff] [blame]296static int can_sign_or_verify_message( psa_key_usage_t usage,
297 psa_algorithm_t alg )
298{
299 /* Sign-the-unspecified-hash algorithms can only be used with
300 * {sign,verify}_hash, not with {sign,verify}_message. */
301 if( alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
302 return( 0 );
303 return( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE |
304 PSA_KEY_USAGE_VERIFY_MESSAGE ) );
305}
306
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]307static int exercise_signature_key( mbedtls_svc_key_id_t key,
308 psa_key_usage_t usage,
309 psa_algorithm_t alg )
310{
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]311 if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) )
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]312 {
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]313 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
314 size_t payload_length = 16;
315 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
316 size_t signature_length = sizeof( signature );
317 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
318
319 /* If the policy allows signing with any hash, just pick one. */
Gilles Peskinef7b41372021-09-22 16:15:05 +0200[diff] [blame]320 if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]321 {
Ronald Cron4c0ec762021-08-31 19:08:55 +0200[diff] [blame]322 #if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG)
323 hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG;
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]324 alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
325 #else
326 TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );
327 #endif
328 }
329
Janos Follath4c0b60e2021-06-14 12:34:30 +0100[diff] [blame]330 /* Some algorithms require the payload to have the size of
331 * the hash encoded in the algorithm. Use this input size
332 * even for algorithms that allow other input sizes. */
333 if( hash_alg != 0 )
334 payload_length = PSA_HASH_LENGTH( hash_alg );
335
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]336 if( usage & PSA_KEY_USAGE_SIGN_HASH )
337 {
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]338 PSA_ASSERT( psa_sign_hash( key, alg,
339 payload, payload_length,
340 signature, sizeof( signature ),
341 &signature_length ) );
342 }
343
344 if( usage & PSA_KEY_USAGE_VERIFY_HASH )
345 {
346 psa_status_t verify_status =
347 ( usage & PSA_KEY_USAGE_SIGN_HASH ?
348 PSA_SUCCESS :
349 PSA_ERROR_INVALID_SIGNATURE );
350 TEST_EQUAL( psa_verify_hash( key, alg,
351 payload, payload_length,
352 signature, signature_length ),
353 verify_status );
354 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]355 }
356
Gilles Peskined586b822022-03-19 11:15:41 +0100[diff] [blame]357 if( can_sign_or_verify_message( usage, alg ) )
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]358 {
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]359 unsigned char message[256] = "Hello, world...";
360 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
361 size_t message_length = 16;
362 size_t signature_length = sizeof( signature );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]363
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]364 if( usage & PSA_KEY_USAGE_SIGN_MESSAGE )
365 {
366 PSA_ASSERT( psa_sign_message( key, alg,
367 message, message_length,
368 signature, sizeof( signature ),
369 &signature_length ) );
370 }
371
372 if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE )
373 {
374 psa_status_t verify_status =
375 ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
376 PSA_SUCCESS :
377 PSA_ERROR_INVALID_SIGNATURE );
378 TEST_EQUAL( psa_verify_message( key, alg,
379 message, message_length,
380 signature, signature_length ),
381 verify_status );
382 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]383 }
384
385 return( 1 );
386
387exit:
388 return( 0 );
389}
390
391static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key,
392 psa_key_usage_t usage,
393 psa_algorithm_t alg )
394{
395 unsigned char plaintext[256] = "Hello, world...";
396 unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
397 size_t ciphertext_length = sizeof( ciphertext );
398 size_t plaintext_length = 16;
399
400 if( usage & PSA_KEY_USAGE_ENCRYPT )
401 {
402 PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
403 plaintext, plaintext_length,
404 NULL, 0,
405 ciphertext, sizeof( ciphertext ),
406 &ciphertext_length ) );
407 }
408
409 if( usage & PSA_KEY_USAGE_DECRYPT )
410 {
411 psa_status_t status =
412 psa_asymmetric_decrypt( key, alg,
413 ciphertext, ciphertext_length,
414 NULL, 0,
415 plaintext, sizeof( plaintext ),
416 &plaintext_length );
417 TEST_ASSERT( status == PSA_SUCCESS ||
418 ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
419 ( status == PSA_ERROR_INVALID_ARGUMENT ||
420 status == PSA_ERROR_INVALID_PADDING ) ) );
421 }
422
423 return( 1 );
424
425exit:
426 return( 0 );
427}
428
429int mbedtls_test_psa_setup_key_derivation_wrap(
430 psa_key_derivation_operation_t* operation,
431 mbedtls_svc_key_id_t key,
432 psa_algorithm_t alg,
Gilles Peskine5c2665b2021-02-14 01:22:56 +0100[diff] [blame]433 const unsigned char* input1, size_t input1_length,
434 const unsigned char* input2, size_t input2_length,
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]435 size_t capacity )
436{
437 PSA_ASSERT( psa_key_derivation_setup( operation, alg ) );
438 if( PSA_ALG_IS_HKDF( alg ) )
439 {
440 PSA_ASSERT( psa_key_derivation_input_bytes( operation,
441 PSA_KEY_DERIVATION_INPUT_SALT,
442 input1, input1_length ) );
443 PSA_ASSERT( psa_key_derivation_input_key( operation,
444 PSA_KEY_DERIVATION_INPUT_SECRET,
445 key ) );
446 PSA_ASSERT( psa_key_derivation_input_bytes( operation,
447 PSA_KEY_DERIVATION_INPUT_INFO,
448 input2,
449 input2_length ) );
450 }
451 else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
452 PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
453 {
454 PSA_ASSERT( psa_key_derivation_input_bytes( operation,
455 PSA_KEY_DERIVATION_INPUT_SEED,
456 input1, input1_length ) );
457 PSA_ASSERT( psa_key_derivation_input_key( operation,
458 PSA_KEY_DERIVATION_INPUT_SECRET,
459 key ) );
460 PSA_ASSERT( psa_key_derivation_input_bytes( operation,
461 PSA_KEY_DERIVATION_INPUT_LABEL,
462 input2, input2_length ) );
463 }
464 else
465 {
466 TEST_ASSERT( ! "Key derivation algorithm not supported" );
467 }
468
469 if( capacity != SIZE_MAX )
470 PSA_ASSERT( psa_key_derivation_set_capacity( operation, capacity ) );
471
472 return( 1 );
473
474exit:
475 return( 0 );
476}
477
478
479static int exercise_key_derivation_key( mbedtls_svc_key_id_t key,
480 psa_key_usage_t usage,
481 psa_algorithm_t alg )
482{
483 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
484 unsigned char input1[] = "Input 1";
485 size_t input1_length = sizeof( input1 );
486 unsigned char input2[] = "Input 2";
487 size_t input2_length = sizeof( input2 );
488 unsigned char output[1];
489 size_t capacity = sizeof( output );
490
491 if( usage & PSA_KEY_USAGE_DERIVE )
492 {
493 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
494 input1, input1_length,
495 input2, input2_length,
496 capacity ) )
497 goto exit;
498
499 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
500 output,
501 capacity ) );
502 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
503 }
504
505 return( 1 );
506
507exit:
508 return( 0 );
509}
510
511/* We need two keys to exercise key agreement. Exercise the
512 * private key against its own public key. */
513psa_status_t mbedtls_test_psa_key_agreement_with_self(
514 psa_key_derivation_operation_t *operation,
515 mbedtls_svc_key_id_t key )
516{
517 psa_key_type_t private_key_type;
518 psa_key_type_t public_key_type;
519 size_t key_bits;
520 uint8_t *public_key = NULL;
521 size_t public_key_length;
522 /* Return GENERIC_ERROR if something other than the final call to
523 * psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
524 * but it's good enough: callers will report it as a failed test anyway. */
525 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
526 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
527
528 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
529 private_key_type = psa_get_key_type( &attributes );
530 key_bits = psa_get_key_bits( &attributes );
531 public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]532 public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]533 ASSERT_ALLOC( public_key, public_key_length );
534 PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
535 &public_key_length ) );
536
537 status = psa_key_derivation_key_agreement(
538 operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
539 public_key, public_key_length );
540exit:
541 /*
542 * Key attributes may have been returned by psa_get_key_attributes()
543 * thus reset them as required.
544 */
545 psa_reset_key_attributes( &attributes );
546
547 mbedtls_free( public_key );
548 return( status );
549}
550
551/* We need two keys to exercise key agreement. Exercise the
552 * private key against its own public key. */
553psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
554 psa_algorithm_t alg,
555 mbedtls_svc_key_id_t key )
556{
557 psa_key_type_t private_key_type;
558 psa_key_type_t public_key_type;
559 size_t key_bits;
560 uint8_t *public_key = NULL;
561 size_t public_key_length;
562 uint8_t output[1024];
563 size_t output_length;
564 /* Return GENERIC_ERROR if something other than the final call to
565 * psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
566 * but it's good enough: callers will report it as a failed test anyway. */
567 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
568 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
569
570 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
571 private_key_type = psa_get_key_type( &attributes );
572 key_bits = psa_get_key_bits( &attributes );
573 public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]574 public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]575 ASSERT_ALLOC( public_key, public_key_length );
576 PSA_ASSERT( psa_export_public_key( key,
577 public_key, public_key_length,
578 &public_key_length ) );
579
580 status = psa_raw_key_agreement( alg, key,
581 public_key, public_key_length,
582 output, sizeof( output ), &output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]583 if ( status == PSA_SUCCESS )
584 {
585 TEST_ASSERT( output_length <=
586 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type,
587 key_bits ) );
588 TEST_ASSERT( output_length <=
589 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
590 }
591
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]592exit:
593 /*
594 * Key attributes may have been returned by psa_get_key_attributes()
595 * thus reset them as required.
596 */
597 psa_reset_key_attributes( &attributes );
598
599 mbedtls_free( public_key );
600 return( status );
601}
602
603static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key,
604 psa_key_usage_t usage,
605 psa_algorithm_t alg )
606{
607 int ok = 0;
608
609 if( usage & PSA_KEY_USAGE_DERIVE )
610 {
611 /* We need two keys to exercise key agreement. Exercise the
612 * private key against its own public key. */
613 PSA_ASSERT( mbedtls_test_psa_raw_key_agreement_with_self( alg, key ) );
614 }
615 ok = 1;
616
617exit:
618 return( ok );
619}
620
621static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
622 psa_key_usage_t usage,
623 psa_algorithm_t alg )
624{
625 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineaa3449d2022-03-19 16:04:30 +0100[diff] [blame]626 unsigned char input[1];
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]627 unsigned char output[1];
628 int ok = 0;
Gilles Peskineaa3449d2022-03-19 16:04:30 +0100[diff] [blame]629 psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]630
631 if( usage & PSA_KEY_USAGE_DERIVE )
632 {
633 /* We need two keys to exercise key agreement. Exercise the
634 * private key against its own public key. */
635 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskineaa3449d2022-03-19 16:04:30 +0100[diff] [blame]636 if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
637 PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
638 {
639 PSA_ASSERT( psa_key_derivation_input_bytes(
640 &operation, PSA_KEY_DERIVATION_INPUT_SEED,
641 input, sizeof( input ) ) );
642 }
643
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]644 PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) );
Gilles Peskineaa3449d2022-03-19 16:04:30 +0100[diff] [blame]645
646 if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
647 PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
648 {
649 PSA_ASSERT( psa_key_derivation_input_bytes(
650 &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
651 input, sizeof( input ) ) );
652 }
653 else if( PSA_ALG_IS_HKDF( kdf_alg ) )
654 {
655 PSA_ASSERT( psa_key_derivation_input_bytes(
656 &operation, PSA_KEY_DERIVATION_INPUT_INFO,
657 input, sizeof( input ) ) );
658 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]659 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
660 output,
661 sizeof( output ) ) );
662 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
663 }
664 ok = 1;
665
666exit:
667 return( ok );
668}
669
670int mbedtls_test_psa_exported_key_sanity_check(
671 psa_key_type_t type, size_t bits,
Gilles Peskine5c2665b2021-02-14 01:22:56 +0100[diff] [blame]672 const uint8_t *exported, size_t exported_length )
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]673{
Gilles Peskinecc9db302021-02-14 01:29:52 +0100[diff] [blame]674 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits ) );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]675
Gilles Peskinecc9db302021-02-14 01:29:52 +0100[diff] [blame]676 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
677 TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]678 else
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]679
Ronald Cron64df7382021-07-06 09:23:06 +0200[diff] [blame]680#if defined(MBEDTLS_ASN1_PARSE_C)
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]681 if( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
682 {
Gilles Peskine5c2665b2021-02-14 01:22:56 +0100[diff] [blame]683 uint8_t *p = (uint8_t*) exported;
684 const uint8_t *end = exported + exported_length;
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]685 size_t len;
686 /* RSAPrivateKey ::= SEQUENCE {
687 * version INTEGER, -- must be 0
688 * modulus INTEGER, -- n
689 * publicExponent INTEGER, -- e
690 * privateExponent INTEGER, -- d
691 * prime1 INTEGER, -- p
692 * prime2 INTEGER, -- q
693 * exponent1 INTEGER, -- d mod (p-1)
694 * exponent2 INTEGER, -- d mod (q-1)
695 * coefficient INTEGER, -- (inverse of q) mod p
696 * }
697 */
698 TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
699 MBEDTLS_ASN1_SEQUENCE |
700 MBEDTLS_ASN1_CONSTRUCTED ), 0 );
Gilles Peskine89615ee2021-04-29 20:28:54 +0200[diff] [blame]701 TEST_EQUAL( len, end - p );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]702 if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) )
703 goto exit;
704 if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
705 goto exit;
706 if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
707 goto exit;
708 /* Require d to be at least half the size of n. */
709 if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
710 goto exit;
711 /* Require p and q to be at most half the size of n, rounded up. */
712 if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
713 goto exit;
714 if( ! mbedtls_test_asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
715 goto exit;
716 if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
717 goto exit;
718 if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
719 goto exit;
720 if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
721 goto exit;
Gilles Peskine89615ee2021-04-29 20:28:54 +0200[diff] [blame]722 TEST_EQUAL( p - end, 0 );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]723
724 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]725 }
726 else
Ronald Cron64df7382021-07-06 09:23:06 +0200[diff] [blame]727#endif /* MBEDTLS_ASN1_PARSE_C */
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]728
729#if defined(MBEDTLS_ECP_C)
730 if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
731 {
732 /* Just the secret value */
733 TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]734
735 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]736 }
737 else
738#endif /* MBEDTLS_ECP_C */
739
Ronald Cron64df7382021-07-06 09:23:06 +0200[diff] [blame]740#if defined(MBEDTLS_ASN1_PARSE_C)
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]741 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]742 {
Gilles Peskine5c2665b2021-02-14 01:22:56 +0100[diff] [blame]743 uint8_t *p = (uint8_t*) exported;
744 const uint8_t *end = exported + exported_length;
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]745 size_t len;
746 /* RSAPublicKey ::= SEQUENCE {
747 * modulus INTEGER, -- n
748 * publicExponent INTEGER } -- e
749 */
750 TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
751 MBEDTLS_ASN1_SEQUENCE |
752 MBEDTLS_ASN1_CONSTRUCTED ),
753 0 );
Gilles Peskine89615ee2021-04-29 20:28:54 +0200[diff] [blame]754 TEST_EQUAL( len, end - p );
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]755 if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
756 goto exit;
757 if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
758 goto exit;
Gilles Peskine89615ee2021-04-29 20:28:54 +0200[diff] [blame]759 TEST_EQUAL( p - end, 0 );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]760
761
762 TEST_ASSERT( exported_length <=
763 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
764 TEST_ASSERT( exported_length <=
765 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]766 }
767 else
Ronald Cron64df7382021-07-06 09:23:06 +0200[diff] [blame]768#endif /* MBEDTLS_ASN1_PARSE_C */
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]769
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]770#if defined(MBEDTLS_ECP_C)
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]771 if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
772 {
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]773
774 TEST_ASSERT( exported_length <=
775 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
776 TEST_ASSERT( exported_length <=
777 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
778
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]779 if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY )
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]780 {
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]781 /* The representation of an ECC Montgomery public key is
782 * the raw compressed point */
783 TEST_EQUAL( PSA_BITS_TO_BYTES( bits ), exported_length );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]784 }
785 else
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]786 {
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]787 /* The representation of an ECC Weierstrass public key is:
788 * - The byte 0x04;
789 * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
790 * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
791 * - where m is the bit size associated with the curve.
792 */
793 TEST_EQUAL( 1 + 2 * PSA_BITS_TO_BYTES( bits ), exported_length );
794 TEST_EQUAL( exported[0], 4 );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]795 }
796 }
797 else
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]798#endif /* MBEDTLS_ECP_C */
799
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]800 {
Andrzej Kurek57d2f132022-01-17 15:26:24 +0100[diff] [blame]801 (void) exported;
Gilles Peskinecc9db302021-02-14 01:29:52 +0100[diff] [blame]802 TEST_ASSERT( ! "Sanity check not implemented for this key type" );
Gilles Peskinead557e52021-02-14 01:19:21 +0100[diff] [blame]803 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]804
Gilles Peskinecc9db302021-02-14 01:29:52 +0100[diff] [blame]805#if defined(MBEDTLS_DES_C)
806 if( type == PSA_KEY_TYPE_DES )
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]807 {
Gilles Peskinecc9db302021-02-14 01:29:52 +0100[diff] [blame]808 /* Check the parity bits. */
809 unsigned i;
810 for( i = 0; i < bits / 8; i++ )
811 {
812 unsigned bit_count = 0;
813 unsigned m;
814 for( m = 1; m <= 0x100; m <<= 1 )
815 {
816 if( exported[i] & m )
817 ++bit_count;
818 }
819 TEST_ASSERT( bit_count % 2 != 0 );
820 }
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]821 }
Gilles Peskinecc9db302021-02-14 01:29:52 +0100[diff] [blame]822#endif
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]823
824 return( 1 );
825
826exit:
827 return( 0 );
828}
829
830static int exercise_export_key( mbedtls_svc_key_id_t key,
831 psa_key_usage_t usage )
832{
833 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
834 uint8_t *exported = NULL;
835 size_t exported_size = 0;
836 size_t exported_length = 0;
837 int ok = 0;
838
839 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
840
841 exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
842 psa_get_key_type( &attributes ),
843 psa_get_key_bits( &attributes ) );
844 ASSERT_ALLOC( exported, exported_size );
845
846 if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
847 ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) )
848 {
849 TEST_EQUAL( psa_export_key( key, exported,
850 exported_size, &exported_length ),
851 PSA_ERROR_NOT_PERMITTED );
852 ok = 1;
853 goto exit;
854 }
855
856 PSA_ASSERT( psa_export_key( key,
857 exported, exported_size,
858 &exported_length ) );
859 ok = mbedtls_test_psa_exported_key_sanity_check(
860 psa_get_key_type( &attributes ), psa_get_key_bits( &attributes ),
861 exported, exported_length );
862
863exit:
864 /*
865 * Key attributes may have been returned by psa_get_key_attributes()
866 * thus reset them as required.
867 */
868 psa_reset_key_attributes( &attributes );
869
870 mbedtls_free( exported );
871 return( ok );
872}
873
874static int exercise_export_public_key( mbedtls_svc_key_id_t key )
875{
876 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
877 psa_key_type_t public_type;
878 uint8_t *exported = NULL;
879 size_t exported_size = 0;
880 size_t exported_length = 0;
881 int ok = 0;
882
883 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
884 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) )
885 {
886 exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
887 psa_get_key_type( &attributes ),
888 psa_get_key_bits( &attributes ) );
889 ASSERT_ALLOC( exported, exported_size );
890
891 TEST_EQUAL( psa_export_public_key( key, exported,
892 exported_size, &exported_length ),
893 PSA_ERROR_INVALID_ARGUMENT );
894 ok = 1;
895 goto exit;
896 }
897
898 public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
899 psa_get_key_type( &attributes ) );
gabor-mezei-armceface22021-01-21 12:26:17 +0100[diff] [blame]900 exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type,
901 psa_get_key_bits( &attributes ) );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]902 ASSERT_ALLOC( exported, exported_size );
903
904 PSA_ASSERT( psa_export_public_key( key,
905 exported, exported_size,
906 &exported_length ) );
907 ok = mbedtls_test_psa_exported_key_sanity_check(
908 public_type, psa_get_key_bits( &attributes ),
909 exported, exported_length );
910
911exit:
912 /*
913 * Key attributes may have been returned by psa_get_key_attributes()
914 * thus reset them as required.
915 */
916 psa_reset_key_attributes( &attributes );
917
918 mbedtls_free( exported );
919 return( ok );
920}
921
922int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key,
923 psa_key_usage_t usage,
924 psa_algorithm_t alg )
925{
Gilles Peskine2385f712021-02-14 01:34:21 +0100[diff] [blame]926 int ok = 0;
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]927
928 if( ! check_key_attributes_sanity( key ) )
929 return( 0 );
930
931 if( alg == 0 )
932 ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
933 else if( PSA_ALG_IS_MAC( alg ) )
934 ok = exercise_mac_key( key, usage, alg );
935 else if( PSA_ALG_IS_CIPHER( alg ) )
936 ok = exercise_cipher_key( key, usage, alg );
937 else if( PSA_ALG_IS_AEAD( alg ) )
938 ok = exercise_aead_key( key, usage, alg );
939 else if( PSA_ALG_IS_SIGN( alg ) )
940 ok = exercise_signature_key( key, usage, alg );
941 else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
942 ok = exercise_asymmetric_encryption_key( key, usage, alg );
943 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
944 ok = exercise_key_derivation_key( key, usage, alg );
945 else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
946 ok = exercise_raw_key_agreement_key( key, usage, alg );
947 else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
948 ok = exercise_key_agreement_key( key, usage, alg );
949 else
Gilles Peskine2385f712021-02-14 01:34:21 +0100[diff] [blame]950 TEST_ASSERT( ! "No code to exercise this category of algorithm" );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]951
952 ok = ok && exercise_export_key( key, usage );
953 ok = ok && exercise_export_public_key( key );
954
Gilles Peskine2385f712021-02-14 01:34:21 +0100[diff] [blame]955exit:
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]956 return( ok );
957}
958
959psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type,
960 psa_algorithm_t alg )
961{
962 if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
963 {
Gilles Peskinef7b41372021-09-22 16:15:05 +0200[diff] [blame]964 if( PSA_ALG_IS_SIGN_HASH( alg ) )
gabor-mezei-arm041887b2021-05-11 13:29:24 +0200[diff] [blame]965 {
966 if( PSA_ALG_SIGN_GET_HASH( alg ) )
967 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
968 PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:
969 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
970 PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
971 }
972 else if( PSA_ALG_IS_SIGN_MESSAGE( alg) )
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]973 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
gabor-mezei-arm041887b2021-05-11 13:29:24 +0200[diff] [blame]974 PSA_KEY_USAGE_VERIFY_MESSAGE :
gabor-mezei-arm4c6a47a2021-04-26 20:12:17 +0200[diff] [blame]975 PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
976
gabor-mezei-arm041887b2021-05-11 13:29:24 +0200[diff] [blame]977 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
978 PSA_KEY_USAGE_VERIFY_HASH :
979 PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskinee78b0022021-02-13 00:41:11 +0100[diff] [blame]980 }
981 else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
982 PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
983 {
984 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
985 PSA_KEY_USAGE_ENCRYPT :
986 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
987 }
988 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ||
989 PSA_ALG_IS_KEY_AGREEMENT( alg ) )
990 {
991 return( PSA_KEY_USAGE_DERIVE );
992 }
993 else
994 {
995 return( 0 );
996 }
997
998}
Gilles Peskine66e7b902021-02-12 23:40:58 +0100[diff] [blame]999
1000#endif /* MBEDTLS_PSA_CRYPTO_C */