TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 27e6945f4303c13bd2ff3a789218443cf00b63af / . / tests / suites / test_suite_psa_crypto.function
blob: d128c742a177f4cf1c1f685d44a67d377324ba7f [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +0300[diff] [blame]3
4#if defined(MBEDTLS_PSA_CRYPTO_SPM)
5#include "spm/psa_defs.h"
6#endif
7
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]8#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]9#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]10#include "mbedtls/oid.h"
11
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]12#include "psa/crypto.h"
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]13
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]14#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
15
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]16#if(UINT32_MAX > SIZE_MAX)
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]17#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX )
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]18#else
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]19#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]20#endif
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]21
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]22/** An invalid export length that will never be set by psa_export_key(). */
23static const size_t INVALID_EXPORT_LENGTH = ~0U;
24
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]25/** Test if a buffer contains a constant byte value.
26 *
27 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]28 *
29 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]30 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]31 * \param size Size of the buffer in bytes.
32 *
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]33 * \return 1 if the buffer is all-bits-zero.
34 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]35 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]36static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]37{
38 size_t i;
39 for( i = 0; i < size; i++ )
40 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]41 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]42 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]43 }
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]44 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]45}
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]46
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]47/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
48static int asn1_write_10x( unsigned char **p,
49 unsigned char *start,
50 size_t bits,
51 unsigned char x )
52{
53 int ret;
54 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +0200[diff] [blame]55 if( bits == 0 )
56 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
57 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]58 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]59 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]60 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
61 *p -= len;
62 ( *p )[len-1] = x;
63 if( bits % 8 == 0 )
64 ( *p )[1] |= 1;
65 else
66 ( *p )[0] |= 1 << ( bits % 8 );
67 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
68 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
69 MBEDTLS_ASN1_INTEGER ) );
70 return( len );
71}
72
73static int construct_fake_rsa_key( unsigned char *buffer,
74 size_t buffer_size,
75 unsigned char **p,
76 size_t bits,
77 int keypair )
78{
79 size_t half_bits = ( bits + 1 ) / 2;
80 int ret;
81 int len = 0;
82 /* Construct something that looks like a DER encoding of
83 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
84 * RSAPrivateKey ::= SEQUENCE {
85 * version Version,
86 * modulus INTEGER, -- n
87 * publicExponent INTEGER, -- e
88 * privateExponent INTEGER, -- d
89 * prime1 INTEGER, -- p
90 * prime2 INTEGER, -- q
91 * exponent1 INTEGER, -- d mod (p-1)
92 * exponent2 INTEGER, -- d mod (q-1)
93 * coefficient INTEGER, -- (inverse of q) mod p
94 * otherPrimeInfos OtherPrimeInfos OPTIONAL
95 * }
96 * Or, for a public key, the same structure with only
97 * version, modulus and publicExponent.
98 */
99 *p = buffer + buffer_size;
100 if( keypair )
101 {
102 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
103 asn1_write_10x( p, buffer, half_bits, 1 ) );
104 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
105 asn1_write_10x( p, buffer, half_bits, 1 ) );
106 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
107 asn1_write_10x( p, buffer, half_bits, 1 ) );
108 MBEDTLS_ASN1_CHK_ADD( len, /* q */
109 asn1_write_10x( p, buffer, half_bits, 1 ) );
110 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
111 asn1_write_10x( p, buffer, half_bits, 3 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* d */
113 asn1_write_10x( p, buffer, bits, 1 ) );
114 }
115 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
116 asn1_write_10x( p, buffer, 17, 1 ) );
117 MBEDTLS_ASN1_CHK_ADD( len, /* n */
118 asn1_write_10x( p, buffer, bits, 1 ) );
119 if( keypair )
120 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
121 mbedtls_asn1_write_int( p, buffer, 0 ) );
122 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
123 {
124 const unsigned char tag =
125 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
126 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
127 }
128 return( len );
129}
130
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]131static int exercise_mac_key( psa_key_slot_t key,
132 psa_key_usage_t usage,
133 psa_algorithm_t alg )
134{
135 psa_mac_operation_t operation;
136 const unsigned char input[] = "foo";
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]137 unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]138 size_t mac_length = sizeof( mac );
139
140 if( usage & PSA_KEY_USAGE_SIGN )
141 {
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]142 TEST_ASSERT( psa_mac_sign_setup( &operation,
143 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]144 TEST_ASSERT( psa_mac_update( &operation,
145 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]146 TEST_ASSERT( psa_mac_sign_finish( &operation,
Gilles Peskineef0cb402018-07-12 16:55:59 +0200[diff] [blame]147 mac, sizeof( mac ),
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]148 &mac_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]149 }
150
151 if( usage & PSA_KEY_USAGE_VERIFY )
152 {
153 psa_status_t verify_status =
154 ( usage & PSA_KEY_USAGE_SIGN ?
155 PSA_SUCCESS :
156 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]157 TEST_ASSERT( psa_mac_verify_setup( &operation,
158 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]159 TEST_ASSERT( psa_mac_update( &operation,
160 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]161 TEST_ASSERT( psa_mac_verify_finish( &operation,
162 mac,
163 mac_length ) == verify_status );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]164 }
165
166 return( 1 );
167
168exit:
169 psa_mac_abort( &operation );
170 return( 0 );
171}
172
173static int exercise_cipher_key( psa_key_slot_t key,
174 psa_key_usage_t usage,
175 psa_algorithm_t alg )
176{
177 psa_cipher_operation_t operation;
178 unsigned char iv[16] = {0};
179 size_t iv_length = sizeof( iv );
180 const unsigned char plaintext[16] = "Hello, world...";
181 unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
182 size_t ciphertext_length = sizeof( ciphertext );
183 unsigned char decrypted[sizeof( ciphertext )];
184 size_t part_length;
185
186 if( usage & PSA_KEY_USAGE_ENCRYPT )
187 {
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]188 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
189 key, alg ) == PSA_SUCCESS );
190 TEST_ASSERT( psa_cipher_generate_iv( &operation,
191 iv, sizeof( iv ),
192 &iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]193 TEST_ASSERT( psa_cipher_update( &operation,
194 plaintext, sizeof( plaintext ),
195 ciphertext, sizeof( ciphertext ),
196 &ciphertext_length ) == PSA_SUCCESS );
197 TEST_ASSERT( psa_cipher_finish( &operation,
198 ciphertext + ciphertext_length,
199 sizeof( ciphertext ) - ciphertext_length,
200 &part_length ) == PSA_SUCCESS );
201 ciphertext_length += part_length;
202 }
203
204 if( usage & PSA_KEY_USAGE_DECRYPT )
205 {
206 psa_status_t status;
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]207 psa_key_type_t type = PSA_KEY_TYPE_NONE;
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]208 if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
209 {
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]210 size_t bits;
211 TEST_ASSERT( psa_get_key_information( key, &type, &bits ) );
212 iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
213 }
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]214 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
215 key, alg ) == PSA_SUCCESS );
216 TEST_ASSERT( psa_cipher_set_iv( &operation,
217 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]218 TEST_ASSERT( psa_cipher_update( &operation,
219 ciphertext, ciphertext_length,
220 decrypted, sizeof( decrypted ),
221 &part_length ) == PSA_SUCCESS );
222 status = psa_cipher_finish( &operation,
223 decrypted + part_length,
224 sizeof( decrypted ) - part_length,
225 &part_length );
226 /* For a stream cipher, all inputs are valid. For a block cipher,
227 * if the input is some aribtrary data rather than an actual
228 ciphertext, a padding error is likely. */
Mohammad AboMokh65fa0b82018-06-28 02:14:00 -0700[diff] [blame]229 if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]230 PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]231 TEST_ASSERT( status == PSA_SUCCESS );
232 else
233 TEST_ASSERT( status == PSA_SUCCESS ||
234 status == PSA_ERROR_INVALID_PADDING );
235 }
236
237 return( 1 );
238
239exit:
240 psa_cipher_abort( &operation );
241 return( 0 );
242}
243
244static int exercise_aead_key( psa_key_slot_t key,
245 psa_key_usage_t usage,
246 psa_algorithm_t alg )
247{
248 unsigned char nonce[16] = {0};
249 size_t nonce_length = sizeof( nonce );
250 unsigned char plaintext[16] = "Hello, world...";
251 unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
252 size_t ciphertext_length = sizeof( ciphertext );
253 size_t plaintext_length = sizeof( ciphertext );
254
255 if( usage & PSA_KEY_USAGE_ENCRYPT )
256 {
257 TEST_ASSERT( psa_aead_encrypt( key, alg,
258 nonce, nonce_length,
259 NULL, 0,
260 plaintext, sizeof( plaintext ),
261 ciphertext, sizeof( ciphertext ),
262 &ciphertext_length ) == PSA_SUCCESS );
263 }
264
265 if( usage & PSA_KEY_USAGE_DECRYPT )
266 {
267 psa_status_t verify_status =
268 ( usage & PSA_KEY_USAGE_ENCRYPT ?
269 PSA_SUCCESS :
270 PSA_ERROR_INVALID_SIGNATURE );
271 TEST_ASSERT( psa_aead_decrypt( key, alg,
272 nonce, nonce_length,
273 NULL, 0,
274 ciphertext, ciphertext_length,
275 plaintext, sizeof( plaintext ),
276 &plaintext_length ) == verify_status );
277 }
278
279 return( 1 );
280
281exit:
282 return( 0 );
283}
284
285static int exercise_signature_key( psa_key_slot_t key,
286 psa_key_usage_t usage,
287 psa_algorithm_t alg )
288{
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]289 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
290 size_t payload_length = 16;
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]291 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]292 size_t signature_length = sizeof( signature );
293
294 if( usage & PSA_KEY_USAGE_SIGN )
295 {
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]296 /* Some algorithms require the payload to have the size of
297 * the hash encoded in the algorithm. Use this input size
298 * even for algorithms that allow other input sizes. */
299 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
300 if( hash_alg != 0 )
301 payload_length = PSA_HASH_SIZE( hash_alg );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]302 TEST_ASSERT( psa_asymmetric_sign( key, alg,
303 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]304 signature, sizeof( signature ),
305 &signature_length ) == PSA_SUCCESS );
306 }
307
308 if( usage & PSA_KEY_USAGE_VERIFY )
309 {
310 psa_status_t verify_status =
311 ( usage & PSA_KEY_USAGE_SIGN ?
312 PSA_SUCCESS :
313 PSA_ERROR_INVALID_SIGNATURE );
314 TEST_ASSERT( psa_asymmetric_verify( key, alg,
315 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]316 signature, signature_length ) ==
317 verify_status );
318 }
319
320 return( 1 );
321
322exit:
323 return( 0 );
324}
325
326static int exercise_asymmetric_encryption_key( psa_key_slot_t key,
327 psa_key_usage_t usage,
328 psa_algorithm_t alg )
329{
330 unsigned char plaintext[256] = "Hello, world...";
331 unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
332 size_t ciphertext_length = sizeof( ciphertext );
333 size_t plaintext_length = 16;
334
335 if( usage & PSA_KEY_USAGE_ENCRYPT )
336 {
337 TEST_ASSERT(
338 psa_asymmetric_encrypt( key, alg,
339 plaintext, plaintext_length,
340 NULL, 0,
341 ciphertext, sizeof( ciphertext ),
342 &ciphertext_length ) == PSA_SUCCESS );
343 }
344
345 if( usage & PSA_KEY_USAGE_DECRYPT )
346 {
347 psa_status_t status =
348 psa_asymmetric_decrypt( key, alg,
349 ciphertext, ciphertext_length,
350 NULL, 0,
351 plaintext, sizeof( plaintext ),
352 &plaintext_length );
353 TEST_ASSERT( status == PSA_SUCCESS ||
354 ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
355 ( status == PSA_ERROR_INVALID_ARGUMENT ||
356 status == PSA_ERROR_INVALID_PADDING ) ) );
357 }
358
359 return( 1 );
360
361exit:
362 return( 0 );
363}
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]364
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]365static int exercise_key_derivation_key( psa_key_slot_t key,
366 psa_key_usage_t usage,
367 psa_algorithm_t alg )
368{
369 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
370 unsigned char label[16] = "This is a label.";
371 size_t label_length = sizeof( label );
372 unsigned char seed[16] = "abcdefghijklmnop";
373 size_t seed_length = sizeof( seed );
374 unsigned char output[1];
375
376 if( usage & PSA_KEY_USAGE_DERIVE )
377 {
378 TEST_ASSERT( psa_key_derivation( &generator,
379 key, alg,
380 label, label_length,
381 seed, seed_length,
382 sizeof( output ) ) == PSA_SUCCESS );
383 TEST_ASSERT( psa_generator_read( &generator,
384 output,
385 sizeof( output ) ) == PSA_SUCCESS );
386 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
387 }
388
389 return( 1 );
390
391exit:
392 return( 0 );
393}
394
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]395static int is_oid_of_key_type( psa_key_type_t type,
396 const uint8_t *oid, size_t oid_length )
397{
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]398 const uint8_t *expected_oid = NULL;
399 size_t expected_oid_length = 0;
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]400#if defined(MBEDTLS_RSA_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]401 if( PSA_KEY_TYPE_IS_RSA( type ) )
402 {
403 expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
404 expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
405 }
406 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]407#endif /* MBEDTLS_RSA_C */
408#if defined(MBEDTLS_ECP_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]409 if( PSA_KEY_TYPE_IS_ECC( type ) )
410 {
411 expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
412 expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
413 }
414 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]415#endif /* MBEDTLS_ECP_C */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]416 {
417 char message[40];
418 mbedtls_snprintf( message, sizeof( message ),
419 "OID not known for key type=0x%08lx",
420 (unsigned long) type );
421 test_fail( message, __LINE__, __FILE__ );
422 return( 0 );
423 }
424
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]425 ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]426 return( 1 );
427
428exit:
429 return( 0 );
430}
431
432static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
433 size_t min_bits, size_t max_bits,
434 int must_be_odd )
435{
436 size_t len;
437 size_t actual_bits;
438 unsigned char msb;
439 TEST_ASSERT( mbedtls_asn1_get_tag( p, end, &len,
440 MBEDTLS_ASN1_INTEGER ) == 0 );
441 /* Tolerate a slight departure from DER encoding:
442 * - 0 may be represented by an empty string or a 1-byte string.
443 * - The sign bit may be used as a value bit. */
444 if( ( len == 1 && ( *p )[0] == 0 ) ||
445 ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
446 {
447 ++( *p );
448 --len;
449 }
450 if( min_bits == 0 && len == 0 )
451 return( 1 );
452 msb = ( *p )[0];
453 TEST_ASSERT( msb != 0 );
454 actual_bits = 8 * ( len - 1 );
455 while( msb != 0 )
456 {
457 msb >>= 1;
458 ++actual_bits;
459 }
460 TEST_ASSERT( actual_bits >= min_bits );
461 TEST_ASSERT( actual_bits <= max_bits );
462 if( must_be_odd )
463 TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
464 *p += len;
465 return( 1 );
466exit:
467 return( 0 );
468}
469
470static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
471 size_t *len,
472 unsigned char n, unsigned char tag )
473{
474 int ret;
475 ret = mbedtls_asn1_get_tag( p, end, len,
476 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
477 MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
478 if( ret != 0 )
479 return( ret );
480 end = *p + *len;
481 ret = mbedtls_asn1_get_tag( p, end, len, tag );
482 if( ret != 0 )
483 return( ret );
484 if( *p + *len != end )
485 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
486 return( 0 );
487}
488
489static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
490 uint8_t *exported, size_t exported_length )
491{
492 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]493 TEST_ASSERT( exported_length == ( bits + 7 ) / 8 );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]494 else
495 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, bits ) );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]496
497#if defined(MBEDTLS_DES_C)
498 if( type == PSA_KEY_TYPE_DES )
499 {
500 /* Check the parity bits. */
501 unsigned i;
502 for( i = 0; i < bits / 8; i++ )
503 {
504 unsigned bit_count = 0;
505 unsigned m;
506 for( m = 1; m <= 0x100; m <<= 1 )
507 {
508 if( exported[i] & m )
509 ++bit_count;
510 }
511 TEST_ASSERT( bit_count % 2 != 0 );
512 }
513 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]514 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]515#endif
516
517#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
518 if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
519 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]520 uint8_t *p = exported;
521 uint8_t *end = exported + exported_length;
522 size_t len;
523 /* RSAPrivateKey ::= SEQUENCE {
Gilles Peskinedea46cf2018-08-21 16:12:54 +0200[diff] [blame]524 * version INTEGER, -- must be 0
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]525 * modulus INTEGER, -- n
526 * publicExponent INTEGER, -- e
527 * privateExponent INTEGER, -- d
528 * prime1 INTEGER, -- p
529 * prime2 INTEGER, -- q
530 * exponent1 INTEGER, -- d mod (p-1)
531 * exponent2 INTEGER, -- d mod (q-1)
532 * coefficient INTEGER, -- (inverse of q) mod p
533 * }
534 */
535 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
536 MBEDTLS_ASN1_SEQUENCE |
537 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
538 TEST_ASSERT( p + len == end );
539 if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) )
540 goto exit;
541 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
542 goto exit;
543 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
544 goto exit;
545 /* Require d to be at least half the size of n. */
546 if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
547 goto exit;
548 /* Require p and q to be at most half the size of n, rounded up. */
549 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
550 goto exit;
551 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
552 goto exit;
553 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
554 goto exit;
555 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
556 goto exit;
557 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
558 goto exit;
559 TEST_ASSERT( p == end );
560 }
561 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]562#endif /* MBEDTLS_RSA_C */
563
564#if defined(MBEDTLS_ECP_C)
565 if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
566 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]567 uint8_t *p = exported;
568 uint8_t *end = exported + exported_length;
569 size_t len;
570 int version;
571 /* ECPrivateKey ::= SEQUENCE {
572 * version INTEGER, -- must be 1
573 * privateKey OCTET STRING,
574 * -- `ceiling(log_{256}(n))`-byte string, big endian,
575 * -- where n is the order of the curve.
576 * parameters ECParameters {{ NamedCurve }}, -- mandatory
577 * publicKey BIT STRING -- mandatory
578 * }
579 */
580 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
581 MBEDTLS_ASN1_SEQUENCE |
582 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
583 TEST_ASSERT( p + len == end );
584 TEST_ASSERT( mbedtls_asn1_get_int( &p, end, &version ) == 0 );
585 TEST_ASSERT( version == 1 );
586 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
587 MBEDTLS_ASN1_OCTET_STRING ) == 0 );
588 /* Bug in Mbed TLS: the length of the octet string depends on the value */
589 // TEST_ASSERT( len == PSA_BITS_TO_BYTES( bits ) );
590 p += len;
591 TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 0,
592 MBEDTLS_ASN1_OID ) == 0 );
593 p += len;
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]594 /* publicKey: ECPoint in uncompressed representation (as below) */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]595 TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 1,
596 MBEDTLS_ASN1_BIT_STRING ) == 0 );
597 TEST_ASSERT( p + len == end );
598 TEST_ASSERT( p[0] == 0 ); /* 0 unused bits in the bit string */
599 ++p;
600 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
601 TEST_ASSERT( p[0] == 4 );
602 }
603 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]604#endif /* MBEDTLS_ECP_C */
605
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]606 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
607 {
608 uint8_t *p = exported;
609 uint8_t *end = exported + exported_length;
610 size_t len;
611 mbedtls_asn1_buf alg;
612 mbedtls_asn1_buf params;
613 mbedtls_asn1_bitstring bitstring;
614 /* SubjectPublicKeyInfo ::= SEQUENCE {
615 * algorithm AlgorithmIdentifier,
616 * subjectPublicKey BIT STRING }
617 * AlgorithmIdentifier ::= SEQUENCE {
618 * algorithm OBJECT IDENTIFIER,
619 * parameters ANY DEFINED BY algorithm OPTIONAL }
620 */
621 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
622 MBEDTLS_ASN1_SEQUENCE |
623 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
624 TEST_ASSERT( p + len == end );
625 TEST_ASSERT( mbedtls_asn1_get_alg( &p, end, &alg, &params ) == 0 );
626 if( ! is_oid_of_key_type( type, alg.p, alg.len ) )
627 goto exit;
628 TEST_ASSERT( mbedtls_asn1_get_bitstring( &p, end, &bitstring ) == 0 );
629 TEST_ASSERT( p == end );
630 p = bitstring.p;
631#if defined(MBEDTLS_RSA_C)
632 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
633 {
634 /* RSAPublicKey ::= SEQUENCE {
635 * modulus INTEGER, -- n
636 * publicExponent INTEGER } -- e
637 */
638 TEST_ASSERT( bitstring.unused_bits == 0 );
639 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
640 MBEDTLS_ASN1_SEQUENCE |
641 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
642 TEST_ASSERT( p + len == end );
643 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
644 goto exit;
645 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
646 goto exit;
647 TEST_ASSERT( p == end );
648 }
649 else
650#endif /* MBEDTLS_RSA_C */
651#if defined(MBEDTLS_ECP_C)
652 if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
653 {
654 /* ECPoint ::= ...
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]655 * -- first 8 bits: 0x04 (uncompressed representation);
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]656 * -- then x_P as an n-bit string, big endian;
657 * -- then y_P as a n-bit string, big endian,
658 * -- where n is the order of the curve.
659 */
660 TEST_ASSERT( bitstring.unused_bits == 0 );
661 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
662 TEST_ASSERT( p[0] == 4 );
663 }
664 else
665#endif /* MBEDTLS_ECP_C */
666 {
667 char message[40];
668 mbedtls_snprintf( message, sizeof( message ),
669 "No sanity check for public key type=0x%08lx",
670 (unsigned long) type );
671 test_fail( message, __LINE__, __FILE__ );
672 return( 0 );
673 }
674 }
675 else
676
677 {
678 /* No sanity checks for other types */
679 }
680
681 return( 1 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]682
683exit:
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]684 return( 0 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]685}
686
687static int exercise_export_key( psa_key_slot_t slot,
688 psa_key_usage_t usage )
689{
690 psa_key_type_t type;
691 size_t bits;
692 uint8_t *exported = NULL;
693 size_t exported_size = 0;
694 size_t exported_length = 0;
695 int ok = 0;
696
Gilles Peskineacec7b6f2018-09-13 20:34:11 +0200[diff] [blame]697 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
698
699 if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
700 ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]701 {
702 TEST_ASSERT( psa_export_key( slot, NULL, 0, &exported_length ) ==
703 PSA_ERROR_NOT_PERMITTED );
704 return( 1 );
705 }
706
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]707 exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]708 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]709
710 TEST_ASSERT( psa_export_key( slot,
711 exported, exported_size,
712 &exported_length ) == PSA_SUCCESS );
713 ok = exported_key_sanity_check( type, bits, exported, exported_length );
714
715exit:
716 mbedtls_free( exported );
717 return( ok );
718}
719
720static int exercise_export_public_key( psa_key_slot_t slot )
721{
722 psa_key_type_t type;
723 psa_key_type_t public_type;
724 size_t bits;
725 uint8_t *exported = NULL;
726 size_t exported_size = 0;
727 size_t exported_length = 0;
728 int ok = 0;
729
730 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
731 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
732 {
733 TEST_ASSERT( psa_export_public_key( slot,
734 NULL, 0, &exported_length ) ==
735 PSA_ERROR_INVALID_ARGUMENT );
736 return( 1 );
737 }
738
739 public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
740 exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]741 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]742
743 TEST_ASSERT( psa_export_public_key( slot,
744 exported, exported_size,
745 &exported_length ) == PSA_SUCCESS );
746 ok = exported_key_sanity_check( public_type, bits,
747 exported, exported_length );
748
749exit:
750 mbedtls_free( exported );
751 return( ok );
752}
753
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]754static int exercise_key( psa_key_slot_t slot,
755 psa_key_usage_t usage,
756 psa_algorithm_t alg )
757{
758 int ok;
759 if( alg == 0 )
760 ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
761 else if( PSA_ALG_IS_MAC( alg ) )
762 ok = exercise_mac_key( slot, usage, alg );
763 else if( PSA_ALG_IS_CIPHER( alg ) )
764 ok = exercise_cipher_key( slot, usage, alg );
765 else if( PSA_ALG_IS_AEAD( alg ) )
766 ok = exercise_aead_key( slot, usage, alg );
767 else if( PSA_ALG_IS_SIGN( alg ) )
768 ok = exercise_signature_key( slot, usage, alg );
769 else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
770 ok = exercise_asymmetric_encryption_key( slot, usage, alg );
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]771 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
772 ok = exercise_key_derivation_key( slot, usage, alg );
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]773 else
774 {
775 char message[40];
776 mbedtls_snprintf( message, sizeof( message ),
777 "No code to exercise alg=0x%08lx",
778 (unsigned long) alg );
779 test_fail( message, __LINE__, __FILE__ );
780 ok = 0;
781 }
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]782
783 ok = ok && exercise_export_key( slot, usage );
784 ok = ok && exercise_export_public_key( slot );
785
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]786 return( ok );
787}
788
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]789/* END_HEADER */
790
791/* BEGIN_DEPENDENCIES
792 * depends_on:MBEDTLS_PSA_CRYPTO_C
793 * END_DEPENDENCIES
794 */
795
796/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200[diff] [blame]797void static_checks( )
798{
799 size_t max_truncated_mac_size =
800 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
801
802 /* Check that the length for a truncated MAC always fits in the algorithm
803 * encoding. The shifted mask is the maximum truncated value. The
804 * untruncated algorithm may be one byte larger. */
805 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
806}
807/* END_CASE */
808
809/* BEGIN_CASE */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]810void init_deinit( )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]811{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]812 psa_status_t status;
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]813 int i;
814 for( i = 0; i <= 1; i++ )
815 {
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]816 status = psa_crypto_init( );
817 TEST_ASSERT( status == PSA_SUCCESS );
818 status = psa_crypto_init( );
819 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]820 mbedtls_psa_crypto_free( );
821 }
822}
823/* END_CASE */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]824
825/* BEGIN_CASE */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]826void fill_slots( int max_arg )
827{
828 /* Fill all the slots until we run out of memory or out of slots,
829 * or until some limit specified in the test data for the sake of
830 * implementations with an essentially unlimited number of slots.
831 * This test assumes that available slots are numbered from 1. */
832
833 psa_key_slot_t slot;
834 psa_key_slot_t max = 0;
835 psa_key_policy_t policy;
836 uint8_t exported[sizeof( max )];
837 size_t exported_size;
838 psa_status_t status;
839
840 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
841
842 psa_key_policy_init( &policy );
843 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
844
845 for( max = 1; max <= (size_t) max_arg; max++ )
846 {
847 status = psa_set_key_policy( max, &policy );
848 /* Stop filling slots if we run out of memory or out of
849 * available slots. */
850 TEST_ASSERT( status == PSA_SUCCESS ||
851 status == PSA_ERROR_INSUFFICIENT_MEMORY ||
852 status == PSA_ERROR_INVALID_ARGUMENT );
853 if( status != PSA_SUCCESS )
854 break;
855 status = psa_import_key( max, PSA_KEY_TYPE_RAW_DATA,
856 (uint8_t*) &max, sizeof( max ) );
857 /* Since psa_set_key_policy succeeded, we know that the slot
858 * number is valid. But we may legitimately run out of memory. */
859 TEST_ASSERT( status == PSA_SUCCESS ||
860 status == PSA_ERROR_INSUFFICIENT_MEMORY );
861 if( status != PSA_SUCCESS )
862 break;
863 }
864 /* `max` is now the first slot number that wasn't filled. */
865 max -= 1;
866
867 for( slot = 1; slot <= max; slot++ )
868 {
869 TEST_ASSERT( psa_export_key( slot,
870 exported, sizeof( exported ),
871 &exported_size ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]872 ASSERT_COMPARE( &slot, sizeof( slot ), exported, exported_size );
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]873 }
874
875exit:
Gilles Peskine9a056342018-08-01 15:46:54 +0200[diff] [blame]876 /* Do not destroy the keys. mbedtls_psa_crypto_free() should do it. */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]877 mbedtls_psa_crypto_free( );
878}
879/* END_CASE */
880
881/* BEGIN_CASE */
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]882void import( data_t *data, int type, int expected_status_arg )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]883{
884 int slot = 1;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]885 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]886 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]887
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]888 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]889 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]890 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
891
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]892 status = psa_import_key( slot, type, data->x, data->len );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]893 TEST_ASSERT( status == expected_status );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]894 if( status == PSA_SUCCESS )
895 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
896
897exit:
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]898 mbedtls_psa_crypto_free( );
899}
900/* END_CASE */
901
902/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]903void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
904{
905 int slot = 1;
906 size_t bits = bits_arg;
907 psa_status_t expected_status = expected_status_arg;
908 psa_status_t status;
909 psa_key_type_t type =
910 keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
911 size_t buffer_size = /* Slight overapproximations */
912 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]913 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]914 unsigned char *p;
915 int ret;
916 size_t length;
917
918 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]919 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]920
921 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
922 bits, keypair ) ) >= 0 );
923 length = ret;
924
925 /* Try importing the key */
926 status = psa_import_key( slot, type, p, length );
927 TEST_ASSERT( status == expected_status );
928 if( status == PSA_SUCCESS )
929 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
930
931exit:
932 mbedtls_free( buffer );
933 mbedtls_psa_crypto_free( );
934}
935/* END_CASE */
936
937/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]938void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300[diff] [blame]939 int type_arg,
940 int alg_arg,
941 int usage_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]942 int expected_bits,
943 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]944 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]945 int canonical_input )
946{
947 int slot = 1;
948 int slot2 = slot + 1;
949 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]950 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]951 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]952 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]953 unsigned char *exported = NULL;
954 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]955 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]956 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]957 size_t reexported_length;
958 psa_key_type_t got_type;
959 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]960 psa_key_policy_t policy;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]961
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]962 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]963 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]964 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]965 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]966 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]967 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]968 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
969
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]970 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]971 psa_key_policy_set_usage( &policy, usage_arg, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]972 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
973
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]974 /* Import the key */
975 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]976 data->x, data->len ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]977
978 /* Test the key information */
979 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]980 &got_type,
981 &got_bits ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]982 TEST_ASSERT( got_type == type );
983 TEST_ASSERT( got_bits == (size_t) expected_bits );
984
985 /* Export the key */
986 status = psa_export_key( slot,
987 exported, export_size,
988 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]989 TEST_ASSERT( status == expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]990
991 /* The exported length must be set by psa_export_key() to a value between 0
992 * and export_size. On errors, the exported length must be 0. */
993 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
994 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
995 TEST_ASSERT( exported_length <= export_size );
996
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]997 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]998 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]999 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1000 {
1001 TEST_ASSERT( exported_length == 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1002 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1003 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1004
Gilles Peskine8f609232018-08-11 01:24:55 +0200[diff] [blame]1005 if( ! exercise_export_key( slot, usage_arg ) )
1006 goto exit;
1007
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1008 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1009 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1010 else
1011 {
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1012 TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );
1013
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1014 TEST_ASSERT( psa_import_key( slot2, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1015 exported,
Gilles Peskineb67f3082018-08-07 15:33:10 +0200[diff] [blame]1016 exported_length ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1017 TEST_ASSERT( psa_export_key( slot2,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1018 reexported,
1019 export_size,
1020 &reexported_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1021 ASSERT_COMPARE( exported, exported_length,
1022 reexported, reexported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1023 }
1024
1025destroy:
1026 /* Destroy the key */
1027 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1028 TEST_ASSERT( psa_get_key_information(
1029 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
1030
1031exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1032 mbedtls_free( exported );
1033 mbedtls_free( reexported );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1034 mbedtls_psa_crypto_free( );
1035}
1036/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1037
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1038/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1039void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1040 int type_arg,
1041 int alg_arg,
1042 int expected_bits,
1043 int public_key_expected_length,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1044 int expected_export_status_arg )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1045{
1046 int slot = 1;
1047 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1048 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1049 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1050 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1051 unsigned char *exported = NULL;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1052 size_t export_size;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1053 size_t exported_length = INVALID_EXPORT_LENGTH;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1054 psa_key_type_t got_type;
1055 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1056 psa_key_policy_t policy;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1057
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1058 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1059 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]1060 export_size = (ptrdiff_t) data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1061 ASSERT_ALLOC( exported, export_size );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1062
1063 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1064
1065 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1066 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1067 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1068
1069 /* Import the key */
1070 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1071 data->x, data->len ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1072
1073 /* Test the key information */
1074 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]1075 &got_type,
1076 &got_bits ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1077 TEST_ASSERT( got_type == type );
1078 TEST_ASSERT( got_bits == (size_t) expected_bits );
1079
1080 /* Export the key */
1081 status = psa_export_public_key( slot,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1082 exported, export_size,
1083 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1084 TEST_ASSERT( status == expected_export_status );
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1085 TEST_ASSERT( exported_length == (size_t) public_key_expected_length );
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1086 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1087 export_size - exported_length ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1088 if( status != PSA_SUCCESS )
1089 goto destroy;
1090
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1091destroy:
1092 /* Destroy the key */
1093 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1094 TEST_ASSERT( psa_get_key_information(
1095 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
1096
1097exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1098 mbedtls_free( exported );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1099 mbedtls_psa_crypto_free( );
1100}
1101/* END_CASE */
1102
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1103/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1104void import_and_exercise_key( data_t *data,
1105 int type_arg,
1106 int bits_arg,
1107 int alg_arg )
1108{
1109 int slot = 1;
1110 psa_key_type_t type = type_arg;
1111 size_t bits = bits_arg;
1112 psa_algorithm_t alg = alg_arg;
1113 psa_key_usage_t usage =
1114 ( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ?
1115 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
1116 PSA_KEY_USAGE_VERIFY :
1117 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ) :
1118 PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
1119 PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ?
1120 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
1121 PSA_KEY_USAGE_ENCRYPT :
1122 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ) :
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1123 PSA_ALG_IS_KEY_DERIVATION( alg ) ? PSA_KEY_USAGE_DERIVE :
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1124 0 );
1125 psa_key_policy_t policy;
1126 psa_key_type_t got_type;
1127 size_t got_bits;
1128 psa_status_t status;
1129
1130 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1131
1132 psa_key_policy_init( &policy );
1133 psa_key_policy_set_usage( &policy, usage, alg );
1134 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1135
1136 /* Import the key */
1137 status = psa_import_key( slot, type, data->x, data->len );
1138 TEST_ASSERT( status == PSA_SUCCESS );
1139
1140 /* Test the key information */
1141 TEST_ASSERT( psa_get_key_information( slot,
1142 &got_type,
1143 &got_bits ) == PSA_SUCCESS );
1144 TEST_ASSERT( got_type == type );
1145 TEST_ASSERT( got_bits == bits );
1146
1147 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]1148 if( ! exercise_key( slot, usage, alg ) )
1149 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1150
1151exit:
1152 psa_destroy_key( slot );
1153 mbedtls_psa_crypto_free( );
1154}
1155/* END_CASE */
1156
1157/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1158void key_policy( int usage_arg, int alg_arg )
1159{
1160 int key_slot = 1;
1161 psa_algorithm_t alg = alg_arg;
1162 psa_key_usage_t usage = usage_arg;
1163 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
1164 unsigned char key[32] = {0};
1165 psa_key_policy_t policy_set;
1166 psa_key_policy_t policy_get;
1167
1168 memset( key, 0x2a, sizeof( key ) );
1169
1170 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1171
1172 psa_key_policy_init( &policy_set );
1173 psa_key_policy_init( &policy_get );
1174
1175 psa_key_policy_set_usage( &policy_set, usage, alg );
1176
1177 TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage );
1178 TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg );
1179 TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );
1180
1181 TEST_ASSERT( psa_import_key( key_slot, key_type,
1182 key, sizeof( key ) ) == PSA_SUCCESS );
1183
1184 TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );
1185
1186 TEST_ASSERT( policy_get.usage == policy_set.usage );
1187 TEST_ASSERT( policy_get.alg == policy_set.alg );
1188
1189exit:
1190 psa_destroy_key( key_slot );
1191 mbedtls_psa_crypto_free( );
1192}
1193/* END_CASE */
1194
1195/* BEGIN_CASE */
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1196void mac_key_policy( int policy_usage,
1197 int policy_alg,
1198 int key_type,
1199 data_t *key_data,
1200 int exercise_alg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1201{
1202 int key_slot = 1;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1203 psa_key_policy_t policy;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1204 psa_mac_operation_t operation;
1205 psa_status_t status;
1206 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1207
1208 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1209
1210 psa_key_policy_init( &policy );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1211 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1212 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1213
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1214 TEST_ASSERT( psa_import_key( key_slot, key_type,
1215 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1216
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1217 status = psa_mac_sign_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1218 if( policy_alg == exercise_alg &&
1219 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1220 TEST_ASSERT( status == PSA_SUCCESS );
1221 else
1222 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1223 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1224
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1225 memset( mac, 0, sizeof( mac ) );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1226 status = psa_mac_verify_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1227 if( policy_alg == exercise_alg &&
1228 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1229 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1230 else
1231 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1232
1233exit:
1234 psa_mac_abort( &operation );
1235 psa_destroy_key( key_slot );
1236 mbedtls_psa_crypto_free( );
1237}
1238/* END_CASE */
1239
1240/* BEGIN_CASE */
1241void cipher_key_policy( int policy_usage,
1242 int policy_alg,
1243 int key_type,
1244 data_t *key_data,
1245 int exercise_alg )
1246{
1247 int key_slot = 1;
1248 psa_key_policy_t policy;
1249 psa_cipher_operation_t operation;
1250 psa_status_t status;
1251
1252 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1253
1254 psa_key_policy_init( &policy );
1255 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1256 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1257
1258 TEST_ASSERT( psa_import_key( key_slot, key_type,
1259 key_data->x, key_data->len ) == PSA_SUCCESS );
1260
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1261 status = psa_cipher_encrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1262 if( policy_alg == exercise_alg &&
1263 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1264 TEST_ASSERT( status == PSA_SUCCESS );
1265 else
1266 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1267 psa_cipher_abort( &operation );
1268
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1269 status = psa_cipher_decrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1270 if( policy_alg == exercise_alg &&
1271 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1272 TEST_ASSERT( status == PSA_SUCCESS );
1273 else
1274 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1275
1276exit:
1277 psa_cipher_abort( &operation );
1278 psa_destroy_key( key_slot );
1279 mbedtls_psa_crypto_free( );
1280}
1281/* END_CASE */
1282
1283/* BEGIN_CASE */
1284void aead_key_policy( int policy_usage,
1285 int policy_alg,
1286 int key_type,
1287 data_t *key_data,
1288 int nonce_length_arg,
1289 int tag_length_arg,
1290 int exercise_alg )
1291{
1292 int key_slot = 1;
1293 psa_key_policy_t policy;
1294 psa_status_t status;
1295 unsigned char nonce[16] = {0};
1296 size_t nonce_length = nonce_length_arg;
1297 unsigned char tag[16];
1298 size_t tag_length = tag_length_arg;
1299 size_t output_length;
1300
1301 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
1302 TEST_ASSERT( tag_length <= sizeof( tag ) );
1303
1304 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1305
1306 psa_key_policy_init( &policy );
1307 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1308 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1309
1310 TEST_ASSERT( psa_import_key( key_slot, key_type,
1311 key_data->x, key_data->len ) == PSA_SUCCESS );
1312
1313 status = psa_aead_encrypt( key_slot, exercise_alg,
1314 nonce, nonce_length,
1315 NULL, 0,
1316 NULL, 0,
1317 tag, tag_length,
1318 &output_length );
1319 if( policy_alg == exercise_alg &&
1320 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1321 TEST_ASSERT( status == PSA_SUCCESS );
1322 else
1323 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1324
1325 memset( tag, 0, sizeof( tag ) );
1326 status = psa_aead_decrypt( key_slot, exercise_alg,
1327 nonce, nonce_length,
1328 NULL, 0,
1329 tag, tag_length,
1330 NULL, 0,
1331 &output_length );
1332 if( policy_alg == exercise_alg &&
1333 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1334 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1335 else
1336 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1337
1338exit:
1339 psa_destroy_key( key_slot );
1340 mbedtls_psa_crypto_free( );
1341}
1342/* END_CASE */
1343
1344/* BEGIN_CASE */
1345void asymmetric_encryption_key_policy( int policy_usage,
1346 int policy_alg,
1347 int key_type,
1348 data_t *key_data,
1349 int exercise_alg )
1350{
1351 int key_slot = 1;
1352 psa_key_policy_t policy;
1353 psa_status_t status;
1354 size_t key_bits;
1355 size_t buffer_length;
1356 unsigned char *buffer = NULL;
1357 size_t output_length;
1358
1359 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1360
1361 psa_key_policy_init( &policy );
1362 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1363 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1364
1365 TEST_ASSERT( psa_import_key( key_slot, key_type,
1366 key_data->x, key_data->len ) == PSA_SUCCESS );
1367
1368 TEST_ASSERT( psa_get_key_information( key_slot,
1369 NULL,
1370 &key_bits ) == PSA_SUCCESS );
1371 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1372 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1373 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1374
1375 status = psa_asymmetric_encrypt( key_slot, exercise_alg,
1376 NULL, 0,
1377 NULL, 0,
1378 buffer, buffer_length,
1379 &output_length );
1380 if( policy_alg == exercise_alg &&
1381 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1382 TEST_ASSERT( status == PSA_SUCCESS );
1383 else
1384 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1385
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]1386 if( buffer_length != 0 )
1387 memset( buffer, 0, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1388 status = psa_asymmetric_decrypt( key_slot, exercise_alg,
1389 buffer, buffer_length,
1390 NULL, 0,
1391 buffer, buffer_length,
1392 &output_length );
1393 if( policy_alg == exercise_alg &&
1394 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1395 TEST_ASSERT( status == PSA_ERROR_INVALID_PADDING );
1396 else
1397 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1398
1399exit:
1400 psa_destroy_key( key_slot );
1401 mbedtls_psa_crypto_free( );
1402 mbedtls_free( buffer );
1403}
1404/* END_CASE */
1405
1406/* BEGIN_CASE */
1407void asymmetric_signature_key_policy( int policy_usage,
1408 int policy_alg,
1409 int key_type,
1410 data_t *key_data,
1411 int exercise_alg )
1412{
1413 int key_slot = 1;
1414 psa_key_policy_t policy;
1415 psa_status_t status;
1416 unsigned char payload[16] = {1};
1417 size_t payload_length = sizeof( payload );
1418 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
1419 size_t signature_length;
1420
1421 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1422
1423 psa_key_policy_init( &policy );
1424 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1425 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1426
1427 TEST_ASSERT( psa_import_key( key_slot, key_type,
1428 key_data->x, key_data->len ) == PSA_SUCCESS );
1429
1430 status = psa_asymmetric_sign( key_slot, exercise_alg,
1431 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1432 signature, sizeof( signature ),
1433 &signature_length );
1434 if( policy_alg == exercise_alg &&
1435 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1436 TEST_ASSERT( status == PSA_SUCCESS );
1437 else
1438 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1439
1440 memset( signature, 0, sizeof( signature ) );
1441 status = psa_asymmetric_verify( key_slot, exercise_alg,
1442 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1443 signature, sizeof( signature ) );
1444 if( policy_alg == exercise_alg &&
1445 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1446 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1447 else
1448 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1449
1450exit:
1451 psa_destroy_key( key_slot );
1452 mbedtls_psa_crypto_free( );
1453}
1454/* END_CASE */
1455
1456/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1457void derive_key_policy( int policy_usage,
1458 int policy_alg,
1459 int key_type,
1460 data_t *key_data,
1461 int exercise_alg )
1462{
1463 int key_slot = 1;
1464 psa_key_policy_t policy;
1465 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1466 psa_status_t status;
1467
1468 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1469
1470 psa_key_policy_init( &policy );
1471 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1472 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1473
1474 TEST_ASSERT( psa_import_key( key_slot, key_type,
1475 key_data->x, key_data->len ) == PSA_SUCCESS );
1476
1477 status = psa_key_derivation( &generator, key_slot,
1478 exercise_alg,
1479 NULL, 0,
1480 NULL, 0,
1481 1 );
1482 if( policy_alg == exercise_alg &&
1483 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1484 TEST_ASSERT( status == PSA_SUCCESS );
1485 else
1486 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1487
1488exit:
1489 psa_generator_abort( &generator );
1490 psa_destroy_key( key_slot );
1491 mbedtls_psa_crypto_free( );
1492}
1493/* END_CASE */
1494
1495/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1496void key_lifetime( int lifetime_arg )
1497{
1498 int key_slot = 1;
Gilles Peskinec32f0302018-08-10 16:02:11 +0200[diff] [blame]1499 psa_key_type_t key_type = PSA_KEY_TYPE_RAW_DATA;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1500 unsigned char key[32] = {0};
1501 psa_key_lifetime_t lifetime_set = lifetime_arg;
1502 psa_key_lifetime_t lifetime_get;
1503
1504 memset( key, 0x2a, sizeof( key ) );
1505
1506 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1507
1508 TEST_ASSERT( psa_set_key_lifetime( key_slot,
1509 lifetime_set ) == PSA_SUCCESS );
1510
1511 TEST_ASSERT( psa_import_key( key_slot, key_type,
1512 key, sizeof( key ) ) == PSA_SUCCESS );
1513
1514 TEST_ASSERT( psa_get_key_lifetime( key_slot,
1515 &lifetime_get ) == PSA_SUCCESS );
1516
1517 TEST_ASSERT( lifetime_get == lifetime_set );
1518
1519exit:
1520 psa_destroy_key( key_slot );
1521 mbedtls_psa_crypto_free( );
1522}
1523/* END_CASE */
1524
1525/* BEGIN_CASE */
1526void key_lifetime_set_fail( int key_slot_arg,
1527 int lifetime_arg,
1528 int expected_status_arg )
1529{
1530 psa_key_slot_t key_slot = key_slot_arg;
1531 psa_key_lifetime_t lifetime_set = lifetime_arg;
1532 psa_status_t actual_status;
1533 psa_status_t expected_status = expected_status_arg;
1534
1535 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1536
1537 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1538
1539 if( actual_status == PSA_SUCCESS )
1540 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1541
1542 TEST_ASSERT( expected_status == actual_status );
1543
1544exit:
1545 psa_destroy_key( key_slot );
1546 mbedtls_psa_crypto_free( );
1547}
1548/* END_CASE */
1549
1550/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1551void hash_setup( int alg_arg,
1552 int expected_status_arg )
1553{
1554 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1555 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1556 psa_hash_operation_t operation;
1557 psa_status_t status;
1558
1559 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1560
Gilles Peskineda8191d1c2018-07-08 19:46:38 +0200[diff] [blame]1561 status = psa_hash_setup( &operation, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1562 psa_hash_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1563 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1564
1565exit:
1566 mbedtls_psa_crypto_free( );
1567}
1568/* END_CASE */
1569
1570/* BEGIN_CASE */
itayzafrirf86548d2018-11-01 10:44:32 +0200[diff] [blame]1571void hash_bad_order( )
1572{
1573 unsigned char input[] = "";
1574 /* SHA-256 hash of an empty string */
1575 unsigned char hash[] = {
1576 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1577 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1578 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
1579 size_t hash_len;
1580 psa_hash_operation_t operation;
1581
1582 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1583
1584 /* psa_hash_update without calling psa_hash_setup beforehand */
1585 memset( &operation, 0, sizeof( operation ) );
1586 TEST_ASSERT( psa_hash_update( &operation,
1587 input, sizeof( input ) ) ==
1588 PSA_ERROR_INVALID_ARGUMENT );
1589
1590 /* psa_hash_verify without calling psa_hash_setup beforehand */
1591 memset( &operation, 0, sizeof( operation ) );
1592 TEST_ASSERT( psa_hash_verify( &operation,
1593 hash, sizeof( hash ) ) ==
1594 PSA_ERROR_INVALID_ARGUMENT );
1595
1596 /* psa_hash_finish without calling psa_hash_setup beforehand */
1597 memset( &operation, 0, sizeof( operation ) );
1598 TEST_ASSERT( psa_hash_finish( &operation,
1599 hash, sizeof( hash ), &hash_len ) ==
1600 PSA_ERROR_INVALID_ARGUMENT );
1601
1602exit:
1603 mbedtls_psa_crypto_free( );
1604}
1605/* END_CASE */
1606
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1607/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1608void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1609{
1610 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1611 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1612 * appended to it */
1613 unsigned char hash[] = {
1614 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1615 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1616 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1617 size_t expected_size = PSA_HASH_SIZE( alg );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1618 psa_hash_operation_t operation;
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1619
1620 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1621
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1622 /* psa_hash_verify with a smaller hash than expected */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1623 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1624 TEST_ASSERT( psa_hash_verify( &operation,
1625 hash, expected_size - 1 ) ==
1626 PSA_ERROR_INVALID_SIGNATURE );
1627
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1628 /* psa_hash_verify with a non-matching hash */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1629 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1630 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1631 hash + 1, expected_size ) ==
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1632 PSA_ERROR_INVALID_SIGNATURE );
1633
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1634 /* psa_hash_verify with a hash longer than expected */
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1635 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1636 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame^]1637 hash, sizeof( hash ) ) ==
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1638 PSA_ERROR_INVALID_SIGNATURE );
1639
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1640exit:
1641 mbedtls_psa_crypto_free( );
1642}
1643/* END_CASE */
1644
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1645/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1646void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1647{
1648 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1649 unsigned char hash[PSA_HASH_MAX_SIZE];
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1650 size_t expected_size = PSA_HASH_SIZE( alg );
1651 psa_hash_operation_t operation;
1652 size_t hash_len;
1653
1654 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1655
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1656 /* psa_hash_finish with a smaller hash buffer than expected */
1657 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1658 TEST_ASSERT( psa_hash_finish( &operation,
1659 hash, expected_size - 1,
1660 &hash_len ) == PSA_ERROR_BUFFER_TOO_SMALL );
1661
1662exit:
1663 mbedtls_psa_crypto_free( );
1664}
1665/* END_CASE */
1666
1667/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1668void mac_setup( int key_type_arg,
1669 data_t *key,
1670 int alg_arg,
1671 int expected_status_arg )
1672{
1673 int key_slot = 1;
1674 psa_key_type_t key_type = key_type_arg;
1675 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1676 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1677 psa_mac_operation_t operation;
1678 psa_key_policy_t policy;
1679 psa_status_t status;
1680
1681 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1682
1683 psa_key_policy_init( &policy );
1684 psa_key_policy_set_usage( &policy,
1685 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
1686 alg );
1687 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1688
1689 TEST_ASSERT( psa_import_key( key_slot, key_type,
1690 key->x, key->len ) == PSA_SUCCESS );
1691
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1692 status = psa_mac_sign_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1693 psa_mac_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1694 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1695
1696exit:
1697 psa_destroy_key( key_slot );
1698 mbedtls_psa_crypto_free( );
1699}
1700/* END_CASE */
1701
1702/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1703void mac_sign( int key_type_arg,
1704 data_t *key,
1705 int alg_arg,
1706 data_t *input,
1707 data_t *expected_mac )
1708{
1709 int key_slot = 1;
1710 psa_key_type_t key_type = key_type_arg;
1711 psa_algorithm_t alg = alg_arg;
1712 psa_mac_operation_t operation;
1713 psa_key_policy_t policy;
1714 /* Leave a little extra room in the output buffer. At the end of the
1715 * test, we'll check that the implementation didn't overwrite onto
1716 * this extra room. */
1717 uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10];
1718 size_t mac_buffer_size =
1719 PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
1720 size_t mac_length = 0;
1721
1722 memset( actual_mac, '+', sizeof( actual_mac ) );
1723 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
1724 TEST_ASSERT( expected_mac->len <= mac_buffer_size );
1725
1726 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1727
1728 psa_key_policy_init( &policy );
1729 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
1730 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1731
1732 TEST_ASSERT( psa_import_key( key_slot, key_type,
1733 key->x, key->len ) == PSA_SUCCESS );
1734
1735 /* Calculate the MAC. */
1736 TEST_ASSERT( psa_mac_sign_setup( &operation,
1737 key_slot, alg ) == PSA_SUCCESS );
1738 TEST_ASSERT( psa_mac_update( &operation,
1739 input->x, input->len ) == PSA_SUCCESS );
1740 TEST_ASSERT( psa_mac_sign_finish( &operation,
1741 actual_mac, mac_buffer_size,
1742 &mac_length ) == PSA_SUCCESS );
1743
1744 /* Compare with the expected value. */
1745 TEST_ASSERT( mac_length == expected_mac->len );
1746 TEST_ASSERT( memcmp( actual_mac, expected_mac->x, mac_length ) == 0 );
1747
1748 /* Verify that the end of the buffer is untouched. */
1749 TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+',
1750 sizeof( actual_mac ) - mac_length ) );
1751
1752exit:
1753 psa_destroy_key( key_slot );
1754 mbedtls_psa_crypto_free( );
1755}
1756/* END_CASE */
1757
1758/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]1759void mac_verify( int key_type_arg,
1760 data_t *key,
1761 int alg_arg,
1762 data_t *input,
1763 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1764{
1765 int key_slot = 1;
1766 psa_key_type_t key_type = key_type_arg;
1767 psa_algorithm_t alg = alg_arg;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1768 psa_mac_operation_t operation;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1769 psa_key_policy_t policy;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1770
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]1771 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
1772
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1773 TEST_ASSERT( key != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1774 TEST_ASSERT( input != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1775 TEST_ASSERT( expected_mac != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1776 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1777 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1778 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1779
1780 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1781
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1782 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1783 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1784 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1785
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1786 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1787 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]1788
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1789 TEST_ASSERT( psa_mac_verify_setup( &operation,
1790 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1791 TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
1792 TEST_ASSERT( psa_mac_update( &operation,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1793 input->x, input->len ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]1794 TEST_ASSERT( psa_mac_verify_finish( &operation,
1795 expected_mac->x,
1796 expected_mac->len ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1797
1798exit:
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1799 psa_destroy_key( key_slot );
1800 mbedtls_psa_crypto_free( );
1801}
1802/* END_CASE */
1803
1804/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1805void cipher_setup( int key_type_arg,
1806 data_t *key,
1807 int alg_arg,
1808 int expected_status_arg )
1809{
1810 int key_slot = 1;
1811 psa_key_type_t key_type = key_type_arg;
1812 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1813 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1814 psa_cipher_operation_t operation;
1815 psa_key_policy_t policy;
1816 psa_status_t status;
1817
1818 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1819
1820 psa_key_policy_init( &policy );
1821 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1822 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1823
1824 TEST_ASSERT( psa_import_key( key_slot, key_type,
1825 key->x, key->len ) == PSA_SUCCESS );
1826
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1827 status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1828 psa_cipher_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1829 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1830
1831exit:
1832 psa_destroy_key( key_slot );
1833 mbedtls_psa_crypto_free( );
1834}
1835/* END_CASE */
1836
1837/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1838void cipher_encrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1839 data_t *key,
1840 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1841 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1842{
1843 int key_slot = 1;
1844 psa_status_t status;
1845 psa_key_type_t key_type = key_type_arg;
1846 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1847 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1848 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1849 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1850 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1851 size_t output_buffer_size = 0;
1852 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1853 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1854 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1855 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1856
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1857 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1858 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1859 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1860 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1861 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1862 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1863
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1864 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1865 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1866
1867 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1868
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1869 psa_key_policy_init( &policy );
1870 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1871 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1872
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1873 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1874 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1875
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1876 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
1877 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1878
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1879 TEST_ASSERT( psa_cipher_set_iv( &operation,
1880 iv, iv_size ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1881 output_buffer_size = (size_t) input->len +
1882 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1883 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1884
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1885 TEST_ASSERT( psa_cipher_update( &operation,
1886 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1887 output, output_buffer_size,
1888 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1889 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1890 status = psa_cipher_finish( &operation,
1891 output + function_output_length,
1892 output_buffer_size,
1893 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1894 total_output_length += function_output_length;
1895
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1896 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1897 if( expected_status == PSA_SUCCESS )
1898 {
1899 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1900 ASSERT_COMPARE( expected_output->x, expected_output->len,
1901 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1902 }
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1903
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1904exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1905 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1906 psa_destroy_key( key_slot );
1907 mbedtls_psa_crypto_free( );
1908}
1909/* END_CASE */
1910
1911/* BEGIN_CASE */
1912void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1913 data_t *key,
1914 data_t *input,
1915 int first_part_size,
1916 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1917{
1918 int key_slot = 1;
1919 psa_key_type_t key_type = key_type_arg;
1920 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1921 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1922 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1923 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1924 size_t output_buffer_size = 0;
1925 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1926 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1927 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1928 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1929
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1930 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1931 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1932 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1933 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1934 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1935 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1936
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1937 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1938 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1939
1940 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1941
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1942 psa_key_policy_init( &policy );
1943 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1944 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1945
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1946 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1947 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1948
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1949 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
1950 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1951
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1952 TEST_ASSERT( psa_cipher_set_iv( &operation,
1953 iv, sizeof( iv ) ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1954 output_buffer_size = (size_t) input->len +
1955 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1956 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1957
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1958 TEST_ASSERT( (unsigned int) first_part_size < input->len );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1959 TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1960 output, output_buffer_size,
1961 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1962 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1963 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1964 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1965 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1966 output, output_buffer_size,
1967 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1968 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1969 TEST_ASSERT( psa_cipher_finish( &operation,
1970 output + function_output_length,
1971 output_buffer_size,
1972 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1973 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1974 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
1975
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1976 ASSERT_COMPARE( expected_output->x, expected_output->len,
1977 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1978
1979exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1980 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1981 psa_destroy_key( key_slot );
1982 mbedtls_psa_crypto_free( );
1983}
1984/* END_CASE */
1985
1986/* BEGIN_CASE */
1987void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1988 data_t *key,
1989 data_t *input,
1990 int first_part_size,
1991 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1992{
1993 int key_slot = 1;
1994
1995 psa_key_type_t key_type = key_type_arg;
1996 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1997 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1998 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1999 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2000 size_t output_buffer_size = 0;
2001 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2002 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2003 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2004 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2005
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2006 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2007 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2008 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2009 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2010 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2011 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2012
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2013 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2014 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2015
2016 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2017
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2018 psa_key_policy_init( &policy );
2019 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2020 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2021
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2022 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2023 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2024
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2025 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2026 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2027
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2028 TEST_ASSERT( psa_cipher_set_iv( &operation,
2029 iv, sizeof( iv ) ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2030
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2031 output_buffer_size = (size_t) input->len +
2032 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2033 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2034
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2035 TEST_ASSERT( (unsigned int) first_part_size < input->len );
2036 TEST_ASSERT( psa_cipher_update( &operation,
2037 input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2038 output, output_buffer_size,
2039 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2040 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2041 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2042 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2043 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2044 output, output_buffer_size,
2045 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2046 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2047 TEST_ASSERT( psa_cipher_finish( &operation,
2048 output + function_output_length,
2049 output_buffer_size,
2050 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2051 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2052 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2053
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2054 ASSERT_COMPARE( expected_output->x, expected_output->len,
2055 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2056
2057exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2058 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2059 psa_destroy_key( key_slot );
2060 mbedtls_psa_crypto_free( );
2061}
2062/* END_CASE */
2063
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2064/* BEGIN_CASE */
2065void cipher_decrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2066 data_t *key,
2067 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2068 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2069{
2070 int key_slot = 1;
2071 psa_status_t status;
2072 psa_key_type_t key_type = key_type_arg;
2073 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2074 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2075 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2076 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2077 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2078 size_t output_buffer_size = 0;
2079 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2080 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2081 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2082 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2083
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2084 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2085 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2086 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2087 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2088 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2089 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2090
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2091 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2092 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2093
2094 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2095
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2096 psa_key_policy_init( &policy );
2097 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2098 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2099
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2100 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2101 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2102
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2103 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2104 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2105
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2106 TEST_ASSERT( psa_cipher_set_iv( &operation,
2107 iv, iv_size ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2108
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2109 output_buffer_size = (size_t) input->len +
2110 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2111 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2112
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2113 TEST_ASSERT( psa_cipher_update( &operation,
2114 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2115 output, output_buffer_size,
2116 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2117 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2118 status = psa_cipher_finish( &operation,
2119 output + function_output_length,
2120 output_buffer_size,
2121 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2122 total_output_length += function_output_length;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2123 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2124
2125 if( expected_status == PSA_SUCCESS )
2126 {
2127 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2128 ASSERT_COMPARE( expected_output->x, expected_output->len,
2129 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2130 }
2131
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2132exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2133 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2134 psa_destroy_key( key_slot );
2135 mbedtls_psa_crypto_free( );
2136}
2137/* END_CASE */
2138
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2139/* BEGIN_CASE */
2140void cipher_verify_output( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2141 data_t *key,
2142 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2143{
2144 int key_slot = 1;
2145 psa_key_type_t key_type = key_type_arg;
2146 psa_algorithm_t alg = alg_arg;
mohammad1603e6b67a12018-03-12 10:38:49 -0700[diff] [blame]2147 unsigned char iv[16] = {0};
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2148 size_t iv_size = 16;
2149 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2150 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2151 size_t output1_size = 0;
2152 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2153 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2154 size_t output2_size = 0;
2155 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2156 size_t function_output_length = 0;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2157 psa_cipher_operation_t operation1;
2158 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2159 psa_key_policy_t policy;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2160
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2161 TEST_ASSERT( key != NULL );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2162 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2163 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2164 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2165
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2166 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2167
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2168 psa_key_policy_init( &policy );
2169 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2170 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2171
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2172 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2173 key->x, key->len ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2174
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2175 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2176 key_slot, alg ) == PSA_SUCCESS );
2177 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2178 key_slot, alg ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2179
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2180 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2181 iv, iv_size,
2182 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2183 output1_size = (size_t) input->len +
2184 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2185 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2186
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2187 TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2188 output1, output1_size,
2189 &output1_length ) == PSA_SUCCESS );
2190 TEST_ASSERT( psa_cipher_finish( &operation1,
2191 output1 + output1_length, output1_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2192 &function_output_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2193
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2194 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2195
2196 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2197
2198 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2199 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2200
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2201 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2202 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2203 TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
2204 output2, output2_size,
2205 &output2_length ) == PSA_SUCCESS );
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2206 function_output_length = 0;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2207 TEST_ASSERT( psa_cipher_finish( &operation2,
2208 output2 + output2_length,
2209 output2_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2210 &function_output_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2211
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2212 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2213
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2214 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2215
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2216 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2217
2218exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2219 mbedtls_free( output1 );
2220 mbedtls_free( output2 );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2221 psa_destroy_key( key_slot );
2222 mbedtls_psa_crypto_free( );
2223}
2224/* END_CASE */
2225
2226/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2227void cipher_verify_output_multipart( int alg_arg,
2228 int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2229 data_t *key,
2230 data_t *input,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2231 int first_part_size )
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2232{
2233 int key_slot = 1;
2234 psa_key_type_t key_type = key_type_arg;
2235 psa_algorithm_t alg = alg_arg;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2236 unsigned char iv[16] = {0};
2237 size_t iv_size = 16;
2238 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2239 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2240 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2241 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2242 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2243 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2244 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2245 size_t function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2246 psa_cipher_operation_t operation1;
2247 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2248 psa_key_policy_t policy;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2249
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2250 TEST_ASSERT( key != NULL );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2251 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2252 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2253 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2254
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2255 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2256
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2257 psa_key_policy_init( &policy );
2258 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2259 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2260
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2261 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2262 key->x, key->len ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2263
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2264 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2265 key_slot, alg ) == PSA_SUCCESS );
2266 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2267 key_slot, alg ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2268
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2269 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2270 iv, iv_size,
2271 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2272 output1_buffer_size = (size_t) input->len +
2273 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2274 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2275
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2276 TEST_ASSERT( (unsigned int) first_part_size < input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2277
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2278 TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2279 output1, output1_buffer_size,
2280 &function_output_length ) == PSA_SUCCESS );
2281 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2282
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2283 TEST_ASSERT( psa_cipher_update( &operation1,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2284 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2285 input->len - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2286 output1, output1_buffer_size,
2287 &function_output_length ) == PSA_SUCCESS );
2288 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2289
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2290 TEST_ASSERT( psa_cipher_finish( &operation1,
2291 output1 + output1_length,
2292 output1_buffer_size - output1_length,
2293 &function_output_length ) == PSA_SUCCESS );
2294 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2295
2296 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2297
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2298 output2_buffer_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2299 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2300
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2301 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2302 iv, iv_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2303
2304 TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2305 output2, output2_buffer_size,
2306 &function_output_length ) == PSA_SUCCESS );
2307 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2308
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2309 TEST_ASSERT( psa_cipher_update( &operation2,
2310 output1 + first_part_size,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2311 output1_length - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2312 output2, output2_buffer_size,
2313 &function_output_length ) == PSA_SUCCESS );
2314 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2315
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2316 TEST_ASSERT( psa_cipher_finish( &operation2,
2317 output2 + output2_length,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2318 output2_buffer_size - output2_length,
2319 &function_output_length ) == PSA_SUCCESS );
2320 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2321
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2322 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2323
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2324 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2325
2326exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2327 mbedtls_free( output1 );
2328 mbedtls_free( output2 );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2329 psa_destroy_key( key_slot );
2330 mbedtls_psa_crypto_free( );
2331}
2332/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +0200[diff] [blame]2333
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2334/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2335void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2336 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2337 data_t *nonce,
2338 data_t *additional_data,
2339 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2340 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2341{
2342 int slot = 1;
2343 psa_key_type_t key_type = key_type_arg;
2344 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2345 unsigned char *output_data = NULL;
2346 size_t output_size = 0;
2347 size_t output_length = 0;
2348 unsigned char *output_data2 = NULL;
2349 size_t output_length2 = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2350 size_t tag_length = 16;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2351 psa_status_t expected_result = expected_result_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2352 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2353
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2354 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2355 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2356 TEST_ASSERT( nonce != NULL );
2357 TEST_ASSERT( additional_data != NULL );
2358 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2359 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2360 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2361 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2362
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2363 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2364 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2365
2366 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2367
2368 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2369 psa_key_policy_set_usage( &policy,
2370 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
2371 alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2372 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2373
2374 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2375 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2376
2377 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2378 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2379 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2380 additional_data->len,
2381 input_data->x, input_data->len,
2382 output_data, output_size,
2383 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2384
2385 if( PSA_SUCCESS == expected_result )
2386 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2387 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2388
2389 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2390 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2391 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2392 additional_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2393 output_data, output_length,
2394 output_data2, output_length,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2395 &output_length2 ) == expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2396
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2397 ASSERT_COMPARE( input_data->x, input_data->len,
2398 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2399 }
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2400
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2401exit:
2402 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2403 mbedtls_free( output_data );
2404 mbedtls_free( output_data2 );
2405 mbedtls_psa_crypto_free( );
2406}
2407/* END_CASE */
2408
2409/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2410void aead_encrypt( int key_type_arg, data_t *key_data,
2411 int alg_arg,
2412 data_t *nonce,
2413 data_t *additional_data,
2414 data_t *input_data,
2415 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2416{
2417 int slot = 1;
2418 psa_key_type_t key_type = key_type_arg;
2419 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2420 unsigned char *output_data = NULL;
2421 size_t output_size = 0;
2422 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2423 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2424 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2425
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2426 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2427 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2428 TEST_ASSERT( additional_data != NULL );
2429 TEST_ASSERT( nonce != NULL );
2430 TEST_ASSERT( expected_result != NULL );
2431 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2432 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2433 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2434 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2435 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) );
2436
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2437 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2438 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2439
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2440 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2441
2442 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2443 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2444 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2445
2446 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2447 key_data->x,
2448 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2449
2450 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2451 nonce->x, nonce->len,
2452 additional_data->x, additional_data->len,
2453 input_data->x, input_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2454 output_data, output_size,
2455 &output_length ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2456
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2457 ASSERT_COMPARE( expected_result->x, expected_result->len,
2458 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2459
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2460exit:
2461 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2462 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2463 mbedtls_psa_crypto_free( );
2464}
2465/* END_CASE */
2466
2467/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2468void aead_decrypt( int key_type_arg, data_t *key_data,
2469 int alg_arg,
2470 data_t *nonce,
2471 data_t *additional_data,
2472 data_t *input_data,
2473 data_t *expected_data,
2474 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2475{
2476 int slot = 1;
2477 psa_key_type_t key_type = key_type_arg;
2478 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2479 unsigned char *output_data = NULL;
2480 size_t output_size = 0;
2481 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2482 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2483 psa_key_policy_t policy;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2484 psa_status_t expected_result = expected_result_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2485
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2486 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2487 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2488 TEST_ASSERT( additional_data != NULL );
2489 TEST_ASSERT( nonce != NULL );
2490 TEST_ASSERT( expected_data != NULL );
2491 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2492 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2493 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2494 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2495 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2496
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2497 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2498 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2499
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2500 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2501
2502 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2503 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2504 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2505
2506 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2507 key_data->x,
2508 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2509
2510 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2511 nonce->x, nonce->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2512 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2513 additional_data->len,
2514 input_data->x, input_data->len,
2515 output_data, output_size,
2516 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2517
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2518 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2519 ASSERT_COMPARE( expected_data->x, expected_data->len,
2520 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2521
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2522exit:
2523 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2524 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2525 mbedtls_psa_crypto_free( );
2526}
2527/* END_CASE */
2528
2529/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2530void signature_size( int type_arg,
2531 int bits,
2532 int alg_arg,
2533 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2534{
2535 psa_key_type_t type = type_arg;
2536 psa_algorithm_t alg = alg_arg;
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2537 size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2538 TEST_ASSERT( actual_size == (size_t) expected_size_arg );
2539exit:
2540 ;
2541}
2542/* END_CASE */
2543
2544/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2545void sign_deterministic( int key_type_arg, data_t *key_data,
2546 int alg_arg, data_t *input_data,
2547 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2548{
2549 int slot = 1;
2550 psa_key_type_t key_type = key_type_arg;
2551 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2552 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2553 unsigned char *signature = NULL;
2554 size_t signature_size;
2555 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2556 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2557
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2558 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2559 TEST_ASSERT( input_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2560 TEST_ASSERT( output_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2561 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2562 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2563 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2564
2565 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2566
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2567 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2568 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2569 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2570
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2571 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2572 key_data->x,
2573 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2574 TEST_ASSERT( psa_get_key_information( slot,
2575 NULL,
2576 &key_bits ) == PSA_SUCCESS );
2577
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2578 /* Allocate a buffer which has the size advertized by the
2579 * library. */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2580 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2581 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2582 TEST_ASSERT( signature_size != 0 );
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2583 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2584 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2585
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2586 /* Perform the signature. */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2587 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2588 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2589 signature, signature_size,
2590 &signature_length ) == PSA_SUCCESS );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2591 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2592 ASSERT_COMPARE( output_data->x, output_data->len,
2593 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2594
2595exit:
2596 psa_destroy_key( slot );
Gilles Peskine0189e752018-02-03 23:57:22 +0100[diff] [blame]2597 mbedtls_free( signature );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2598 mbedtls_psa_crypto_free( );
2599}
2600/* END_CASE */
2601
2602/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2603void sign_fail( int key_type_arg, data_t *key_data,
2604 int alg_arg, data_t *input_data,
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2605 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2606{
2607 int slot = 1;
2608 psa_key_type_t key_type = key_type_arg;
2609 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2610 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2611 psa_status_t actual_status;
2612 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +0100[diff] [blame]2613 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]2614 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2615 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2616
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2617 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2618 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2619 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2620 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2621
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2622 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2623
2624 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2625
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2626 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2627 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2628 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2629
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2630 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2631 key_data->x,
2632 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2633
2634 actual_status = psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2635 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2636 signature, signature_size,
2637 &signature_length );
2638 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2639 /* The value of *signature_length is unspecified on error, but
2640 * whatever it is, it should be less than signature_size, so that
2641 * if the caller tries to read *signature_length bytes without
2642 * checking the error code then they don't overflow a buffer. */
2643 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2644
2645exit:
2646 psa_destroy_key( slot );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2647 mbedtls_free( signature );
2648 mbedtls_psa_crypto_free( );
2649}
2650/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]2651
2652/* BEGIN_CASE */
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2653void sign_verify( int key_type_arg, data_t *key_data,
2654 int alg_arg, data_t *input_data )
2655{
2656 int slot = 1;
2657 psa_key_type_t key_type = key_type_arg;
2658 psa_algorithm_t alg = alg_arg;
2659 size_t key_bits;
2660 unsigned char *signature = NULL;
2661 size_t signature_size;
2662 size_t signature_length = 0xdeadbeef;
2663 psa_key_policy_t policy;
2664
2665 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2666
2667 psa_key_policy_init( &policy );
2668 psa_key_policy_set_usage( &policy,
2669 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
2670 alg );
2671 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2672
2673 TEST_ASSERT( psa_import_key( slot, key_type,
2674 key_data->x,
2675 key_data->len ) == PSA_SUCCESS );
2676 TEST_ASSERT( psa_get_key_information( slot,
2677 NULL,
2678 &key_bits ) == PSA_SUCCESS );
2679
2680 /* Allocate a buffer which has the size advertized by the
2681 * library. */
2682 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2683 key_bits, alg );
2684 TEST_ASSERT( signature_size != 0 );
2685 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2686 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2687
2688 /* Perform the signature. */
2689 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
2690 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2691 signature, signature_size,
2692 &signature_length ) == PSA_SUCCESS );
2693 /* Check that the signature length looks sensible. */
2694 TEST_ASSERT( signature_length <= signature_size );
2695 TEST_ASSERT( signature_length > 0 );
2696
2697 /* Use the library to verify that the signature is correct. */
2698 TEST_ASSERT( psa_asymmetric_verify(
2699 slot, alg,
2700 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2701 signature, signature_length ) == PSA_SUCCESS );
2702
2703 if( input_data->len != 0 )
2704 {
2705 /* Flip a bit in the input and verify that the signature is now
2706 * detected as invalid. Flip a bit at the beginning, not at the end,
2707 * because ECDSA may ignore the last few bits of the input. */
2708 input_data->x[0] ^= 1;
2709 TEST_ASSERT( psa_asymmetric_verify(
2710 slot, alg,
2711 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2712 signature,
2713 signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
2714 }
2715
2716exit:
2717 psa_destroy_key( slot );
2718 mbedtls_free( signature );
2719 mbedtls_psa_crypto_free( );
2720}
2721/* END_CASE */
2722
2723/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2724void asymmetric_verify( int key_type_arg, data_t *key_data,
2725 int alg_arg, data_t *hash_data,
2726 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2727{
2728 int slot = 1;
2729 psa_key_type_t key_type = key_type_arg;
2730 psa_algorithm_t alg = alg_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2731 psa_key_policy_t policy;
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2732
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2733 TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
2734
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2735 TEST_ASSERT( key_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2736 TEST_ASSERT( hash_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2737 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2738 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2739 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2740 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2741
2742 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2743
2744 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2745 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2746 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2747
2748 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2749 key_data->x,
2750 key_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2751
2752 TEST_ASSERT( psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2753 hash_data->x, hash_data->len,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2754 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2755 signature_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2756exit:
2757 psa_destroy_key( slot );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2758 mbedtls_psa_crypto_free( );
2759}
2760/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2761
2762/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2763void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
2764 int alg_arg, data_t *hash_data,
2765 data_t *signature_data,
2766 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2767{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2768 int slot = 1;
2769 psa_key_type_t key_type = key_type_arg;
2770 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2771 psa_status_t actual_status;
2772 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2773 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2774
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2775 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2776 TEST_ASSERT( hash_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2777 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2778 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2779 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2780 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2781
2782 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2783
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2784 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2785 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2786 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2787
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2788 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2789 key_data->x,
2790 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2791
2792 actual_status = psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2793 hash_data->x, hash_data->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2794 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2795 signature_data->len );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2796
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2797 TEST_ASSERT( actual_status == expected_status );
2798
2799exit:
2800 psa_destroy_key( slot );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2801 mbedtls_psa_crypto_free( );
2802}
2803/* END_CASE */
2804
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2805/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2806void asymmetric_encrypt( int key_type_arg,
2807 data_t *key_data,
2808 int alg_arg,
2809 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2810 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2811 int expected_output_length_arg,
2812 int expected_status_arg )
2813{
2814 int slot = 1;
2815 psa_key_type_t key_type = key_type_arg;
2816 psa_algorithm_t alg = alg_arg;
2817 size_t expected_output_length = expected_output_length_arg;
2818 size_t key_bits;
2819 unsigned char *output = NULL;
2820 size_t output_size;
2821 size_t output_length = ~0;
2822 psa_status_t actual_status;
2823 psa_status_t expected_status = expected_status_arg;
2824 psa_key_policy_t policy;
2825
2826 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2827
2828 /* Import the key */
2829 psa_key_policy_init( &policy );
2830 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2831 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2832 TEST_ASSERT( psa_import_key( slot, key_type,
2833 key_data->x,
2834 key_data->len ) == PSA_SUCCESS );
2835
2836 /* Determine the maximum output length */
2837 TEST_ASSERT( psa_get_key_information( slot,
2838 NULL,
2839 &key_bits ) == PSA_SUCCESS );
2840 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2841 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2842
2843 /* Encrypt the input */
2844 actual_status = psa_asymmetric_encrypt( slot, alg,
2845 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2846 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2847 output, output_size,
2848 &output_length );
2849 TEST_ASSERT( actual_status == expected_status );
2850 TEST_ASSERT( output_length == expected_output_length );
2851
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2852 /* If the label is empty, the test framework puts a non-null pointer
2853 * in label->x. Test that a null pointer works as well. */
2854 if( label->len == 0 )
2855 {
2856 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]2857 if( output_size != 0 )
2858 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2859 actual_status = psa_asymmetric_encrypt( slot, alg,
2860 input_data->x, input_data->len,
2861 NULL, label->len,
2862 output, output_size,
2863 &output_length );
2864 TEST_ASSERT( actual_status == expected_status );
2865 TEST_ASSERT( output_length == expected_output_length );
2866 }
2867
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2868exit:
2869 psa_destroy_key( slot );
2870 mbedtls_free( output );
2871 mbedtls_psa_crypto_free( );
2872}
2873/* END_CASE */
2874
2875/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2876void asymmetric_encrypt_decrypt( int key_type_arg,
2877 data_t *key_data,
2878 int alg_arg,
2879 data_t *input_data,
2880 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2881{
2882 int slot = 1;
2883 psa_key_type_t key_type = key_type_arg;
2884 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2885 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2886 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2887 size_t output_size;
2888 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2889 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2890 size_t output2_size;
2891 size_t output2_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2892 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2893
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2894 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2895 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2896 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2897 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2898
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2899 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2900
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2901 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2902 psa_key_policy_set_usage( &policy,
2903 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2904 alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2905 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2906
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2907 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2908 key_data->x,
2909 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2910
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2911
2912 /* Determine the maximum ciphertext length */
2913 TEST_ASSERT( psa_get_key_information( slot,
2914 NULL,
2915 &key_bits ) == PSA_SUCCESS );
2916 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2917 ASSERT_ALLOC( output, output_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2918 output2_size = input_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2919 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2920
Gilles Peskineeebd7382018-06-08 18:11:54 +0200[diff] [blame]2921 /* We test encryption by checking that encrypt-then-decrypt gives back
2922 * the original plaintext because of the non-optional random
2923 * part of encryption process which prevents using fixed vectors. */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2924 TEST_ASSERT( psa_asymmetric_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2925 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2926 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2927 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2928 &output_length ) == PSA_SUCCESS );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2929 /* We don't know what ciphertext length to expect, but check that
2930 * it looks sensible. */
2931 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2932
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2933 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2934 output, output_length,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2935 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2936 output2, output2_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2937 &output2_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2938 ASSERT_COMPARE( input_data->x, input_data->len,
2939 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2940
2941exit:
2942 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2943 mbedtls_free( output );
2944 mbedtls_free( output2 );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2945 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2946}
2947/* END_CASE */
2948
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2949/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2950void asymmetric_decrypt( int key_type_arg,
2951 data_t *key_data,
2952 int alg_arg,
2953 data_t *input_data,
2954 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +0200[diff] [blame]2955 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2956{
2957 int slot = 1;
2958 psa_key_type_t key_type = key_type_arg;
2959 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2960 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]2961 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2962 size_t output_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2963 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2964
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2965 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2966 TEST_ASSERT( input_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2967 TEST_ASSERT( expected_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2968 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2969 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2970 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2971
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2972 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2973 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]2974
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2975 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2976
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2977 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2978 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2979 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2980
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2981 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2982 key_data->x,
2983 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2984
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2985 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2986 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2987 label->x, label->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2988 output,
2989 output_size,
2990 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2991 ASSERT_COMPARE( expected_data->x, expected_data->len,
2992 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2993
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2994 /* If the label is empty, the test framework puts a non-null pointer
2995 * in label->x. Test that a null pointer works as well. */
2996 if( label->len == 0 )
2997 {
2998 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]2999 if( output_size != 0 )
3000 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3001 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
3002 input_data->x, input_data->len,
3003 NULL, label->len,
3004 output,
3005 output_size,
3006 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3007 ASSERT_COMPARE( expected_data->x, expected_data->len,
3008 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3009 }
3010
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3011exit:
3012 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3013 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3014 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3015}
3016/* END_CASE */
3017
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3018/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3019void asymmetric_decrypt_fail( int key_type_arg,
3020 data_t *key_data,
3021 int alg_arg,
3022 data_t *input_data,
3023 data_t *label,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3024 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3025{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3026 int slot = 1;
3027 psa_key_type_t key_type = key_type_arg;
3028 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3029 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]3030 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3031 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3032 psa_status_t actual_status;
3033 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3034 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3035
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3036 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3037 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3038 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3039 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3040
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3041 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3042 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3043
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3044 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3045
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3046 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3047 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3048 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3049
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3050 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3051 key_data->x,
3052 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3053
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3054 actual_status = psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3055 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3056 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3057 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3058 &output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3059 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3060 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3061
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3062 /* If the label is empty, the test framework puts a non-null pointer
3063 * in label->x. Test that a null pointer works as well. */
3064 if( label->len == 0 )
3065 {
3066 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3067 if( output_size != 0 )
3068 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3069 actual_status = psa_asymmetric_decrypt( slot, alg,
3070 input_data->x, input_data->len,
3071 NULL, label->len,
3072 output, output_size,
3073 &output_length );
3074 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3075 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3076 }
3077
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3078exit:
3079 psa_destroy_key( slot );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3080 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3081 mbedtls_psa_crypto_free( );
3082}
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3083/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3084
3085/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]3086void derive_setup( int key_type_arg,
3087 data_t *key_data,
3088 int alg_arg,
3089 data_t *salt,
3090 data_t *label,
3091 int requested_capacity_arg,
3092 int expected_status_arg )
3093{
3094 psa_key_slot_t slot = 1;
3095 size_t key_type = key_type_arg;
3096 psa_algorithm_t alg = alg_arg;
3097 size_t requested_capacity = requested_capacity_arg;
3098 psa_status_t expected_status = expected_status_arg;
3099 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3100 psa_key_policy_t policy;
3101
3102 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3103
3104 psa_key_policy_init( &policy );
3105 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3106 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3107
3108 TEST_ASSERT( psa_import_key( slot, key_type,
3109 key_data->x,
3110 key_data->len ) == PSA_SUCCESS );
3111
3112 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3113 salt->x, salt->len,
3114 label->x, label->len,
3115 requested_capacity ) == expected_status );
3116
3117exit:
3118 psa_generator_abort( &generator );
3119 psa_destroy_key( slot );
3120 mbedtls_psa_crypto_free( );
3121}
3122/* END_CASE */
3123
3124/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3125void derive_output( int alg_arg,
3126 data_t *key_data,
3127 data_t *salt,
3128 data_t *label,
3129 int requested_capacity_arg,
3130 data_t *expected_output1,
3131 data_t *expected_output2 )
3132{
3133 psa_key_slot_t slot = 1;
3134 psa_algorithm_t alg = alg_arg;
3135 size_t requested_capacity = requested_capacity_arg;
3136 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3137 uint8_t *expected_outputs[2] =
3138 {expected_output1->x, expected_output2->x};
3139 size_t output_sizes[2] =
3140 {expected_output1->len, expected_output2->len};
3141 size_t output_buffer_size = 0;
3142 uint8_t *output_buffer = NULL;
3143 size_t expected_capacity;
3144 size_t current_capacity;
3145 psa_key_policy_t policy;
3146 psa_status_t status;
3147 unsigned i;
3148
3149 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3150 {
3151 if( output_sizes[i] > output_buffer_size )
3152 output_buffer_size = output_sizes[i];
3153 if( output_sizes[i] == 0 )
3154 expected_outputs[i] = NULL;
3155 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3156 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3157 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3158
3159 psa_key_policy_init( &policy );
3160 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3161 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3162
3163 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3164 key_data->x,
3165 key_data->len ) == PSA_SUCCESS );
3166
3167 /* Extraction phase. */
3168 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3169 salt->x, salt->len,
3170 label->x, label->len,
3171 requested_capacity ) == PSA_SUCCESS );
3172 TEST_ASSERT( psa_get_generator_capacity( &generator,
3173 &current_capacity ) ==
3174 PSA_SUCCESS );
3175 TEST_ASSERT( current_capacity == requested_capacity );
3176 expected_capacity = requested_capacity;
3177
3178 /* Expansion phase. */
3179 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3180 {
3181 /* Read some bytes. */
3182 status = psa_generator_read( &generator,
3183 output_buffer, output_sizes[i] );
3184 if( expected_capacity == 0 && output_sizes[i] == 0 )
3185 {
3186 /* Reading 0 bytes when 0 bytes are available can go either way. */
3187 TEST_ASSERT( status == PSA_SUCCESS ||
3188 status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3189 continue;
3190 }
3191 else if( expected_capacity == 0 ||
3192 output_sizes[i] > expected_capacity )
3193 {
3194 /* Capacity exceeded. */
3195 TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3196 expected_capacity = 0;
3197 continue;
3198 }
3199 /* Success. Check the read data. */
3200 TEST_ASSERT( status == PSA_SUCCESS );
3201 if( output_sizes[i] != 0 )
3202 TEST_ASSERT( memcmp( output_buffer, expected_outputs[i],
3203 output_sizes[i] ) == 0 );
3204 /* Check the generator status. */
3205 expected_capacity -= output_sizes[i];
3206 TEST_ASSERT( psa_get_generator_capacity( &generator,
3207 &current_capacity ) ==
3208 PSA_SUCCESS );
3209 TEST_ASSERT( expected_capacity == current_capacity );
3210 }
3211 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3212
3213exit:
3214 mbedtls_free( output_buffer );
3215 psa_generator_abort( &generator );
3216 psa_destroy_key( slot );
3217 mbedtls_psa_crypto_free( );
3218}
3219/* END_CASE */
3220
3221/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +0200[diff] [blame]3222void derive_full( int alg_arg,
3223 data_t *key_data,
3224 data_t *salt,
3225 data_t *label,
3226 int requested_capacity_arg )
3227{
3228 psa_key_slot_t slot = 1;
3229 psa_algorithm_t alg = alg_arg;
3230 size_t requested_capacity = requested_capacity_arg;
3231 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3232 unsigned char output_buffer[16];
3233 size_t expected_capacity = requested_capacity;
3234 size_t current_capacity;
3235 psa_key_policy_t policy;
3236
3237 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3238
3239 psa_key_policy_init( &policy );
3240 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3241 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3242
3243 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3244 key_data->x,
3245 key_data->len ) == PSA_SUCCESS );
3246
3247 /* Extraction phase. */
3248 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3249 salt->x, salt->len,
3250 label->x, label->len,
3251 requested_capacity ) == PSA_SUCCESS );
3252 TEST_ASSERT( psa_get_generator_capacity( &generator,
3253 &current_capacity ) ==
3254 PSA_SUCCESS );
3255 TEST_ASSERT( current_capacity == expected_capacity );
3256
3257 /* Expansion phase. */
3258 while( current_capacity > 0 )
3259 {
3260 size_t read_size = sizeof( output_buffer );
3261 if( read_size > current_capacity )
3262 read_size = current_capacity;
3263 TEST_ASSERT( psa_generator_read( &generator,
3264 output_buffer,
3265 read_size ) == PSA_SUCCESS );
3266 expected_capacity -= read_size;
3267 TEST_ASSERT( psa_get_generator_capacity( &generator,
3268 &current_capacity ) ==
3269 PSA_SUCCESS );
3270 TEST_ASSERT( current_capacity == expected_capacity );
3271 }
3272
3273 /* Check that the generator refuses to go over capacity. */
3274 TEST_ASSERT( psa_generator_read( &generator,
3275 output_buffer,
3276 1 ) == PSA_ERROR_INSUFFICIENT_CAPACITY );
3277
3278 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3279
3280exit:
3281 psa_generator_abort( &generator );
3282 psa_destroy_key( slot );
3283 mbedtls_psa_crypto_free( );
3284}
3285/* END_CASE */
3286
3287/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3288void derive_key_exercise( int alg_arg,
3289 data_t *key_data,
3290 data_t *salt,
3291 data_t *label,
3292 int derived_type_arg,
3293 int derived_bits_arg,
3294 int derived_usage_arg,
3295 int derived_alg_arg )
3296{
3297 psa_key_slot_t base_key = 1;
3298 psa_key_slot_t derived_key = 2;
3299 psa_algorithm_t alg = alg_arg;
3300 psa_key_type_t derived_type = derived_type_arg;
3301 size_t derived_bits = derived_bits_arg;
3302 psa_key_usage_t derived_usage = derived_usage_arg;
3303 psa_algorithm_t derived_alg = derived_alg_arg;
3304 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
3305 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3306 psa_key_policy_t policy;
3307 psa_key_type_t got_type;
3308 size_t got_bits;
3309
3310 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3311
3312 psa_key_policy_init( &policy );
3313 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3314 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3315 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3316 key_data->x,
3317 key_data->len ) == PSA_SUCCESS );
3318
3319 /* Derive a key. */
3320 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3321 salt->x, salt->len,
3322 label->x, label->len,
3323 capacity ) == PSA_SUCCESS );
3324 psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
3325 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3326 TEST_ASSERT( psa_generator_import_key( derived_key,
3327 derived_type,
3328 derived_bits,
3329 &generator ) == PSA_SUCCESS );
3330
3331 /* Test the key information */
3332 TEST_ASSERT( psa_get_key_information( derived_key,
3333 &got_type,
3334 &got_bits ) == PSA_SUCCESS );
3335 TEST_ASSERT( got_type == derived_type );
3336 TEST_ASSERT( got_bits == derived_bits );
3337
3338 /* Exercise the derived key. */
3339 if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
3340 goto exit;
3341
3342exit:
3343 psa_generator_abort( &generator );
3344 psa_destroy_key( base_key );
3345 psa_destroy_key( derived_key );
3346 mbedtls_psa_crypto_free( );
3347}
3348/* END_CASE */
3349
3350/* BEGIN_CASE */
3351void derive_key_export( int alg_arg,
3352 data_t *key_data,
3353 data_t *salt,
3354 data_t *label,
3355 int bytes1_arg,
3356 int bytes2_arg )
3357{
3358 psa_key_slot_t base_key = 1;
3359 psa_key_slot_t derived_key = 2;
3360 psa_algorithm_t alg = alg_arg;
3361 size_t bytes1 = bytes1_arg;
3362 size_t bytes2 = bytes2_arg;
3363 size_t capacity = bytes1 + bytes2;
3364 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3365 uint8_t *output_buffer = NULL;
3366 uint8_t *export_buffer = NULL;
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3367 psa_key_policy_t policy;
3368 size_t length;
3369
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3370 ASSERT_ALLOC( output_buffer, capacity );
3371 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3372 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3373
3374 psa_key_policy_init( &policy );
3375 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3376 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3377 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3378 key_data->x,
3379 key_data->len ) == PSA_SUCCESS );
3380
3381 /* Derive some material and output it. */
3382 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3383 salt->x, salt->len,
3384 label->x, label->len,
3385 capacity ) == PSA_SUCCESS );
3386 TEST_ASSERT( psa_generator_read( &generator,
3387 output_buffer,
3388 capacity ) == PSA_SUCCESS );
3389 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3390
3391 /* Derive the same output again, but this time store it in key objects. */
3392 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3393 salt->x, salt->len,
3394 label->x, label->len,
3395 capacity ) == PSA_SUCCESS );
3396 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
3397 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3398 TEST_ASSERT( psa_generator_import_key( derived_key,
3399 PSA_KEY_TYPE_RAW_DATA,
3400 PSA_BYTES_TO_BITS( bytes1 ),
3401 &generator ) == PSA_SUCCESS );
3402 TEST_ASSERT( psa_export_key( derived_key,
3403 export_buffer, bytes1,
3404 &length ) == PSA_SUCCESS );
3405 TEST_ASSERT( length == bytes1 );
3406 TEST_ASSERT( psa_destroy_key( derived_key ) == PSA_SUCCESS );
3407 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3408 TEST_ASSERT( psa_generator_import_key( derived_key,
3409 PSA_KEY_TYPE_RAW_DATA,
3410 PSA_BYTES_TO_BITS( bytes2 ),
3411 &generator ) == PSA_SUCCESS );
3412 TEST_ASSERT( psa_export_key( derived_key,
3413 export_buffer + bytes1, bytes2,
3414 &length ) == PSA_SUCCESS );
3415 TEST_ASSERT( length == bytes2 );
3416
3417 /* Compare the outputs from the two runs. */
3418 TEST_ASSERT( memcmp( output_buffer, export_buffer, capacity ) == 0 );
3419
3420exit:
3421 mbedtls_free( output_buffer );
3422 mbedtls_free( export_buffer );
3423 psa_generator_abort( &generator );
3424 psa_destroy_key( base_key );
3425 psa_destroy_key( derived_key );
3426 mbedtls_psa_crypto_free( );
3427}
3428/* END_CASE */
3429
3430/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3431void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3432{
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3433 size_t bytes = bytes_arg;
3434 const unsigned char trail[] = "don't overwrite me";
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3435 unsigned char *output = NULL;
3436 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3437 size_t i;
3438 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3439
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3440 ASSERT_ALLOC( output, bytes + sizeof( trail ) );
3441 ASSERT_ALLOC( changed, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3442 memcpy( output + bytes, trail, sizeof( trail ) );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3443
3444 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3445
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3446 /* Run several times, to ensure that every output byte will be
3447 * nonzero at least once with overwhelming probability
3448 * (2^(-8*number_of_runs)). */
3449 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3450 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3451 if( bytes != 0 )
3452 memset( output, 0, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3453 TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS );
3454
3455 /* Check that no more than bytes have been overwritten */
3456 TEST_ASSERT( memcmp( output + bytes, trail, sizeof( trail ) ) == 0 );
3457
3458 for( i = 0; i < bytes; i++ )
3459 {
3460 if( output[i] != 0 )
3461 ++changed[i];
3462 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3463 }
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3464
3465 /* Check that every byte was changed to nonzero at least once. This
3466 * validates that psa_generate_random is overwriting every byte of
3467 * the output buffer. */
3468 for( i = 0; i < bytes; i++ )
3469 {
3470 TEST_ASSERT( changed[i] != 0 );
3471 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3472
3473exit:
3474 mbedtls_psa_crypto_free( );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3475 mbedtls_free( output );
3476 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3477}
3478/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3479
3480/* BEGIN_CASE */
3481void generate_key( int type_arg,
3482 int bits_arg,
3483 int usage_arg,
3484 int alg_arg,
3485 int expected_status_arg )
3486{
3487 int slot = 1;
3488 psa_key_type_t type = type_arg;
3489 psa_key_usage_t usage = usage_arg;
3490 size_t bits = bits_arg;
3491 psa_algorithm_t alg = alg_arg;
3492 psa_status_t expected_status = expected_status_arg;
3493 psa_key_type_t got_type;
3494 size_t got_bits;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3495 psa_status_t expected_info_status =
3496 expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
3497 psa_key_policy_t policy;
3498
3499 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3500
3501 psa_key_policy_init( &policy );
3502 psa_key_policy_set_usage( &policy, usage, alg );
3503 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3504
3505 /* Generate a key */
3506 TEST_ASSERT( psa_generate_key( slot, type, bits,
3507 NULL, 0 ) == expected_status );
3508
3509 /* Test the key information */
3510 TEST_ASSERT( psa_get_key_information( slot,
3511 &got_type,
3512 &got_bits ) == expected_info_status );
3513 if( expected_info_status != PSA_SUCCESS )
3514 goto exit;
3515 TEST_ASSERT( got_type == type );
3516 TEST_ASSERT( got_bits == bits );
3517
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]3518 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]3519 if( ! exercise_key( slot, usage, alg ) )
3520 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3521
3522exit:
3523 psa_destroy_key( slot );
3524 mbedtls_psa_crypto_free( );
3525}
3526/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +0300[diff] [blame]3527
3528/* BEGIN_CASE */
3529void validate_module_init_generate_random( )
3530{
3531 psa_status_t status;
3532 uint8_t random[10] = { 0 };
3533 status = psa_generate_random( random, sizeof( random ) );
3534 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
3535}
3536/* END_CASE */
itayzafrir90d8c7a2018-09-12 11:44:52 +0300[diff] [blame]3537
3538/* BEGIN_CASE */
3539void validate_module_init_key_based( )
3540{
3541 psa_status_t status;
3542 uint8_t data[10] = { 0 };
3543 status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
3544 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
3545}
3546/* END_CASE */