TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0d1caacf55f6e34f68849f9b5ebb8f5ba2ec5ce3 / . / tests / suites / test_suite_psa_crypto.function
blob: c46da9648f8a912d5f700c0f8553fa64e8c2414b [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +0300[diff] [blame]3
4#if defined(MBEDTLS_PSA_CRYPTO_SPM)
5#include "spm/psa_defs.h"
6#endif
7
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]8#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]9#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]10#include "mbedtls/oid.h"
11
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]12#include "psa/crypto.h"
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]13
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]14#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
15
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]16#if(UINT32_MAX > SIZE_MAX)
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]17#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX )
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]18#else
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]19#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]20#endif
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]21
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]22/** An invalid export length that will never be set by psa_export_key(). */
23static const size_t INVALID_EXPORT_LENGTH = ~0U;
24
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]25/** Test if a buffer contains a constant byte value.
26 *
27 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]28 *
29 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]30 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]31 * \param size Size of the buffer in bytes.
32 *
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]33 * \return 1 if the buffer is all-bits-zero.
34 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]35 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]36static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]37{
38 size_t i;
39 for( i = 0; i < size; i++ )
40 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]41 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]42 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]43 }
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]44 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]45}
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]46
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]47/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
48static int asn1_write_10x( unsigned char **p,
49 unsigned char *start,
50 size_t bits,
51 unsigned char x )
52{
53 int ret;
54 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +0200[diff] [blame]55 if( bits == 0 )
56 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
57 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]58 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]59 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]60 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
61 *p -= len;
62 ( *p )[len-1] = x;
63 if( bits % 8 == 0 )
64 ( *p )[1] |= 1;
65 else
66 ( *p )[0] |= 1 << ( bits % 8 );
67 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
68 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
69 MBEDTLS_ASN1_INTEGER ) );
70 return( len );
71}
72
73static int construct_fake_rsa_key( unsigned char *buffer,
74 size_t buffer_size,
75 unsigned char **p,
76 size_t bits,
77 int keypair )
78{
79 size_t half_bits = ( bits + 1 ) / 2;
80 int ret;
81 int len = 0;
82 /* Construct something that looks like a DER encoding of
83 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
84 * RSAPrivateKey ::= SEQUENCE {
85 * version Version,
86 * modulus INTEGER, -- n
87 * publicExponent INTEGER, -- e
88 * privateExponent INTEGER, -- d
89 * prime1 INTEGER, -- p
90 * prime2 INTEGER, -- q
91 * exponent1 INTEGER, -- d mod (p-1)
92 * exponent2 INTEGER, -- d mod (q-1)
93 * coefficient INTEGER, -- (inverse of q) mod p
94 * otherPrimeInfos OtherPrimeInfos OPTIONAL
95 * }
96 * Or, for a public key, the same structure with only
97 * version, modulus and publicExponent.
98 */
99 *p = buffer + buffer_size;
100 if( keypair )
101 {
102 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
103 asn1_write_10x( p, buffer, half_bits, 1 ) );
104 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
105 asn1_write_10x( p, buffer, half_bits, 1 ) );
106 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
107 asn1_write_10x( p, buffer, half_bits, 1 ) );
108 MBEDTLS_ASN1_CHK_ADD( len, /* q */
109 asn1_write_10x( p, buffer, half_bits, 1 ) );
110 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
111 asn1_write_10x( p, buffer, half_bits, 3 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* d */
113 asn1_write_10x( p, buffer, bits, 1 ) );
114 }
115 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
116 asn1_write_10x( p, buffer, 17, 1 ) );
117 MBEDTLS_ASN1_CHK_ADD( len, /* n */
118 asn1_write_10x( p, buffer, bits, 1 ) );
119 if( keypair )
120 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
121 mbedtls_asn1_write_int( p, buffer, 0 ) );
122 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
123 {
124 const unsigned char tag =
125 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
126 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
127 }
128 return( len );
129}
130
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]131static int exercise_mac_key( psa_key_slot_t key,
132 psa_key_usage_t usage,
133 psa_algorithm_t alg )
134{
135 psa_mac_operation_t operation;
136 const unsigned char input[] = "foo";
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]137 unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]138 size_t mac_length = sizeof( mac );
139
140 if( usage & PSA_KEY_USAGE_SIGN )
141 {
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]142 TEST_ASSERT( psa_mac_sign_setup( &operation,
143 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]144 TEST_ASSERT( psa_mac_update( &operation,
145 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]146 TEST_ASSERT( psa_mac_sign_finish( &operation,
Gilles Peskineef0cb402018-07-12 16:55:59 +0200[diff] [blame]147 mac, sizeof( mac ),
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]148 &mac_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]149 }
150
151 if( usage & PSA_KEY_USAGE_VERIFY )
152 {
153 psa_status_t verify_status =
154 ( usage & PSA_KEY_USAGE_SIGN ?
155 PSA_SUCCESS :
156 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]157 TEST_ASSERT( psa_mac_verify_setup( &operation,
158 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]159 TEST_ASSERT( psa_mac_update( &operation,
160 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]161 TEST_ASSERT( psa_mac_verify_finish( &operation,
162 mac,
163 mac_length ) == verify_status );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]164 }
165
166 return( 1 );
167
168exit:
169 psa_mac_abort( &operation );
170 return( 0 );
171}
172
173static int exercise_cipher_key( psa_key_slot_t key,
174 psa_key_usage_t usage,
175 psa_algorithm_t alg )
176{
177 psa_cipher_operation_t operation;
178 unsigned char iv[16] = {0};
179 size_t iv_length = sizeof( iv );
180 const unsigned char plaintext[16] = "Hello, world...";
181 unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
182 size_t ciphertext_length = sizeof( ciphertext );
183 unsigned char decrypted[sizeof( ciphertext )];
184 size_t part_length;
185
186 if( usage & PSA_KEY_USAGE_ENCRYPT )
187 {
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]188 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
189 key, alg ) == PSA_SUCCESS );
190 TEST_ASSERT( psa_cipher_generate_iv( &operation,
191 iv, sizeof( iv ),
192 &iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]193 TEST_ASSERT( psa_cipher_update( &operation,
194 plaintext, sizeof( plaintext ),
195 ciphertext, sizeof( ciphertext ),
196 &ciphertext_length ) == PSA_SUCCESS );
197 TEST_ASSERT( psa_cipher_finish( &operation,
198 ciphertext + ciphertext_length,
199 sizeof( ciphertext ) - ciphertext_length,
200 &part_length ) == PSA_SUCCESS );
201 ciphertext_length += part_length;
202 }
203
204 if( usage & PSA_KEY_USAGE_DECRYPT )
205 {
206 psa_status_t status;
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]207 psa_key_type_t type = PSA_KEY_TYPE_NONE;
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]208 if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
209 {
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]210 size_t bits;
211 TEST_ASSERT( psa_get_key_information( key, &type, &bits ) );
212 iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
213 }
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]214 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
215 key, alg ) == PSA_SUCCESS );
216 TEST_ASSERT( psa_cipher_set_iv( &operation,
217 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]218 TEST_ASSERT( psa_cipher_update( &operation,
219 ciphertext, ciphertext_length,
220 decrypted, sizeof( decrypted ),
221 &part_length ) == PSA_SUCCESS );
222 status = psa_cipher_finish( &operation,
223 decrypted + part_length,
224 sizeof( decrypted ) - part_length,
225 &part_length );
226 /* For a stream cipher, all inputs are valid. For a block cipher,
227 * if the input is some aribtrary data rather than an actual
228 ciphertext, a padding error is likely. */
Mohammad AboMokh65fa0b82018-06-28 02:14:00 -0700[diff] [blame]229 if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]230 PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]231 TEST_ASSERT( status == PSA_SUCCESS );
232 else
233 TEST_ASSERT( status == PSA_SUCCESS ||
234 status == PSA_ERROR_INVALID_PADDING );
235 }
236
237 return( 1 );
238
239exit:
240 psa_cipher_abort( &operation );
241 return( 0 );
242}
243
244static int exercise_aead_key( psa_key_slot_t key,
245 psa_key_usage_t usage,
246 psa_algorithm_t alg )
247{
248 unsigned char nonce[16] = {0};
249 size_t nonce_length = sizeof( nonce );
250 unsigned char plaintext[16] = "Hello, world...";
251 unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
252 size_t ciphertext_length = sizeof( ciphertext );
253 size_t plaintext_length = sizeof( ciphertext );
254
255 if( usage & PSA_KEY_USAGE_ENCRYPT )
256 {
257 TEST_ASSERT( psa_aead_encrypt( key, alg,
258 nonce, nonce_length,
259 NULL, 0,
260 plaintext, sizeof( plaintext ),
261 ciphertext, sizeof( ciphertext ),
262 &ciphertext_length ) == PSA_SUCCESS );
263 }
264
265 if( usage & PSA_KEY_USAGE_DECRYPT )
266 {
267 psa_status_t verify_status =
268 ( usage & PSA_KEY_USAGE_ENCRYPT ?
269 PSA_SUCCESS :
270 PSA_ERROR_INVALID_SIGNATURE );
271 TEST_ASSERT( psa_aead_decrypt( key, alg,
272 nonce, nonce_length,
273 NULL, 0,
274 ciphertext, ciphertext_length,
275 plaintext, sizeof( plaintext ),
276 &plaintext_length ) == verify_status );
277 }
278
279 return( 1 );
280
281exit:
282 return( 0 );
283}
284
285static int exercise_signature_key( psa_key_slot_t key,
286 psa_key_usage_t usage,
287 psa_algorithm_t alg )
288{
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]289 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
290 size_t payload_length = 16;
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]291 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]292 size_t signature_length = sizeof( signature );
293
294 if( usage & PSA_KEY_USAGE_SIGN )
295 {
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]296 /* Some algorithms require the payload to have the size of
297 * the hash encoded in the algorithm. Use this input size
298 * even for algorithms that allow other input sizes. */
299 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
300 if( hash_alg != 0 )
301 payload_length = PSA_HASH_SIZE( hash_alg );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]302 TEST_ASSERT( psa_asymmetric_sign( key, alg,
303 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]304 signature, sizeof( signature ),
305 &signature_length ) == PSA_SUCCESS );
306 }
307
308 if( usage & PSA_KEY_USAGE_VERIFY )
309 {
310 psa_status_t verify_status =
311 ( usage & PSA_KEY_USAGE_SIGN ?
312 PSA_SUCCESS :
313 PSA_ERROR_INVALID_SIGNATURE );
314 TEST_ASSERT( psa_asymmetric_verify( key, alg,
315 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]316 signature, signature_length ) ==
317 verify_status );
318 }
319
320 return( 1 );
321
322exit:
323 return( 0 );
324}
325
326static int exercise_asymmetric_encryption_key( psa_key_slot_t key,
327 psa_key_usage_t usage,
328 psa_algorithm_t alg )
329{
330 unsigned char plaintext[256] = "Hello, world...";
331 unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
332 size_t ciphertext_length = sizeof( ciphertext );
333 size_t plaintext_length = 16;
334
335 if( usage & PSA_KEY_USAGE_ENCRYPT )
336 {
337 TEST_ASSERT(
338 psa_asymmetric_encrypt( key, alg,
339 plaintext, plaintext_length,
340 NULL, 0,
341 ciphertext, sizeof( ciphertext ),
342 &ciphertext_length ) == PSA_SUCCESS );
343 }
344
345 if( usage & PSA_KEY_USAGE_DECRYPT )
346 {
347 psa_status_t status =
348 psa_asymmetric_decrypt( key, alg,
349 ciphertext, ciphertext_length,
350 NULL, 0,
351 plaintext, sizeof( plaintext ),
352 &plaintext_length );
353 TEST_ASSERT( status == PSA_SUCCESS ||
354 ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
355 ( status == PSA_ERROR_INVALID_ARGUMENT ||
356 status == PSA_ERROR_INVALID_PADDING ) ) );
357 }
358
359 return( 1 );
360
361exit:
362 return( 0 );
363}
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]364
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]365static int exercise_key_derivation_key( psa_key_slot_t key,
366 psa_key_usage_t usage,
367 psa_algorithm_t alg )
368{
369 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
370 unsigned char label[16] = "This is a label.";
371 size_t label_length = sizeof( label );
372 unsigned char seed[16] = "abcdefghijklmnop";
373 size_t seed_length = sizeof( seed );
374 unsigned char output[1];
375
376 if( usage & PSA_KEY_USAGE_DERIVE )
377 {
378 TEST_ASSERT( psa_key_derivation( &generator,
379 key, alg,
380 label, label_length,
381 seed, seed_length,
382 sizeof( output ) ) == PSA_SUCCESS );
383 TEST_ASSERT( psa_generator_read( &generator,
384 output,
385 sizeof( output ) ) == PSA_SUCCESS );
386 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
387 }
388
389 return( 1 );
390
391exit:
392 return( 0 );
393}
394
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]395static int is_oid_of_key_type( psa_key_type_t type,
396 const uint8_t *oid, size_t oid_length )
397{
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]398 const uint8_t *expected_oid = NULL;
399 size_t expected_oid_length = 0;
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]400#if defined(MBEDTLS_RSA_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]401 if( PSA_KEY_TYPE_IS_RSA( type ) )
402 {
403 expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
404 expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
405 }
406 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]407#endif /* MBEDTLS_RSA_C */
408#if defined(MBEDTLS_ECP_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]409 if( PSA_KEY_TYPE_IS_ECC( type ) )
410 {
411 expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
412 expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
413 }
414 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]415#endif /* MBEDTLS_ECP_C */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]416 {
417 char message[40];
418 mbedtls_snprintf( message, sizeof( message ),
419 "OID not known for key type=0x%08lx",
420 (unsigned long) type );
421 test_fail( message, __LINE__, __FILE__ );
422 return( 0 );
423 }
424
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]425 ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]426 return( 1 );
427
428exit:
429 return( 0 );
430}
431
432static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
433 size_t min_bits, size_t max_bits,
434 int must_be_odd )
435{
436 size_t len;
437 size_t actual_bits;
438 unsigned char msb;
439 TEST_ASSERT( mbedtls_asn1_get_tag( p, end, &len,
440 MBEDTLS_ASN1_INTEGER ) == 0 );
441 /* Tolerate a slight departure from DER encoding:
442 * - 0 may be represented by an empty string or a 1-byte string.
443 * - The sign bit may be used as a value bit. */
444 if( ( len == 1 && ( *p )[0] == 0 ) ||
445 ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
446 {
447 ++( *p );
448 --len;
449 }
450 if( min_bits == 0 && len == 0 )
451 return( 1 );
452 msb = ( *p )[0];
453 TEST_ASSERT( msb != 0 );
454 actual_bits = 8 * ( len - 1 );
455 while( msb != 0 )
456 {
457 msb >>= 1;
458 ++actual_bits;
459 }
460 TEST_ASSERT( actual_bits >= min_bits );
461 TEST_ASSERT( actual_bits <= max_bits );
462 if( must_be_odd )
463 TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
464 *p += len;
465 return( 1 );
466exit:
467 return( 0 );
468}
469
470static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
471 size_t *len,
472 unsigned char n, unsigned char tag )
473{
474 int ret;
475 ret = mbedtls_asn1_get_tag( p, end, len,
476 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
477 MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
478 if( ret != 0 )
479 return( ret );
480 end = *p + *len;
481 ret = mbedtls_asn1_get_tag( p, end, len, tag );
482 if( ret != 0 )
483 return( ret );
484 if( *p + *len != end )
485 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
486 return( 0 );
487}
488
489static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
490 uint8_t *exported, size_t exported_length )
491{
492 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]493 TEST_ASSERT( exported_length == ( bits + 7 ) / 8 );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]494 else
495 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, bits ) );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]496
497#if defined(MBEDTLS_DES_C)
498 if( type == PSA_KEY_TYPE_DES )
499 {
500 /* Check the parity bits. */
501 unsigned i;
502 for( i = 0; i < bits / 8; i++ )
503 {
504 unsigned bit_count = 0;
505 unsigned m;
506 for( m = 1; m <= 0x100; m <<= 1 )
507 {
508 if( exported[i] & m )
509 ++bit_count;
510 }
511 TEST_ASSERT( bit_count % 2 != 0 );
512 }
513 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]514 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]515#endif
516
517#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
518 if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
519 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]520 uint8_t *p = exported;
521 uint8_t *end = exported + exported_length;
522 size_t len;
523 /* RSAPrivateKey ::= SEQUENCE {
Gilles Peskinedea46cf2018-08-21 16:12:54 +0200[diff] [blame]524 * version INTEGER, -- must be 0
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]525 * modulus INTEGER, -- n
526 * publicExponent INTEGER, -- e
527 * privateExponent INTEGER, -- d
528 * prime1 INTEGER, -- p
529 * prime2 INTEGER, -- q
530 * exponent1 INTEGER, -- d mod (p-1)
531 * exponent2 INTEGER, -- d mod (q-1)
532 * coefficient INTEGER, -- (inverse of q) mod p
533 * }
534 */
535 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
536 MBEDTLS_ASN1_SEQUENCE |
537 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
538 TEST_ASSERT( p + len == end );
539 if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) )
540 goto exit;
541 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
542 goto exit;
543 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
544 goto exit;
545 /* Require d to be at least half the size of n. */
546 if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
547 goto exit;
548 /* Require p and q to be at most half the size of n, rounded up. */
549 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
550 goto exit;
551 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
552 goto exit;
553 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
554 goto exit;
555 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
556 goto exit;
557 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
558 goto exit;
559 TEST_ASSERT( p == end );
560 }
561 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]562#endif /* MBEDTLS_RSA_C */
563
564#if defined(MBEDTLS_ECP_C)
565 if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
566 {
Gilles Peskine5b802a32018-10-29 19:21:41 +0100[diff] [blame]567 /* Just the secret value */
568 TEST_ASSERT( exported_length == PSA_BITS_TO_BYTES( bits ) );
569 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]570 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]571#endif /* MBEDTLS_ECP_C */
572
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]573 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
574 {
575 uint8_t *p = exported;
576 uint8_t *end = exported + exported_length;
577 size_t len;
578 mbedtls_asn1_buf alg;
579 mbedtls_asn1_buf params;
580 mbedtls_asn1_bitstring bitstring;
581 /* SubjectPublicKeyInfo ::= SEQUENCE {
582 * algorithm AlgorithmIdentifier,
583 * subjectPublicKey BIT STRING }
584 * AlgorithmIdentifier ::= SEQUENCE {
585 * algorithm OBJECT IDENTIFIER,
586 * parameters ANY DEFINED BY algorithm OPTIONAL }
587 */
588 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
589 MBEDTLS_ASN1_SEQUENCE |
590 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
591 TEST_ASSERT( p + len == end );
592 TEST_ASSERT( mbedtls_asn1_get_alg( &p, end, &alg, &params ) == 0 );
593 if( ! is_oid_of_key_type( type, alg.p, alg.len ) )
594 goto exit;
595 TEST_ASSERT( mbedtls_asn1_get_bitstring( &p, end, &bitstring ) == 0 );
596 TEST_ASSERT( p == end );
597 p = bitstring.p;
598#if defined(MBEDTLS_RSA_C)
599 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
600 {
601 /* RSAPublicKey ::= SEQUENCE {
602 * modulus INTEGER, -- n
603 * publicExponent INTEGER } -- e
604 */
605 TEST_ASSERT( bitstring.unused_bits == 0 );
606 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
607 MBEDTLS_ASN1_SEQUENCE |
608 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
609 TEST_ASSERT( p + len == end );
610 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
611 goto exit;
612 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
613 goto exit;
614 TEST_ASSERT( p == end );
615 }
616 else
617#endif /* MBEDTLS_RSA_C */
618#if defined(MBEDTLS_ECP_C)
619 if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
620 {
621 /* ECPoint ::= ...
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]622 * -- first 8 bits: 0x04 (uncompressed representation);
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]623 * -- then x_P as an n-bit string, big endian;
624 * -- then y_P as a n-bit string, big endian,
625 * -- where n is the order of the curve.
626 */
627 TEST_ASSERT( bitstring.unused_bits == 0 );
628 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
629 TEST_ASSERT( p[0] == 4 );
630 }
631 else
632#endif /* MBEDTLS_ECP_C */
633 {
634 char message[40];
635 mbedtls_snprintf( message, sizeof( message ),
636 "No sanity check for public key type=0x%08lx",
637 (unsigned long) type );
638 test_fail( message, __LINE__, __FILE__ );
639 return( 0 );
640 }
641 }
642 else
643
644 {
645 /* No sanity checks for other types */
646 }
647
648 return( 1 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]649
650exit:
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]651 return( 0 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]652}
653
654static int exercise_export_key( psa_key_slot_t slot,
655 psa_key_usage_t usage )
656{
657 psa_key_type_t type;
658 size_t bits;
659 uint8_t *exported = NULL;
660 size_t exported_size = 0;
661 size_t exported_length = 0;
662 int ok = 0;
663
Gilles Peskineacec7b6f2018-09-13 20:34:11 +0200[diff] [blame]664 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
665
666 if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
667 ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]668 {
669 TEST_ASSERT( psa_export_key( slot, NULL, 0, &exported_length ) ==
670 PSA_ERROR_NOT_PERMITTED );
671 return( 1 );
672 }
673
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]674 exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]675 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]676
677 TEST_ASSERT( psa_export_key( slot,
678 exported, exported_size,
679 &exported_length ) == PSA_SUCCESS );
680 ok = exported_key_sanity_check( type, bits, exported, exported_length );
681
682exit:
683 mbedtls_free( exported );
684 return( ok );
685}
686
687static int exercise_export_public_key( psa_key_slot_t slot )
688{
689 psa_key_type_t type;
690 psa_key_type_t public_type;
691 size_t bits;
692 uint8_t *exported = NULL;
693 size_t exported_size = 0;
694 size_t exported_length = 0;
695 int ok = 0;
696
697 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
698 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
699 {
700 TEST_ASSERT( psa_export_public_key( slot,
701 NULL, 0, &exported_length ) ==
702 PSA_ERROR_INVALID_ARGUMENT );
703 return( 1 );
704 }
705
706 public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
707 exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]708 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]709
710 TEST_ASSERT( psa_export_public_key( slot,
711 exported, exported_size,
712 &exported_length ) == PSA_SUCCESS );
713 ok = exported_key_sanity_check( public_type, bits,
714 exported, exported_length );
715
716exit:
717 mbedtls_free( exported );
718 return( ok );
719}
720
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]721static int exercise_key( psa_key_slot_t slot,
722 psa_key_usage_t usage,
723 psa_algorithm_t alg )
724{
725 int ok;
726 if( alg == 0 )
727 ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
728 else if( PSA_ALG_IS_MAC( alg ) )
729 ok = exercise_mac_key( slot, usage, alg );
730 else if( PSA_ALG_IS_CIPHER( alg ) )
731 ok = exercise_cipher_key( slot, usage, alg );
732 else if( PSA_ALG_IS_AEAD( alg ) )
733 ok = exercise_aead_key( slot, usage, alg );
734 else if( PSA_ALG_IS_SIGN( alg ) )
735 ok = exercise_signature_key( slot, usage, alg );
736 else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
737 ok = exercise_asymmetric_encryption_key( slot, usage, alg );
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]738 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
739 ok = exercise_key_derivation_key( slot, usage, alg );
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]740 else
741 {
742 char message[40];
743 mbedtls_snprintf( message, sizeof( message ),
744 "No code to exercise alg=0x%08lx",
745 (unsigned long) alg );
746 test_fail( message, __LINE__, __FILE__ );
747 ok = 0;
748 }
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]749
750 ok = ok && exercise_export_key( slot, usage );
751 ok = ok && exercise_export_public_key( slot );
752
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]753 return( ok );
754}
755
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]756/* END_HEADER */
757
758/* BEGIN_DEPENDENCIES
759 * depends_on:MBEDTLS_PSA_CRYPTO_C
760 * END_DEPENDENCIES
761 */
762
763/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200[diff] [blame]764void static_checks( )
765{
766 size_t max_truncated_mac_size =
767 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
768
769 /* Check that the length for a truncated MAC always fits in the algorithm
770 * encoding. The shifted mask is the maximum truncated value. The
771 * untruncated algorithm may be one byte larger. */
772 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
773}
774/* END_CASE */
775
776/* BEGIN_CASE */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]777void init_deinit( )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]778{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]779 psa_status_t status;
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]780 int i;
781 for( i = 0; i <= 1; i++ )
782 {
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]783 status = psa_crypto_init( );
784 TEST_ASSERT( status == PSA_SUCCESS );
785 status = psa_crypto_init( );
786 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]787 mbedtls_psa_crypto_free( );
788 }
789}
790/* END_CASE */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]791
792/* BEGIN_CASE */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]793void fill_slots( int max_arg )
794{
795 /* Fill all the slots until we run out of memory or out of slots,
796 * or until some limit specified in the test data for the sake of
797 * implementations with an essentially unlimited number of slots.
798 * This test assumes that available slots are numbered from 1. */
799
800 psa_key_slot_t slot;
801 psa_key_slot_t max = 0;
802 psa_key_policy_t policy;
803 uint8_t exported[sizeof( max )];
804 size_t exported_size;
805 psa_status_t status;
806
807 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
808
809 psa_key_policy_init( &policy );
810 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
811
812 for( max = 1; max <= (size_t) max_arg; max++ )
813 {
814 status = psa_set_key_policy( max, &policy );
815 /* Stop filling slots if we run out of memory or out of
816 * available slots. */
817 TEST_ASSERT( status == PSA_SUCCESS ||
818 status == PSA_ERROR_INSUFFICIENT_MEMORY ||
819 status == PSA_ERROR_INVALID_ARGUMENT );
820 if( status != PSA_SUCCESS )
821 break;
822 status = psa_import_key( max, PSA_KEY_TYPE_RAW_DATA,
823 (uint8_t*) &max, sizeof( max ) );
824 /* Since psa_set_key_policy succeeded, we know that the slot
825 * number is valid. But we may legitimately run out of memory. */
826 TEST_ASSERT( status == PSA_SUCCESS ||
827 status == PSA_ERROR_INSUFFICIENT_MEMORY );
828 if( status != PSA_SUCCESS )
829 break;
830 }
831 /* `max` is now the first slot number that wasn't filled. */
832 max -= 1;
833
834 for( slot = 1; slot <= max; slot++ )
835 {
836 TEST_ASSERT( psa_export_key( slot,
837 exported, sizeof( exported ),
838 &exported_size ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]839 ASSERT_COMPARE( &slot, sizeof( slot ), exported, exported_size );
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]840 }
841
842exit:
Gilles Peskine9a056342018-08-01 15:46:54 +0200[diff] [blame]843 /* Do not destroy the keys. mbedtls_psa_crypto_free() should do it. */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]844 mbedtls_psa_crypto_free( );
845}
846/* END_CASE */
847
848/* BEGIN_CASE */
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]849void import( data_t *data, int type, int expected_status_arg )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]850{
851 int slot = 1;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]852 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]853 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]854
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]855 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]856 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]857 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
858
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]859 status = psa_import_key( slot, type, data->x, data->len );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]860 TEST_ASSERT( status == expected_status );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]861 if( status == PSA_SUCCESS )
862 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
863
864exit:
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]865 mbedtls_psa_crypto_free( );
866}
867/* END_CASE */
868
869/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]870void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
871{
872 int slot = 1;
873 size_t bits = bits_arg;
874 psa_status_t expected_status = expected_status_arg;
875 psa_status_t status;
876 psa_key_type_t type =
877 keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
878 size_t buffer_size = /* Slight overapproximations */
879 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]880 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]881 unsigned char *p;
882 int ret;
883 size_t length;
884
885 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]886 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]887
888 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
889 bits, keypair ) ) >= 0 );
890 length = ret;
891
892 /* Try importing the key */
893 status = psa_import_key( slot, type, p, length );
894 TEST_ASSERT( status == expected_status );
895 if( status == PSA_SUCCESS )
896 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
897
898exit:
899 mbedtls_free( buffer );
900 mbedtls_psa_crypto_free( );
901}
902/* END_CASE */
903
904/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]905void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300[diff] [blame]906 int type_arg,
907 int alg_arg,
908 int usage_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]909 int expected_bits,
910 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]911 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]912 int canonical_input )
913{
914 int slot = 1;
915 int slot2 = slot + 1;
916 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]917 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]918 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]919 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]920 unsigned char *exported = NULL;
921 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]922 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]923 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]924 size_t reexported_length;
925 psa_key_type_t got_type;
926 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]927 psa_key_policy_t policy;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]928
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]929 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]930 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]931 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]932 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]933 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]934 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]935 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
936
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]937 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]938 psa_key_policy_set_usage( &policy, usage_arg, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]939 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
940
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]941 /* Import the key */
942 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]943 data->x, data->len ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]944
945 /* Test the key information */
946 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]947 &got_type,
948 &got_bits ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]949 TEST_ASSERT( got_type == type );
950 TEST_ASSERT( got_bits == (size_t) expected_bits );
951
952 /* Export the key */
953 status = psa_export_key( slot,
954 exported, export_size,
955 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]956 TEST_ASSERT( status == expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]957
958 /* The exported length must be set by psa_export_key() to a value between 0
959 * and export_size. On errors, the exported length must be 0. */
960 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
961 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
962 TEST_ASSERT( exported_length <= export_size );
963
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]964 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]965 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]966 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]967 {
968 TEST_ASSERT( exported_length == 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]969 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]970 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]971
Gilles Peskine8f609232018-08-11 01:24:55 +0200[diff] [blame]972 if( ! exercise_export_key( slot, usage_arg ) )
973 goto exit;
974
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]975 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]976 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]977 else
978 {
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]979 TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );
980
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]981 TEST_ASSERT( psa_import_key( slot2, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]982 exported,
Gilles Peskineb67f3082018-08-07 15:33:10 +0200[diff] [blame]983 exported_length ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]984 TEST_ASSERT( psa_export_key( slot2,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]985 reexported,
986 export_size,
987 &reexported_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]988 ASSERT_COMPARE( exported, exported_length,
989 reexported, reexported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]990 }
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]991 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]992
993destroy:
994 /* Destroy the key */
995 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
996 TEST_ASSERT( psa_get_key_information(
997 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
998
999exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1000 mbedtls_free( exported );
1001 mbedtls_free( reexported );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1002 mbedtls_psa_crypto_free( );
1003}
1004/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1005
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1006/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1007void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1008 int type_arg,
1009 int alg_arg,
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1010 int export_size_delta,
1011 int expected_export_status_arg,
1012 data_t *expected_public_key )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1013{
1014 int slot = 1;
1015 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1016 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1017 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1018 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1019 unsigned char *exported = NULL;
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1020 size_t export_size = expected_public_key->len + export_size_delta;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1021 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1022 psa_key_policy_t policy;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1023
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1024 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1025
1026 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1027 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1028 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1029
1030 /* Import the key */
1031 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1032 data->x, data->len ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1033
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1034 /* Export the public key */
1035 ASSERT_ALLOC( exported, export_size );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1036 status = psa_export_public_key( slot,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1037 exported, export_size,
1038 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1039 TEST_ASSERT( status == expected_export_status );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1040 if( status == PSA_SUCCESS )
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1041 {
1042 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
1043 size_t bits;
1044 TEST_ASSERT( psa_get_key_information( slot, NULL, &bits ) ==
1045 PSA_SUCCESS );
1046 TEST_ASSERT( expected_public_key->len <=
1047 PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1048 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
1049 exported, exported_length );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1050 }
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1051
1052exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1053 mbedtls_free( exported );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1054 psa_destroy_key( slot );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1055 mbedtls_psa_crypto_free( );
1056}
1057/* END_CASE */
1058
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1059/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1060void import_and_exercise_key( data_t *data,
1061 int type_arg,
1062 int bits_arg,
1063 int alg_arg )
1064{
1065 int slot = 1;
1066 psa_key_type_t type = type_arg;
1067 size_t bits = bits_arg;
1068 psa_algorithm_t alg = alg_arg;
1069 psa_key_usage_t usage =
1070 ( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ?
1071 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
1072 PSA_KEY_USAGE_VERIFY :
1073 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ) :
1074 PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
1075 PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ?
1076 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
1077 PSA_KEY_USAGE_ENCRYPT :
1078 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ) :
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1079 PSA_ALG_IS_KEY_DERIVATION( alg ) ? PSA_KEY_USAGE_DERIVE :
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1080 0 );
1081 psa_key_policy_t policy;
1082 psa_key_type_t got_type;
1083 size_t got_bits;
1084 psa_status_t status;
1085
1086 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1087
1088 psa_key_policy_init( &policy );
1089 psa_key_policy_set_usage( &policy, usage, alg );
1090 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1091
1092 /* Import the key */
1093 status = psa_import_key( slot, type, data->x, data->len );
1094 TEST_ASSERT( status == PSA_SUCCESS );
1095
1096 /* Test the key information */
1097 TEST_ASSERT( psa_get_key_information( slot,
1098 &got_type,
1099 &got_bits ) == PSA_SUCCESS );
1100 TEST_ASSERT( got_type == type );
1101 TEST_ASSERT( got_bits == bits );
1102
1103 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]1104 if( ! exercise_key( slot, usage, alg ) )
1105 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1106
1107exit:
1108 psa_destroy_key( slot );
1109 mbedtls_psa_crypto_free( );
1110}
1111/* END_CASE */
1112
1113/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1114void key_policy( int usage_arg, int alg_arg )
1115{
1116 int key_slot = 1;
1117 psa_algorithm_t alg = alg_arg;
1118 psa_key_usage_t usage = usage_arg;
1119 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
1120 unsigned char key[32] = {0};
1121 psa_key_policy_t policy_set;
1122 psa_key_policy_t policy_get;
1123
1124 memset( key, 0x2a, sizeof( key ) );
1125
1126 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1127
1128 psa_key_policy_init( &policy_set );
1129 psa_key_policy_init( &policy_get );
1130
1131 psa_key_policy_set_usage( &policy_set, usage, alg );
1132
1133 TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage );
1134 TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg );
1135 TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );
1136
1137 TEST_ASSERT( psa_import_key( key_slot, key_type,
1138 key, sizeof( key ) ) == PSA_SUCCESS );
1139
1140 TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );
1141
1142 TEST_ASSERT( policy_get.usage == policy_set.usage );
1143 TEST_ASSERT( policy_get.alg == policy_set.alg );
1144
1145exit:
1146 psa_destroy_key( key_slot );
1147 mbedtls_psa_crypto_free( );
1148}
1149/* END_CASE */
1150
1151/* BEGIN_CASE */
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1152void mac_key_policy( int policy_usage,
1153 int policy_alg,
1154 int key_type,
1155 data_t *key_data,
1156 int exercise_alg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1157{
1158 int key_slot = 1;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1159 psa_key_policy_t policy;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1160 psa_mac_operation_t operation;
1161 psa_status_t status;
1162 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1163
1164 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1165
1166 psa_key_policy_init( &policy );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1167 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1168 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1169
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1170 TEST_ASSERT( psa_import_key( key_slot, key_type,
1171 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1172
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1173 status = psa_mac_sign_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1174 if( policy_alg == exercise_alg &&
1175 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1176 TEST_ASSERT( status == PSA_SUCCESS );
1177 else
1178 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1179 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1180
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1181 memset( mac, 0, sizeof( mac ) );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1182 status = psa_mac_verify_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1183 if( policy_alg == exercise_alg &&
1184 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1185 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1186 else
1187 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1188
1189exit:
1190 psa_mac_abort( &operation );
1191 psa_destroy_key( key_slot );
1192 mbedtls_psa_crypto_free( );
1193}
1194/* END_CASE */
1195
1196/* BEGIN_CASE */
1197void cipher_key_policy( int policy_usage,
1198 int policy_alg,
1199 int key_type,
1200 data_t *key_data,
1201 int exercise_alg )
1202{
1203 int key_slot = 1;
1204 psa_key_policy_t policy;
1205 psa_cipher_operation_t operation;
1206 psa_status_t status;
1207
1208 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1209
1210 psa_key_policy_init( &policy );
1211 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1212 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1213
1214 TEST_ASSERT( psa_import_key( key_slot, key_type,
1215 key_data->x, key_data->len ) == PSA_SUCCESS );
1216
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1217 status = psa_cipher_encrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1218 if( policy_alg == exercise_alg &&
1219 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1220 TEST_ASSERT( status == PSA_SUCCESS );
1221 else
1222 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1223 psa_cipher_abort( &operation );
1224
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1225 status = psa_cipher_decrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1226 if( policy_alg == exercise_alg &&
1227 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1228 TEST_ASSERT( status == PSA_SUCCESS );
1229 else
1230 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1231
1232exit:
1233 psa_cipher_abort( &operation );
1234 psa_destroy_key( key_slot );
1235 mbedtls_psa_crypto_free( );
1236}
1237/* END_CASE */
1238
1239/* BEGIN_CASE */
1240void aead_key_policy( int policy_usage,
1241 int policy_alg,
1242 int key_type,
1243 data_t *key_data,
1244 int nonce_length_arg,
1245 int tag_length_arg,
1246 int exercise_alg )
1247{
1248 int key_slot = 1;
1249 psa_key_policy_t policy;
1250 psa_status_t status;
1251 unsigned char nonce[16] = {0};
1252 size_t nonce_length = nonce_length_arg;
1253 unsigned char tag[16];
1254 size_t tag_length = tag_length_arg;
1255 size_t output_length;
1256
1257 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
1258 TEST_ASSERT( tag_length <= sizeof( tag ) );
1259
1260 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1261
1262 psa_key_policy_init( &policy );
1263 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1264 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1265
1266 TEST_ASSERT( psa_import_key( key_slot, key_type,
1267 key_data->x, key_data->len ) == PSA_SUCCESS );
1268
1269 status = psa_aead_encrypt( key_slot, exercise_alg,
1270 nonce, nonce_length,
1271 NULL, 0,
1272 NULL, 0,
1273 tag, tag_length,
1274 &output_length );
1275 if( policy_alg == exercise_alg &&
1276 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1277 TEST_ASSERT( status == PSA_SUCCESS );
1278 else
1279 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1280
1281 memset( tag, 0, sizeof( tag ) );
1282 status = psa_aead_decrypt( key_slot, exercise_alg,
1283 nonce, nonce_length,
1284 NULL, 0,
1285 tag, tag_length,
1286 NULL, 0,
1287 &output_length );
1288 if( policy_alg == exercise_alg &&
1289 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1290 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1291 else
1292 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1293
1294exit:
1295 psa_destroy_key( key_slot );
1296 mbedtls_psa_crypto_free( );
1297}
1298/* END_CASE */
1299
1300/* BEGIN_CASE */
1301void asymmetric_encryption_key_policy( int policy_usage,
1302 int policy_alg,
1303 int key_type,
1304 data_t *key_data,
1305 int exercise_alg )
1306{
1307 int key_slot = 1;
1308 psa_key_policy_t policy;
1309 psa_status_t status;
1310 size_t key_bits;
1311 size_t buffer_length;
1312 unsigned char *buffer = NULL;
1313 size_t output_length;
1314
1315 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1316
1317 psa_key_policy_init( &policy );
1318 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1319 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1320
1321 TEST_ASSERT( psa_import_key( key_slot, key_type,
1322 key_data->x, key_data->len ) == PSA_SUCCESS );
1323
1324 TEST_ASSERT( psa_get_key_information( key_slot,
1325 NULL,
1326 &key_bits ) == PSA_SUCCESS );
1327 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1328 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1329 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1330
1331 status = psa_asymmetric_encrypt( key_slot, exercise_alg,
1332 NULL, 0,
1333 NULL, 0,
1334 buffer, buffer_length,
1335 &output_length );
1336 if( policy_alg == exercise_alg &&
1337 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1338 TEST_ASSERT( status == PSA_SUCCESS );
1339 else
1340 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1341
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]1342 if( buffer_length != 0 )
1343 memset( buffer, 0, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1344 status = psa_asymmetric_decrypt( key_slot, exercise_alg,
1345 buffer, buffer_length,
1346 NULL, 0,
1347 buffer, buffer_length,
1348 &output_length );
1349 if( policy_alg == exercise_alg &&
1350 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1351 TEST_ASSERT( status == PSA_ERROR_INVALID_PADDING );
1352 else
1353 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1354
1355exit:
1356 psa_destroy_key( key_slot );
1357 mbedtls_psa_crypto_free( );
1358 mbedtls_free( buffer );
1359}
1360/* END_CASE */
1361
1362/* BEGIN_CASE */
1363void asymmetric_signature_key_policy( int policy_usage,
1364 int policy_alg,
1365 int key_type,
1366 data_t *key_data,
1367 int exercise_alg )
1368{
1369 int key_slot = 1;
1370 psa_key_policy_t policy;
1371 psa_status_t status;
1372 unsigned char payload[16] = {1};
1373 size_t payload_length = sizeof( payload );
1374 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
1375 size_t signature_length;
1376
1377 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1378
1379 psa_key_policy_init( &policy );
1380 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1381 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1382
1383 TEST_ASSERT( psa_import_key( key_slot, key_type,
1384 key_data->x, key_data->len ) == PSA_SUCCESS );
1385
1386 status = psa_asymmetric_sign( key_slot, exercise_alg,
1387 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1388 signature, sizeof( signature ),
1389 &signature_length );
1390 if( policy_alg == exercise_alg &&
1391 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1392 TEST_ASSERT( status == PSA_SUCCESS );
1393 else
1394 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1395
1396 memset( signature, 0, sizeof( signature ) );
1397 status = psa_asymmetric_verify( key_slot, exercise_alg,
1398 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1399 signature, sizeof( signature ) );
1400 if( policy_alg == exercise_alg &&
1401 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1402 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1403 else
1404 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1405
1406exit:
1407 psa_destroy_key( key_slot );
1408 mbedtls_psa_crypto_free( );
1409}
1410/* END_CASE */
1411
1412/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1413void derive_key_policy( int policy_usage,
1414 int policy_alg,
1415 int key_type,
1416 data_t *key_data,
1417 int exercise_alg )
1418{
1419 int key_slot = 1;
1420 psa_key_policy_t policy;
1421 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1422 psa_status_t status;
1423
1424 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1425
1426 psa_key_policy_init( &policy );
1427 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1428 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1429
1430 TEST_ASSERT( psa_import_key( key_slot, key_type,
1431 key_data->x, key_data->len ) == PSA_SUCCESS );
1432
1433 status = psa_key_derivation( &generator, key_slot,
1434 exercise_alg,
1435 NULL, 0,
1436 NULL, 0,
1437 1 );
1438 if( policy_alg == exercise_alg &&
1439 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1440 TEST_ASSERT( status == PSA_SUCCESS );
1441 else
1442 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1443
1444exit:
1445 psa_generator_abort( &generator );
1446 psa_destroy_key( key_slot );
1447 mbedtls_psa_crypto_free( );
1448}
1449/* END_CASE */
1450
1451/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1452void key_lifetime( int lifetime_arg )
1453{
1454 int key_slot = 1;
Gilles Peskinec32f0302018-08-10 16:02:11 +0200[diff] [blame]1455 psa_key_type_t key_type = PSA_KEY_TYPE_RAW_DATA;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1456 unsigned char key[32] = {0};
1457 psa_key_lifetime_t lifetime_set = lifetime_arg;
1458 psa_key_lifetime_t lifetime_get;
1459
1460 memset( key, 0x2a, sizeof( key ) );
1461
1462 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1463
1464 TEST_ASSERT( psa_set_key_lifetime( key_slot,
1465 lifetime_set ) == PSA_SUCCESS );
1466
1467 TEST_ASSERT( psa_import_key( key_slot, key_type,
1468 key, sizeof( key ) ) == PSA_SUCCESS );
1469
1470 TEST_ASSERT( psa_get_key_lifetime( key_slot,
1471 &lifetime_get ) == PSA_SUCCESS );
1472
1473 TEST_ASSERT( lifetime_get == lifetime_set );
1474
1475exit:
1476 psa_destroy_key( key_slot );
1477 mbedtls_psa_crypto_free( );
1478}
1479/* END_CASE */
1480
1481/* BEGIN_CASE */
1482void key_lifetime_set_fail( int key_slot_arg,
1483 int lifetime_arg,
1484 int expected_status_arg )
1485{
1486 psa_key_slot_t key_slot = key_slot_arg;
1487 psa_key_lifetime_t lifetime_set = lifetime_arg;
1488 psa_status_t actual_status;
1489 psa_status_t expected_status = expected_status_arg;
1490
1491 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1492
1493 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1494
1495 if( actual_status == PSA_SUCCESS )
1496 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1497
1498 TEST_ASSERT( expected_status == actual_status );
1499
1500exit:
1501 psa_destroy_key( key_slot );
1502 mbedtls_psa_crypto_free( );
1503}
1504/* END_CASE */
1505
1506/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1507void hash_setup( int alg_arg,
1508 int expected_status_arg )
1509{
1510 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1511 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1512 psa_hash_operation_t operation;
1513 psa_status_t status;
1514
1515 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1516
Gilles Peskineda8191d1c2018-07-08 19:46:38 +0200[diff] [blame]1517 status = psa_hash_setup( &operation, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1518 psa_hash_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1519 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1520
1521exit:
1522 mbedtls_psa_crypto_free( );
1523}
1524/* END_CASE */
1525
1526/* BEGIN_CASE */
itayzafrirf86548d2018-11-01 10:44:32 +0200[diff] [blame]1527void hash_bad_order( )
1528{
1529 unsigned char input[] = "";
1530 /* SHA-256 hash of an empty string */
1531 unsigned char hash[] = {
1532 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1533 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1534 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
1535 size_t hash_len;
1536 psa_hash_operation_t operation;
1537
1538 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1539
1540 /* psa_hash_update without calling psa_hash_setup beforehand */
1541 memset( &operation, 0, sizeof( operation ) );
1542 TEST_ASSERT( psa_hash_update( &operation,
1543 input, sizeof( input ) ) ==
1544 PSA_ERROR_INVALID_ARGUMENT );
1545
1546 /* psa_hash_verify without calling psa_hash_setup beforehand */
1547 memset( &operation, 0, sizeof( operation ) );
1548 TEST_ASSERT( psa_hash_verify( &operation,
1549 hash, sizeof( hash ) ) ==
1550 PSA_ERROR_INVALID_ARGUMENT );
1551
1552 /* psa_hash_finish without calling psa_hash_setup beforehand */
1553 memset( &operation, 0, sizeof( operation ) );
1554 TEST_ASSERT( psa_hash_finish( &operation,
1555 hash, sizeof( hash ), &hash_len ) ==
1556 PSA_ERROR_INVALID_ARGUMENT );
1557
1558exit:
1559 mbedtls_psa_crypto_free( );
1560}
1561/* END_CASE */
1562
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1563/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1564void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1565{
1566 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1567 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1568 * appended to it */
1569 unsigned char hash[] = {
1570 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1571 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1572 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1573 size_t expected_size = PSA_HASH_SIZE( alg );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1574 psa_hash_operation_t operation;
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1575
1576 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1577
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1578 /* psa_hash_verify with a smaller hash than expected */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1579 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1580 TEST_ASSERT( psa_hash_verify( &operation,
1581 hash, expected_size - 1 ) ==
1582 PSA_ERROR_INVALID_SIGNATURE );
1583
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1584 /* psa_hash_verify with a non-matching hash */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1585 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1586 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1587 hash + 1, expected_size ) ==
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1588 PSA_ERROR_INVALID_SIGNATURE );
1589
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1590 /* psa_hash_verify with a hash longer than expected */
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1591 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1592 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1593 hash, sizeof( hash ) ) ==
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1594 PSA_ERROR_INVALID_SIGNATURE );
1595
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1596exit:
1597 mbedtls_psa_crypto_free( );
1598}
1599/* END_CASE */
1600
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1601/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1602void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1603{
1604 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1605 unsigned char hash[PSA_HASH_MAX_SIZE];
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1606 size_t expected_size = PSA_HASH_SIZE( alg );
1607 psa_hash_operation_t operation;
1608 size_t hash_len;
1609
1610 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1611
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1612 /* psa_hash_finish with a smaller hash buffer than expected */
1613 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1614 TEST_ASSERT( psa_hash_finish( &operation,
1615 hash, expected_size - 1,
1616 &hash_len ) == PSA_ERROR_BUFFER_TOO_SMALL );
1617
1618exit:
1619 mbedtls_psa_crypto_free( );
1620}
1621/* END_CASE */
1622
1623/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1624void mac_setup( int key_type_arg,
1625 data_t *key,
1626 int alg_arg,
1627 int expected_status_arg )
1628{
1629 int key_slot = 1;
1630 psa_key_type_t key_type = key_type_arg;
1631 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1632 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1633 psa_mac_operation_t operation;
1634 psa_key_policy_t policy;
1635 psa_status_t status;
1636
1637 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1638
1639 psa_key_policy_init( &policy );
1640 psa_key_policy_set_usage( &policy,
1641 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
1642 alg );
1643 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1644
1645 TEST_ASSERT( psa_import_key( key_slot, key_type,
1646 key->x, key->len ) == PSA_SUCCESS );
1647
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1648 status = psa_mac_sign_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1649 psa_mac_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1650 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1651
1652exit:
1653 psa_destroy_key( key_slot );
1654 mbedtls_psa_crypto_free( );
1655}
1656/* END_CASE */
1657
1658/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1659void mac_sign( int key_type_arg,
1660 data_t *key,
1661 int alg_arg,
1662 data_t *input,
1663 data_t *expected_mac )
1664{
1665 int key_slot = 1;
1666 psa_key_type_t key_type = key_type_arg;
1667 psa_algorithm_t alg = alg_arg;
1668 psa_mac_operation_t operation;
1669 psa_key_policy_t policy;
1670 /* Leave a little extra room in the output buffer. At the end of the
1671 * test, we'll check that the implementation didn't overwrite onto
1672 * this extra room. */
1673 uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10];
1674 size_t mac_buffer_size =
1675 PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
1676 size_t mac_length = 0;
1677
1678 memset( actual_mac, '+', sizeof( actual_mac ) );
1679 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
1680 TEST_ASSERT( expected_mac->len <= mac_buffer_size );
1681
1682 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1683
1684 psa_key_policy_init( &policy );
1685 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
1686 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1687
1688 TEST_ASSERT( psa_import_key( key_slot, key_type,
1689 key->x, key->len ) == PSA_SUCCESS );
1690
1691 /* Calculate the MAC. */
1692 TEST_ASSERT( psa_mac_sign_setup( &operation,
1693 key_slot, alg ) == PSA_SUCCESS );
1694 TEST_ASSERT( psa_mac_update( &operation,
1695 input->x, input->len ) == PSA_SUCCESS );
1696 TEST_ASSERT( psa_mac_sign_finish( &operation,
1697 actual_mac, mac_buffer_size,
1698 &mac_length ) == PSA_SUCCESS );
1699
1700 /* Compare with the expected value. */
1701 TEST_ASSERT( mac_length == expected_mac->len );
1702 TEST_ASSERT( memcmp( actual_mac, expected_mac->x, mac_length ) == 0 );
1703
1704 /* Verify that the end of the buffer is untouched. */
1705 TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+',
1706 sizeof( actual_mac ) - mac_length ) );
1707
1708exit:
1709 psa_destroy_key( key_slot );
1710 mbedtls_psa_crypto_free( );
1711}
1712/* END_CASE */
1713
1714/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]1715void mac_verify( int key_type_arg,
1716 data_t *key,
1717 int alg_arg,
1718 data_t *input,
1719 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1720{
1721 int key_slot = 1;
1722 psa_key_type_t key_type = key_type_arg;
1723 psa_algorithm_t alg = alg_arg;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1724 psa_mac_operation_t operation;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1725 psa_key_policy_t policy;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1726
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]1727 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
1728
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1729 TEST_ASSERT( key != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1730 TEST_ASSERT( input != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1731 TEST_ASSERT( expected_mac != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1732 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1733 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1734 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1735
1736 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1737
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1738 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1739 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1740 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1741
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1742 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1743 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]1744
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1745 TEST_ASSERT( psa_mac_verify_setup( &operation,
1746 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1747 TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
1748 TEST_ASSERT( psa_mac_update( &operation,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1749 input->x, input->len ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]1750 TEST_ASSERT( psa_mac_verify_finish( &operation,
1751 expected_mac->x,
1752 expected_mac->len ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1753
1754exit:
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1755 psa_destroy_key( key_slot );
1756 mbedtls_psa_crypto_free( );
1757}
1758/* END_CASE */
1759
1760/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1761void cipher_setup( int key_type_arg,
1762 data_t *key,
1763 int alg_arg,
1764 int expected_status_arg )
1765{
1766 int key_slot = 1;
1767 psa_key_type_t key_type = key_type_arg;
1768 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1769 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1770 psa_cipher_operation_t operation;
1771 psa_key_policy_t policy;
1772 psa_status_t status;
1773
1774 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1775
1776 psa_key_policy_init( &policy );
1777 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1778 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1779
1780 TEST_ASSERT( psa_import_key( key_slot, key_type,
1781 key->x, key->len ) == PSA_SUCCESS );
1782
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1783 status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1784 psa_cipher_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1785 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1786
1787exit:
1788 psa_destroy_key( key_slot );
1789 mbedtls_psa_crypto_free( );
1790}
1791/* END_CASE */
1792
1793/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1794void cipher_encrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1795 data_t *key,
1796 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1797 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1798{
1799 int key_slot = 1;
1800 psa_status_t status;
1801 psa_key_type_t key_type = key_type_arg;
1802 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1803 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1804 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1805 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1806 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1807 size_t output_buffer_size = 0;
1808 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1809 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1810 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1811 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1812
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1813 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1814 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1815 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1816 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1817 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1818 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1819
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1820 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1821 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1822
1823 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1824
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1825 psa_key_policy_init( &policy );
1826 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1827 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1828
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1829 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1830 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1831
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1832 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
1833 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1834
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1835 TEST_ASSERT( psa_cipher_set_iv( &operation,
1836 iv, iv_size ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1837 output_buffer_size = (size_t) input->len +
1838 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1839 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1840
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1841 TEST_ASSERT( psa_cipher_update( &operation,
1842 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1843 output, output_buffer_size,
1844 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1845 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1846 status = psa_cipher_finish( &operation,
1847 output + function_output_length,
1848 output_buffer_size,
1849 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1850 total_output_length += function_output_length;
1851
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1852 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1853 if( expected_status == PSA_SUCCESS )
1854 {
1855 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1856 ASSERT_COMPARE( expected_output->x, expected_output->len,
1857 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1858 }
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1859
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1860exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1861 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1862 psa_destroy_key( key_slot );
1863 mbedtls_psa_crypto_free( );
1864}
1865/* END_CASE */
1866
1867/* BEGIN_CASE */
1868void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1869 data_t *key,
1870 data_t *input,
1871 int first_part_size,
1872 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1873{
1874 int key_slot = 1;
1875 psa_key_type_t key_type = key_type_arg;
1876 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1877 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1878 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1879 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1880 size_t output_buffer_size = 0;
1881 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1882 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1883 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1884 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1885
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1886 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1887 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1888 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1889 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1890 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1891 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1892
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1893 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1894 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1895
1896 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1897
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1898 psa_key_policy_init( &policy );
1899 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1900 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1901
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1902 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1903 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1904
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1905 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
1906 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1907
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1908 TEST_ASSERT( psa_cipher_set_iv( &operation,
1909 iv, sizeof( iv ) ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1910 output_buffer_size = (size_t) input->len +
1911 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1912 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1913
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1914 TEST_ASSERT( (unsigned int) first_part_size < input->len );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1915 TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1916 output, output_buffer_size,
1917 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1918 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1919 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1920 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1921 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1922 output, output_buffer_size,
1923 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1924 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1925 TEST_ASSERT( psa_cipher_finish( &operation,
1926 output + function_output_length,
1927 output_buffer_size,
1928 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1929 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1930 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
1931
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1932 ASSERT_COMPARE( expected_output->x, expected_output->len,
1933 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1934
1935exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1936 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1937 psa_destroy_key( key_slot );
1938 mbedtls_psa_crypto_free( );
1939}
1940/* END_CASE */
1941
1942/* BEGIN_CASE */
1943void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1944 data_t *key,
1945 data_t *input,
1946 int first_part_size,
1947 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1948{
1949 int key_slot = 1;
1950
1951 psa_key_type_t key_type = key_type_arg;
1952 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1953 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1954 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1955 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1956 size_t output_buffer_size = 0;
1957 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1958 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1959 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1960 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1961
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1962 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1963 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1964 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1965 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1966 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1967 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1968
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1969 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1970 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1971
1972 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1973
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1974 psa_key_policy_init( &policy );
1975 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
1976 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1977
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1978 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1979 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1980
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1981 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
1982 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1983
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1984 TEST_ASSERT( psa_cipher_set_iv( &operation,
1985 iv, sizeof( iv ) ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1986
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1987 output_buffer_size = (size_t) input->len +
1988 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1989 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1990
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1991 TEST_ASSERT( (unsigned int) first_part_size < input->len );
1992 TEST_ASSERT( psa_cipher_update( &operation,
1993 input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1994 output, output_buffer_size,
1995 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1996 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1997 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1998 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1999 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2000 output, output_buffer_size,
2001 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2002 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2003 TEST_ASSERT( psa_cipher_finish( &operation,
2004 output + function_output_length,
2005 output_buffer_size,
2006 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2007 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2008 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2009
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2010 ASSERT_COMPARE( expected_output->x, expected_output->len,
2011 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2012
2013exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2014 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2015 psa_destroy_key( key_slot );
2016 mbedtls_psa_crypto_free( );
2017}
2018/* END_CASE */
2019
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2020/* BEGIN_CASE */
2021void cipher_decrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2022 data_t *key,
2023 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2024 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2025{
2026 int key_slot = 1;
2027 psa_status_t status;
2028 psa_key_type_t key_type = key_type_arg;
2029 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2030 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2031 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2032 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2033 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2034 size_t output_buffer_size = 0;
2035 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2036 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2037 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2038 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2039
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2040 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2041 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2042 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2043 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2044 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2045 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2046
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2047 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2048 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2049
2050 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2051
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2052 psa_key_policy_init( &policy );
2053 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2054 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2055
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2056 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2057 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2058
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2059 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2060 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2061
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2062 TEST_ASSERT( psa_cipher_set_iv( &operation,
2063 iv, iv_size ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2064
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2065 output_buffer_size = (size_t) input->len +
2066 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2067 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2068
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2069 TEST_ASSERT( psa_cipher_update( &operation,
2070 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2071 output, output_buffer_size,
2072 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2073 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2074 status = psa_cipher_finish( &operation,
2075 output + function_output_length,
2076 output_buffer_size,
2077 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2078 total_output_length += function_output_length;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2079 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2080
2081 if( expected_status == PSA_SUCCESS )
2082 {
2083 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2084 ASSERT_COMPARE( expected_output->x, expected_output->len,
2085 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2086 }
2087
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2088exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2089 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2090 psa_destroy_key( key_slot );
2091 mbedtls_psa_crypto_free( );
2092}
2093/* END_CASE */
2094
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2095/* BEGIN_CASE */
2096void cipher_verify_output( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2097 data_t *key,
2098 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2099{
2100 int key_slot = 1;
2101 psa_key_type_t key_type = key_type_arg;
2102 psa_algorithm_t alg = alg_arg;
mohammad1603e6b67a12018-03-12 10:38:49 -0700[diff] [blame]2103 unsigned char iv[16] = {0};
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2104 size_t iv_size = 16;
2105 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2106 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2107 size_t output1_size = 0;
2108 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2109 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2110 size_t output2_size = 0;
2111 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2112 size_t function_output_length = 0;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2113 psa_cipher_operation_t operation1;
2114 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2115 psa_key_policy_t policy;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2116
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2117 TEST_ASSERT( key != NULL );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2118 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2119 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2120 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2121
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2122 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2123
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2124 psa_key_policy_init( &policy );
2125 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2126 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2127
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2128 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2129 key->x, key->len ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2130
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2131 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2132 key_slot, alg ) == PSA_SUCCESS );
2133 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2134 key_slot, alg ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2135
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2136 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2137 iv, iv_size,
2138 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2139 output1_size = (size_t) input->len +
2140 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2141 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2142
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2143 TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2144 output1, output1_size,
2145 &output1_length ) == PSA_SUCCESS );
2146 TEST_ASSERT( psa_cipher_finish( &operation1,
2147 output1 + output1_length, output1_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2148 &function_output_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2149
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2150 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2151
2152 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2153
2154 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2155 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2156
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2157 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2158 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2159 TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
2160 output2, output2_size,
2161 &output2_length ) == PSA_SUCCESS );
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2162 function_output_length = 0;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2163 TEST_ASSERT( psa_cipher_finish( &operation2,
2164 output2 + output2_length,
2165 output2_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2166 &function_output_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2167
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2168 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2169
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2170 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2171
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2172 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2173
2174exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2175 mbedtls_free( output1 );
2176 mbedtls_free( output2 );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2177 psa_destroy_key( key_slot );
2178 mbedtls_psa_crypto_free( );
2179}
2180/* END_CASE */
2181
2182/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2183void cipher_verify_output_multipart( int alg_arg,
2184 int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2185 data_t *key,
2186 data_t *input,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2187 int first_part_size )
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2188{
2189 int key_slot = 1;
2190 psa_key_type_t key_type = key_type_arg;
2191 psa_algorithm_t alg = alg_arg;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2192 unsigned char iv[16] = {0};
2193 size_t iv_size = 16;
2194 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2195 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2196 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2197 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2198 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2199 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2200 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2201 size_t function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2202 psa_cipher_operation_t operation1;
2203 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2204 psa_key_policy_t policy;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2205
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2206 TEST_ASSERT( key != NULL );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2207 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2208 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2209 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2210
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2211 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2212
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2213 psa_key_policy_init( &policy );
2214 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2215 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2216
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2217 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2218 key->x, key->len ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2219
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2220 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2221 key_slot, alg ) == PSA_SUCCESS );
2222 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2223 key_slot, alg ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2224
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2225 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2226 iv, iv_size,
2227 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2228 output1_buffer_size = (size_t) input->len +
2229 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2230 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2231
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2232 TEST_ASSERT( (unsigned int) first_part_size < input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2233
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2234 TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2235 output1, output1_buffer_size,
2236 &function_output_length ) == PSA_SUCCESS );
2237 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2238
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2239 TEST_ASSERT( psa_cipher_update( &operation1,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2240 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2241 input->len - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2242 output1, output1_buffer_size,
2243 &function_output_length ) == PSA_SUCCESS );
2244 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2245
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2246 TEST_ASSERT( psa_cipher_finish( &operation1,
2247 output1 + output1_length,
2248 output1_buffer_size - output1_length,
2249 &function_output_length ) == PSA_SUCCESS );
2250 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2251
2252 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2253
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2254 output2_buffer_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2255 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2256
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2257 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2258 iv, iv_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2259
2260 TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2261 output2, output2_buffer_size,
2262 &function_output_length ) == PSA_SUCCESS );
2263 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2264
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2265 TEST_ASSERT( psa_cipher_update( &operation2,
2266 output1 + first_part_size,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2267 output1_length - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2268 output2, output2_buffer_size,
2269 &function_output_length ) == PSA_SUCCESS );
2270 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2271
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2272 TEST_ASSERT( psa_cipher_finish( &operation2,
2273 output2 + output2_length,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2274 output2_buffer_size - output2_length,
2275 &function_output_length ) == PSA_SUCCESS );
2276 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2277
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2278 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2279
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2280 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2281
2282exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2283 mbedtls_free( output1 );
2284 mbedtls_free( output2 );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2285 psa_destroy_key( key_slot );
2286 mbedtls_psa_crypto_free( );
2287}
2288/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +0200[diff] [blame]2289
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2290/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2291void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2292 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2293 data_t *nonce,
2294 data_t *additional_data,
2295 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2296 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2297{
2298 int slot = 1;
2299 psa_key_type_t key_type = key_type_arg;
2300 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2301 unsigned char *output_data = NULL;
2302 size_t output_size = 0;
2303 size_t output_length = 0;
2304 unsigned char *output_data2 = NULL;
2305 size_t output_length2 = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2306 size_t tag_length = 16;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2307 psa_status_t expected_result = expected_result_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2308 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2309
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2310 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2311 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2312 TEST_ASSERT( nonce != NULL );
2313 TEST_ASSERT( additional_data != NULL );
2314 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2315 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2316 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2317 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2318
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2319 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2320 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2321
2322 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2323
2324 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2325 psa_key_policy_set_usage( &policy,
2326 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
2327 alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2328 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2329
2330 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2331 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2332
2333 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2334 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2335 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2336 additional_data->len,
2337 input_data->x, input_data->len,
2338 output_data, output_size,
2339 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2340
2341 if( PSA_SUCCESS == expected_result )
2342 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2343 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2344
2345 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2346 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2347 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2348 additional_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2349 output_data, output_length,
2350 output_data2, output_length,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2351 &output_length2 ) == expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2352
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2353 ASSERT_COMPARE( input_data->x, input_data->len,
2354 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2355 }
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2356
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2357exit:
2358 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2359 mbedtls_free( output_data );
2360 mbedtls_free( output_data2 );
2361 mbedtls_psa_crypto_free( );
2362}
2363/* END_CASE */
2364
2365/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2366void aead_encrypt( int key_type_arg, data_t *key_data,
2367 int alg_arg,
2368 data_t *nonce,
2369 data_t *additional_data,
2370 data_t *input_data,
2371 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2372{
2373 int slot = 1;
2374 psa_key_type_t key_type = key_type_arg;
2375 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2376 unsigned char *output_data = NULL;
2377 size_t output_size = 0;
2378 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2379 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2380 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2381
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2382 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2383 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2384 TEST_ASSERT( additional_data != NULL );
2385 TEST_ASSERT( nonce != NULL );
2386 TEST_ASSERT( expected_result != NULL );
2387 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2388 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2389 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2390 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2391 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) );
2392
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2393 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2394 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2395
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2396 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2397
2398 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2399 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2400 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2401
2402 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2403 key_data->x,
2404 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2405
2406 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2407 nonce->x, nonce->len,
2408 additional_data->x, additional_data->len,
2409 input_data->x, input_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2410 output_data, output_size,
2411 &output_length ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2412
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2413 ASSERT_COMPARE( expected_result->x, expected_result->len,
2414 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2415
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2416exit:
2417 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2418 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2419 mbedtls_psa_crypto_free( );
2420}
2421/* END_CASE */
2422
2423/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2424void aead_decrypt( int key_type_arg, data_t *key_data,
2425 int alg_arg,
2426 data_t *nonce,
2427 data_t *additional_data,
2428 data_t *input_data,
2429 data_t *expected_data,
2430 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2431{
2432 int slot = 1;
2433 psa_key_type_t key_type = key_type_arg;
2434 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2435 unsigned char *output_data = NULL;
2436 size_t output_size = 0;
2437 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2438 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2439 psa_key_policy_t policy;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2440 psa_status_t expected_result = expected_result_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2441
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2442 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2443 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2444 TEST_ASSERT( additional_data != NULL );
2445 TEST_ASSERT( nonce != NULL );
2446 TEST_ASSERT( expected_data != NULL );
2447 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2448 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2449 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2450 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2451 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2452
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2453 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2454 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2455
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2456 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2457
2458 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2459 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2460 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2461
2462 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2463 key_data->x,
2464 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2465
2466 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2467 nonce->x, nonce->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2468 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2469 additional_data->len,
2470 input_data->x, input_data->len,
2471 output_data, output_size,
2472 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2473
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2474 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2475 ASSERT_COMPARE( expected_data->x, expected_data->len,
2476 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2477
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2478exit:
2479 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2480 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2481 mbedtls_psa_crypto_free( );
2482}
2483/* END_CASE */
2484
2485/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2486void signature_size( int type_arg,
2487 int bits,
2488 int alg_arg,
2489 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2490{
2491 psa_key_type_t type = type_arg;
2492 psa_algorithm_t alg = alg_arg;
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2493 size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2494 TEST_ASSERT( actual_size == (size_t) expected_size_arg );
2495exit:
2496 ;
2497}
2498/* END_CASE */
2499
2500/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2501void sign_deterministic( int key_type_arg, data_t *key_data,
2502 int alg_arg, data_t *input_data,
2503 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2504{
2505 int slot = 1;
2506 psa_key_type_t key_type = key_type_arg;
2507 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2508 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2509 unsigned char *signature = NULL;
2510 size_t signature_size;
2511 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2512 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2513
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2514 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2515 TEST_ASSERT( input_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2516 TEST_ASSERT( output_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2517 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2518 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2519 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2520
2521 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2522
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2523 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2524 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2525 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2526
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2527 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2528 key_data->x,
2529 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2530 TEST_ASSERT( psa_get_key_information( slot,
2531 NULL,
2532 &key_bits ) == PSA_SUCCESS );
2533
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2534 /* Allocate a buffer which has the size advertized by the
2535 * library. */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2536 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2537 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2538 TEST_ASSERT( signature_size != 0 );
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2539 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2540 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2541
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2542 /* Perform the signature. */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2543 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2544 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2545 signature, signature_size,
2546 &signature_length ) == PSA_SUCCESS );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2547 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2548 ASSERT_COMPARE( output_data->x, output_data->len,
2549 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2550
2551exit:
2552 psa_destroy_key( slot );
Gilles Peskine0189e752018-02-03 23:57:22 +0100[diff] [blame]2553 mbedtls_free( signature );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2554 mbedtls_psa_crypto_free( );
2555}
2556/* END_CASE */
2557
2558/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2559void sign_fail( int key_type_arg, data_t *key_data,
2560 int alg_arg, data_t *input_data,
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2561 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2562{
2563 int slot = 1;
2564 psa_key_type_t key_type = key_type_arg;
2565 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2566 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2567 psa_status_t actual_status;
2568 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +0100[diff] [blame]2569 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]2570 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2571 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2572
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2573 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2574 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2575 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2576 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2577
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2578 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2579
2580 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2581
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2582 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2583 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2584 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2585
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2586 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2587 key_data->x,
2588 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2589
2590 actual_status = psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2591 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2592 signature, signature_size,
2593 &signature_length );
2594 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2595 /* The value of *signature_length is unspecified on error, but
2596 * whatever it is, it should be less than signature_size, so that
2597 * if the caller tries to read *signature_length bytes without
2598 * checking the error code then they don't overflow a buffer. */
2599 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2600
2601exit:
2602 psa_destroy_key( slot );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2603 mbedtls_free( signature );
2604 mbedtls_psa_crypto_free( );
2605}
2606/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]2607
2608/* BEGIN_CASE */
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2609void sign_verify( int key_type_arg, data_t *key_data,
2610 int alg_arg, data_t *input_data )
2611{
2612 int slot = 1;
2613 psa_key_type_t key_type = key_type_arg;
2614 psa_algorithm_t alg = alg_arg;
2615 size_t key_bits;
2616 unsigned char *signature = NULL;
2617 size_t signature_size;
2618 size_t signature_length = 0xdeadbeef;
2619 psa_key_policy_t policy;
2620
2621 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2622
2623 psa_key_policy_init( &policy );
2624 psa_key_policy_set_usage( &policy,
2625 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
2626 alg );
2627 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2628
2629 TEST_ASSERT( psa_import_key( slot, key_type,
2630 key_data->x,
2631 key_data->len ) == PSA_SUCCESS );
2632 TEST_ASSERT( psa_get_key_information( slot,
2633 NULL,
2634 &key_bits ) == PSA_SUCCESS );
2635
2636 /* Allocate a buffer which has the size advertized by the
2637 * library. */
2638 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2639 key_bits, alg );
2640 TEST_ASSERT( signature_size != 0 );
2641 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2642 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2643
2644 /* Perform the signature. */
2645 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
2646 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2647 signature, signature_size,
2648 &signature_length ) == PSA_SUCCESS );
2649 /* Check that the signature length looks sensible. */
2650 TEST_ASSERT( signature_length <= signature_size );
2651 TEST_ASSERT( signature_length > 0 );
2652
2653 /* Use the library to verify that the signature is correct. */
2654 TEST_ASSERT( psa_asymmetric_verify(
2655 slot, alg,
2656 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2657 signature, signature_length ) == PSA_SUCCESS );
2658
2659 if( input_data->len != 0 )
2660 {
2661 /* Flip a bit in the input and verify that the signature is now
2662 * detected as invalid. Flip a bit at the beginning, not at the end,
2663 * because ECDSA may ignore the last few bits of the input. */
2664 input_data->x[0] ^= 1;
2665 TEST_ASSERT( psa_asymmetric_verify(
2666 slot, alg,
2667 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2668 signature,
2669 signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
2670 }
2671
2672exit:
2673 psa_destroy_key( slot );
2674 mbedtls_free( signature );
2675 mbedtls_psa_crypto_free( );
2676}
2677/* END_CASE */
2678
2679/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2680void asymmetric_verify( int key_type_arg, data_t *key_data,
2681 int alg_arg, data_t *hash_data,
2682 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2683{
2684 int slot = 1;
2685 psa_key_type_t key_type = key_type_arg;
2686 psa_algorithm_t alg = alg_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2687 psa_key_policy_t policy;
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2688
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2689 TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
2690
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2691 TEST_ASSERT( key_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2692 TEST_ASSERT( hash_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2693 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2694 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2695 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2696 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2697
2698 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2699
2700 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2701 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2702 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2703
2704 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2705 key_data->x,
2706 key_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2707
2708 TEST_ASSERT( psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2709 hash_data->x, hash_data->len,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2710 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2711 signature_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2712exit:
2713 psa_destroy_key( slot );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2714 mbedtls_psa_crypto_free( );
2715}
2716/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2717
2718/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2719void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
2720 int alg_arg, data_t *hash_data,
2721 data_t *signature_data,
2722 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2723{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2724 int slot = 1;
2725 psa_key_type_t key_type = key_type_arg;
2726 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2727 psa_status_t actual_status;
2728 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2729 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2730
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2731 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2732 TEST_ASSERT( hash_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2733 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2734 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2735 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2736 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2737
2738 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2739
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2740 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2741 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2742 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2743
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2744 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2745 key_data->x,
2746 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2747
2748 actual_status = psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2749 hash_data->x, hash_data->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2750 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2751 signature_data->len );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2752
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2753 TEST_ASSERT( actual_status == expected_status );
2754
2755exit:
2756 psa_destroy_key( slot );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2757 mbedtls_psa_crypto_free( );
2758}
2759/* END_CASE */
2760
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2761/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2762void asymmetric_encrypt( int key_type_arg,
2763 data_t *key_data,
2764 int alg_arg,
2765 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2766 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2767 int expected_output_length_arg,
2768 int expected_status_arg )
2769{
2770 int slot = 1;
2771 psa_key_type_t key_type = key_type_arg;
2772 psa_algorithm_t alg = alg_arg;
2773 size_t expected_output_length = expected_output_length_arg;
2774 size_t key_bits;
2775 unsigned char *output = NULL;
2776 size_t output_size;
2777 size_t output_length = ~0;
2778 psa_status_t actual_status;
2779 psa_status_t expected_status = expected_status_arg;
2780 psa_key_policy_t policy;
2781
2782 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2783
2784 /* Import the key */
2785 psa_key_policy_init( &policy );
2786 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2787 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2788 TEST_ASSERT( psa_import_key( slot, key_type,
2789 key_data->x,
2790 key_data->len ) == PSA_SUCCESS );
2791
2792 /* Determine the maximum output length */
2793 TEST_ASSERT( psa_get_key_information( slot,
2794 NULL,
2795 &key_bits ) == PSA_SUCCESS );
2796 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2797 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2798
2799 /* Encrypt the input */
2800 actual_status = psa_asymmetric_encrypt( slot, alg,
2801 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2802 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2803 output, output_size,
2804 &output_length );
2805 TEST_ASSERT( actual_status == expected_status );
2806 TEST_ASSERT( output_length == expected_output_length );
2807
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2808 /* If the label is empty, the test framework puts a non-null pointer
2809 * in label->x. Test that a null pointer works as well. */
2810 if( label->len == 0 )
2811 {
2812 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]2813 if( output_size != 0 )
2814 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2815 actual_status = psa_asymmetric_encrypt( slot, alg,
2816 input_data->x, input_data->len,
2817 NULL, label->len,
2818 output, output_size,
2819 &output_length );
2820 TEST_ASSERT( actual_status == expected_status );
2821 TEST_ASSERT( output_length == expected_output_length );
2822 }
2823
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2824exit:
2825 psa_destroy_key( slot );
2826 mbedtls_free( output );
2827 mbedtls_psa_crypto_free( );
2828}
2829/* END_CASE */
2830
2831/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2832void asymmetric_encrypt_decrypt( int key_type_arg,
2833 data_t *key_data,
2834 int alg_arg,
2835 data_t *input_data,
2836 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2837{
2838 int slot = 1;
2839 psa_key_type_t key_type = key_type_arg;
2840 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2841 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2842 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2843 size_t output_size;
2844 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2845 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2846 size_t output2_size;
2847 size_t output2_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2848 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2849
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2850 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2851 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2852 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2853 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2854
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2855 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2856
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2857 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2858 psa_key_policy_set_usage( &policy,
2859 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2860 alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2861 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2862
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2863 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2864 key_data->x,
2865 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2866
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2867
2868 /* Determine the maximum ciphertext length */
2869 TEST_ASSERT( psa_get_key_information( slot,
2870 NULL,
2871 &key_bits ) == PSA_SUCCESS );
2872 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2873 ASSERT_ALLOC( output, output_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2874 output2_size = input_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2875 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2876
Gilles Peskineeebd7382018-06-08 18:11:54 +0200[diff] [blame]2877 /* We test encryption by checking that encrypt-then-decrypt gives back
2878 * the original plaintext because of the non-optional random
2879 * part of encryption process which prevents using fixed vectors. */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2880 TEST_ASSERT( psa_asymmetric_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2881 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2882 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2883 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2884 &output_length ) == PSA_SUCCESS );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2885 /* We don't know what ciphertext length to expect, but check that
2886 * it looks sensible. */
2887 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2888
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2889 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2890 output, output_length,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2891 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2892 output2, output2_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2893 &output2_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2894 ASSERT_COMPARE( input_data->x, input_data->len,
2895 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2896
2897exit:
2898 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2899 mbedtls_free( output );
2900 mbedtls_free( output2 );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2901 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2902}
2903/* END_CASE */
2904
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2905/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2906void asymmetric_decrypt( int key_type_arg,
2907 data_t *key_data,
2908 int alg_arg,
2909 data_t *input_data,
2910 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +0200[diff] [blame]2911 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2912{
2913 int slot = 1;
2914 psa_key_type_t key_type = key_type_arg;
2915 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2916 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]2917 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2918 size_t output_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2919 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2920
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2921 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2922 TEST_ASSERT( input_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2923 TEST_ASSERT( expected_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2924 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2925 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2926 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2927
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2928 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2929 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]2930
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2931 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2932
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2933 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2934 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2935 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2936
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2937 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2938 key_data->x,
2939 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2940
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2941 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2942 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2943 label->x, label->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2944 output,
2945 output_size,
2946 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2947 ASSERT_COMPARE( expected_data->x, expected_data->len,
2948 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2949
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2950 /* If the label is empty, the test framework puts a non-null pointer
2951 * in label->x. Test that a null pointer works as well. */
2952 if( label->len == 0 )
2953 {
2954 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]2955 if( output_size != 0 )
2956 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2957 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
2958 input_data->x, input_data->len,
2959 NULL, label->len,
2960 output,
2961 output_size,
2962 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2963 ASSERT_COMPARE( expected_data->x, expected_data->len,
2964 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2965 }
2966
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2967exit:
2968 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2969 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2970 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2971}
2972/* END_CASE */
2973
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2974/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2975void asymmetric_decrypt_fail( int key_type_arg,
2976 data_t *key_data,
2977 int alg_arg,
2978 data_t *input_data,
2979 data_t *label,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2980 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2981{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2982 int slot = 1;
2983 psa_key_type_t key_type = key_type_arg;
2984 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2985 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]2986 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2987 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2988 psa_status_t actual_status;
2989 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2990 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2991
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2992 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2993 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2994 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2995 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2996
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2997 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2998 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]2999
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3000 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3001
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3002 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3003 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3004 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3005
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3006 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3007 key_data->x,
3008 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3009
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3010 actual_status = psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3011 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3012 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3013 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3014 &output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3015 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3016 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3017
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3018 /* If the label is empty, the test framework puts a non-null pointer
3019 * in label->x. Test that a null pointer works as well. */
3020 if( label->len == 0 )
3021 {
3022 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3023 if( output_size != 0 )
3024 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3025 actual_status = psa_asymmetric_decrypt( slot, alg,
3026 input_data->x, input_data->len,
3027 NULL, label->len,
3028 output, output_size,
3029 &output_length );
3030 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3031 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3032 }
3033
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3034exit:
3035 psa_destroy_key( slot );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3036 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3037 mbedtls_psa_crypto_free( );
3038}
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3039/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3040
3041/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]3042void derive_setup( int key_type_arg,
3043 data_t *key_data,
3044 int alg_arg,
3045 data_t *salt,
3046 data_t *label,
3047 int requested_capacity_arg,
3048 int expected_status_arg )
3049{
3050 psa_key_slot_t slot = 1;
3051 size_t key_type = key_type_arg;
3052 psa_algorithm_t alg = alg_arg;
3053 size_t requested_capacity = requested_capacity_arg;
3054 psa_status_t expected_status = expected_status_arg;
3055 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3056 psa_key_policy_t policy;
3057
3058 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3059
3060 psa_key_policy_init( &policy );
3061 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3062 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3063
3064 TEST_ASSERT( psa_import_key( slot, key_type,
3065 key_data->x,
3066 key_data->len ) == PSA_SUCCESS );
3067
3068 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3069 salt->x, salt->len,
3070 label->x, label->len,
3071 requested_capacity ) == expected_status );
3072
3073exit:
3074 psa_generator_abort( &generator );
3075 psa_destroy_key( slot );
3076 mbedtls_psa_crypto_free( );
3077}
3078/* END_CASE */
3079
3080/* BEGIN_CASE */
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3081void test_derive_invalid_generator_state( )
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3082{
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3083 psa_key_slot_t base_key = 1;
Nir Sonnenschein4eda37b2018-10-31 12:15:58 +0200[diff] [blame]3084 size_t key_type = PSA_KEY_TYPE_DERIVE;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3085 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3086 psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3087 uint8_t buffer[42];
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3088 size_t capacity = sizeof( buffer );
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3089 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
3090 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
3091 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3092 psa_key_policy_t policy;
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3093
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3094 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3095
3096 psa_key_policy_init( &policy );
3097 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3098 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3099
3100 TEST_ASSERT( psa_import_key( base_key, key_type,
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3101 key_data,
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3102 sizeof( key_data ) ) == PSA_SUCCESS );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3103
3104 /* valid key derivation */
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3105 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3106 NULL, 0,
3107 NULL, 0,
3108 capacity ) == PSA_SUCCESS );
3109
3110 /* state of generator shouldn't allow additional generation */
3111 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3112 NULL, 0,
3113 NULL, 0,
3114 capacity ) == PSA_ERROR_BAD_STATE );
3115
3116 TEST_ASSERT( psa_generator_read( &generator, buffer, capacity )
3117 == PSA_SUCCESS );
3118
3119 TEST_ASSERT( psa_generator_read( &generator, buffer, capacity )
3120 == PSA_ERROR_INSUFFICIENT_CAPACITY );
3121
3122
3123exit:
3124 psa_generator_abort( &generator );
3125 psa_destroy_key( base_key );
3126 mbedtls_psa_crypto_free( );
3127}
3128/* END_CASE */
3129
3130
3131/* BEGIN_CASE */
3132void test_derive_invalid_generator_tests( )
3133{
3134 uint8_t output_buffer[16];
3135 size_t buffer_size = 16;
3136 size_t capacity = 0;
3137 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3138
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3139 TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3140 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3141
3142 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3143 == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3144
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3145 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3146
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3147 TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3148 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3149
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3150 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3151 == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3152
3153exit:
3154 psa_generator_abort( &generator );
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3155}
3156/* END_CASE */
3157
3158/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3159void derive_output( int alg_arg,
3160 data_t *key_data,
3161 data_t *salt,
3162 data_t *label,
3163 int requested_capacity_arg,
3164 data_t *expected_output1,
3165 data_t *expected_output2 )
3166{
3167 psa_key_slot_t slot = 1;
3168 psa_algorithm_t alg = alg_arg;
3169 size_t requested_capacity = requested_capacity_arg;
3170 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3171 uint8_t *expected_outputs[2] =
3172 {expected_output1->x, expected_output2->x};
3173 size_t output_sizes[2] =
3174 {expected_output1->len, expected_output2->len};
3175 size_t output_buffer_size = 0;
3176 uint8_t *output_buffer = NULL;
3177 size_t expected_capacity;
3178 size_t current_capacity;
3179 psa_key_policy_t policy;
3180 psa_status_t status;
3181 unsigned i;
3182
3183 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3184 {
3185 if( output_sizes[i] > output_buffer_size )
3186 output_buffer_size = output_sizes[i];
3187 if( output_sizes[i] == 0 )
3188 expected_outputs[i] = NULL;
3189 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3190 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3191 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3192
3193 psa_key_policy_init( &policy );
3194 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3195 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3196
3197 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3198 key_data->x,
3199 key_data->len ) == PSA_SUCCESS );
3200
3201 /* Extraction phase. */
3202 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3203 salt->x, salt->len,
3204 label->x, label->len,
3205 requested_capacity ) == PSA_SUCCESS );
3206 TEST_ASSERT( psa_get_generator_capacity( &generator,
3207 &current_capacity ) ==
3208 PSA_SUCCESS );
3209 TEST_ASSERT( current_capacity == requested_capacity );
3210 expected_capacity = requested_capacity;
3211
3212 /* Expansion phase. */
3213 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3214 {
3215 /* Read some bytes. */
3216 status = psa_generator_read( &generator,
3217 output_buffer, output_sizes[i] );
3218 if( expected_capacity == 0 && output_sizes[i] == 0 )
3219 {
3220 /* Reading 0 bytes when 0 bytes are available can go either way. */
3221 TEST_ASSERT( status == PSA_SUCCESS ||
3222 status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3223 continue;
3224 }
3225 else if( expected_capacity == 0 ||
3226 output_sizes[i] > expected_capacity )
3227 {
3228 /* Capacity exceeded. */
3229 TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3230 expected_capacity = 0;
3231 continue;
3232 }
3233 /* Success. Check the read data. */
3234 TEST_ASSERT( status == PSA_SUCCESS );
3235 if( output_sizes[i] != 0 )
3236 TEST_ASSERT( memcmp( output_buffer, expected_outputs[i],
3237 output_sizes[i] ) == 0 );
3238 /* Check the generator status. */
3239 expected_capacity -= output_sizes[i];
3240 TEST_ASSERT( psa_get_generator_capacity( &generator,
3241 &current_capacity ) ==
3242 PSA_SUCCESS );
3243 TEST_ASSERT( expected_capacity == current_capacity );
3244 }
3245 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3246
3247exit:
3248 mbedtls_free( output_buffer );
3249 psa_generator_abort( &generator );
3250 psa_destroy_key( slot );
3251 mbedtls_psa_crypto_free( );
3252}
3253/* END_CASE */
3254
3255/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +0200[diff] [blame]3256void derive_full( int alg_arg,
3257 data_t *key_data,
3258 data_t *salt,
3259 data_t *label,
3260 int requested_capacity_arg )
3261{
3262 psa_key_slot_t slot = 1;
3263 psa_algorithm_t alg = alg_arg;
3264 size_t requested_capacity = requested_capacity_arg;
3265 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3266 unsigned char output_buffer[16];
3267 size_t expected_capacity = requested_capacity;
3268 size_t current_capacity;
3269 psa_key_policy_t policy;
3270
3271 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3272
3273 psa_key_policy_init( &policy );
3274 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3275 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3276
3277 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3278 key_data->x,
3279 key_data->len ) == PSA_SUCCESS );
3280
3281 /* Extraction phase. */
3282 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3283 salt->x, salt->len,
3284 label->x, label->len,
3285 requested_capacity ) == PSA_SUCCESS );
3286 TEST_ASSERT( psa_get_generator_capacity( &generator,
3287 &current_capacity ) ==
3288 PSA_SUCCESS );
3289 TEST_ASSERT( current_capacity == expected_capacity );
3290
3291 /* Expansion phase. */
3292 while( current_capacity > 0 )
3293 {
3294 size_t read_size = sizeof( output_buffer );
3295 if( read_size > current_capacity )
3296 read_size = current_capacity;
3297 TEST_ASSERT( psa_generator_read( &generator,
3298 output_buffer,
3299 read_size ) == PSA_SUCCESS );
3300 expected_capacity -= read_size;
3301 TEST_ASSERT( psa_get_generator_capacity( &generator,
3302 &current_capacity ) ==
3303 PSA_SUCCESS );
3304 TEST_ASSERT( current_capacity == expected_capacity );
3305 }
3306
3307 /* Check that the generator refuses to go over capacity. */
3308 TEST_ASSERT( psa_generator_read( &generator,
3309 output_buffer,
3310 1 ) == PSA_ERROR_INSUFFICIENT_CAPACITY );
3311
3312 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3313
3314exit:
3315 psa_generator_abort( &generator );
3316 psa_destroy_key( slot );
3317 mbedtls_psa_crypto_free( );
3318}
3319/* END_CASE */
3320
3321/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3322void derive_key_exercise( int alg_arg,
3323 data_t *key_data,
3324 data_t *salt,
3325 data_t *label,
3326 int derived_type_arg,
3327 int derived_bits_arg,
3328 int derived_usage_arg,
3329 int derived_alg_arg )
3330{
3331 psa_key_slot_t base_key = 1;
3332 psa_key_slot_t derived_key = 2;
3333 psa_algorithm_t alg = alg_arg;
3334 psa_key_type_t derived_type = derived_type_arg;
3335 size_t derived_bits = derived_bits_arg;
3336 psa_key_usage_t derived_usage = derived_usage_arg;
3337 psa_algorithm_t derived_alg = derived_alg_arg;
3338 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
3339 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3340 psa_key_policy_t policy;
3341 psa_key_type_t got_type;
3342 size_t got_bits;
3343
3344 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3345
3346 psa_key_policy_init( &policy );
3347 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3348 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3349 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3350 key_data->x,
3351 key_data->len ) == PSA_SUCCESS );
3352
3353 /* Derive a key. */
3354 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3355 salt->x, salt->len,
3356 label->x, label->len,
3357 capacity ) == PSA_SUCCESS );
3358 psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
3359 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3360 TEST_ASSERT( psa_generator_import_key( derived_key,
3361 derived_type,
3362 derived_bits,
3363 &generator ) == PSA_SUCCESS );
3364
3365 /* Test the key information */
3366 TEST_ASSERT( psa_get_key_information( derived_key,
3367 &got_type,
3368 &got_bits ) == PSA_SUCCESS );
3369 TEST_ASSERT( got_type == derived_type );
3370 TEST_ASSERT( got_bits == derived_bits );
3371
3372 /* Exercise the derived key. */
3373 if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
3374 goto exit;
3375
3376exit:
3377 psa_generator_abort( &generator );
3378 psa_destroy_key( base_key );
3379 psa_destroy_key( derived_key );
3380 mbedtls_psa_crypto_free( );
3381}
3382/* END_CASE */
3383
3384/* BEGIN_CASE */
3385void derive_key_export( int alg_arg,
3386 data_t *key_data,
3387 data_t *salt,
3388 data_t *label,
3389 int bytes1_arg,
3390 int bytes2_arg )
3391{
3392 psa_key_slot_t base_key = 1;
3393 psa_key_slot_t derived_key = 2;
3394 psa_algorithm_t alg = alg_arg;
3395 size_t bytes1 = bytes1_arg;
3396 size_t bytes2 = bytes2_arg;
3397 size_t capacity = bytes1 + bytes2;
3398 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3399 uint8_t *output_buffer = NULL;
3400 uint8_t *export_buffer = NULL;
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3401 psa_key_policy_t policy;
3402 size_t length;
3403
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3404 ASSERT_ALLOC( output_buffer, capacity );
3405 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3406 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3407
3408 psa_key_policy_init( &policy );
3409 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3410 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3411 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3412 key_data->x,
3413 key_data->len ) == PSA_SUCCESS );
3414
3415 /* Derive some material and output it. */
3416 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3417 salt->x, salt->len,
3418 label->x, label->len,
3419 capacity ) == PSA_SUCCESS );
3420 TEST_ASSERT( psa_generator_read( &generator,
3421 output_buffer,
3422 capacity ) == PSA_SUCCESS );
3423 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3424
3425 /* Derive the same output again, but this time store it in key objects. */
3426 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3427 salt->x, salt->len,
3428 label->x, label->len,
3429 capacity ) == PSA_SUCCESS );
3430 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
3431 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3432 TEST_ASSERT( psa_generator_import_key( derived_key,
3433 PSA_KEY_TYPE_RAW_DATA,
3434 PSA_BYTES_TO_BITS( bytes1 ),
3435 &generator ) == PSA_SUCCESS );
3436 TEST_ASSERT( psa_export_key( derived_key,
3437 export_buffer, bytes1,
3438 &length ) == PSA_SUCCESS );
3439 TEST_ASSERT( length == bytes1 );
3440 TEST_ASSERT( psa_destroy_key( derived_key ) == PSA_SUCCESS );
3441 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3442 TEST_ASSERT( psa_generator_import_key( derived_key,
3443 PSA_KEY_TYPE_RAW_DATA,
3444 PSA_BYTES_TO_BITS( bytes2 ),
3445 &generator ) == PSA_SUCCESS );
3446 TEST_ASSERT( psa_export_key( derived_key,
3447 export_buffer + bytes1, bytes2,
3448 &length ) == PSA_SUCCESS );
3449 TEST_ASSERT( length == bytes2 );
3450
3451 /* Compare the outputs from the two runs. */
3452 TEST_ASSERT( memcmp( output_buffer, export_buffer, capacity ) == 0 );
3453
3454exit:
3455 mbedtls_free( output_buffer );
3456 mbedtls_free( export_buffer );
3457 psa_generator_abort( &generator );
3458 psa_destroy_key( base_key );
3459 psa_destroy_key( derived_key );
3460 mbedtls_psa_crypto_free( );
3461}
3462/* END_CASE */
3463
3464/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3465void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3466{
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3467 size_t bytes = bytes_arg;
3468 const unsigned char trail[] = "don't overwrite me";
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3469 unsigned char *output = NULL;
3470 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3471 size_t i;
3472 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3473
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3474 ASSERT_ALLOC( output, bytes + sizeof( trail ) );
3475 ASSERT_ALLOC( changed, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3476 memcpy( output + bytes, trail, sizeof( trail ) );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3477
3478 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3479
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3480 /* Run several times, to ensure that every output byte will be
3481 * nonzero at least once with overwhelming probability
3482 * (2^(-8*number_of_runs)). */
3483 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3484 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3485 if( bytes != 0 )
3486 memset( output, 0, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3487 TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS );
3488
3489 /* Check that no more than bytes have been overwritten */
3490 TEST_ASSERT( memcmp( output + bytes, trail, sizeof( trail ) ) == 0 );
3491
3492 for( i = 0; i < bytes; i++ )
3493 {
3494 if( output[i] != 0 )
3495 ++changed[i];
3496 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3497 }
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3498
3499 /* Check that every byte was changed to nonzero at least once. This
3500 * validates that psa_generate_random is overwriting every byte of
3501 * the output buffer. */
3502 for( i = 0; i < bytes; i++ )
3503 {
3504 TEST_ASSERT( changed[i] != 0 );
3505 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3506
3507exit:
3508 mbedtls_psa_crypto_free( );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3509 mbedtls_free( output );
3510 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3511}
3512/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3513
3514/* BEGIN_CASE */
3515void generate_key( int type_arg,
3516 int bits_arg,
3517 int usage_arg,
3518 int alg_arg,
3519 int expected_status_arg )
3520{
3521 int slot = 1;
3522 psa_key_type_t type = type_arg;
3523 psa_key_usage_t usage = usage_arg;
3524 size_t bits = bits_arg;
3525 psa_algorithm_t alg = alg_arg;
3526 psa_status_t expected_status = expected_status_arg;
3527 psa_key_type_t got_type;
3528 size_t got_bits;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3529 psa_status_t expected_info_status =
3530 expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
3531 psa_key_policy_t policy;
3532
3533 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3534
3535 psa_key_policy_init( &policy );
3536 psa_key_policy_set_usage( &policy, usage, alg );
3537 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3538
3539 /* Generate a key */
3540 TEST_ASSERT( psa_generate_key( slot, type, bits,
3541 NULL, 0 ) == expected_status );
3542
3543 /* Test the key information */
3544 TEST_ASSERT( psa_get_key_information( slot,
3545 &got_type,
3546 &got_bits ) == expected_info_status );
3547 if( expected_info_status != PSA_SUCCESS )
3548 goto exit;
3549 TEST_ASSERT( got_type == type );
3550 TEST_ASSERT( got_bits == bits );
3551
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]3552 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]3553 if( ! exercise_key( slot, usage, alg ) )
3554 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3555
3556exit:
3557 psa_destroy_key( slot );
3558 mbedtls_psa_crypto_free( );
3559}
3560/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +0300[diff] [blame]3561
3562/* BEGIN_CASE */
3563void validate_module_init_generate_random( )
3564{
3565 psa_status_t status;
3566 uint8_t random[10] = { 0 };
3567 status = psa_generate_random( random, sizeof( random ) );
3568 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
3569}
3570/* END_CASE */
itayzafrir90d8c7a2018-09-12 11:44:52 +0300[diff] [blame]3571
3572/* BEGIN_CASE */
3573void validate_module_init_key_based( )
3574{
3575 psa_status_t status;
3576 uint8_t data[10] = { 0 };
3577 status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
3578 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
3579}
3580/* END_CASE */