TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4271df932ca25660d888889fe5ccca5d9c72d9a0 / . / tests / suites / test_suite_psa_crypto.function
blob: 0d292e3ce408009de5e785d44808ddc8f2c1d4be [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +0300[diff] [blame]3
4#if defined(MBEDTLS_PSA_CRYPTO_SPM)
5#include "spm/psa_defs.h"
6#endif
7
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]8#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]9#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]10#include "mbedtls/oid.h"
11
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]12#include "psa/crypto.h"
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]13
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]14#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
15
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]16#if(UINT32_MAX > SIZE_MAX)
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]17#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX )
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]18#else
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]19#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]20#endif
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]21
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]22/** An invalid export length that will never be set by psa_export_key(). */
23static const size_t INVALID_EXPORT_LENGTH = ~0U;
24
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]25/** Test if a buffer contains a constant byte value.
26 *
27 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]28 *
29 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]30 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]31 * \param size Size of the buffer in bytes.
32 *
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]33 * \return 1 if the buffer is all-bits-zero.
34 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]35 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]36static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]37{
38 size_t i;
39 for( i = 0; i < size; i++ )
40 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]41 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]42 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]43 }
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]44 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]45}
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]46
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]47/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
48static int asn1_write_10x( unsigned char **p,
49 unsigned char *start,
50 size_t bits,
51 unsigned char x )
52{
53 int ret;
54 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +0200[diff] [blame]55 if( bits == 0 )
56 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
57 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]58 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]59 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]60 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
61 *p -= len;
62 ( *p )[len-1] = x;
63 if( bits % 8 == 0 )
64 ( *p )[1] |= 1;
65 else
66 ( *p )[0] |= 1 << ( bits % 8 );
67 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
68 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
69 MBEDTLS_ASN1_INTEGER ) );
70 return( len );
71}
72
73static int construct_fake_rsa_key( unsigned char *buffer,
74 size_t buffer_size,
75 unsigned char **p,
76 size_t bits,
77 int keypair )
78{
79 size_t half_bits = ( bits + 1 ) / 2;
80 int ret;
81 int len = 0;
82 /* Construct something that looks like a DER encoding of
83 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
84 * RSAPrivateKey ::= SEQUENCE {
85 * version Version,
86 * modulus INTEGER, -- n
87 * publicExponent INTEGER, -- e
88 * privateExponent INTEGER, -- d
89 * prime1 INTEGER, -- p
90 * prime2 INTEGER, -- q
91 * exponent1 INTEGER, -- d mod (p-1)
92 * exponent2 INTEGER, -- d mod (q-1)
93 * coefficient INTEGER, -- (inverse of q) mod p
94 * otherPrimeInfos OtherPrimeInfos OPTIONAL
95 * }
96 * Or, for a public key, the same structure with only
97 * version, modulus and publicExponent.
98 */
99 *p = buffer + buffer_size;
100 if( keypair )
101 {
102 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
103 asn1_write_10x( p, buffer, half_bits, 1 ) );
104 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
105 asn1_write_10x( p, buffer, half_bits, 1 ) );
106 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
107 asn1_write_10x( p, buffer, half_bits, 1 ) );
108 MBEDTLS_ASN1_CHK_ADD( len, /* q */
109 asn1_write_10x( p, buffer, half_bits, 1 ) );
110 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
111 asn1_write_10x( p, buffer, half_bits, 3 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* d */
113 asn1_write_10x( p, buffer, bits, 1 ) );
114 }
115 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
116 asn1_write_10x( p, buffer, 17, 1 ) );
117 MBEDTLS_ASN1_CHK_ADD( len, /* n */
118 asn1_write_10x( p, buffer, bits, 1 ) );
119 if( keypair )
120 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
121 mbedtls_asn1_write_int( p, buffer, 0 ) );
122 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
123 {
124 const unsigned char tag =
125 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
126 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
127 }
128 return( len );
129}
130
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]131static int exercise_mac_key( psa_key_slot_t key,
132 psa_key_usage_t usage,
133 psa_algorithm_t alg )
134{
135 psa_mac_operation_t operation;
136 const unsigned char input[] = "foo";
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]137 unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]138 size_t mac_length = sizeof( mac );
139
140 if( usage & PSA_KEY_USAGE_SIGN )
141 {
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]142 TEST_ASSERT( psa_mac_sign_setup( &operation,
143 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]144 TEST_ASSERT( psa_mac_update( &operation,
145 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]146 TEST_ASSERT( psa_mac_sign_finish( &operation,
Gilles Peskineef0cb402018-07-12 16:55:59 +0200[diff] [blame]147 mac, sizeof( mac ),
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]148 &mac_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]149 }
150
151 if( usage & PSA_KEY_USAGE_VERIFY )
152 {
153 psa_status_t verify_status =
154 ( usage & PSA_KEY_USAGE_SIGN ?
155 PSA_SUCCESS :
156 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]157 TEST_ASSERT( psa_mac_verify_setup( &operation,
158 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]159 TEST_ASSERT( psa_mac_update( &operation,
160 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]161 TEST_ASSERT( psa_mac_verify_finish( &operation,
162 mac,
163 mac_length ) == verify_status );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]164 }
165
166 return( 1 );
167
168exit:
169 psa_mac_abort( &operation );
170 return( 0 );
171}
172
173static int exercise_cipher_key( psa_key_slot_t key,
174 psa_key_usage_t usage,
175 psa_algorithm_t alg )
176{
177 psa_cipher_operation_t operation;
178 unsigned char iv[16] = {0};
179 size_t iv_length = sizeof( iv );
180 const unsigned char plaintext[16] = "Hello, world...";
181 unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
182 size_t ciphertext_length = sizeof( ciphertext );
183 unsigned char decrypted[sizeof( ciphertext )];
184 size_t part_length;
185
186 if( usage & PSA_KEY_USAGE_ENCRYPT )
187 {
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]188 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
189 key, alg ) == PSA_SUCCESS );
190 TEST_ASSERT( psa_cipher_generate_iv( &operation,
191 iv, sizeof( iv ),
192 &iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]193 TEST_ASSERT( psa_cipher_update( &operation,
194 plaintext, sizeof( plaintext ),
195 ciphertext, sizeof( ciphertext ),
196 &ciphertext_length ) == PSA_SUCCESS );
197 TEST_ASSERT( psa_cipher_finish( &operation,
198 ciphertext + ciphertext_length,
199 sizeof( ciphertext ) - ciphertext_length,
200 &part_length ) == PSA_SUCCESS );
201 ciphertext_length += part_length;
202 }
203
204 if( usage & PSA_KEY_USAGE_DECRYPT )
205 {
206 psa_status_t status;
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]207 psa_key_type_t type = PSA_KEY_TYPE_NONE;
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]208 if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
209 {
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]210 size_t bits;
211 TEST_ASSERT( psa_get_key_information( key, &type, &bits ) );
212 iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
213 }
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]214 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
215 key, alg ) == PSA_SUCCESS );
216 TEST_ASSERT( psa_cipher_set_iv( &operation,
217 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]218 TEST_ASSERT( psa_cipher_update( &operation,
219 ciphertext, ciphertext_length,
220 decrypted, sizeof( decrypted ),
221 &part_length ) == PSA_SUCCESS );
222 status = psa_cipher_finish( &operation,
223 decrypted + part_length,
224 sizeof( decrypted ) - part_length,
225 &part_length );
226 /* For a stream cipher, all inputs are valid. For a block cipher,
227 * if the input is some aribtrary data rather than an actual
228 ciphertext, a padding error is likely. */
Mohammad AboMokh65fa0b82018-06-28 02:14:00 -0700[diff] [blame]229 if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]230 PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]231 TEST_ASSERT( status == PSA_SUCCESS );
232 else
233 TEST_ASSERT( status == PSA_SUCCESS ||
234 status == PSA_ERROR_INVALID_PADDING );
235 }
236
237 return( 1 );
238
239exit:
240 psa_cipher_abort( &operation );
241 return( 0 );
242}
243
244static int exercise_aead_key( psa_key_slot_t key,
245 psa_key_usage_t usage,
246 psa_algorithm_t alg )
247{
248 unsigned char nonce[16] = {0};
249 size_t nonce_length = sizeof( nonce );
250 unsigned char plaintext[16] = "Hello, world...";
251 unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
252 size_t ciphertext_length = sizeof( ciphertext );
253 size_t plaintext_length = sizeof( ciphertext );
254
255 if( usage & PSA_KEY_USAGE_ENCRYPT )
256 {
257 TEST_ASSERT( psa_aead_encrypt( key, alg,
258 nonce, nonce_length,
259 NULL, 0,
260 plaintext, sizeof( plaintext ),
261 ciphertext, sizeof( ciphertext ),
262 &ciphertext_length ) == PSA_SUCCESS );
263 }
264
265 if( usage & PSA_KEY_USAGE_DECRYPT )
266 {
267 psa_status_t verify_status =
268 ( usage & PSA_KEY_USAGE_ENCRYPT ?
269 PSA_SUCCESS :
270 PSA_ERROR_INVALID_SIGNATURE );
271 TEST_ASSERT( psa_aead_decrypt( key, alg,
272 nonce, nonce_length,
273 NULL, 0,
274 ciphertext, ciphertext_length,
275 plaintext, sizeof( plaintext ),
276 &plaintext_length ) == verify_status );
277 }
278
279 return( 1 );
280
281exit:
282 return( 0 );
283}
284
285static int exercise_signature_key( psa_key_slot_t key,
286 psa_key_usage_t usage,
287 psa_algorithm_t alg )
288{
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]289 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
290 size_t payload_length = 16;
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]291 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]292 size_t signature_length = sizeof( signature );
293
294 if( usage & PSA_KEY_USAGE_SIGN )
295 {
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]296 /* Some algorithms require the payload to have the size of
297 * the hash encoded in the algorithm. Use this input size
298 * even for algorithms that allow other input sizes. */
299 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
300 if( hash_alg != 0 )
301 payload_length = PSA_HASH_SIZE( hash_alg );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]302 TEST_ASSERT( psa_asymmetric_sign( key, alg,
303 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]304 signature, sizeof( signature ),
305 &signature_length ) == PSA_SUCCESS );
306 }
307
308 if( usage & PSA_KEY_USAGE_VERIFY )
309 {
310 psa_status_t verify_status =
311 ( usage & PSA_KEY_USAGE_SIGN ?
312 PSA_SUCCESS :
313 PSA_ERROR_INVALID_SIGNATURE );
314 TEST_ASSERT( psa_asymmetric_verify( key, alg,
315 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]316 signature, signature_length ) ==
317 verify_status );
318 }
319
320 return( 1 );
321
322exit:
323 return( 0 );
324}
325
326static int exercise_asymmetric_encryption_key( psa_key_slot_t key,
327 psa_key_usage_t usage,
328 psa_algorithm_t alg )
329{
330 unsigned char plaintext[256] = "Hello, world...";
331 unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
332 size_t ciphertext_length = sizeof( ciphertext );
333 size_t plaintext_length = 16;
334
335 if( usage & PSA_KEY_USAGE_ENCRYPT )
336 {
337 TEST_ASSERT(
338 psa_asymmetric_encrypt( key, alg,
339 plaintext, plaintext_length,
340 NULL, 0,
341 ciphertext, sizeof( ciphertext ),
342 &ciphertext_length ) == PSA_SUCCESS );
343 }
344
345 if( usage & PSA_KEY_USAGE_DECRYPT )
346 {
347 psa_status_t status =
348 psa_asymmetric_decrypt( key, alg,
349 ciphertext, ciphertext_length,
350 NULL, 0,
351 plaintext, sizeof( plaintext ),
352 &plaintext_length );
353 TEST_ASSERT( status == PSA_SUCCESS ||
354 ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
355 ( status == PSA_ERROR_INVALID_ARGUMENT ||
356 status == PSA_ERROR_INVALID_PADDING ) ) );
357 }
358
359 return( 1 );
360
361exit:
362 return( 0 );
363}
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]364
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]365static int exercise_key_derivation_key( psa_key_slot_t key,
366 psa_key_usage_t usage,
367 psa_algorithm_t alg )
368{
369 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
370 unsigned char label[16] = "This is a label.";
371 size_t label_length = sizeof( label );
372 unsigned char seed[16] = "abcdefghijklmnop";
373 size_t seed_length = sizeof( seed );
374 unsigned char output[1];
375
376 if( usage & PSA_KEY_USAGE_DERIVE )
377 {
378 TEST_ASSERT( psa_key_derivation( &generator,
379 key, alg,
380 label, label_length,
381 seed, seed_length,
382 sizeof( output ) ) == PSA_SUCCESS );
383 TEST_ASSERT( psa_generator_read( &generator,
384 output,
385 sizeof( output ) ) == PSA_SUCCESS );
386 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
387 }
388
389 return( 1 );
390
391exit:
392 return( 0 );
393}
394
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]395static int is_oid_of_key_type( psa_key_type_t type,
396 const uint8_t *oid, size_t oid_length )
397{
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]398 const uint8_t *expected_oid = NULL;
399 size_t expected_oid_length = 0;
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]400#if defined(MBEDTLS_RSA_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]401 if( PSA_KEY_TYPE_IS_RSA( type ) )
402 {
403 expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
404 expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
405 }
406 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]407#endif /* MBEDTLS_RSA_C */
408#if defined(MBEDTLS_ECP_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]409 if( PSA_KEY_TYPE_IS_ECC( type ) )
410 {
411 expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
412 expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
413 }
414 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]415#endif /* MBEDTLS_ECP_C */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]416 {
417 char message[40];
418 mbedtls_snprintf( message, sizeof( message ),
419 "OID not known for key type=0x%08lx",
420 (unsigned long) type );
421 test_fail( message, __LINE__, __FILE__ );
422 return( 0 );
423 }
424
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]425 ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]426 return( 1 );
427
428exit:
429 return( 0 );
430}
431
432static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
433 size_t min_bits, size_t max_bits,
434 int must_be_odd )
435{
436 size_t len;
437 size_t actual_bits;
438 unsigned char msb;
439 TEST_ASSERT( mbedtls_asn1_get_tag( p, end, &len,
440 MBEDTLS_ASN1_INTEGER ) == 0 );
441 /* Tolerate a slight departure from DER encoding:
442 * - 0 may be represented by an empty string or a 1-byte string.
443 * - The sign bit may be used as a value bit. */
444 if( ( len == 1 && ( *p )[0] == 0 ) ||
445 ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
446 {
447 ++( *p );
448 --len;
449 }
450 if( min_bits == 0 && len == 0 )
451 return( 1 );
452 msb = ( *p )[0];
453 TEST_ASSERT( msb != 0 );
454 actual_bits = 8 * ( len - 1 );
455 while( msb != 0 )
456 {
457 msb >>= 1;
458 ++actual_bits;
459 }
460 TEST_ASSERT( actual_bits >= min_bits );
461 TEST_ASSERT( actual_bits <= max_bits );
462 if( must_be_odd )
463 TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
464 *p += len;
465 return( 1 );
466exit:
467 return( 0 );
468}
469
470static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
471 size_t *len,
472 unsigned char n, unsigned char tag )
473{
474 int ret;
475 ret = mbedtls_asn1_get_tag( p, end, len,
476 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
477 MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
478 if( ret != 0 )
479 return( ret );
480 end = *p + *len;
481 ret = mbedtls_asn1_get_tag( p, end, len, tag );
482 if( ret != 0 )
483 return( ret );
484 if( *p + *len != end )
485 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
486 return( 0 );
487}
488
489static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
490 uint8_t *exported, size_t exported_length )
491{
492 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]493 TEST_ASSERT( exported_length == ( bits + 7 ) / 8 );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]494 else
495 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, bits ) );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]496
497#if defined(MBEDTLS_DES_C)
498 if( type == PSA_KEY_TYPE_DES )
499 {
500 /* Check the parity bits. */
501 unsigned i;
502 for( i = 0; i < bits / 8; i++ )
503 {
504 unsigned bit_count = 0;
505 unsigned m;
506 for( m = 1; m <= 0x100; m <<= 1 )
507 {
508 if( exported[i] & m )
509 ++bit_count;
510 }
511 TEST_ASSERT( bit_count % 2 != 0 );
512 }
513 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]514 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]515#endif
516
517#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
518 if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
519 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]520 uint8_t *p = exported;
521 uint8_t *end = exported + exported_length;
522 size_t len;
523 /* RSAPrivateKey ::= SEQUENCE {
Gilles Peskinedea46cf2018-08-21 16:12:54 +0200[diff] [blame]524 * version INTEGER, -- must be 0
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]525 * modulus INTEGER, -- n
526 * publicExponent INTEGER, -- e
527 * privateExponent INTEGER, -- d
528 * prime1 INTEGER, -- p
529 * prime2 INTEGER, -- q
530 * exponent1 INTEGER, -- d mod (p-1)
531 * exponent2 INTEGER, -- d mod (q-1)
532 * coefficient INTEGER, -- (inverse of q) mod p
533 * }
534 */
535 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
536 MBEDTLS_ASN1_SEQUENCE |
537 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
538 TEST_ASSERT( p + len == end );
539 if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) )
540 goto exit;
541 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
542 goto exit;
543 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
544 goto exit;
545 /* Require d to be at least half the size of n. */
546 if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
547 goto exit;
548 /* Require p and q to be at most half the size of n, rounded up. */
549 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
550 goto exit;
551 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
552 goto exit;
553 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
554 goto exit;
555 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
556 goto exit;
557 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
558 goto exit;
559 TEST_ASSERT( p == end );
560 }
561 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]562#endif /* MBEDTLS_RSA_C */
563
564#if defined(MBEDTLS_ECP_C)
565 if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
566 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]567 uint8_t *p = exported;
568 uint8_t *end = exported + exported_length;
569 size_t len;
570 int version;
571 /* ECPrivateKey ::= SEQUENCE {
572 * version INTEGER, -- must be 1
573 * privateKey OCTET STRING,
574 * -- `ceiling(log_{256}(n))`-byte string, big endian,
575 * -- where n is the order of the curve.
576 * parameters ECParameters {{ NamedCurve }}, -- mandatory
577 * publicKey BIT STRING -- mandatory
578 * }
579 */
580 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
581 MBEDTLS_ASN1_SEQUENCE |
582 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
583 TEST_ASSERT( p + len == end );
584 TEST_ASSERT( mbedtls_asn1_get_int( &p, end, &version ) == 0 );
585 TEST_ASSERT( version == 1 );
586 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
587 MBEDTLS_ASN1_OCTET_STRING ) == 0 );
588 /* Bug in Mbed TLS: the length of the octet string depends on the value */
589 // TEST_ASSERT( len == PSA_BITS_TO_BYTES( bits ) );
590 p += len;
591 TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 0,
592 MBEDTLS_ASN1_OID ) == 0 );
593 p += len;
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]594 /* publicKey: ECPoint in uncompressed representation (as below) */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]595 TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 1,
596 MBEDTLS_ASN1_BIT_STRING ) == 0 );
597 TEST_ASSERT( p + len == end );
598 TEST_ASSERT( p[0] == 0 ); /* 0 unused bits in the bit string */
599 ++p;
600 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
601 TEST_ASSERT( p[0] == 4 );
602 }
603 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]604#endif /* MBEDTLS_ECP_C */
605
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]606 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
607 {
608 uint8_t *p = exported;
609 uint8_t *end = exported + exported_length;
610 size_t len;
611 mbedtls_asn1_buf alg;
612 mbedtls_asn1_buf params;
613 mbedtls_asn1_bitstring bitstring;
614 /* SubjectPublicKeyInfo ::= SEQUENCE {
615 * algorithm AlgorithmIdentifier,
616 * subjectPublicKey BIT STRING }
617 * AlgorithmIdentifier ::= SEQUENCE {
618 * algorithm OBJECT IDENTIFIER,
619 * parameters ANY DEFINED BY algorithm OPTIONAL }
620 */
621 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
622 MBEDTLS_ASN1_SEQUENCE |
623 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
624 TEST_ASSERT( p + len == end );
625 TEST_ASSERT( mbedtls_asn1_get_alg( &p, end, &alg, &params ) == 0 );
626 if( ! is_oid_of_key_type( type, alg.p, alg.len ) )
627 goto exit;
628 TEST_ASSERT( mbedtls_asn1_get_bitstring( &p, end, &bitstring ) == 0 );
629 TEST_ASSERT( p == end );
630 p = bitstring.p;
631#if defined(MBEDTLS_RSA_C)
632 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
633 {
634 /* RSAPublicKey ::= SEQUENCE {
635 * modulus INTEGER, -- n
636 * publicExponent INTEGER } -- e
637 */
638 TEST_ASSERT( bitstring.unused_bits == 0 );
639 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
640 MBEDTLS_ASN1_SEQUENCE |
641 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
642 TEST_ASSERT( p + len == end );
643 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
644 goto exit;
645 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
646 goto exit;
647 TEST_ASSERT( p == end );
648 }
649 else
650#endif /* MBEDTLS_RSA_C */
651#if defined(MBEDTLS_ECP_C)
652 if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
653 {
654 /* ECPoint ::= ...
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]655 * -- first 8 bits: 0x04 (uncompressed representation);
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]656 * -- then x_P as an n-bit string, big endian;
657 * -- then y_P as a n-bit string, big endian,
658 * -- where n is the order of the curve.
659 */
660 TEST_ASSERT( bitstring.unused_bits == 0 );
661 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
662 TEST_ASSERT( p[0] == 4 );
663 }
664 else
665#endif /* MBEDTLS_ECP_C */
666 {
667 char message[40];
668 mbedtls_snprintf( message, sizeof( message ),
669 "No sanity check for public key type=0x%08lx",
670 (unsigned long) type );
671 test_fail( message, __LINE__, __FILE__ );
672 return( 0 );
673 }
674 }
675 else
676
677 {
678 /* No sanity checks for other types */
679 }
680
681 return( 1 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]682
683exit:
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]684 return( 0 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]685}
686
687static int exercise_export_key( psa_key_slot_t slot,
688 psa_key_usage_t usage )
689{
690 psa_key_type_t type;
691 size_t bits;
692 uint8_t *exported = NULL;
693 size_t exported_size = 0;
694 size_t exported_length = 0;
695 int ok = 0;
696
Gilles Peskineacec7b6f2018-09-13 20:34:11 +0200[diff] [blame]697 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
698
699 if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
700 ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]701 {
702 TEST_ASSERT( psa_export_key( slot, NULL, 0, &exported_length ) ==
703 PSA_ERROR_NOT_PERMITTED );
704 return( 1 );
705 }
706
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]707 exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]708 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]709
710 TEST_ASSERT( psa_export_key( slot,
711 exported, exported_size,
712 &exported_length ) == PSA_SUCCESS );
713 ok = exported_key_sanity_check( type, bits, exported, exported_length );
714
715exit:
716 mbedtls_free( exported );
717 return( ok );
718}
719
720static int exercise_export_public_key( psa_key_slot_t slot )
721{
722 psa_key_type_t type;
723 psa_key_type_t public_type;
724 size_t bits;
725 uint8_t *exported = NULL;
726 size_t exported_size = 0;
727 size_t exported_length = 0;
728 int ok = 0;
729
730 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
731 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
732 {
733 TEST_ASSERT( psa_export_public_key( slot,
734 NULL, 0, &exported_length ) ==
735 PSA_ERROR_INVALID_ARGUMENT );
736 return( 1 );
737 }
738
739 public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
740 exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]741 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]742
743 TEST_ASSERT( psa_export_public_key( slot,
744 exported, exported_size,
745 &exported_length ) == PSA_SUCCESS );
746 ok = exported_key_sanity_check( public_type, bits,
747 exported, exported_length );
748
749exit:
750 mbedtls_free( exported );
751 return( ok );
752}
753
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]754static int exercise_key( psa_key_slot_t slot,
755 psa_key_usage_t usage,
756 psa_algorithm_t alg )
757{
758 int ok;
759 if( alg == 0 )
760 ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
761 else if( PSA_ALG_IS_MAC( alg ) )
762 ok = exercise_mac_key( slot, usage, alg );
763 else if( PSA_ALG_IS_CIPHER( alg ) )
764 ok = exercise_cipher_key( slot, usage, alg );
765 else if( PSA_ALG_IS_AEAD( alg ) )
766 ok = exercise_aead_key( slot, usage, alg );
767 else if( PSA_ALG_IS_SIGN( alg ) )
768 ok = exercise_signature_key( slot, usage, alg );
769 else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
770 ok = exercise_asymmetric_encryption_key( slot, usage, alg );
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]771 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
772 ok = exercise_key_derivation_key( slot, usage, alg );
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]773 else
774 {
775 char message[40];
776 mbedtls_snprintf( message, sizeof( message ),
777 "No code to exercise alg=0x%08lx",
778 (unsigned long) alg );
779 test_fail( message, __LINE__, __FILE__ );
780 ok = 0;
781 }
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]782
783 ok = ok && exercise_export_key( slot, usage );
784 ok = ok && exercise_export_public_key( slot );
785
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]786 return( ok );
787}
788
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]789/* END_HEADER */
790
791/* BEGIN_DEPENDENCIES
792 * depends_on:MBEDTLS_PSA_CRYPTO_C
793 * END_DEPENDENCIES
794 */
795
796/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200[diff] [blame]797void static_checks( )
798{
799 size_t max_truncated_mac_size =
800 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
801
802 /* Check that the length for a truncated MAC always fits in the algorithm
803 * encoding. The shifted mask is the maximum truncated value. The
804 * untruncated algorithm may be one byte larger. */
805 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
806}
807/* END_CASE */
808
809/* BEGIN_CASE */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]810void init_deinit( )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]811{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]812 psa_status_t status;
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]813 int i;
814 for( i = 0; i <= 1; i++ )
815 {
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]816 status = psa_crypto_init( );
817 TEST_ASSERT( status == PSA_SUCCESS );
818 status = psa_crypto_init( );
819 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]820 mbedtls_psa_crypto_free( );
821 }
822}
823/* END_CASE */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]824
825/* BEGIN_CASE */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]826void fill_slots( int max_arg )
827{
828 /* Fill all the slots until we run out of memory or out of slots,
829 * or until some limit specified in the test data for the sake of
830 * implementations with an essentially unlimited number of slots.
831 * This test assumes that available slots are numbered from 1. */
832
833 psa_key_slot_t slot;
834 psa_key_slot_t max = 0;
835 psa_key_policy_t policy;
836 uint8_t exported[sizeof( max )];
837 size_t exported_size;
838 psa_status_t status;
839
840 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
841
842 psa_key_policy_init( &policy );
843 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
844
845 for( max = 1; max <= (size_t) max_arg; max++ )
846 {
847 status = psa_set_key_policy( max, &policy );
848 /* Stop filling slots if we run out of memory or out of
849 * available slots. */
850 TEST_ASSERT( status == PSA_SUCCESS ||
851 status == PSA_ERROR_INSUFFICIENT_MEMORY ||
852 status == PSA_ERROR_INVALID_ARGUMENT );
853 if( status != PSA_SUCCESS )
854 break;
855 status = psa_import_key( max, PSA_KEY_TYPE_RAW_DATA,
856 (uint8_t*) &max, sizeof( max ) );
857 /* Since psa_set_key_policy succeeded, we know that the slot
858 * number is valid. But we may legitimately run out of memory. */
859 TEST_ASSERT( status == PSA_SUCCESS ||
860 status == PSA_ERROR_INSUFFICIENT_MEMORY );
861 if( status != PSA_SUCCESS )
862 break;
863 }
864 /* `max` is now the first slot number that wasn't filled. */
865 max -= 1;
866
867 for( slot = 1; slot <= max; slot++ )
868 {
869 TEST_ASSERT( psa_export_key( slot,
870 exported, sizeof( exported ),
871 &exported_size ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]872 ASSERT_COMPARE( &slot, sizeof( slot ), exported, exported_size );
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]873 }
874
875exit:
Gilles Peskine9a056342018-08-01 15:46:54 +0200[diff] [blame]876 /* Do not destroy the keys. mbedtls_psa_crypto_free() should do it. */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]877 mbedtls_psa_crypto_free( );
878}
879/* END_CASE */
880
881/* BEGIN_CASE */
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]882void import( data_t *data, int type, int expected_status_arg )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]883{
884 int slot = 1;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]885 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]886 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]887
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]888 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]889 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]890 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
891
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]892 status = psa_import_key( slot, type, data->x, data->len );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]893 TEST_ASSERT( status == expected_status );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]894 if( status == PSA_SUCCESS )
895 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
896
897exit:
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]898 mbedtls_psa_crypto_free( );
899}
900/* END_CASE */
901
902/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]903void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
904{
905 int slot = 1;
906 size_t bits = bits_arg;
907 psa_status_t expected_status = expected_status_arg;
908 psa_status_t status;
909 psa_key_type_t type =
910 keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
911 size_t buffer_size = /* Slight overapproximations */
912 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]913 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]914 unsigned char *p;
915 int ret;
916 size_t length;
917
918 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]919 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]920
921 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
922 bits, keypair ) ) >= 0 );
923 length = ret;
924
925 /* Try importing the key */
926 status = psa_import_key( slot, type, p, length );
927 TEST_ASSERT( status == expected_status );
928 if( status == PSA_SUCCESS )
929 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
930
931exit:
932 mbedtls_free( buffer );
933 mbedtls_psa_crypto_free( );
934}
935/* END_CASE */
936
937/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]938void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300[diff] [blame]939 int type_arg,
940 int alg_arg,
941 int usage_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]942 int expected_bits,
943 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]944 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]945 int canonical_input )
946{
947 int slot = 1;
948 int slot2 = slot + 1;
949 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]950 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]951 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]952 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]953 unsigned char *exported = NULL;
954 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]955 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]956 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]957 size_t reexported_length;
958 psa_key_type_t got_type;
959 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]960 psa_key_policy_t policy;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]961
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]962 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]963 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]964 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]965 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]966 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]967 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]968 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
969
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]970 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]971 psa_key_policy_set_usage( &policy, usage_arg, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]972 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
973
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]974 /* Import the key */
975 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]976 data->x, data->len ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]977
978 /* Test the key information */
979 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]980 &got_type,
981 &got_bits ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]982 TEST_ASSERT( got_type == type );
983 TEST_ASSERT( got_bits == (size_t) expected_bits );
984
985 /* Export the key */
986 status = psa_export_key( slot,
987 exported, export_size,
988 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]989 TEST_ASSERT( status == expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]990
991 /* The exported length must be set by psa_export_key() to a value between 0
992 * and export_size. On errors, the exported length must be 0. */
993 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
994 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
995 TEST_ASSERT( exported_length <= export_size );
996
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]997 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]998 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]999 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1000 {
1001 TEST_ASSERT( exported_length == 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1002 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1003 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1004
Gilles Peskine8f609232018-08-11 01:24:55 +0200[diff] [blame]1005 if( ! exercise_export_key( slot, usage_arg ) )
1006 goto exit;
1007
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1008 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1009 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1010 else
1011 {
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1012 TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );
1013
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1014 TEST_ASSERT( psa_import_key( slot2, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1015 exported,
Gilles Peskineb67f3082018-08-07 15:33:10 +0200[diff] [blame]1016 exported_length ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1017 TEST_ASSERT( psa_export_key( slot2,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1018 reexported,
1019 export_size,
1020 &reexported_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1021 ASSERT_COMPARE( exported, exported_length,
1022 reexported, reexported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1023 }
1024
1025destroy:
1026 /* Destroy the key */
1027 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1028 TEST_ASSERT( psa_get_key_information(
1029 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
1030
1031exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1032 mbedtls_free( exported );
1033 mbedtls_free( reexported );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1034 mbedtls_psa_crypto_free( );
1035}
1036/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1037
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1038/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1039void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1040 int type_arg,
1041 int alg_arg,
1042 int expected_bits,
1043 int public_key_expected_length,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1044 int expected_export_status_arg )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1045{
1046 int slot = 1;
1047 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1048 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1049 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1050 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1051 unsigned char *exported = NULL;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1052 size_t export_size;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1053 size_t exported_length = INVALID_EXPORT_LENGTH;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1054 psa_key_type_t got_type;
1055 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1056 psa_key_policy_t policy;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1057
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1058 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1059 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]1060 export_size = (ptrdiff_t) data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1061 ASSERT_ALLOC( exported, export_size );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1062
1063 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1064
1065 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1066 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1067 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1068
1069 /* Import the key */
1070 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1071 data->x, data->len ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1072
1073 /* Test the key information */
1074 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]1075 &got_type,
1076 &got_bits ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1077 TEST_ASSERT( got_type == type );
1078 TEST_ASSERT( got_bits == (size_t) expected_bits );
1079
1080 /* Export the key */
1081 status = psa_export_public_key( slot,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1082 exported, export_size,
1083 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1084 TEST_ASSERT( status == expected_export_status );
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1085 TEST_ASSERT( exported_length == (size_t) public_key_expected_length );
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1086 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1087 export_size - exported_length ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1088 if( status != PSA_SUCCESS )
1089 goto destroy;
1090
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1091destroy:
1092 /* Destroy the key */
1093 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1094 TEST_ASSERT( psa_get_key_information(
1095 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
1096
1097exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1098 mbedtls_free( exported );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1099 mbedtls_psa_crypto_free( );
1100}
1101/* END_CASE */
1102
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1103/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1104void import_and_exercise_key( data_t *data,
1105 int type_arg,
1106 int bits_arg,
1107 int alg_arg )
1108{
1109 int slot = 1;
1110 psa_key_type_t type = type_arg;
1111 size_t bits = bits_arg;
1112 psa_algorithm_t alg = alg_arg;
1113 psa_key_usage_t usage =
1114 ( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ?
1115 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
1116 PSA_KEY_USAGE_VERIFY :
1117 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY ) :
1118 PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
1119 PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ?
1120 ( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
1121 PSA_KEY_USAGE_ENCRYPT :
1122 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ) :
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1123 PSA_ALG_IS_KEY_DERIVATION( alg ) ? PSA_KEY_USAGE_DERIVE :
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1124 0 );
1125 psa_key_policy_t policy;
1126 psa_key_type_t got_type;
1127 size_t got_bits;
1128 psa_status_t status;
1129
1130 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1131
1132 psa_key_policy_init( &policy );
1133 psa_key_policy_set_usage( &policy, usage, alg );
1134 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1135
1136 /* Import the key */
1137 status = psa_import_key( slot, type, data->x, data->len );
1138 TEST_ASSERT( status == PSA_SUCCESS );
1139
1140 /* Test the key information */
1141 TEST_ASSERT( psa_get_key_information( slot,
1142 &got_type,
1143 &got_bits ) == PSA_SUCCESS );
1144 TEST_ASSERT( got_type == type );
1145 TEST_ASSERT( got_bits == bits );
1146
1147 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]1148 if( ! exercise_key( slot, usage, alg ) )
1149 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1150
1151exit:
1152 psa_destroy_key( slot );
1153 mbedtls_psa_crypto_free( );
1154}
1155/* END_CASE */
1156
1157/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1158void key_policy( int usage_arg, int alg_arg )
1159{
1160 int key_slot = 1;
1161 psa_algorithm_t alg = alg_arg;
1162 psa_key_usage_t usage = usage_arg;
1163 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
1164 unsigned char key[32] = {0};
1165 psa_key_policy_t policy_set;
1166 psa_key_policy_t policy_get;
1167
1168 memset( key, 0x2a, sizeof( key ) );
1169
1170 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1171
1172 psa_key_policy_init( &policy_set );
1173 psa_key_policy_init( &policy_get );
1174
1175 psa_key_policy_set_usage( &policy_set, usage, alg );
1176
1177 TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage );
1178 TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg );
1179 TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );
1180
1181 TEST_ASSERT( psa_import_key( key_slot, key_type,
1182 key, sizeof( key ) ) == PSA_SUCCESS );
1183
1184 TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );
1185
1186 TEST_ASSERT( policy_get.usage == policy_set.usage );
1187 TEST_ASSERT( policy_get.alg == policy_set.alg );
1188
1189exit:
1190 psa_destroy_key( key_slot );
1191 mbedtls_psa_crypto_free( );
1192}
1193/* END_CASE */
1194
1195/* BEGIN_CASE */
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1196void mac_key_policy( int policy_usage,
1197 int policy_alg,
1198 int key_type,
1199 data_t *key_data,
1200 int exercise_alg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1201{
1202 int key_slot = 1;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1203 psa_key_policy_t policy;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1204 psa_mac_operation_t operation;
1205 psa_status_t status;
1206 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1207
1208 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1209
1210 psa_key_policy_init( &policy );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1211 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1212 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1213
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1214 TEST_ASSERT( psa_import_key( key_slot, key_type,
1215 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1216
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1217 status = psa_mac_sign_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1218 if( policy_alg == exercise_alg &&
1219 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1220 TEST_ASSERT( status == PSA_SUCCESS );
1221 else
1222 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1223 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1224
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1225 memset( mac, 0, sizeof( mac ) );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1226 status = psa_mac_verify_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1227 if( policy_alg == exercise_alg &&
1228 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1229 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1230 else
1231 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1232
1233exit:
1234 psa_mac_abort( &operation );
1235 psa_destroy_key( key_slot );
1236 mbedtls_psa_crypto_free( );
1237}
1238/* END_CASE */
1239
1240/* BEGIN_CASE */
1241void cipher_key_policy( int policy_usage,
1242 int policy_alg,
1243 int key_type,
1244 data_t *key_data,
1245 int exercise_alg )
1246{
1247 int key_slot = 1;
1248 psa_key_policy_t policy;
1249 psa_cipher_operation_t operation;
1250 psa_status_t status;
1251
1252 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1253
1254 psa_key_policy_init( &policy );
1255 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1256 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1257
1258 TEST_ASSERT( psa_import_key( key_slot, key_type,
1259 key_data->x, key_data->len ) == PSA_SUCCESS );
1260
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1261 status = psa_cipher_encrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1262 if( policy_alg == exercise_alg &&
1263 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1264 TEST_ASSERT( status == PSA_SUCCESS );
1265 else
1266 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1267 psa_cipher_abort( &operation );
1268
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1269 status = psa_cipher_decrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1270 if( policy_alg == exercise_alg &&
1271 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1272 TEST_ASSERT( status == PSA_SUCCESS );
1273 else
1274 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1275
1276exit:
1277 psa_cipher_abort( &operation );
1278 psa_destroy_key( key_slot );
1279 mbedtls_psa_crypto_free( );
1280}
1281/* END_CASE */
1282
1283/* BEGIN_CASE */
1284void aead_key_policy( int policy_usage,
1285 int policy_alg,
1286 int key_type,
1287 data_t *key_data,
1288 int nonce_length_arg,
1289 int tag_length_arg,
1290 int exercise_alg )
1291{
1292 int key_slot = 1;
1293 psa_key_policy_t policy;
1294 psa_status_t status;
1295 unsigned char nonce[16] = {0};
1296 size_t nonce_length = nonce_length_arg;
1297 unsigned char tag[16];
1298 size_t tag_length = tag_length_arg;
1299 size_t output_length;
1300
1301 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
1302 TEST_ASSERT( tag_length <= sizeof( tag ) );
1303
1304 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1305
1306 psa_key_policy_init( &policy );
1307 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1308 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1309
1310 TEST_ASSERT( psa_import_key( key_slot, key_type,
1311 key_data->x, key_data->len ) == PSA_SUCCESS );
1312
1313 status = psa_aead_encrypt( key_slot, exercise_alg,
1314 nonce, nonce_length,
1315 NULL, 0,
1316 NULL, 0,
1317 tag, tag_length,
1318 &output_length );
1319 if( policy_alg == exercise_alg &&
1320 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1321 TEST_ASSERT( status == PSA_SUCCESS );
1322 else
1323 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1324
1325 memset( tag, 0, sizeof( tag ) );
1326 status = psa_aead_decrypt( key_slot, exercise_alg,
1327 nonce, nonce_length,
1328 NULL, 0,
1329 tag, tag_length,
1330 NULL, 0,
1331 &output_length );
1332 if( policy_alg == exercise_alg &&
1333 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1334 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1335 else
1336 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1337
1338exit:
1339 psa_destroy_key( key_slot );
1340 mbedtls_psa_crypto_free( );
1341}
1342/* END_CASE */
1343
1344/* BEGIN_CASE */
1345void asymmetric_encryption_key_policy( int policy_usage,
1346 int policy_alg,
1347 int key_type,
1348 data_t *key_data,
1349 int exercise_alg )
1350{
1351 int key_slot = 1;
1352 psa_key_policy_t policy;
1353 psa_status_t status;
1354 size_t key_bits;
1355 size_t buffer_length;
1356 unsigned char *buffer = NULL;
1357 size_t output_length;
1358
1359 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1360
1361 psa_key_policy_init( &policy );
1362 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1363 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1364
1365 TEST_ASSERT( psa_import_key( key_slot, key_type,
1366 key_data->x, key_data->len ) == PSA_SUCCESS );
1367
1368 TEST_ASSERT( psa_get_key_information( key_slot,
1369 NULL,
1370 &key_bits ) == PSA_SUCCESS );
1371 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1372 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1373 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1374
1375 status = psa_asymmetric_encrypt( key_slot, exercise_alg,
1376 NULL, 0,
1377 NULL, 0,
1378 buffer, buffer_length,
1379 &output_length );
1380 if( policy_alg == exercise_alg &&
1381 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1382 TEST_ASSERT( status == PSA_SUCCESS );
1383 else
1384 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1385
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]1386 if( buffer_length != 0 )
1387 memset( buffer, 0, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1388 status = psa_asymmetric_decrypt( key_slot, exercise_alg,
1389 buffer, buffer_length,
1390 NULL, 0,
1391 buffer, buffer_length,
1392 &output_length );
1393 if( policy_alg == exercise_alg &&
1394 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1395 TEST_ASSERT( status == PSA_ERROR_INVALID_PADDING );
1396 else
1397 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1398
1399exit:
1400 psa_destroy_key( key_slot );
1401 mbedtls_psa_crypto_free( );
1402 mbedtls_free( buffer );
1403}
1404/* END_CASE */
1405
1406/* BEGIN_CASE */
1407void asymmetric_signature_key_policy( int policy_usage,
1408 int policy_alg,
1409 int key_type,
1410 data_t *key_data,
1411 int exercise_alg )
1412{
1413 int key_slot = 1;
1414 psa_key_policy_t policy;
1415 psa_status_t status;
1416 unsigned char payload[16] = {1};
1417 size_t payload_length = sizeof( payload );
1418 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
1419 size_t signature_length;
1420
1421 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1422
1423 psa_key_policy_init( &policy );
1424 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1425 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1426
1427 TEST_ASSERT( psa_import_key( key_slot, key_type,
1428 key_data->x, key_data->len ) == PSA_SUCCESS );
1429
1430 status = psa_asymmetric_sign( key_slot, exercise_alg,
1431 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1432 signature, sizeof( signature ),
1433 &signature_length );
1434 if( policy_alg == exercise_alg &&
1435 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1436 TEST_ASSERT( status == PSA_SUCCESS );
1437 else
1438 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1439
1440 memset( signature, 0, sizeof( signature ) );
1441 status = psa_asymmetric_verify( key_slot, exercise_alg,
1442 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1443 signature, sizeof( signature ) );
1444 if( policy_alg == exercise_alg &&
1445 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1446 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1447 else
1448 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1449
1450exit:
1451 psa_destroy_key( key_slot );
1452 mbedtls_psa_crypto_free( );
1453}
1454/* END_CASE */
1455
1456/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1457void derive_key_policy( int policy_usage,
1458 int policy_alg,
1459 int key_type,
1460 data_t *key_data,
1461 int exercise_alg )
1462{
1463 int key_slot = 1;
1464 psa_key_policy_t policy;
1465 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1466 psa_status_t status;
1467
1468 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1469
1470 psa_key_policy_init( &policy );
1471 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1472 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1473
1474 TEST_ASSERT( psa_import_key( key_slot, key_type,
1475 key_data->x, key_data->len ) == PSA_SUCCESS );
1476
1477 status = psa_key_derivation( &generator, key_slot,
1478 exercise_alg,
1479 NULL, 0,
1480 NULL, 0,
1481 1 );
1482 if( policy_alg == exercise_alg &&
1483 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1484 TEST_ASSERT( status == PSA_SUCCESS );
1485 else
1486 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1487
1488exit:
1489 psa_generator_abort( &generator );
1490 psa_destroy_key( key_slot );
1491 mbedtls_psa_crypto_free( );
1492}
1493/* END_CASE */
1494
1495/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1496void key_lifetime( int lifetime_arg )
1497{
1498 int key_slot = 1;
Gilles Peskinec32f0302018-08-10 16:02:11 +0200[diff] [blame]1499 psa_key_type_t key_type = PSA_KEY_TYPE_RAW_DATA;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1500 unsigned char key[32] = {0};
1501 psa_key_lifetime_t lifetime_set = lifetime_arg;
1502 psa_key_lifetime_t lifetime_get;
1503
1504 memset( key, 0x2a, sizeof( key ) );
1505
1506 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1507
1508 TEST_ASSERT( psa_set_key_lifetime( key_slot,
1509 lifetime_set ) == PSA_SUCCESS );
1510
1511 TEST_ASSERT( psa_import_key( key_slot, key_type,
1512 key, sizeof( key ) ) == PSA_SUCCESS );
1513
1514 TEST_ASSERT( psa_get_key_lifetime( key_slot,
1515 &lifetime_get ) == PSA_SUCCESS );
1516
1517 TEST_ASSERT( lifetime_get == lifetime_set );
1518
1519exit:
1520 psa_destroy_key( key_slot );
1521 mbedtls_psa_crypto_free( );
1522}
1523/* END_CASE */
1524
1525/* BEGIN_CASE */
1526void key_lifetime_set_fail( int key_slot_arg,
1527 int lifetime_arg,
1528 int expected_status_arg )
1529{
1530 psa_key_slot_t key_slot = key_slot_arg;
1531 psa_key_lifetime_t lifetime_set = lifetime_arg;
1532 psa_status_t actual_status;
1533 psa_status_t expected_status = expected_status_arg;
1534
1535 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1536
1537 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1538
1539 if( actual_status == PSA_SUCCESS )
1540 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1541
1542 TEST_ASSERT( expected_status == actual_status );
1543
1544exit:
1545 psa_destroy_key( key_slot );
1546 mbedtls_psa_crypto_free( );
1547}
1548/* END_CASE */
1549
1550/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1551void hash_setup( int alg_arg,
1552 int expected_status_arg )
1553{
1554 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1555 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1556 psa_hash_operation_t operation;
1557 psa_status_t status;
1558
1559 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1560
Gilles Peskineda8191d1c2018-07-08 19:46:38 +0200[diff] [blame]1561 status = psa_hash_setup( &operation, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1562 psa_hash_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1563 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1564
1565exit:
1566 mbedtls_psa_crypto_free( );
1567}
1568/* END_CASE */
1569
1570/* BEGIN_CASE */
itayzafrir02d62952018-10-24 12:45:18 +0300[diff] [blame]1571void hash_bad_paths( )
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1572{
1573 psa_algorithm_t alg = PSA_ALG_SHA_256;
1574 unsigned char hash[PSA_HASH_MAX_SIZE] = { 0 };
1575 size_t expected_size = PSA_HASH_SIZE( alg );
1576 unsigned char input[] = "input";
1577 psa_hash_operation_t operation;
1578 size_t hash_len;
1579
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame^]1580 /* SHA-256 hash digest of the string 'input' with 2 extra bytes appended at
1581 * the end */
1582 unsigned char extra_length_digest[] =
1583 {
1584 0x3a, 0x28, 0x92, 0x32, 0x39, 0x9a, 0x20, 0x75, 0x09, 0xf4, 0xfa, 0x9d,
1585 0x70, 0xfa, 0x6f, 0x68, 0x81, 0x7c, 0xe6, 0xa6, 0x6f, 0x21, 0x50, 0xff,
1586 0x08, 0x23, 0x36, 0x31, 0x1f, 0x4e, 0x55, 0xfe, 0xaa, 0xbb
1587 };
1588
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1589 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1590
1591 /* psa_hash_update without calling psa_hash_setup beforehand */
1592 memset( &operation, 0, sizeof( operation ) );
1593 TEST_ASSERT( psa_hash_update( &operation,
1594 input, sizeof( input ) ) ==
1595 PSA_ERROR_INVALID_ARGUMENT );
1596
1597 /* psa_hash_finish without calling psa_hash_setup beforehand */
1598 memset( &operation, 0, sizeof( operation ) );
1599 TEST_ASSERT( psa_hash_finish( &operation,
1600 hash, expected_size,
1601 &hash_len ) == PSA_ERROR_INVALID_ARGUMENT );
1602
1603 /* psa_hash_verify without calling psa_hash_setup beforehand */
1604 memset( &operation, 0, sizeof( operation ) );
1605 TEST_ASSERT( psa_hash_verify( &operation,
1606 hash, expected_size ) ==
1607 PSA_ERROR_INVALID_ARGUMENT );
1608
1609 /* psa_hash_finish with a smaller hash buffer than expected */
1610 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1611 TEST_ASSERT( psa_hash_finish( &operation,
1612 hash, expected_size - 1,
1613 &hash_len ) == PSA_ERROR_BUFFER_TOO_SMALL );
1614
1615
itayzafrir69290f02018-10-24 13:50:54 +0300[diff] [blame]1616 /* psa_hash_verify with a smaller hash digest than expected */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1617 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1618 TEST_ASSERT( psa_hash_verify( &operation,
1619 hash, expected_size - 1 ) ==
1620 PSA_ERROR_INVALID_SIGNATURE );
1621
itayzafrir69290f02018-10-24 13:50:54 +0300[diff] [blame]1622 /* psa_hash_verify with a non-matching hash digest */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1623 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1624 TEST_ASSERT( psa_hash_update( &operation,
1625 input, sizeof( input ) ) == PSA_SUCCESS );
1626 TEST_ASSERT( psa_hash_verify( &operation,
1627 hash, expected_size ) ==
1628 PSA_ERROR_INVALID_SIGNATURE );
1629
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame^]1630 /* psa_hash_verify with a hash digest longer than expected, where the first
1631 * 32 bytes match the expected digest but 2 extra bytes are appended at the
1632 * end of the digest */
1633 memset( hash, 0, sizeof( hash ) );
1634 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1635 TEST_ASSERT( psa_hash_update( &operation,
1636 input, sizeof( input ) ) == PSA_SUCCESS );
1637 TEST_ASSERT( psa_hash_verify( &operation,
1638 extra_length_digest,
1639 sizeof( extra_length_digest ) ) ==
1640 PSA_ERROR_INVALID_SIGNATURE );
1641
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1642exit:
1643 mbedtls_psa_crypto_free( );
1644}
1645/* END_CASE */
1646
1647/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1648void mac_setup( int key_type_arg,
1649 data_t *key,
1650 int alg_arg,
1651 int expected_status_arg )
1652{
1653 int key_slot = 1;
1654 psa_key_type_t key_type = key_type_arg;
1655 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1656 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1657 psa_mac_operation_t operation;
1658 psa_key_policy_t policy;
1659 psa_status_t status;
1660
1661 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1662
1663 psa_key_policy_init( &policy );
1664 psa_key_policy_set_usage( &policy,
1665 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
1666 alg );
1667 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1668
1669 TEST_ASSERT( psa_import_key( key_slot, key_type,
1670 key->x, key->len ) == PSA_SUCCESS );
1671
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1672 status = psa_mac_sign_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1673 psa_mac_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1674 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1675
1676exit:
1677 psa_destroy_key( key_slot );
1678 mbedtls_psa_crypto_free( );
1679}
1680/* END_CASE */
1681
1682/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1683void mac_sign( int key_type_arg,
1684 data_t *key,
1685 int alg_arg,
1686 data_t *input,
1687 data_t *expected_mac )
1688{
1689 int key_slot = 1;
1690 psa_key_type_t key_type = key_type_arg;
1691 psa_algorithm_t alg = alg_arg;
1692 psa_mac_operation_t operation;
1693 psa_key_policy_t policy;
1694 /* Leave a little extra room in the output buffer. At the end of the
1695 * test, we'll check that the implementation didn't overwrite onto
1696 * this extra room. */
1697 uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10];
1698 size_t mac_buffer_size =
1699 PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
1700 size_t mac_length = 0;
1701
1702 memset( actual_mac, '+', sizeof( actual_mac ) );
1703 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
1704 TEST_ASSERT( expected_mac->len <= mac_buffer_size );
1705
1706 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1707
1708 psa_key_policy_init( &policy );
1709 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
1710 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1711
1712 TEST_ASSERT( psa_import_key( key_slot, key_type,
1713 key->x, key->len ) == PSA_SUCCESS );
1714
1715 /* Calculate the MAC. */
1716 TEST_ASSERT( psa_mac_sign_setup( &operation,
1717 key_slot, alg ) == PSA_SUCCESS );
1718 TEST_ASSERT( psa_mac_update( &operation,
1719 input->x, input->len ) == PSA_SUCCESS );
1720 TEST_ASSERT( psa_mac_sign_finish( &operation,
1721 actual_mac, mac_buffer_size,
1722 &mac_length ) == PSA_SUCCESS );
1723
1724 /* Compare with the expected value. */
1725 TEST_ASSERT( mac_length == expected_mac->len );
1726 TEST_ASSERT( memcmp( actual_mac, expected_mac->x, mac_length ) == 0 );
1727
1728 /* Verify that the end of the buffer is untouched. */
1729 TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+',
1730 sizeof( actual_mac ) - mac_length ) );
1731
1732exit:
1733 psa_destroy_key( key_slot );
1734 mbedtls_psa_crypto_free( );
1735}
1736/* END_CASE */
1737
1738/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]1739void mac_verify( int key_type_arg,
1740 data_t *key,
1741 int alg_arg,
1742 data_t *input,
1743 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1744{
1745 int key_slot = 1;
1746 psa_key_type_t key_type = key_type_arg;
1747 psa_algorithm_t alg = alg_arg;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1748 psa_mac_operation_t operation;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1749 psa_key_policy_t policy;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1750
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]1751 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
1752
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1753 TEST_ASSERT( key != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1754 TEST_ASSERT( input != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1755 TEST_ASSERT( expected_mac != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1756 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1757 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1758 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1759
1760 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1761
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1762 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1763 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1764 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1765
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1766 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1767 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]1768
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1769 TEST_ASSERT( psa_mac_verify_setup( &operation,
1770 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1771 TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
1772 TEST_ASSERT( psa_mac_update( &operation,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1773 input->x, input->len ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]1774 TEST_ASSERT( psa_mac_verify_finish( &operation,
1775 expected_mac->x,
1776 expected_mac->len ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1777
1778exit:
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1779 psa_destroy_key( key_slot );
1780 mbedtls_psa_crypto_free( );
1781}
1782/* END_CASE */
1783
1784/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1785void cipher_setup( int key_type_arg,
1786 data_t *key,
1787 int alg_arg,
1788 int expected_status_arg )
1789{
1790 int key_slot = 1;
1791 psa_key_type_t key_type = key_type_arg;
1792 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1793 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1794 psa_cipher_operation_t operation;
1795 psa_key_policy_t policy;
1796 psa_status_t status;
1797
1798 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1799
1800 psa_key_policy_init( &policy );
1801 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1802 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1803
1804 TEST_ASSERT( psa_import_key( key_slot, key_type,
1805 key->x, key->len ) == PSA_SUCCESS );
1806
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1807 status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1808 psa_cipher_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1809 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1810
1811exit:
1812 psa_destroy_key( key_slot );
1813 mbedtls_psa_crypto_free( );
1814}
1815/* END_CASE */
1816
1817/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1818void cipher_encrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1819 data_t *key,
1820 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1821 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1822{
1823 int key_slot = 1;
1824 psa_status_t status;
1825 psa_key_type_t key_type = key_type_arg;
1826 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1827 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1828 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1829 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1830 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1831 size_t output_buffer_size = 0;
1832 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1833 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1834 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1835 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1836
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1837 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1838 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1839 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1840 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1841 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1842 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1843
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1844 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1845 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1846
1847 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1848
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1849 psa_key_policy_init( &policy );
1850 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1851 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1852
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1853 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1854 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1855
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1856 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
1857 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1858
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1859 TEST_ASSERT( psa_cipher_set_iv( &operation,
1860 iv, iv_size ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1861 output_buffer_size = (size_t) input->len +
1862 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1863 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1864
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1865 TEST_ASSERT( psa_cipher_update( &operation,
1866 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1867 output, output_buffer_size,
1868 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1869 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1870 status = psa_cipher_finish( &operation,
1871 output + function_output_length,
1872 output_buffer_size,
1873 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1874 total_output_length += function_output_length;
1875
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1876 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1877 if( expected_status == PSA_SUCCESS )
1878 {
1879 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1880 ASSERT_COMPARE( expected_output->x, expected_output->len,
1881 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1882 }
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1883
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1884exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1885 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1886 psa_destroy_key( key_slot );
1887 mbedtls_psa_crypto_free( );
1888}
1889/* END_CASE */
1890
1891/* BEGIN_CASE */
1892void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1893 data_t *key,
1894 data_t *input,
1895 int first_part_size,
1896 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1897{
1898 int key_slot = 1;
1899 psa_key_type_t key_type = key_type_arg;
1900 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1901 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1902 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1903 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1904 size_t output_buffer_size = 0;
1905 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1906 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1907 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1908 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1909
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1910 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1911 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1912 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1913 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1914 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1915 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1916
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1917 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1918 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1919
1920 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1921
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1922 psa_key_policy_init( &policy );
1923 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
1924 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1925
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1926 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1927 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1928
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1929 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
1930 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1931
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1932 TEST_ASSERT( psa_cipher_set_iv( &operation,
1933 iv, sizeof( iv ) ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]1934 output_buffer_size = (size_t) input->len +
1935 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1936 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1937
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1938 TEST_ASSERT( (unsigned int) first_part_size < input->len );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1939 TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1940 output, output_buffer_size,
1941 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1942 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1943 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1944 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1945 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1946 output, output_buffer_size,
1947 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1948 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1949 TEST_ASSERT( psa_cipher_finish( &operation,
1950 output + function_output_length,
1951 output_buffer_size,
1952 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1953 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1954 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
1955
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1956 ASSERT_COMPARE( expected_output->x, expected_output->len,
1957 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1958
1959exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1960 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1961 psa_destroy_key( key_slot );
1962 mbedtls_psa_crypto_free( );
1963}
1964/* END_CASE */
1965
1966/* BEGIN_CASE */
1967void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1968 data_t *key,
1969 data_t *input,
1970 int first_part_size,
1971 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1972{
1973 int key_slot = 1;
1974
1975 psa_key_type_t key_type = key_type_arg;
1976 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1977 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1978 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1979 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1980 size_t output_buffer_size = 0;
1981 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]1982 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1983 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1984 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1985
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1986 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1987 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1988 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1989 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
1990 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
1991 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1992
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]1993 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
1994 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]1995
1996 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1997
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]1998 psa_key_policy_init( &policy );
1999 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2000 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2001
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2002 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2003 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2004
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2005 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2006 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2007
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2008 TEST_ASSERT( psa_cipher_set_iv( &operation,
2009 iv, sizeof( iv ) ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2010
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2011 output_buffer_size = (size_t) input->len +
2012 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2013 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2014
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2015 TEST_ASSERT( (unsigned int) first_part_size < input->len );
2016 TEST_ASSERT( psa_cipher_update( &operation,
2017 input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2018 output, output_buffer_size,
2019 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2020 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2021 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2022 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2023 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2024 output, output_buffer_size,
2025 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2026 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2027 TEST_ASSERT( psa_cipher_finish( &operation,
2028 output + function_output_length,
2029 output_buffer_size,
2030 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2031 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2032 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2033
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2034 ASSERT_COMPARE( expected_output->x, expected_output->len,
2035 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2036
2037exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2038 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2039 psa_destroy_key( key_slot );
2040 mbedtls_psa_crypto_free( );
2041}
2042/* END_CASE */
2043
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2044/* BEGIN_CASE */
2045void cipher_decrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2046 data_t *key,
2047 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2048 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2049{
2050 int key_slot = 1;
2051 psa_status_t status;
2052 psa_key_type_t key_type = key_type_arg;
2053 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2054 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2055 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2056 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2057 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2058 size_t output_buffer_size = 0;
2059 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2060 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2061 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2062 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2063
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2064 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2065 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2066 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2067 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2068 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2069 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2070
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2071 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2072 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2073
2074 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2075
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2076 psa_key_policy_init( &policy );
2077 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2078 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2079
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2080 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2081 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2082
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2083 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2084 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2085
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2086 TEST_ASSERT( psa_cipher_set_iv( &operation,
2087 iv, iv_size ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2088
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2089 output_buffer_size = (size_t) input->len +
2090 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2091 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2092
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2093 TEST_ASSERT( psa_cipher_update( &operation,
2094 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2095 output, output_buffer_size,
2096 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2097 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2098 status = psa_cipher_finish( &operation,
2099 output + function_output_length,
2100 output_buffer_size,
2101 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2102 total_output_length += function_output_length;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2103 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2104
2105 if( expected_status == PSA_SUCCESS )
2106 {
2107 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2108 ASSERT_COMPARE( expected_output->x, expected_output->len,
2109 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2110 }
2111
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2112exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2113 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2114 psa_destroy_key( key_slot );
2115 mbedtls_psa_crypto_free( );
2116}
2117/* END_CASE */
2118
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2119/* BEGIN_CASE */
2120void cipher_verify_output( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2121 data_t *key,
2122 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2123{
2124 int key_slot = 1;
2125 psa_key_type_t key_type = key_type_arg;
2126 psa_algorithm_t alg = alg_arg;
mohammad1603e6b67a12018-03-12 10:38:49 -0700[diff] [blame]2127 unsigned char iv[16] = {0};
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2128 size_t iv_size = 16;
2129 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2130 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2131 size_t output1_size = 0;
2132 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2133 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2134 size_t output2_size = 0;
2135 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2136 size_t function_output_length = 0;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2137 psa_cipher_operation_t operation1;
2138 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2139 psa_key_policy_t policy;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2140
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2141 TEST_ASSERT( key != NULL );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2142 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2143 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2144 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2145
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2146 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2147
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2148 psa_key_policy_init( &policy );
2149 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2150 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2151
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2152 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2153 key->x, key->len ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2154
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2155 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2156 key_slot, alg ) == PSA_SUCCESS );
2157 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2158 key_slot, alg ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2159
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2160 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2161 iv, iv_size,
2162 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2163 output1_size = (size_t) input->len +
2164 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2165 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2166
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2167 TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2168 output1, output1_size,
2169 &output1_length ) == PSA_SUCCESS );
2170 TEST_ASSERT( psa_cipher_finish( &operation1,
2171 output1 + output1_length, output1_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2172 &function_output_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2173
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2174 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2175
2176 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2177
2178 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2179 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2180
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2181 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2182 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2183 TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
2184 output2, output2_size,
2185 &output2_length ) == PSA_SUCCESS );
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2186 function_output_length = 0;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2187 TEST_ASSERT( psa_cipher_finish( &operation2,
2188 output2 + output2_length,
2189 output2_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2190 &function_output_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2191
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2192 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2193
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2194 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2195
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2196 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2197
2198exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2199 mbedtls_free( output1 );
2200 mbedtls_free( output2 );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2201 psa_destroy_key( key_slot );
2202 mbedtls_psa_crypto_free( );
2203}
2204/* END_CASE */
2205
2206/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2207void cipher_verify_output_multipart( int alg_arg,
2208 int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2209 data_t *key,
2210 data_t *input,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2211 int first_part_size )
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2212{
2213 int key_slot = 1;
2214 psa_key_type_t key_type = key_type_arg;
2215 psa_algorithm_t alg = alg_arg;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2216 unsigned char iv[16] = {0};
2217 size_t iv_size = 16;
2218 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2219 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2220 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2221 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2222 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2223 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2224 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2225 size_t function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2226 psa_cipher_operation_t operation1;
2227 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2228 psa_key_policy_t policy;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2229
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2230 TEST_ASSERT( key != NULL );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2231 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2232 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2233 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2234
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2235 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2236
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2237 psa_key_policy_init( &policy );
2238 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2239 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2240
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2241 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2242 key->x, key->len ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2243
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2244 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2245 key_slot, alg ) == PSA_SUCCESS );
2246 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2247 key_slot, alg ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2248
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2249 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2250 iv, iv_size,
2251 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2252 output1_buffer_size = (size_t) input->len +
2253 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2254 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2255
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2256 TEST_ASSERT( (unsigned int) first_part_size < input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2257
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2258 TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2259 output1, output1_buffer_size,
2260 &function_output_length ) == PSA_SUCCESS );
2261 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2262
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2263 TEST_ASSERT( psa_cipher_update( &operation1,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2264 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2265 input->len - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2266 output1, output1_buffer_size,
2267 &function_output_length ) == PSA_SUCCESS );
2268 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2269
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2270 TEST_ASSERT( psa_cipher_finish( &operation1,
2271 output1 + output1_length,
2272 output1_buffer_size - output1_length,
2273 &function_output_length ) == PSA_SUCCESS );
2274 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2275
2276 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2277
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2278 output2_buffer_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2279 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2280
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2281 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2282 iv, iv_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2283
2284 TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2285 output2, output2_buffer_size,
2286 &function_output_length ) == PSA_SUCCESS );
2287 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2288
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2289 TEST_ASSERT( psa_cipher_update( &operation2,
2290 output1 + first_part_size,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2291 output1_length - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2292 output2, output2_buffer_size,
2293 &function_output_length ) == PSA_SUCCESS );
2294 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2295
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2296 TEST_ASSERT( psa_cipher_finish( &operation2,
2297 output2 + output2_length,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2298 output2_buffer_size - output2_length,
2299 &function_output_length ) == PSA_SUCCESS );
2300 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2301
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2302 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2303
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2304 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2305
2306exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2307 mbedtls_free( output1 );
2308 mbedtls_free( output2 );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2309 psa_destroy_key( key_slot );
2310 mbedtls_psa_crypto_free( );
2311}
2312/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +0200[diff] [blame]2313
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2314/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2315void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2316 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2317 data_t *nonce,
2318 data_t *additional_data,
2319 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2320 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2321{
2322 int slot = 1;
2323 psa_key_type_t key_type = key_type_arg;
2324 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2325 unsigned char *output_data = NULL;
2326 size_t output_size = 0;
2327 size_t output_length = 0;
2328 unsigned char *output_data2 = NULL;
2329 size_t output_length2 = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2330 size_t tag_length = 16;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2331 psa_status_t expected_result = expected_result_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2332 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2333
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2334 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2335 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2336 TEST_ASSERT( nonce != NULL );
2337 TEST_ASSERT( additional_data != NULL );
2338 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2339 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2340 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2341 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2342
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2343 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2344 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2345
2346 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2347
2348 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2349 psa_key_policy_set_usage( &policy,
2350 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
2351 alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2352 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2353
2354 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2355 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2356
2357 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2358 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2359 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2360 additional_data->len,
2361 input_data->x, input_data->len,
2362 output_data, output_size,
2363 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2364
2365 if( PSA_SUCCESS == expected_result )
2366 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2367 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2368
2369 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2370 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2371 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2372 additional_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2373 output_data, output_length,
2374 output_data2, output_length,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2375 &output_length2 ) == expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2376
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2377 ASSERT_COMPARE( input_data->x, input_data->len,
2378 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2379 }
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2380
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2381exit:
2382 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2383 mbedtls_free( output_data );
2384 mbedtls_free( output_data2 );
2385 mbedtls_psa_crypto_free( );
2386}
2387/* END_CASE */
2388
2389/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2390void aead_encrypt( int key_type_arg, data_t *key_data,
2391 int alg_arg,
2392 data_t *nonce,
2393 data_t *additional_data,
2394 data_t *input_data,
2395 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2396{
2397 int slot = 1;
2398 psa_key_type_t key_type = key_type_arg;
2399 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2400 unsigned char *output_data = NULL;
2401 size_t output_size = 0;
2402 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2403 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2404 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2405
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2406 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2407 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2408 TEST_ASSERT( additional_data != NULL );
2409 TEST_ASSERT( nonce != NULL );
2410 TEST_ASSERT( expected_result != NULL );
2411 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2412 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2413 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2414 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2415 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) );
2416
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2417 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2418 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2419
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2420 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2421
2422 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2423 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2424 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2425
2426 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2427 key_data->x,
2428 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2429
2430 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2431 nonce->x, nonce->len,
2432 additional_data->x, additional_data->len,
2433 input_data->x, input_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2434 output_data, output_size,
2435 &output_length ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2436
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2437 ASSERT_COMPARE( expected_result->x, expected_result->len,
2438 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2439
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2440exit:
2441 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2442 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2443 mbedtls_psa_crypto_free( );
2444}
2445/* END_CASE */
2446
2447/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2448void aead_decrypt( int key_type_arg, data_t *key_data,
2449 int alg_arg,
2450 data_t *nonce,
2451 data_t *additional_data,
2452 data_t *input_data,
2453 data_t *expected_data,
2454 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2455{
2456 int slot = 1;
2457 psa_key_type_t key_type = key_type_arg;
2458 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2459 unsigned char *output_data = NULL;
2460 size_t output_size = 0;
2461 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2462 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2463 psa_key_policy_t policy;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2464 psa_status_t expected_result = expected_result_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2465
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2466 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2467 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2468 TEST_ASSERT( additional_data != NULL );
2469 TEST_ASSERT( nonce != NULL );
2470 TEST_ASSERT( expected_data != NULL );
2471 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2472 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2473 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2474 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2475 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2476
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2477 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2478 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2479
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2480 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2481
2482 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2483 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2484 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2485
2486 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2487 key_data->x,
2488 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2489
2490 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2491 nonce->x, nonce->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2492 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2493 additional_data->len,
2494 input_data->x, input_data->len,
2495 output_data, output_size,
2496 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2497
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2498 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2499 ASSERT_COMPARE( expected_data->x, expected_data->len,
2500 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2501
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2502exit:
2503 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2504 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2505 mbedtls_psa_crypto_free( );
2506}
2507/* END_CASE */
2508
2509/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2510void signature_size( int type_arg,
2511 int bits,
2512 int alg_arg,
2513 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2514{
2515 psa_key_type_t type = type_arg;
2516 psa_algorithm_t alg = alg_arg;
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2517 size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2518 TEST_ASSERT( actual_size == (size_t) expected_size_arg );
2519exit:
2520 ;
2521}
2522/* END_CASE */
2523
2524/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2525void sign_deterministic( int key_type_arg, data_t *key_data,
2526 int alg_arg, data_t *input_data,
2527 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2528{
2529 int slot = 1;
2530 psa_key_type_t key_type = key_type_arg;
2531 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2532 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2533 unsigned char *signature = NULL;
2534 size_t signature_size;
2535 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2536 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2537
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2538 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2539 TEST_ASSERT( input_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2540 TEST_ASSERT( output_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2541 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2542 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2543 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2544
2545 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2546
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2547 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2548 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2549 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2550
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2551 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2552 key_data->x,
2553 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2554 TEST_ASSERT( psa_get_key_information( slot,
2555 NULL,
2556 &key_bits ) == PSA_SUCCESS );
2557
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2558 /* Allocate a buffer which has the size advertized by the
2559 * library. */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2560 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2561 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2562 TEST_ASSERT( signature_size != 0 );
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2563 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2564 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2565
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2566 /* Perform the signature. */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2567 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2568 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2569 signature, signature_size,
2570 &signature_length ) == PSA_SUCCESS );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2571 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2572 ASSERT_COMPARE( output_data->x, output_data->len,
2573 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2574
2575exit:
2576 psa_destroy_key( slot );
Gilles Peskine0189e752018-02-03 23:57:22 +0100[diff] [blame]2577 mbedtls_free( signature );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2578 mbedtls_psa_crypto_free( );
2579}
2580/* END_CASE */
2581
2582/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2583void sign_fail( int key_type_arg, data_t *key_data,
2584 int alg_arg, data_t *input_data,
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2585 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2586{
2587 int slot = 1;
2588 psa_key_type_t key_type = key_type_arg;
2589 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2590 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2591 psa_status_t actual_status;
2592 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +0100[diff] [blame]2593 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]2594 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2595 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2596
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2597 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2598 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2599 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2600 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2601
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2602 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2603
2604 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2605
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2606 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2607 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2608 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2609
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2610 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2611 key_data->x,
2612 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2613
2614 actual_status = psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2615 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2616 signature, signature_size,
2617 &signature_length );
2618 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2619 /* The value of *signature_length is unspecified on error, but
2620 * whatever it is, it should be less than signature_size, so that
2621 * if the caller tries to read *signature_length bytes without
2622 * checking the error code then they don't overflow a buffer. */
2623 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2624
2625exit:
2626 psa_destroy_key( slot );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2627 mbedtls_free( signature );
2628 mbedtls_psa_crypto_free( );
2629}
2630/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]2631
2632/* BEGIN_CASE */
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2633void sign_verify( int key_type_arg, data_t *key_data,
2634 int alg_arg, data_t *input_data )
2635{
2636 int slot = 1;
2637 psa_key_type_t key_type = key_type_arg;
2638 psa_algorithm_t alg = alg_arg;
2639 size_t key_bits;
2640 unsigned char *signature = NULL;
2641 size_t signature_size;
2642 size_t signature_length = 0xdeadbeef;
2643 psa_key_policy_t policy;
2644
2645 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2646
2647 psa_key_policy_init( &policy );
2648 psa_key_policy_set_usage( &policy,
2649 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
2650 alg );
2651 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2652
2653 TEST_ASSERT( psa_import_key( slot, key_type,
2654 key_data->x,
2655 key_data->len ) == PSA_SUCCESS );
2656 TEST_ASSERT( psa_get_key_information( slot,
2657 NULL,
2658 &key_bits ) == PSA_SUCCESS );
2659
2660 /* Allocate a buffer which has the size advertized by the
2661 * library. */
2662 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2663 key_bits, alg );
2664 TEST_ASSERT( signature_size != 0 );
2665 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2666 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2667
2668 /* Perform the signature. */
2669 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
2670 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2671 signature, signature_size,
2672 &signature_length ) == PSA_SUCCESS );
2673 /* Check that the signature length looks sensible. */
2674 TEST_ASSERT( signature_length <= signature_size );
2675 TEST_ASSERT( signature_length > 0 );
2676
2677 /* Use the library to verify that the signature is correct. */
2678 TEST_ASSERT( psa_asymmetric_verify(
2679 slot, alg,
2680 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2681 signature, signature_length ) == PSA_SUCCESS );
2682
2683 if( input_data->len != 0 )
2684 {
2685 /* Flip a bit in the input and verify that the signature is now
2686 * detected as invalid. Flip a bit at the beginning, not at the end,
2687 * because ECDSA may ignore the last few bits of the input. */
2688 input_data->x[0] ^= 1;
2689 TEST_ASSERT( psa_asymmetric_verify(
2690 slot, alg,
2691 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2692 signature,
2693 signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
2694 }
2695
2696exit:
2697 psa_destroy_key( slot );
2698 mbedtls_free( signature );
2699 mbedtls_psa_crypto_free( );
2700}
2701/* END_CASE */
2702
2703/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2704void asymmetric_verify( int key_type_arg, data_t *key_data,
2705 int alg_arg, data_t *hash_data,
2706 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2707{
2708 int slot = 1;
2709 psa_key_type_t key_type = key_type_arg;
2710 psa_algorithm_t alg = alg_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2711 psa_key_policy_t policy;
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2712
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2713 TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
2714
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2715 TEST_ASSERT( key_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2716 TEST_ASSERT( hash_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2717 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2718 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2719 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2720 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2721
2722 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2723
2724 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2725 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2726 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2727
2728 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2729 key_data->x,
2730 key_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2731
2732 TEST_ASSERT( psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2733 hash_data->x, hash_data->len,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2734 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2735 signature_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2736exit:
2737 psa_destroy_key( slot );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2738 mbedtls_psa_crypto_free( );
2739}
2740/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2741
2742/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2743void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
2744 int alg_arg, data_t *hash_data,
2745 data_t *signature_data,
2746 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2747{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2748 int slot = 1;
2749 psa_key_type_t key_type = key_type_arg;
2750 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2751 psa_status_t actual_status;
2752 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2753 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2754
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2755 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2756 TEST_ASSERT( hash_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2757 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2758 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2759 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2760 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2761
2762 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2763
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2764 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2765 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2766 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2767
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2768 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2769 key_data->x,
2770 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2771
2772 actual_status = psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2773 hash_data->x, hash_data->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2774 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2775 signature_data->len );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2776
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2777 TEST_ASSERT( actual_status == expected_status );
2778
2779exit:
2780 psa_destroy_key( slot );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2781 mbedtls_psa_crypto_free( );
2782}
2783/* END_CASE */
2784
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2785/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2786void asymmetric_encrypt( int key_type_arg,
2787 data_t *key_data,
2788 int alg_arg,
2789 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2790 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2791 int expected_output_length_arg,
2792 int expected_status_arg )
2793{
2794 int slot = 1;
2795 psa_key_type_t key_type = key_type_arg;
2796 psa_algorithm_t alg = alg_arg;
2797 size_t expected_output_length = expected_output_length_arg;
2798 size_t key_bits;
2799 unsigned char *output = NULL;
2800 size_t output_size;
2801 size_t output_length = ~0;
2802 psa_status_t actual_status;
2803 psa_status_t expected_status = expected_status_arg;
2804 psa_key_policy_t policy;
2805
2806 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2807
2808 /* Import the key */
2809 psa_key_policy_init( &policy );
2810 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2811 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2812 TEST_ASSERT( psa_import_key( slot, key_type,
2813 key_data->x,
2814 key_data->len ) == PSA_SUCCESS );
2815
2816 /* Determine the maximum output length */
2817 TEST_ASSERT( psa_get_key_information( slot,
2818 NULL,
2819 &key_bits ) == PSA_SUCCESS );
2820 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2821 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2822
2823 /* Encrypt the input */
2824 actual_status = psa_asymmetric_encrypt( slot, alg,
2825 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2826 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2827 output, output_size,
2828 &output_length );
2829 TEST_ASSERT( actual_status == expected_status );
2830 TEST_ASSERT( output_length == expected_output_length );
2831
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2832 /* If the label is empty, the test framework puts a non-null pointer
2833 * in label->x. Test that a null pointer works as well. */
2834 if( label->len == 0 )
2835 {
2836 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]2837 if( output_size != 0 )
2838 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2839 actual_status = psa_asymmetric_encrypt( slot, alg,
2840 input_data->x, input_data->len,
2841 NULL, label->len,
2842 output, output_size,
2843 &output_length );
2844 TEST_ASSERT( actual_status == expected_status );
2845 TEST_ASSERT( output_length == expected_output_length );
2846 }
2847
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]2848exit:
2849 psa_destroy_key( slot );
2850 mbedtls_free( output );
2851 mbedtls_psa_crypto_free( );
2852}
2853/* END_CASE */
2854
2855/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2856void asymmetric_encrypt_decrypt( int key_type_arg,
2857 data_t *key_data,
2858 int alg_arg,
2859 data_t *input_data,
2860 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2861{
2862 int slot = 1;
2863 psa_key_type_t key_type = key_type_arg;
2864 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2865 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2866 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2867 size_t output_size;
2868 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2869 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2870 size_t output2_size;
2871 size_t output2_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2872 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2873
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2874 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2875 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2876 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2877 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2878
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2879 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2880
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2881 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2882 psa_key_policy_set_usage( &policy,
2883 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2884 alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2885 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2886
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2887 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2888 key_data->x,
2889 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2890
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2891
2892 /* Determine the maximum ciphertext length */
2893 TEST_ASSERT( psa_get_key_information( slot,
2894 NULL,
2895 &key_bits ) == PSA_SUCCESS );
2896 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2897 ASSERT_ALLOC( output, output_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2898 output2_size = input_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2899 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2900
Gilles Peskineeebd7382018-06-08 18:11:54 +0200[diff] [blame]2901 /* We test encryption by checking that encrypt-then-decrypt gives back
2902 * the original plaintext because of the non-optional random
2903 * part of encryption process which prevents using fixed vectors. */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2904 TEST_ASSERT( psa_asymmetric_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2905 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2906 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2907 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2908 &output_length ) == PSA_SUCCESS );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2909 /* We don't know what ciphertext length to expect, but check that
2910 * it looks sensible. */
2911 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2912
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2913 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2914 output, output_length,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2915 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2916 output2, output2_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2917 &output2_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2918 ASSERT_COMPARE( input_data->x, input_data->len,
2919 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2920
2921exit:
2922 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2923 mbedtls_free( output );
2924 mbedtls_free( output2 );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2925 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2926}
2927/* END_CASE */
2928
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2929/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2930void asymmetric_decrypt( int key_type_arg,
2931 data_t *key_data,
2932 int alg_arg,
2933 data_t *input_data,
2934 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +0200[diff] [blame]2935 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2936{
2937 int slot = 1;
2938 psa_key_type_t key_type = key_type_arg;
2939 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2940 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]2941 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]2942 size_t output_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2943 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2944
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2945 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2946 TEST_ASSERT( input_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2947 TEST_ASSERT( expected_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2948 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2949 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2950 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2951
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2952 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2953 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]2954
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2955 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2956
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2957 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2958 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]2959 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2960
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2961 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2962 key_data->x,
2963 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2964
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]2965 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2966 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2967 label->x, label->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2968 output,
2969 output_size,
2970 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2971 ASSERT_COMPARE( expected_data->x, expected_data->len,
2972 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2973
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2974 /* If the label is empty, the test framework puts a non-null pointer
2975 * in label->x. Test that a null pointer works as well. */
2976 if( label->len == 0 )
2977 {
2978 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]2979 if( output_size != 0 )
2980 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2981 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
2982 input_data->x, input_data->len,
2983 NULL, label->len,
2984 output,
2985 output_size,
2986 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2987 ASSERT_COMPARE( expected_data->x, expected_data->len,
2988 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2989 }
2990
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2991exit:
2992 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2993 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2994 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2995}
2996/* END_CASE */
2997
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]2998/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]2999void asymmetric_decrypt_fail( int key_type_arg,
3000 data_t *key_data,
3001 int alg_arg,
3002 data_t *input_data,
3003 data_t *label,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3004 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3005{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3006 int slot = 1;
3007 psa_key_type_t key_type = key_type_arg;
3008 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3009 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]3010 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3011 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3012 psa_status_t actual_status;
3013 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3014 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3015
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3016 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3017 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3018 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3019 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3020
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3021 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3022 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3023
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3024 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3025
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3026 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3027 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3028 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3029
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3030 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3031 key_data->x,
3032 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3033
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3034 actual_status = psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3035 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3036 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3037 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3038 &output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3039 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3040 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3041
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3042 /* If the label is empty, the test framework puts a non-null pointer
3043 * in label->x. Test that a null pointer works as well. */
3044 if( label->len == 0 )
3045 {
3046 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3047 if( output_size != 0 )
3048 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3049 actual_status = psa_asymmetric_decrypt( slot, alg,
3050 input_data->x, input_data->len,
3051 NULL, label->len,
3052 output, output_size,
3053 &output_length );
3054 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3055 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3056 }
3057
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3058exit:
3059 psa_destroy_key( slot );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3060 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3061 mbedtls_psa_crypto_free( );
3062}
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3063/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3064
3065/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]3066void derive_setup( int key_type_arg,
3067 data_t *key_data,
3068 int alg_arg,
3069 data_t *salt,
3070 data_t *label,
3071 int requested_capacity_arg,
3072 int expected_status_arg )
3073{
3074 psa_key_slot_t slot = 1;
3075 size_t key_type = key_type_arg;
3076 psa_algorithm_t alg = alg_arg;
3077 size_t requested_capacity = requested_capacity_arg;
3078 psa_status_t expected_status = expected_status_arg;
3079 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3080 psa_key_policy_t policy;
3081
3082 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3083
3084 psa_key_policy_init( &policy );
3085 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3086 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3087
3088 TEST_ASSERT( psa_import_key( slot, key_type,
3089 key_data->x,
3090 key_data->len ) == PSA_SUCCESS );
3091
3092 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3093 salt->x, salt->len,
3094 label->x, label->len,
3095 requested_capacity ) == expected_status );
3096
3097exit:
3098 psa_generator_abort( &generator );
3099 psa_destroy_key( slot );
3100 mbedtls_psa_crypto_free( );
3101}
3102/* END_CASE */
3103
3104/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3105void derive_output( int alg_arg,
3106 data_t *key_data,
3107 data_t *salt,
3108 data_t *label,
3109 int requested_capacity_arg,
3110 data_t *expected_output1,
3111 data_t *expected_output2 )
3112{
3113 psa_key_slot_t slot = 1;
3114 psa_algorithm_t alg = alg_arg;
3115 size_t requested_capacity = requested_capacity_arg;
3116 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3117 uint8_t *expected_outputs[2] =
3118 {expected_output1->x, expected_output2->x};
3119 size_t output_sizes[2] =
3120 {expected_output1->len, expected_output2->len};
3121 size_t output_buffer_size = 0;
3122 uint8_t *output_buffer = NULL;
3123 size_t expected_capacity;
3124 size_t current_capacity;
3125 psa_key_policy_t policy;
3126 psa_status_t status;
3127 unsigned i;
3128
3129 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3130 {
3131 if( output_sizes[i] > output_buffer_size )
3132 output_buffer_size = output_sizes[i];
3133 if( output_sizes[i] == 0 )
3134 expected_outputs[i] = NULL;
3135 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3136 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3137 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3138
3139 psa_key_policy_init( &policy );
3140 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3141 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3142
3143 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3144 key_data->x,
3145 key_data->len ) == PSA_SUCCESS );
3146
3147 /* Extraction phase. */
3148 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3149 salt->x, salt->len,
3150 label->x, label->len,
3151 requested_capacity ) == PSA_SUCCESS );
3152 TEST_ASSERT( psa_get_generator_capacity( &generator,
3153 &current_capacity ) ==
3154 PSA_SUCCESS );
3155 TEST_ASSERT( current_capacity == requested_capacity );
3156 expected_capacity = requested_capacity;
3157
3158 /* Expansion phase. */
3159 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3160 {
3161 /* Read some bytes. */
3162 status = psa_generator_read( &generator,
3163 output_buffer, output_sizes[i] );
3164 if( expected_capacity == 0 && output_sizes[i] == 0 )
3165 {
3166 /* Reading 0 bytes when 0 bytes are available can go either way. */
3167 TEST_ASSERT( status == PSA_SUCCESS ||
3168 status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3169 continue;
3170 }
3171 else if( expected_capacity == 0 ||
3172 output_sizes[i] > expected_capacity )
3173 {
3174 /* Capacity exceeded. */
3175 TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3176 expected_capacity = 0;
3177 continue;
3178 }
3179 /* Success. Check the read data. */
3180 TEST_ASSERT( status == PSA_SUCCESS );
3181 if( output_sizes[i] != 0 )
3182 TEST_ASSERT( memcmp( output_buffer, expected_outputs[i],
3183 output_sizes[i] ) == 0 );
3184 /* Check the generator status. */
3185 expected_capacity -= output_sizes[i];
3186 TEST_ASSERT( psa_get_generator_capacity( &generator,
3187 &current_capacity ) ==
3188 PSA_SUCCESS );
3189 TEST_ASSERT( expected_capacity == current_capacity );
3190 }
3191 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3192
3193exit:
3194 mbedtls_free( output_buffer );
3195 psa_generator_abort( &generator );
3196 psa_destroy_key( slot );
3197 mbedtls_psa_crypto_free( );
3198}
3199/* END_CASE */
3200
3201/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +0200[diff] [blame]3202void derive_full( int alg_arg,
3203 data_t *key_data,
3204 data_t *salt,
3205 data_t *label,
3206 int requested_capacity_arg )
3207{
3208 psa_key_slot_t slot = 1;
3209 psa_algorithm_t alg = alg_arg;
3210 size_t requested_capacity = requested_capacity_arg;
3211 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3212 unsigned char output_buffer[16];
3213 size_t expected_capacity = requested_capacity;
3214 size_t current_capacity;
3215 psa_key_policy_t policy;
3216
3217 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3218
3219 psa_key_policy_init( &policy );
3220 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3221 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3222
3223 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3224 key_data->x,
3225 key_data->len ) == PSA_SUCCESS );
3226
3227 /* Extraction phase. */
3228 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3229 salt->x, salt->len,
3230 label->x, label->len,
3231 requested_capacity ) == PSA_SUCCESS );
3232 TEST_ASSERT( psa_get_generator_capacity( &generator,
3233 &current_capacity ) ==
3234 PSA_SUCCESS );
3235 TEST_ASSERT( current_capacity == expected_capacity );
3236
3237 /* Expansion phase. */
3238 while( current_capacity > 0 )
3239 {
3240 size_t read_size = sizeof( output_buffer );
3241 if( read_size > current_capacity )
3242 read_size = current_capacity;
3243 TEST_ASSERT( psa_generator_read( &generator,
3244 output_buffer,
3245 read_size ) == PSA_SUCCESS );
3246 expected_capacity -= read_size;
3247 TEST_ASSERT( psa_get_generator_capacity( &generator,
3248 &current_capacity ) ==
3249 PSA_SUCCESS );
3250 TEST_ASSERT( current_capacity == expected_capacity );
3251 }
3252
3253 /* Check that the generator refuses to go over capacity. */
3254 TEST_ASSERT( psa_generator_read( &generator,
3255 output_buffer,
3256 1 ) == PSA_ERROR_INSUFFICIENT_CAPACITY );
3257
3258 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3259
3260exit:
3261 psa_generator_abort( &generator );
3262 psa_destroy_key( slot );
3263 mbedtls_psa_crypto_free( );
3264}
3265/* END_CASE */
3266
3267/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3268void derive_key_exercise( int alg_arg,
3269 data_t *key_data,
3270 data_t *salt,
3271 data_t *label,
3272 int derived_type_arg,
3273 int derived_bits_arg,
3274 int derived_usage_arg,
3275 int derived_alg_arg )
3276{
3277 psa_key_slot_t base_key = 1;
3278 psa_key_slot_t derived_key = 2;
3279 psa_algorithm_t alg = alg_arg;
3280 psa_key_type_t derived_type = derived_type_arg;
3281 size_t derived_bits = derived_bits_arg;
3282 psa_key_usage_t derived_usage = derived_usage_arg;
3283 psa_algorithm_t derived_alg = derived_alg_arg;
3284 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
3285 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3286 psa_key_policy_t policy;
3287 psa_key_type_t got_type;
3288 size_t got_bits;
3289
3290 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3291
3292 psa_key_policy_init( &policy );
3293 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3294 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3295 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3296 key_data->x,
3297 key_data->len ) == PSA_SUCCESS );
3298
3299 /* Derive a key. */
3300 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3301 salt->x, salt->len,
3302 label->x, label->len,
3303 capacity ) == PSA_SUCCESS );
3304 psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
3305 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3306 TEST_ASSERT( psa_generator_import_key( derived_key,
3307 derived_type,
3308 derived_bits,
3309 &generator ) == PSA_SUCCESS );
3310
3311 /* Test the key information */
3312 TEST_ASSERT( psa_get_key_information( derived_key,
3313 &got_type,
3314 &got_bits ) == PSA_SUCCESS );
3315 TEST_ASSERT( got_type == derived_type );
3316 TEST_ASSERT( got_bits == derived_bits );
3317
3318 /* Exercise the derived key. */
3319 if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
3320 goto exit;
3321
3322exit:
3323 psa_generator_abort( &generator );
3324 psa_destroy_key( base_key );
3325 psa_destroy_key( derived_key );
3326 mbedtls_psa_crypto_free( );
3327}
3328/* END_CASE */
3329
3330/* BEGIN_CASE */
3331void derive_key_export( int alg_arg,
3332 data_t *key_data,
3333 data_t *salt,
3334 data_t *label,
3335 int bytes1_arg,
3336 int bytes2_arg )
3337{
3338 psa_key_slot_t base_key = 1;
3339 psa_key_slot_t derived_key = 2;
3340 psa_algorithm_t alg = alg_arg;
3341 size_t bytes1 = bytes1_arg;
3342 size_t bytes2 = bytes2_arg;
3343 size_t capacity = bytes1 + bytes2;
3344 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3345 uint8_t *output_buffer = NULL;
3346 uint8_t *export_buffer = NULL;
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3347 psa_key_policy_t policy;
3348 size_t length;
3349
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3350 ASSERT_ALLOC( output_buffer, capacity );
3351 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3352 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3353
3354 psa_key_policy_init( &policy );
3355 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3356 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3357 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3358 key_data->x,
3359 key_data->len ) == PSA_SUCCESS );
3360
3361 /* Derive some material and output it. */
3362 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3363 salt->x, salt->len,
3364 label->x, label->len,
3365 capacity ) == PSA_SUCCESS );
3366 TEST_ASSERT( psa_generator_read( &generator,
3367 output_buffer,
3368 capacity ) == PSA_SUCCESS );
3369 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3370
3371 /* Derive the same output again, but this time store it in key objects. */
3372 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3373 salt->x, salt->len,
3374 label->x, label->len,
3375 capacity ) == PSA_SUCCESS );
3376 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
3377 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3378 TEST_ASSERT( psa_generator_import_key( derived_key,
3379 PSA_KEY_TYPE_RAW_DATA,
3380 PSA_BYTES_TO_BITS( bytes1 ),
3381 &generator ) == PSA_SUCCESS );
3382 TEST_ASSERT( psa_export_key( derived_key,
3383 export_buffer, bytes1,
3384 &length ) == PSA_SUCCESS );
3385 TEST_ASSERT( length == bytes1 );
3386 TEST_ASSERT( psa_destroy_key( derived_key ) == PSA_SUCCESS );
3387 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3388 TEST_ASSERT( psa_generator_import_key( derived_key,
3389 PSA_KEY_TYPE_RAW_DATA,
3390 PSA_BYTES_TO_BITS( bytes2 ),
3391 &generator ) == PSA_SUCCESS );
3392 TEST_ASSERT( psa_export_key( derived_key,
3393 export_buffer + bytes1, bytes2,
3394 &length ) == PSA_SUCCESS );
3395 TEST_ASSERT( length == bytes2 );
3396
3397 /* Compare the outputs from the two runs. */
3398 TEST_ASSERT( memcmp( output_buffer, export_buffer, capacity ) == 0 );
3399
3400exit:
3401 mbedtls_free( output_buffer );
3402 mbedtls_free( export_buffer );
3403 psa_generator_abort( &generator );
3404 psa_destroy_key( base_key );
3405 psa_destroy_key( derived_key );
3406 mbedtls_psa_crypto_free( );
3407}
3408/* END_CASE */
3409
3410/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3411void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3412{
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3413 size_t bytes = bytes_arg;
3414 const unsigned char trail[] = "don't overwrite me";
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3415 unsigned char *output = NULL;
3416 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3417 size_t i;
3418 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3419
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3420 ASSERT_ALLOC( output, bytes + sizeof( trail ) );
3421 ASSERT_ALLOC( changed, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3422 memcpy( output + bytes, trail, sizeof( trail ) );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3423
3424 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3425
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3426 /* Run several times, to ensure that every output byte will be
3427 * nonzero at least once with overwhelming probability
3428 * (2^(-8*number_of_runs)). */
3429 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3430 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3431 if( bytes != 0 )
3432 memset( output, 0, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3433 TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS );
3434
3435 /* Check that no more than bytes have been overwritten */
3436 TEST_ASSERT( memcmp( output + bytes, trail, sizeof( trail ) ) == 0 );
3437
3438 for( i = 0; i < bytes; i++ )
3439 {
3440 if( output[i] != 0 )
3441 ++changed[i];
3442 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3443 }
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3444
3445 /* Check that every byte was changed to nonzero at least once. This
3446 * validates that psa_generate_random is overwriting every byte of
3447 * the output buffer. */
3448 for( i = 0; i < bytes; i++ )
3449 {
3450 TEST_ASSERT( changed[i] != 0 );
3451 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3452
3453exit:
3454 mbedtls_psa_crypto_free( );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3455 mbedtls_free( output );
3456 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3457}
3458/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3459
3460/* BEGIN_CASE */
3461void generate_key( int type_arg,
3462 int bits_arg,
3463 int usage_arg,
3464 int alg_arg,
3465 int expected_status_arg )
3466{
3467 int slot = 1;
3468 psa_key_type_t type = type_arg;
3469 psa_key_usage_t usage = usage_arg;
3470 size_t bits = bits_arg;
3471 psa_algorithm_t alg = alg_arg;
3472 psa_status_t expected_status = expected_status_arg;
3473 psa_key_type_t got_type;
3474 size_t got_bits;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3475 psa_status_t expected_info_status =
3476 expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
3477 psa_key_policy_t policy;
3478
3479 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3480
3481 psa_key_policy_init( &policy );
3482 psa_key_policy_set_usage( &policy, usage, alg );
3483 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3484
3485 /* Generate a key */
3486 TEST_ASSERT( psa_generate_key( slot, type, bits,
3487 NULL, 0 ) == expected_status );
3488
3489 /* Test the key information */
3490 TEST_ASSERT( psa_get_key_information( slot,
3491 &got_type,
3492 &got_bits ) == expected_info_status );
3493 if( expected_info_status != PSA_SUCCESS )
3494 goto exit;
3495 TEST_ASSERT( got_type == type );
3496 TEST_ASSERT( got_bits == bits );
3497
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]3498 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]3499 if( ! exercise_key( slot, usage, alg ) )
3500 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3501
3502exit:
3503 psa_destroy_key( slot );
3504 mbedtls_psa_crypto_free( );
3505}
3506/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +0300[diff] [blame]3507
3508/* BEGIN_CASE */
3509void validate_module_init_generate_random( )
3510{
3511 psa_status_t status;
3512 uint8_t random[10] = { 0 };
3513 status = psa_generate_random( random, sizeof( random ) );
3514 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
3515}
3516/* END_CASE */
itayzafrir90d8c7a2018-09-12 11:44:52 +0300[diff] [blame]3517
3518/* BEGIN_CASE */
3519void validate_module_init_key_based( )
3520{
3521 psa_status_t status;
3522 uint8_t data[10] = { 0 };
3523 status = psa_import_key( 1, PSA_KEY_TYPE_RAW_DATA, data, sizeof( data ) );
3524 TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
3525}
3526/* END_CASE */