blob: 7e9a743e7e4cd7e5da26cb9012320c488f9b5bb9 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +01001/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +03002#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +03003
Gilles Peskinedd2f95b2018-08-11 01:22:42 +02004#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +02005#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +02006#include "mbedtls/oid.h"
7
Gilles Peskinebdc96fd2019-08-07 12:08:04 +02008/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
9 * uses mbedtls_ctr_drbg internally. */
10#include "mbedtls/ctr_drbg.h"
11
Gilles Peskinebdc96fd2019-08-07 12:08:04 +020012#include "psa/crypto.h"
Ronald Cron41841072020-09-17 15:28:26 +020013#include "psa_crypto_slot_management.h"
Gilles Peskinebdc96fd2019-08-07 12:08:04 +020014
Gilles Peskine8e94efe2021-02-13 00:25:53 +010015#include "test/asn1_helpers.h"
Ronald Cron28a45ed2021-02-09 20:35:42 +010016#include "test/psa_crypto_helpers.h"
Gilles Peskinee78b0022021-02-13 00:41:11 +010017#include "test/psa_exercise_key.h"
Archana4d7ae1d2021-07-07 02:50:22 +053018#if defined(PSA_CRYPTO_DRIVER_TEST)
19#include "test/drivers/test_driver.h"
20#endif
Ronald Cron28a45ed2021-02-09 20:35:42 +010021
Gilles Peskine4023c012021-05-27 13:21:20 +020022/* If this comes up, it's a bug in the test code or in the test data. */
23#define UNUSED 0xdeadbeef
24
Dave Rodgman647791d2021-06-23 12:49:59 +010025/* Assert that an operation is (not) active.
26 * This serves as a proxy for checking if the operation is aborted. */
27#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 )
28#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 )
29
Jaeden Amerof24c7f82018-06-27 17:20:43 +010030/** An invalid export length that will never be set by psa_export_key(). */
31static const size_t INVALID_EXPORT_LENGTH = ~0U;
32
Gilles Peskinea7aa4422018-08-14 15:17:54 +020033/** Test if a buffer contains a constant byte value.
34 *
35 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020036 *
37 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +020038 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020039 * \param size Size of the buffer in bytes.
40 *
Gilles Peskine3f669c32018-06-21 09:21:51 +020041 * \return 1 if the buffer is all-bits-zero.
42 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020043 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +020044static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020045{
46 size_t i;
47 for( i = 0; i < size; i++ )
48 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +020049 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +020050 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020051 }
Gilles Peskine3f669c32018-06-21 09:21:51 +020052 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +020053}
Gilles Peskine818ca122018-06-20 18:16:48 +020054
Gilles Peskine0b352bc2018-06-28 00:16:11 +020055/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
56static int asn1_write_10x( unsigned char **p,
57 unsigned char *start,
58 size_t bits,
59 unsigned char x )
60{
61 int ret;
62 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +020063 if( bits == 0 )
64 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
65 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +020066 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +030067 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +020068 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
69 *p -= len;
70 ( *p )[len-1] = x;
71 if( bits % 8 == 0 )
72 ( *p )[1] |= 1;
73 else
74 ( *p )[0] |= 1 << ( bits % 8 );
75 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
76 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
77 MBEDTLS_ASN1_INTEGER ) );
78 return( len );
79}
80
81static int construct_fake_rsa_key( unsigned char *buffer,
82 size_t buffer_size,
83 unsigned char **p,
84 size_t bits,
85 int keypair )
86{
87 size_t half_bits = ( bits + 1 ) / 2;
88 int ret;
89 int len = 0;
90 /* Construct something that looks like a DER encoding of
91 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
92 * RSAPrivateKey ::= SEQUENCE {
93 * version Version,
94 * modulus INTEGER, -- n
95 * publicExponent INTEGER, -- e
96 * privateExponent INTEGER, -- d
97 * prime1 INTEGER, -- p
98 * prime2 INTEGER, -- q
99 * exponent1 INTEGER, -- d mod (p-1)
100 * exponent2 INTEGER, -- d mod (q-1)
101 * coefficient INTEGER, -- (inverse of q) mod p
102 * otherPrimeInfos OtherPrimeInfos OPTIONAL
103 * }
104 * Or, for a public key, the same structure with only
105 * version, modulus and publicExponent.
106 */
107 *p = buffer + buffer_size;
108 if( keypair )
109 {
110 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
111 asn1_write_10x( p, buffer, half_bits, 1 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
113 asn1_write_10x( p, buffer, half_bits, 1 ) );
114 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
115 asn1_write_10x( p, buffer, half_bits, 1 ) );
116 MBEDTLS_ASN1_CHK_ADD( len, /* q */
117 asn1_write_10x( p, buffer, half_bits, 1 ) );
118 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
119 asn1_write_10x( p, buffer, half_bits, 3 ) );
120 MBEDTLS_ASN1_CHK_ADD( len, /* d */
121 asn1_write_10x( p, buffer, bits, 1 ) );
122 }
123 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
124 asn1_write_10x( p, buffer, 17, 1 ) );
125 MBEDTLS_ASN1_CHK_ADD( len, /* n */
126 asn1_write_10x( p, buffer, bits, 1 ) );
127 if( keypair )
128 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
129 mbedtls_asn1_write_int( p, buffer, 0 ) );
130 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
131 {
132 const unsigned char tag =
133 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
134 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
135 }
136 return( len );
137}
138
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100139int exercise_mac_setup( psa_key_type_t key_type,
140 const unsigned char *key_bytes,
141 size_t key_length,
142 psa_algorithm_t alg,
143 psa_mac_operation_t *operation,
144 psa_status_t *status )
145{
Ronald Cron5425a212020-08-04 14:58:35 +0200146 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200147 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100148
Gilles Peskine89d8c5c2019-11-26 17:01:59 +0100149 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200150 psa_set_key_algorithm( &attributes, alg );
151 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +0200152 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100153
Ronald Cron5425a212020-08-04 14:58:35 +0200154 *status = psa_mac_sign_setup( operation, key, alg );
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100155 /* Whether setup succeeded or failed, abort must succeed. */
156 PSA_ASSERT( psa_mac_abort( operation ) );
157 /* If setup failed, reproduce the failure, so that the caller can
158 * test the resulting state of the operation object. */
159 if( *status != PSA_SUCCESS )
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100160 {
Ronald Cron5425a212020-08-04 14:58:35 +0200161 TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100162 }
163
Ronald Cron5425a212020-08-04 14:58:35 +0200164 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100165 return( 1 );
166
167exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200168 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100169 return( 0 );
170}
171
172int exercise_cipher_setup( psa_key_type_t key_type,
173 const unsigned char *key_bytes,
174 size_t key_length,
175 psa_algorithm_t alg,
176 psa_cipher_operation_t *operation,
177 psa_status_t *status )
178{
Ronald Cron5425a212020-08-04 14:58:35 +0200179 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200180 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100181
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200182 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
183 psa_set_key_algorithm( &attributes, alg );
184 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +0200185 PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100186
Ronald Cron5425a212020-08-04 14:58:35 +0200187 *status = psa_cipher_encrypt_setup( operation, key, alg );
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100188 /* Whether setup succeeded or failed, abort must succeed. */
189 PSA_ASSERT( psa_cipher_abort( operation ) );
190 /* If setup failed, reproduce the failure, so that the caller can
191 * test the resulting state of the operation object. */
192 if( *status != PSA_SUCCESS )
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100193 {
Ronald Cron5425a212020-08-04 14:58:35 +0200194 TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ),
Gilles Peskine9e0a4a52019-02-25 22:11:18 +0100195 *status );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100196 }
197
Ronald Cron5425a212020-08-04 14:58:35 +0200198 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100199 return( 1 );
200
201exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200202 psa_destroy_key( key );
Gilles Peskinef426e0f2019-02-25 17:42:03 +0100203 return( 0 );
204}
205
Ronald Cron5425a212020-08-04 14:58:35 +0200206static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key )
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200207{
208 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cronecfb2372020-07-23 17:13:42 +0200209 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200210 uint8_t buffer[1];
211 size_t length;
212 int ok = 0;
213
Ronald Cronecfb2372020-07-23 17:13:42 +0200214 psa_set_key_id( &attributes, key_id );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200215 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
216 psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
217 psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
Ronald Cron5425a212020-08-04 14:58:35 +0200218 TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000219 PSA_ERROR_INVALID_HANDLE );
Ronald Cronecfb2372020-07-23 17:13:42 +0200220 TEST_EQUAL(
221 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
222 TEST_EQUAL(
223 MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 );
Gilles Peskine5c648ab2019-04-19 14:06:53 +0200224 TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200225 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 );
226 TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 );
227 TEST_EQUAL( psa_get_key_type( &attributes ), 0 );
228 TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
229
Ronald Cron5425a212020-08-04 14:58:35 +0200230 TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000231 PSA_ERROR_INVALID_HANDLE );
Ronald Cron5425a212020-08-04 14:58:35 +0200232 TEST_EQUAL( psa_export_public_key( key,
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200233 buffer, sizeof( buffer ), &length ),
Maulik Patel3240c9d2021-03-17 16:11:05 +0000234 PSA_ERROR_INVALID_HANDLE );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200235
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200236 ok = 1;
237
238exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100239 /*
240 * Key attributes may have been returned by psa_get_key_attributes()
241 * thus reset them as required.
242 */
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200243 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100244
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200245 return( ok );
246}
247
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200248/* Assert that a key isn't reported as having a slot number. */
249#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
250#define ASSERT_NO_SLOT_NUMBER( attributes ) \
251 do \
252 { \
253 psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
254 TEST_EQUAL( psa_get_key_slot_number( \
255 attributes, \
256 &ASSERT_NO_SLOT_NUMBER_slot_number ), \
257 PSA_ERROR_INVALID_ARGUMENT ); \
258 } \
259 while( 0 )
260#else /* MBEDTLS_PSA_CRYPTO_SE_C */
261#define ASSERT_NO_SLOT_NUMBER( attributes ) \
262 ( (void) 0 )
263#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
264
Gilles Peskinebdf309c2018-12-03 15:36:32 +0100265/* An overapproximation of the amount of storage needed for a key of the
266 * given type and with the given content. The API doesn't make it easy
267 * to find a good value for the size. The current implementation doesn't
268 * care about the value anyway. */
269#define KEY_BITS_FROM_DATA( type, data ) \
270 ( data )->len
271
Darryl Green0c6575a2018-11-07 16:05:30 +0000272typedef enum {
273 IMPORT_KEY = 0,
274 GENERATE_KEY = 1,
275 DERIVE_KEY = 2
276} generate_method;
277
Gilles Peskinee59236f2018-01-27 23:32:46 +0100278/* END_HEADER */
279
280/* BEGIN_DEPENDENCIES
281 * depends_on:MBEDTLS_PSA_CRYPTO_C
282 * END_DEPENDENCIES
283 */
284
285/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200286void static_checks( )
287{
288 size_t max_truncated_mac_size =
289 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
290
291 /* Check that the length for a truncated MAC always fits in the algorithm
292 * encoding. The shifted mask is the maximum truncated value. The
293 * untruncated algorithm may be one byte larger. */
294 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
295}
296/* END_CASE */
297
298/* BEGIN_CASE */
Gilles Peskine6edfa292019-07-31 15:53:45 +0200299void import_with_policy( int type_arg,
300 int usage_arg, int alg_arg,
301 int expected_status_arg )
302{
303 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
304 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +0200305 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine6edfa292019-07-31 15:53:45 +0200306 psa_key_type_t type = type_arg;
307 psa_key_usage_t usage = usage_arg;
308 psa_algorithm_t alg = alg_arg;
309 psa_status_t expected_status = expected_status_arg;
310 const uint8_t key_material[16] = {0};
311 psa_status_t status;
312
313 PSA_ASSERT( psa_crypto_init( ) );
314
315 psa_set_key_type( &attributes, type );
316 psa_set_key_usage_flags( &attributes, usage );
317 psa_set_key_algorithm( &attributes, alg );
318
319 status = psa_import_key( &attributes,
320 key_material, sizeof( key_material ),
Ronald Cron5425a212020-08-04 14:58:35 +0200321 &key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200322 TEST_EQUAL( status, expected_status );
323 if( status != PSA_SUCCESS )
324 goto exit;
325
Ronald Cron5425a212020-08-04 14:58:35 +0200326 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200327 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
gabor-mezei-arm4ff73032021-05-13 12:05:01 +0200328 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ),
gabor-mezei-arm98a34352021-06-28 14:05:00 +0200329 mbedtls_test_update_key_usage_flags( usage ) );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200330 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200331 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200332
Ronald Cron5425a212020-08-04 14:58:35 +0200333 PSA_ASSERT( psa_destroy_key( key ) );
334 test_operations_on_invalid_key( key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200335
336exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100337 /*
338 * Key attributes may have been returned by psa_get_key_attributes()
339 * thus reset them as required.
340 */
Gilles Peskine6edfa292019-07-31 15:53:45 +0200341 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100342
343 psa_destroy_key( key );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200344 PSA_DONE( );
345}
346/* END_CASE */
347
348/* BEGIN_CASE */
349void import_with_data( data_t *data, int type_arg,
350 int attr_bits_arg,
351 int expected_status_arg )
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200352{
353 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
354 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +0200355 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200356 psa_key_type_t type = type_arg;
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200357 size_t attr_bits = attr_bits_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200358 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100359 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100360
Gilles Peskine8817f612018-12-18 00:18:46 +0100361 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100362
Gilles Peskine4747d192019-04-17 15:05:45 +0200363 psa_set_key_type( &attributes, type );
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200364 psa_set_key_bits( &attributes, attr_bits );
Gilles Peskine6edfa292019-07-31 15:53:45 +0200365
Ronald Cron5425a212020-08-04 14:58:35 +0200366 status = psa_import_key( &attributes, data->x, data->len, &key );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100367 TEST_EQUAL( status, expected_status );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200368 if( status != PSA_SUCCESS )
369 goto exit;
370
Ronald Cron5425a212020-08-04 14:58:35 +0200371 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200372 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
Gilles Peskine8fb3a9e2019-05-03 16:59:21 +0200373 if( attr_bits != 0 )
Gilles Peskine7e0cff92019-07-30 13:48:52 +0200374 TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200375 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200376
Ronald Cron5425a212020-08-04 14:58:35 +0200377 PSA_ASSERT( psa_destroy_key( key ) );
378 test_operations_on_invalid_key( key );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100379
380exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100381 /*
382 * Key attributes may have been returned by psa_get_key_attributes()
383 * thus reset them as required.
384 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200385 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100386
387 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200388 PSA_DONE( );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100389}
390/* END_CASE */
391
392/* BEGIN_CASE */
Gilles Peskinec744d992019-07-30 17:26:54 +0200393void import_large_key( int type_arg, int byte_size_arg,
394 int expected_status_arg )
395{
396 psa_key_type_t type = type_arg;
397 size_t byte_size = byte_size_arg;
398 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
399 psa_status_t expected_status = expected_status_arg;
Ronald Cron5425a212020-08-04 14:58:35 +0200400 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec744d992019-07-30 17:26:54 +0200401 psa_status_t status;
402 uint8_t *buffer = NULL;
403 size_t buffer_size = byte_size + 1;
404 size_t n;
405
Steven Cooreman69967ce2021-01-18 18:01:08 +0100406 /* Skip the test case if the target running the test cannot
407 * accomodate large keys due to heap size constraints */
408 ASSERT_ALLOC_WEAK( buffer, buffer_size );
Gilles Peskinec744d992019-07-30 17:26:54 +0200409 memset( buffer, 'K', byte_size );
410
411 PSA_ASSERT( psa_crypto_init( ) );
412
413 /* Try importing the key */
414 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
415 psa_set_key_type( &attributes, type );
Ronald Cron5425a212020-08-04 14:58:35 +0200416 status = psa_import_key( &attributes, buffer, byte_size, &key );
Steven Cooreman83fdb702021-01-21 14:24:39 +0100417 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
Gilles Peskinec744d992019-07-30 17:26:54 +0200418 TEST_EQUAL( status, expected_status );
419
420 if( status == PSA_SUCCESS )
421 {
Ronald Cron5425a212020-08-04 14:58:35 +0200422 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskinec744d992019-07-30 17:26:54 +0200423 TEST_EQUAL( psa_get_key_type( &attributes ), type );
424 TEST_EQUAL( psa_get_key_bits( &attributes ),
425 PSA_BYTES_TO_BITS( byte_size ) );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200426 ASSERT_NO_SLOT_NUMBER( &attributes );
Gilles Peskinec744d992019-07-30 17:26:54 +0200427 memset( buffer, 0, byte_size + 1 );
Ronald Cron5425a212020-08-04 14:58:35 +0200428 PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) );
Gilles Peskinec744d992019-07-30 17:26:54 +0200429 for( n = 0; n < byte_size; n++ )
430 TEST_EQUAL( buffer[n], 'K' );
431 for( n = byte_size; n < buffer_size; n++ )
432 TEST_EQUAL( buffer[n], 0 );
433 }
434
435exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100436 /*
437 * Key attributes may have been returned by psa_get_key_attributes()
438 * thus reset them as required.
439 */
440 psa_reset_key_attributes( &attributes );
441
Ronald Cron5425a212020-08-04 14:58:35 +0200442 psa_destroy_key( key );
Gilles Peskinec744d992019-07-30 17:26:54 +0200443 PSA_DONE( );
444 mbedtls_free( buffer );
445}
446/* END_CASE */
447
448/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200449void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
450{
Ronald Cron5425a212020-08-04 14:58:35 +0200451 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200452 size_t bits = bits_arg;
453 psa_status_t expected_status = expected_status_arg;
454 psa_status_t status;
455 psa_key_type_t type =
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200456 keypair ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200457 size_t buffer_size = /* Slight overapproximations */
458 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200459 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200460 unsigned char *p;
461 int ret;
462 size_t length;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200463 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200464
Gilles Peskine8817f612018-12-18 00:18:46 +0100465 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200466 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200467
468 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
469 bits, keypair ) ) >= 0 );
470 length = ret;
471
472 /* Try importing the key */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200473 psa_set_key_type( &attributes, type );
Ronald Cron5425a212020-08-04 14:58:35 +0200474 status = psa_import_key( &attributes, p, length, &key );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100475 TEST_EQUAL( status, expected_status );
Gilles Peskine76b29a72019-05-28 14:08:50 +0200476
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200477 if( status == PSA_SUCCESS )
Ronald Cron5425a212020-08-04 14:58:35 +0200478 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200479
480exit:
481 mbedtls_free( buffer );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200482 PSA_DONE( );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200483}
484/* END_CASE */
485
486/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300487void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300488 int type_arg,
Gilles Peskine1ecf92c22019-05-24 15:00:06 +0200489 int usage_arg, int alg_arg,
Archana4d7ae1d2021-07-07 02:50:22 +0530490 int lifetime_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100491 int expected_bits,
492 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200493 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100494 int canonical_input )
495{
Ronald Cron5425a212020-08-04 14:58:35 +0200496 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100497 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200498 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200499 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100500 psa_status_t status;
Archana4d7ae1d2021-07-07 02:50:22 +0530501 psa_key_lifetime_t lifetime = lifetime_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100502 unsigned char *exported = NULL;
503 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100504 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100505 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100506 size_t reexported_length;
Gilles Peskine4747d192019-04-17 15:05:45 +0200507 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200508 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100509
Moran Pekercb088e72018-07-17 17:36:59 +0300510 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200511 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100512 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200513 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine8817f612018-12-18 00:18:46 +0100514 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100515
Archana4d7ae1d2021-07-07 02:50:22 +0530516 psa_set_key_lifetime( &attributes, lifetime );
Gilles Peskine4747d192019-04-17 15:05:45 +0200517 psa_set_key_usage_flags( &attributes, usage_arg );
518 psa_set_key_algorithm( &attributes, alg );
519 psa_set_key_type( &attributes, type );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700520
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100521 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200522 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100523
524 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +0200525 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200526 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
527 TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits );
Gilles Peskine5fe5e272019-08-02 20:30:01 +0200528 ASSERT_NO_SLOT_NUMBER( &got_attributes );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100529
530 /* Export the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200531 status = psa_export_key( key, exported, export_size, &exported_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100532 TEST_EQUAL( status, expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100533
534 /* The exported length must be set by psa_export_key() to a value between 0
535 * and export_size. On errors, the exported length must be 0. */
536 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
537 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
538 TEST_ASSERT( exported_length <= export_size );
539
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200540 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200541 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100542 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200543 {
Gilles Peskinefe11b722018-12-18 00:24:04 +0100544 TEST_EQUAL( exported_length, 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100545 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200546 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100547
Gilles Peskineea38a922021-02-13 00:05:16 +0100548 /* Run sanity checks on the exported key. For non-canonical inputs,
549 * this validates the canonical representations. For canonical inputs,
550 * this doesn't directly validate the implementation, but it still helps
551 * by cross-validating the test data with the sanity check code. */
Archana4d7ae1d2021-07-07 02:50:22 +0530552 if( !psa_key_lifetime_is_external( lifetime ) )
553 {
554 if( ! mbedtls_test_psa_exercise_key( key, usage_arg, 0 ) )
555 goto exit;
556 }
Gilles Peskine8f609232018-08-11 01:24:55 +0200557
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100558 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200559 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100560 else
561 {
Ronald Cron5425a212020-08-04 14:58:35 +0200562 mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine049c7532019-05-15 20:22:09 +0200563 PSA_ASSERT( psa_import_key( &attributes, exported, exported_length,
Archana4d7ae1d2021-07-07 02:50:22 +0530564 &key2 ) );
Ronald Cron5425a212020-08-04 14:58:35 +0200565 PSA_ASSERT( psa_export_key( key2,
Archana4d7ae1d2021-07-07 02:50:22 +0530566 reexported,
567 export_size,
568 &reexported_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200569 ASSERT_COMPARE( exported, exported_length,
Archana4d7ae1d2021-07-07 02:50:22 +0530570 reexported, reexported_length );
Ronald Cron5425a212020-08-04 14:58:35 +0200571 PSA_ASSERT( psa_destroy_key( key2 ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100572 }
gabor-mezei-armceface22021-01-21 12:26:17 +0100573 TEST_ASSERT( exported_length <=
Archana4d7ae1d2021-07-07 02:50:22 +0530574 PSA_EXPORT_KEY_OUTPUT_SIZE( type,
gabor-mezei-armceface22021-01-21 12:26:17 +0100575 psa_get_key_bits( &got_attributes ) ) );
576 TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100577
578destroy:
579 /* Destroy the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200580 PSA_ASSERT( psa_destroy_key( key ) );
581 test_operations_on_invalid_key( key );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100582
583exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100584 /*
585 * Key attributes may have been returned by psa_get_key_attributes()
586 * thus reset them as required.
587 */
588 psa_reset_key_attributes( &got_attributes );
Archana4d7ae1d2021-07-07 02:50:22 +0530589 psa_destroy_key( key ) ;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300590 mbedtls_free( exported );
591 mbedtls_free( reexported );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200592 PSA_DONE( );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100593}
594/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100595
Moran Pekerf709f4a2018-06-06 17:26:04 +0300596/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300597void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200598 int type_arg,
599 int alg_arg,
Archana4d7ae1d2021-07-07 02:50:22 +0530600 int lifetime_arg,
Gilles Peskine49c25912018-10-29 15:15:31 +0100601 int export_size_delta,
602 int expected_export_status_arg,
603 data_t *expected_public_key )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300604{
Ronald Cron5425a212020-08-04 14:58:35 +0200605 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300606 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200607 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200608 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300609 psa_status_t status;
Archana4d7ae1d2021-07-07 02:50:22 +0530610 psa_key_lifetime_t lifetime = lifetime_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300611 unsigned char *exported = NULL;
Gilles Peskine49c25912018-10-29 15:15:31 +0100612 size_t export_size = expected_public_key->len + export_size_delta;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100613 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine4747d192019-04-17 15:05:45 +0200614 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300615
Gilles Peskine8817f612018-12-18 00:18:46 +0100616 PSA_ASSERT( psa_crypto_init( ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300617
Archana4d7ae1d2021-07-07 02:50:22 +0530618 psa_set_key_lifetime( &attributes, lifetime );
Gilles Peskine4747d192019-04-17 15:05:45 +0200619 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
620 psa_set_key_algorithm( &attributes, alg );
621 psa_set_key_type( &attributes, type );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300622
623 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200624 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300625
Gilles Peskine49c25912018-10-29 15:15:31 +0100626 /* Export the public key */
627 ASSERT_ALLOC( exported, export_size );
Ronald Cron5425a212020-08-04 14:58:35 +0200628 status = psa_export_public_key( key,
Archana4d7ae1d2021-07-07 02:50:22 +0530629 exported, export_size,
630 &exported_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +0100631 TEST_EQUAL( status, expected_export_status );
Gilles Peskine49c25912018-10-29 15:15:31 +0100632 if( status == PSA_SUCCESS )
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100633 {
Gilles Peskinec93b80c2019-05-16 19:39:54 +0200634 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100635 size_t bits;
Ronald Cron5425a212020-08-04 14:58:35 +0200636 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200637 bits = psa_get_key_bits( &attributes );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100638 TEST_ASSERT( expected_public_key->len <=
gabor-mezei-armcbcec212020-12-18 14:23:51 +0100639 PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
gabor-mezei-armceface22021-01-21 12:26:17 +0100640 TEST_ASSERT( expected_public_key->len <=
641 PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
642 TEST_ASSERT( expected_public_key->len <=
643 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
Gilles Peskine49c25912018-10-29 15:15:31 +0100644 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
645 exported, exported_length );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100646 }
Moran Pekerf709f4a2018-06-06 17:26:04 +0300647exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100648 /*
649 * Key attributes may have been returned by psa_get_key_attributes()
650 * thus reset them as required.
651 */
652 psa_reset_key_attributes( &attributes );
653
itayzafrir3e02b3b2018-06-12 17:06:52 +0300654 mbedtls_free( exported );
Ronald Cron5425a212020-08-04 14:58:35 +0200655 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200656 PSA_DONE( );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300657}
658/* END_CASE */
659
Gilles Peskine20035e32018-02-03 22:44:14 +0100660/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200661void import_and_exercise_key( data_t *data,
662 int type_arg,
663 int bits_arg,
664 int alg_arg )
665{
Ronald Cron5425a212020-08-04 14:58:35 +0200666 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200667 psa_key_type_t type = type_arg;
668 size_t bits = bits_arg;
669 psa_algorithm_t alg = alg_arg;
Gilles Peskinec18e25f2021-02-12 23:48:20 +0100670 psa_key_usage_t usage = mbedtls_test_psa_usage_to_exercise( type, alg );
Gilles Peskine4747d192019-04-17 15:05:45 +0200671 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200672 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200673
Gilles Peskine8817f612018-12-18 00:18:46 +0100674 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200675
Gilles Peskine4747d192019-04-17 15:05:45 +0200676 psa_set_key_usage_flags( &attributes, usage );
677 psa_set_key_algorithm( &attributes, alg );
678 psa_set_key_type( &attributes, type );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200679
680 /* Import the key */
Ronald Cron5425a212020-08-04 14:58:35 +0200681 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200682
683 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +0200684 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200685 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
686 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200687
688 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +0100689 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine02b75072018-07-01 22:31:34 +0200690 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200691
Ronald Cron5425a212020-08-04 14:58:35 +0200692 PSA_ASSERT( psa_destroy_key( key ) );
693 test_operations_on_invalid_key( key );
Gilles Peskine4cf3a432019-04-18 22:28:52 +0200694
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200695exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100696 /*
697 * Key attributes may have been returned by psa_get_key_attributes()
698 * thus reset them as required.
699 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200700 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100701
702 psa_reset_key_attributes( &attributes );
703 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200704 PSA_DONE( );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200705}
706/* END_CASE */
707
708/* BEGIN_CASE */
Gilles Peskine06c28892019-11-26 18:07:46 +0100709void effective_key_attributes( int type_arg, int expected_type_arg,
710 int bits_arg, int expected_bits_arg,
711 int usage_arg, int expected_usage_arg,
712 int alg_arg, int expected_alg_arg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200713{
Ronald Cron5425a212020-08-04 14:58:35 +0200714 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine1a960492019-11-26 17:12:21 +0100715 psa_key_type_t key_type = type_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100716 psa_key_type_t expected_key_type = expected_type_arg;
Gilles Peskine1a960492019-11-26 17:12:21 +0100717 size_t bits = bits_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100718 size_t expected_bits = expected_bits_arg;
Gilles Peskined5b33222018-06-18 22:20:03 +0200719 psa_algorithm_t alg = alg_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100720 psa_algorithm_t expected_alg = expected_alg_arg;
Gilles Peskined5b33222018-06-18 22:20:03 +0200721 psa_key_usage_t usage = usage_arg;
Gilles Peskine06c28892019-11-26 18:07:46 +0100722 psa_key_usage_t expected_usage = expected_usage_arg;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200723 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskined5b33222018-06-18 22:20:03 +0200724
Gilles Peskine8817f612018-12-18 00:18:46 +0100725 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200726
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +0200727 psa_set_key_usage_flags( &attributes, usage );
728 psa_set_key_algorithm( &attributes, alg );
729 psa_set_key_type( &attributes, key_type );
Gilles Peskine1a960492019-11-26 17:12:21 +0100730 psa_set_key_bits( &attributes, bits );
Gilles Peskined5b33222018-06-18 22:20:03 +0200731
Ronald Cron5425a212020-08-04 14:58:35 +0200732 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Gilles Peskine1a960492019-11-26 17:12:21 +0100733 psa_reset_key_attributes( &attributes );
Gilles Peskined5b33222018-06-18 22:20:03 +0200734
Ronald Cron5425a212020-08-04 14:58:35 +0200735 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine06c28892019-11-26 18:07:46 +0100736 TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type );
737 TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits );
738 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
739 TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200740
741exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100742 /*
743 * Key attributes may have been returned by psa_get_key_attributes()
744 * thus reset them as required.
745 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +0200746 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +0100747
748 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200749 PSA_DONE( );
Gilles Peskined5b33222018-06-18 22:20:03 +0200750}
751/* END_CASE */
752
753/* BEGIN_CASE */
Gilles Peskine06c28892019-11-26 18:07:46 +0100754void check_key_policy( int type_arg, int bits_arg,
gabor-mezei-armff8264c2021-06-28 14:36:03 +0200755 int usage_arg, int alg_arg )
Gilles Peskine06c28892019-11-26 18:07:46 +0100756{
757 test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg,
gabor-mezei-armff8264c2021-06-28 14:36:03 +0200758 usage_arg,
759 mbedtls_test_update_key_usage_flags( usage_arg ),
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200760 alg_arg, alg_arg );
Gilles Peskine06c28892019-11-26 18:07:46 +0100761 goto exit;
762}
763/* END_CASE */
764
765/* BEGIN_CASE */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200766void key_attributes_init( )
Jaeden Amero70261c52019-01-04 11:47:20 +0000767{
768 /* Test each valid way of initializing the object, except for `= {0}`, as
769 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
770 * though it's OK by the C standard. We could test for this, but we'd need
771 * to supress the Clang warning for the test. */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200772 psa_key_attributes_t func = psa_key_attributes_init( );
773 psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
774 psa_key_attributes_t zero;
Jaeden Amero70261c52019-01-04 11:47:20 +0000775
776 memset( &zero, 0, sizeof( zero ) );
777
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200778 TEST_EQUAL( psa_get_key_lifetime( &func ), PSA_KEY_LIFETIME_VOLATILE );
779 TEST_EQUAL( psa_get_key_lifetime( &init ), PSA_KEY_LIFETIME_VOLATILE );
780 TEST_EQUAL( psa_get_key_lifetime( &zero ), PSA_KEY_LIFETIME_VOLATILE );
Jaeden Amero5229bbb2019-02-07 16:33:37 +0000781
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200782 TEST_EQUAL( psa_get_key_type( &func ), 0 );
783 TEST_EQUAL( psa_get_key_type( &init ), 0 );
784 TEST_EQUAL( psa_get_key_type( &zero ), 0 );
785
786 TEST_EQUAL( psa_get_key_bits( &func ), 0 );
787 TEST_EQUAL( psa_get_key_bits( &init ), 0 );
788 TEST_EQUAL( psa_get_key_bits( &zero ), 0 );
789
790 TEST_EQUAL( psa_get_key_usage_flags( &func ), 0 );
791 TEST_EQUAL( psa_get_key_usage_flags( &init ), 0 );
792 TEST_EQUAL( psa_get_key_usage_flags( &zero ), 0 );
793
794 TEST_EQUAL( psa_get_key_algorithm( &func ), 0 );
795 TEST_EQUAL( psa_get_key_algorithm( &init ), 0 );
796 TEST_EQUAL( psa_get_key_algorithm( &zero ), 0 );
Jaeden Amero70261c52019-01-04 11:47:20 +0000797}
798/* END_CASE */
799
800/* BEGIN_CASE */
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200801void mac_key_policy( int policy_usage_arg,
802 int policy_alg_arg,
803 int key_type_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200804 data_t *key_data,
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200805 int exercise_alg_arg,
Mateusz Starzykd07f4fc2021-08-24 11:01:23 +0200806 int expected_status_sign_arg,
807 int expected_status_verify_arg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200808{
Ronald Cron5425a212020-08-04 14:58:35 +0200809 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200810 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero769ce272019-01-04 11:48:03 +0000811 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200812 psa_key_type_t key_type = key_type_arg;
813 psa_algorithm_t policy_alg = policy_alg_arg;
814 psa_algorithm_t exercise_alg = exercise_alg_arg;
815 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200816 psa_status_t status;
Mateusz Starzykd07f4fc2021-08-24 11:01:23 +0200817 psa_status_t expected_status_sign = expected_status_sign_arg;
818 psa_status_t expected_status_verify = expected_status_verify_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200819 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200820
Gilles Peskine8817f612018-12-18 00:18:46 +0100821 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200822
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200823 psa_set_key_usage_flags( &attributes, policy_usage );
824 psa_set_key_algorithm( &attributes, policy_alg );
825 psa_set_key_type( &attributes, key_type );
Gilles Peskined5b33222018-06-18 22:20:03 +0200826
Gilles Peskine049c7532019-05-15 20:22:09 +0200827 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200828 &key ) );
Gilles Peskined5b33222018-06-18 22:20:03 +0200829
gabor-mezei-arm40d5cd82021-06-29 11:06:16 +0200830 TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
831 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200832
Ronald Cron5425a212020-08-04 14:58:35 +0200833 status = psa_mac_sign_setup( &operation, key, exercise_alg );
Mateusz Starzykd07f4fc2021-08-24 11:01:23 +0200834 TEST_EQUAL( status, expected_status_sign );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100835
Mateusz Starzyk1ebcd552021-08-30 17:09:03 +0200836 /* Calculate the MAC, one-shot case. */
837 uint8_t input[128] = {0};
838 size_t mac_len;
839 TEST_EQUAL( psa_mac_compute( key, exercise_alg,
840 input, 128,
841 mac, PSA_MAC_MAX_SIZE, &mac_len ),
842 expected_status_sign );
843
844 /* Verify correct MAC, one-shot case. */
845 status = psa_mac_verify( key, exercise_alg, input, 128,
846 mac, mac_len );
847
848 if( expected_status_sign != PSA_SUCCESS && expected_status_verify == PSA_SUCCESS )
849 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
850 else
851 TEST_EQUAL( status, expected_status_verify );
852
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200853 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200854
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200855 memset( mac, 0, sizeof( mac ) );
Ronald Cron5425a212020-08-04 14:58:35 +0200856 status = psa_mac_verify_setup( &operation, key, exercise_alg );
Mateusz Starzykd07f4fc2021-08-24 11:01:23 +0200857 TEST_EQUAL( status, expected_status_verify );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200858
859exit:
860 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +0200861 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200862 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200863}
864/* END_CASE */
865
866/* BEGIN_CASE */
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200867void cipher_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200868 int policy_alg,
869 int key_type,
870 data_t *key_data,
871 int exercise_alg )
872{
Ronald Cron5425a212020-08-04 14:58:35 +0200873 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200874 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero5bae2272019-01-04 11:48:27 +0000875 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200876 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200877 psa_status_t status;
878
Gilles Peskine8817f612018-12-18 00:18:46 +0100879 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200880
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200881 psa_set_key_usage_flags( &attributes, policy_usage );
882 psa_set_key_algorithm( &attributes, policy_alg );
883 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200884
Gilles Peskine049c7532019-05-15 20:22:09 +0200885 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200886 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200887
gabor-mezei-arm98a34352021-06-28 14:05:00 +0200888 /* Check if no key usage flag implication is done */
889 TEST_EQUAL( policy_usage,
890 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200891
Ronald Cron5425a212020-08-04 14:58:35 +0200892 status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200893 if( policy_alg == exercise_alg &&
894 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100895 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200896 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100897 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200898 psa_cipher_abort( &operation );
899
Ronald Cron5425a212020-08-04 14:58:35 +0200900 status = psa_cipher_decrypt_setup( &operation, key, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200901 if( policy_alg == exercise_alg &&
902 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +0100903 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200904 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100905 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200906
907exit:
908 psa_cipher_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +0200909 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200910 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200911}
912/* END_CASE */
913
914/* BEGIN_CASE */
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200915void aead_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200916 int policy_alg,
917 int key_type,
918 data_t *key_data,
919 int nonce_length_arg,
920 int tag_length_arg,
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100921 int exercise_alg,
922 int expected_status_arg )
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200923{
Ronald Cron5425a212020-08-04 14:58:35 +0200924 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200925 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200926 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200927 psa_status_t status;
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100928 psa_status_t expected_status = expected_status_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200929 unsigned char nonce[16] = {0};
930 size_t nonce_length = nonce_length_arg;
931 unsigned char tag[16];
932 size_t tag_length = tag_length_arg;
933 size_t output_length;
934
935 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
936 TEST_ASSERT( tag_length <= sizeof( tag ) );
937
Gilles Peskine8817f612018-12-18 00:18:46 +0100938 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200939
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200940 psa_set_key_usage_flags( &attributes, policy_usage );
941 psa_set_key_algorithm( &attributes, policy_alg );
942 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200943
Gilles Peskine049c7532019-05-15 20:22:09 +0200944 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +0200945 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200946
gabor-mezei-arm98a34352021-06-28 14:05:00 +0200947 /* Check if no key usage implication is done */
948 TEST_EQUAL( policy_usage,
949 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200950
Ronald Cron5425a212020-08-04 14:58:35 +0200951 status = psa_aead_encrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200952 nonce, nonce_length,
953 NULL, 0,
954 NULL, 0,
955 tag, tag_length,
956 &output_length );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100957 if( ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
958 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200959 else
Gilles Peskinefe11b722018-12-18 00:24:04 +0100960 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200961
962 memset( tag, 0, sizeof( tag ) );
Ronald Cron5425a212020-08-04 14:58:35 +0200963 status = psa_aead_decrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200964 nonce, nonce_length,
965 NULL, 0,
966 tag, tag_length,
967 NULL, 0,
968 &output_length );
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100969 if( ( policy_usage & PSA_KEY_USAGE_DECRYPT ) == 0 )
970 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
971 else if( expected_status == PSA_SUCCESS )
Gilles Peskinefe11b722018-12-18 00:24:04 +0100972 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200973 else
Steven Cooremanb3ce8152021-02-18 12:03:50 +0100974 TEST_EQUAL( status, expected_status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200975
976exit:
Ronald Cron5425a212020-08-04 14:58:35 +0200977 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +0200978 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200979}
980/* END_CASE */
981
982/* BEGIN_CASE */
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200983void asymmetric_encryption_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200984 int policy_alg,
985 int key_type,
986 data_t *key_data,
987 int exercise_alg )
988{
Ronald Cron5425a212020-08-04 14:58:35 +0200989 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +0200990 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
gabor-mezei-armedf2df82021-05-13 16:17:16 +0200991 psa_key_usage_t policy_usage = policy_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200992 psa_status_t status;
993 size_t key_bits;
994 size_t buffer_length;
995 unsigned char *buffer = NULL;
996 size_t output_length;
997
Gilles Peskine8817f612018-12-18 00:18:46 +0100998 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200999
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001000 psa_set_key_usage_flags( &attributes, policy_usage );
1001 psa_set_key_algorithm( &attributes, policy_alg );
1002 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001003
Gilles Peskine049c7532019-05-15 20:22:09 +02001004 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001005 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001006
gabor-mezei-arm98a34352021-06-28 14:05:00 +02001007 /* Check if no key usage implication is done */
1008 TEST_EQUAL( policy_usage,
1009 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001010
Ronald Cron5425a212020-08-04 14:58:35 +02001011 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02001012 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001013 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1014 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02001015 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001016
Ronald Cron5425a212020-08-04 14:58:35 +02001017 status = psa_asymmetric_encrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001018 NULL, 0,
1019 NULL, 0,
1020 buffer, buffer_length,
1021 &output_length );
1022 if( policy_alg == exercise_alg &&
1023 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001024 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001025 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001026 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001027
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02001028 if( buffer_length != 0 )
1029 memset( buffer, 0, buffer_length );
Ronald Cron5425a212020-08-04 14:58:35 +02001030 status = psa_asymmetric_decrypt( key, exercise_alg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001031 buffer, buffer_length,
1032 NULL, 0,
1033 buffer, buffer_length,
1034 &output_length );
1035 if( policy_alg == exercise_alg &&
1036 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +01001037 TEST_EQUAL( status, PSA_ERROR_INVALID_PADDING );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001038 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001039 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001040
1041exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001042 /*
1043 * Key attributes may have been returned by psa_get_key_attributes()
1044 * thus reset them as required.
1045 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02001046 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001047
1048 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001049 PSA_DONE( );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001050 mbedtls_free( buffer );
1051}
1052/* END_CASE */
1053
1054/* BEGIN_CASE */
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001055void asymmetric_signature_key_policy( int policy_usage_arg,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001056 int policy_alg,
1057 int key_type,
1058 data_t *key_data,
Gilles Peskine30f77cd2019-01-14 16:06:39 +01001059 int exercise_alg,
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001060 int payload_length_arg,
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001061 int expected_usage_arg )
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001062{
Ronald Cron5425a212020-08-04 14:58:35 +02001063 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001064 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001065 psa_key_usage_t policy_usage = policy_usage_arg;
1066 psa_key_usage_t expected_usage = expected_usage_arg;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001067 psa_status_t status;
Gilles Peskine30f77cd2019-01-14 16:06:39 +01001068 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
1069 /* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
1070 * compatible with the policy and `payload_length_arg` is supposed to be
1071 * a valid input length to sign. If `payload_length_arg <= 0`,
1072 * `exercise_alg` is supposed to be forbidden by the policy. */
1073 int compatible_alg = payload_length_arg > 0;
1074 size_t payload_length = compatible_alg ? payload_length_arg : 0;
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001075 unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001076 size_t signature_length;
1077
gabor-mezei-arm98a34352021-06-28 14:05:00 +02001078 /* Check if all implicit usage flags are deployed
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001079 in the expected usage flags. */
gabor-mezei-arm98a34352021-06-28 14:05:00 +02001080 TEST_EQUAL( expected_usage,
1081 mbedtls_test_update_key_usage_flags( policy_usage ) );
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001082
Gilles Peskine8817f612018-12-18 00:18:46 +01001083 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001084
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001085 psa_set_key_usage_flags( &attributes, policy_usage );
1086 psa_set_key_algorithm( &attributes, policy_alg );
1087 psa_set_key_type( &attributes, key_type );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001088
Gilles Peskine049c7532019-05-15 20:22:09 +02001089 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001090 &key ) );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001091
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001092 TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
1093
Ronald Cron5425a212020-08-04 14:58:35 +02001094 status = psa_sign_hash( key, exercise_alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001095 payload, payload_length,
1096 signature, sizeof( signature ),
1097 &signature_length );
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001098 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001099 PSA_ASSERT( status );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001100 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001101 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001102
1103 memset( signature, 0, sizeof( signature ) );
Ronald Cron5425a212020-08-04 14:58:35 +02001104 status = psa_verify_hash( key, exercise_alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001105 payload, payload_length,
1106 signature, sizeof( signature ) );
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001107 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
Gilles Peskinefe11b722018-12-18 00:24:04 +01001108 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +02001109 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001110 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +02001111
gabor-mezei-armd851d682021-06-28 14:53:49 +02001112 if( PSA_ALG_IS_HASH_AND_SIGN( exercise_alg ) &&
1113 PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) )
gabor-mezei-armedf2df82021-05-13 16:17:16 +02001114 {
1115 status = psa_sign_message( key, exercise_alg,
1116 payload, payload_length,
1117 signature, sizeof( signature ),
1118 &signature_length );
1119 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE ) != 0 )
1120 PSA_ASSERT( status );
1121 else
1122 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
1123
1124 memset( signature, 0, sizeof( signature ) );
1125 status = psa_verify_message( key, exercise_alg,
1126 payload, payload_length,
1127 signature, sizeof( signature ) );
1128 if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) != 0 )
1129 TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
1130 else
1131 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
1132 }
1133
Gilles Peskined5b33222018-06-18 22:20:03 +02001134exit:
Ronald Cron5425a212020-08-04 14:58:35 +02001135 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001136 PSA_DONE( );
Gilles Peskined5b33222018-06-18 22:20:03 +02001137}
1138/* END_CASE */
1139
Janos Follathba3fab92019-06-11 14:50:16 +01001140/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +02001141void derive_key_policy( int policy_usage,
1142 int policy_alg,
1143 int key_type,
1144 data_t *key_data,
1145 int exercise_alg )
1146{
Ronald Cron5425a212020-08-04 14:58:35 +02001147 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001148 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001149 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineea0fb492018-07-12 17:17:20 +02001150 psa_status_t status;
1151
Gilles Peskine8817f612018-12-18 00:18:46 +01001152 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001153
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001154 psa_set_key_usage_flags( &attributes, policy_usage );
1155 psa_set_key_algorithm( &attributes, policy_alg );
1156 psa_set_key_type( &attributes, key_type );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001157
Gilles Peskine049c7532019-05-15 20:22:09 +02001158 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001159 &key ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001160
Janos Follathba3fab92019-06-11 14:50:16 +01001161 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
1162
1163 if( PSA_ALG_IS_TLS12_PRF( exercise_alg ) ||
1164 PSA_ALG_IS_TLS12_PSK_TO_MS( exercise_alg ) )
Janos Follath0c1ed842019-06-28 13:35:36 +01001165 {
Janos Follathba3fab92019-06-11 14:50:16 +01001166 PSA_ASSERT( psa_key_derivation_input_bytes(
1167 &operation,
1168 PSA_KEY_DERIVATION_INPUT_SEED,
1169 (const uint8_t*) "", 0) );
Janos Follath0c1ed842019-06-28 13:35:36 +01001170 }
Janos Follathba3fab92019-06-11 14:50:16 +01001171
1172 status = psa_key_derivation_input_key( &operation,
1173 PSA_KEY_DERIVATION_INPUT_SECRET,
Ronald Cron5425a212020-08-04 14:58:35 +02001174 key );
Janos Follathba3fab92019-06-11 14:50:16 +01001175
Gilles Peskineea0fb492018-07-12 17:17:20 +02001176 if( policy_alg == exercise_alg &&
1177 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
Gilles Peskine8817f612018-12-18 00:18:46 +01001178 PSA_ASSERT( status );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001179 else
Gilles Peskinefe11b722018-12-18 00:24:04 +01001180 TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001181
1182exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001183 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001184 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001185 PSA_DONE( );
Gilles Peskineea0fb492018-07-12 17:17:20 +02001186}
1187/* END_CASE */
1188
1189/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +02001190void agreement_key_policy( int policy_usage,
1191 int policy_alg,
1192 int key_type_arg,
1193 data_t *key_data,
Steven Cooremance48e852020-10-05 16:02:45 +02001194 int exercise_alg,
1195 int expected_status_arg )
Gilles Peskine01d718c2018-09-18 12:01:02 +02001196{
Ronald Cron5425a212020-08-04 14:58:35 +02001197 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001198 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001199 psa_key_type_t key_type = key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001200 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001201 psa_status_t status;
Steven Cooremance48e852020-10-05 16:02:45 +02001202 psa_status_t expected_status = expected_status_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +02001203
Gilles Peskine8817f612018-12-18 00:18:46 +01001204 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001205
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001206 psa_set_key_usage_flags( &attributes, policy_usage );
1207 psa_set_key_algorithm( &attributes, policy_alg );
1208 psa_set_key_type( &attributes, key_type );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001209
Gilles Peskine049c7532019-05-15 20:22:09 +02001210 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001211 &key ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001212
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001213 PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001214 status = mbedtls_test_psa_key_agreement_with_self( &operation, key );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001215
Steven Cooremance48e852020-10-05 16:02:45 +02001216 TEST_EQUAL( status, expected_status );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001217
1218exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001219 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001220 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001221 PSA_DONE( );
Gilles Peskine01d718c2018-09-18 12:01:02 +02001222}
1223/* END_CASE */
1224
1225/* BEGIN_CASE */
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001226void key_policy_alg2( int key_type_arg, data_t *key_data,
1227 int usage_arg, int alg_arg, int alg2_arg )
1228{
Ronald Cron5425a212020-08-04 14:58:35 +02001229 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001230 psa_key_type_t key_type = key_type_arg;
1231 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1232 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
1233 psa_key_usage_t usage = usage_arg;
1234 psa_algorithm_t alg = alg_arg;
1235 psa_algorithm_t alg2 = alg2_arg;
1236
1237 PSA_ASSERT( psa_crypto_init( ) );
1238
1239 psa_set_key_usage_flags( &attributes, usage );
1240 psa_set_key_algorithm( &attributes, alg );
1241 psa_set_key_enrollment_algorithm( &attributes, alg2 );
1242 psa_set_key_type( &attributes, key_type );
1243 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001244 &key ) );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001245
gabor-mezei-arm98a34352021-06-28 14:05:00 +02001246 /* Update the usage flags to obtain implicit usage flags */
1247 usage = mbedtls_test_update_key_usage_flags( usage );
Ronald Cron5425a212020-08-04 14:58:35 +02001248 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001249 TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
1250 TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
1251 TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 );
1252
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001253 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001254 goto exit;
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001255 if( ! mbedtls_test_psa_exercise_key( key, usage, alg2 ) )
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001256 goto exit;
1257
1258exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001259 /*
1260 * Key attributes may have been returned by psa_get_key_attributes()
1261 * thus reset them as required.
1262 */
1263 psa_reset_key_attributes( &got_attributes );
1264
Ronald Cron5425a212020-08-04 14:58:35 +02001265 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001266 PSA_DONE( );
Gilles Peskine96f0b3b2019-05-10 19:33:38 +02001267}
1268/* END_CASE */
1269
1270/* BEGIN_CASE */
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001271void raw_agreement_key_policy( int policy_usage,
1272 int policy_alg,
1273 int key_type_arg,
1274 data_t *key_data,
Steven Cooremance48e852020-10-05 16:02:45 +02001275 int exercise_alg,
1276 int expected_status_arg )
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001277{
Ronald Cron5425a212020-08-04 14:58:35 +02001278 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001279 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001280 psa_key_type_t key_type = key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001281 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001282 psa_status_t status;
Steven Cooremance48e852020-10-05 16:02:45 +02001283 psa_status_t expected_status = expected_status_arg;
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001284
1285 PSA_ASSERT( psa_crypto_init( ) );
1286
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001287 psa_set_key_usage_flags( &attributes, policy_usage );
1288 psa_set_key_algorithm( &attributes, policy_alg );
1289 psa_set_key_type( &attributes, key_type );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001290
Gilles Peskine049c7532019-05-15 20:22:09 +02001291 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001292 &key ) );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001293
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001294 status = mbedtls_test_psa_raw_key_agreement_with_self( exercise_alg, key );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001295
Steven Cooremance48e852020-10-05 16:02:45 +02001296 TEST_EQUAL( status, expected_status );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001297
1298exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02001299 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001300 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001301 PSA_DONE( );
Gilles Peskine04ee2d22019-04-11 21:25:46 +02001302}
1303/* END_CASE */
1304
1305/* BEGIN_CASE */
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001306void copy_success( int source_usage_arg,
1307 int source_alg_arg, int source_alg2_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001308 int type_arg, data_t *material,
1309 int copy_attributes,
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001310 int target_usage_arg,
1311 int target_alg_arg, int target_alg2_arg,
1312 int expected_usage_arg,
1313 int expected_alg_arg, int expected_alg2_arg )
Gilles Peskine57ab7212019-01-28 13:03:09 +01001314{
Gilles Peskineca25db92019-04-19 11:43:08 +02001315 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
1316 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001317 psa_key_usage_t expected_usage = expected_usage_arg;
1318 psa_algorithm_t expected_alg = expected_alg_arg;
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001319 psa_algorithm_t expected_alg2 = expected_alg2_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02001320 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
1321 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001322 uint8_t *export_buffer = NULL;
1323
Gilles Peskine57ab7212019-01-28 13:03:09 +01001324 PSA_ASSERT( psa_crypto_init( ) );
1325
Gilles Peskineca25db92019-04-19 11:43:08 +02001326 /* Prepare the source key. */
1327 psa_set_key_usage_flags( &source_attributes, source_usage_arg );
1328 psa_set_key_algorithm( &source_attributes, source_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001329 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
Gilles Peskineca25db92019-04-19 11:43:08 +02001330 psa_set_key_type( &source_attributes, type_arg );
Gilles Peskine049c7532019-05-15 20:22:09 +02001331 PSA_ASSERT( psa_import_key( &source_attributes,
1332 material->x, material->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001333 &source_key ) );
1334 PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001335
Gilles Peskineca25db92019-04-19 11:43:08 +02001336 /* Prepare the target attributes. */
1337 if( copy_attributes )
Ronald Cron65f38a32020-10-23 17:11:13 +02001338 {
Gilles Peskineca25db92019-04-19 11:43:08 +02001339 target_attributes = source_attributes;
Ronald Cron65f38a32020-10-23 17:11:13 +02001340 /* Set volatile lifetime to reset the key identifier to 0. */
1341 psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE );
1342 }
1343
Gilles Peskineca25db92019-04-19 11:43:08 +02001344 if( target_usage_arg != -1 )
1345 psa_set_key_usage_flags( &target_attributes, target_usage_arg );
1346 if( target_alg_arg != -1 )
1347 psa_set_key_algorithm( &target_attributes, target_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001348 if( target_alg2_arg != -1 )
1349 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001350
1351 /* Copy the key. */
Ronald Cron5425a212020-08-04 14:58:35 +02001352 PSA_ASSERT( psa_copy_key( source_key,
1353 &target_attributes, &target_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001354
1355 /* Destroy the source to ensure that this doesn't affect the target. */
Ronald Cron5425a212020-08-04 14:58:35 +02001356 PSA_ASSERT( psa_destroy_key( source_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001357
1358 /* Test that the target slot has the expected content and policy. */
Ronald Cron5425a212020-08-04 14:58:35 +02001359 PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) );
Gilles Peskineca25db92019-04-19 11:43:08 +02001360 TEST_EQUAL( psa_get_key_type( &source_attributes ),
1361 psa_get_key_type( &target_attributes ) );
1362 TEST_EQUAL( psa_get_key_bits( &source_attributes ),
1363 psa_get_key_bits( &target_attributes ) );
1364 TEST_EQUAL( expected_usage, psa_get_key_usage_flags( &target_attributes ) );
1365 TEST_EQUAL( expected_alg, psa_get_key_algorithm( &target_attributes ) );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001366 TEST_EQUAL( expected_alg2,
1367 psa_get_key_enrollment_algorithm( &target_attributes ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001368 if( expected_usage & PSA_KEY_USAGE_EXPORT )
1369 {
1370 size_t length;
1371 ASSERT_ALLOC( export_buffer, material->len );
Ronald Cron5425a212020-08-04 14:58:35 +02001372 PSA_ASSERT( psa_export_key( target_key, export_buffer,
Gilles Peskine57ab7212019-01-28 13:03:09 +01001373 material->len, &length ) );
1374 ASSERT_COMPARE( material->x, material->len,
1375 export_buffer, length );
1376 }
Steven Cooremanb3ce8152021-02-18 12:03:50 +01001377
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001378 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg ) )
Gilles Peskine57ab7212019-01-28 13:03:09 +01001379 goto exit;
Gilles Peskinec18e25f2021-02-12 23:48:20 +01001380 if( ! mbedtls_test_psa_exercise_key( target_key, expected_usage, expected_alg2 ) )
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001381 goto exit;
Gilles Peskine57ab7212019-01-28 13:03:09 +01001382
Ronald Cron5425a212020-08-04 14:58:35 +02001383 PSA_ASSERT( psa_destroy_key( target_key ) );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001384
1385exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001386 /*
1387 * Source and target key attributes may have been returned by
1388 * psa_get_key_attributes() thus reset them as required.
1389 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02001390 psa_reset_key_attributes( &source_attributes );
1391 psa_reset_key_attributes( &target_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01001392
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001393 PSA_DONE( );
Gilles Peskine57ab7212019-01-28 13:03:09 +01001394 mbedtls_free( export_buffer );
1395}
1396/* END_CASE */
1397
1398/* BEGIN_CASE */
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001399void copy_fail( int source_usage_arg,
1400 int source_alg_arg, int source_alg2_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001401 int type_arg, data_t *material,
1402 int target_type_arg, int target_bits_arg,
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001403 int target_usage_arg,
1404 int target_alg_arg, int target_alg2_arg,
Ronald Cron88a55462021-03-31 09:39:07 +02001405 int target_id_arg, int target_lifetime_arg,
Gilles Peskine4a644642019-05-03 17:14:08 +02001406 int expected_status_arg )
1407{
1408 psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT;
1409 psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +02001410 mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT;
1411 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
Ronald Cron88a55462021-03-31 09:39:07 +02001412 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, target_id_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001413
1414 PSA_ASSERT( psa_crypto_init( ) );
1415
1416 /* Prepare the source key. */
1417 psa_set_key_usage_flags( &source_attributes, source_usage_arg );
1418 psa_set_key_algorithm( &source_attributes, source_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001419 psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001420 psa_set_key_type( &source_attributes, type_arg );
Gilles Peskine049c7532019-05-15 20:22:09 +02001421 PSA_ASSERT( psa_import_key( &source_attributes,
1422 material->x, material->len,
Ronald Cron5425a212020-08-04 14:58:35 +02001423 &source_key ) );
Gilles Peskine4a644642019-05-03 17:14:08 +02001424
1425 /* Prepare the target attributes. */
Ronald Cron88a55462021-03-31 09:39:07 +02001426 psa_set_key_id( &target_attributes, key_id );
1427 psa_set_key_lifetime( &target_attributes, target_lifetime_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001428 psa_set_key_type( &target_attributes, target_type_arg );
1429 psa_set_key_bits( &target_attributes, target_bits_arg );
1430 psa_set_key_usage_flags( &target_attributes, target_usage_arg );
1431 psa_set_key_algorithm( &target_attributes, target_alg_arg );
Gilles Peskinebcdd44b2019-05-20 17:28:11 +02001432 psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg );
Gilles Peskine4a644642019-05-03 17:14:08 +02001433
1434 /* Try to copy the key. */
Ronald Cron5425a212020-08-04 14:58:35 +02001435 TEST_EQUAL( psa_copy_key( source_key,
1436 &target_attributes, &target_key ),
Gilles Peskine4a644642019-05-03 17:14:08 +02001437 expected_status_arg );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001438
Ronald Cron5425a212020-08-04 14:58:35 +02001439 PSA_ASSERT( psa_destroy_key( source_key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02001440
Gilles Peskine4a644642019-05-03 17:14:08 +02001441exit:
1442 psa_reset_key_attributes( &source_attributes );
1443 psa_reset_key_attributes( &target_attributes );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001444 PSA_DONE( );
Gilles Peskine4a644642019-05-03 17:14:08 +02001445}
1446/* END_CASE */
1447
1448/* BEGIN_CASE */
Jaeden Amero6a25b412019-01-04 11:47:44 +00001449void hash_operation_init( )
1450{
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001451 const uint8_t input[1] = { 0 };
Jaeden Amero6a25b412019-01-04 11:47:44 +00001452 /* Test each valid way of initializing the object, except for `= {0}`, as
1453 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
1454 * though it's OK by the C standard. We could test for this, but we'd need
1455 * to supress the Clang warning for the test. */
1456 psa_hash_operation_t func = psa_hash_operation_init( );
1457 psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
1458 psa_hash_operation_t zero;
1459
1460 memset( &zero, 0, sizeof( zero ) );
1461
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001462 /* A freshly-initialized hash operation should not be usable. */
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001463 TEST_EQUAL( psa_hash_update( &func, input, sizeof( input ) ),
1464 PSA_ERROR_BAD_STATE );
1465 TEST_EQUAL( psa_hash_update( &init, input, sizeof( input ) ),
1466 PSA_ERROR_BAD_STATE );
1467 TEST_EQUAL( psa_hash_update( &zero, input, sizeof( input ) ),
1468 PSA_ERROR_BAD_STATE );
1469
Jaeden Amero5229bbb2019-02-07 16:33:37 +00001470 /* A default hash operation should be abortable without error. */
1471 PSA_ASSERT( psa_hash_abort( &func ) );
1472 PSA_ASSERT( psa_hash_abort( &init ) );
1473 PSA_ASSERT( psa_hash_abort( &zero ) );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001474}
1475/* END_CASE */
1476
1477/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001478void hash_setup( int alg_arg,
1479 int expected_status_arg )
1480{
1481 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02001482 psa_status_t expected_status = expected_status_arg;
Jaeden Amero6a25b412019-01-04 11:47:44 +00001483 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001484 psa_status_t status;
1485
Gilles Peskine8817f612018-12-18 00:18:46 +01001486 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001487
Gilles Peskineda8191d1c2018-07-08 19:46:38 +02001488 status = psa_hash_setup( &operation, alg );
Gilles Peskinefe11b722018-12-18 00:24:04 +01001489 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001490
Gilles Peskine9e0a4a52019-02-25 22:11:18 +01001491 /* Whether setup succeeded or failed, abort must succeed. */
1492 PSA_ASSERT( psa_hash_abort( &operation ) );
1493
1494 /* If setup failed, reproduce the failure, so as to
1495 * test the resulting state of the operation object. */
1496 if( status != PSA_SUCCESS )
1497 TEST_EQUAL( psa_hash_setup( &operation, alg ), status );
1498
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001499 /* Now the operation object should be reusable. */
1500#if defined(KNOWN_SUPPORTED_HASH_ALG)
1501 PSA_ASSERT( psa_hash_setup( &operation, KNOWN_SUPPORTED_HASH_ALG ) );
1502 PSA_ASSERT( psa_hash_abort( &operation ) );
1503#endif
1504
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001505exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001506 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001507}
1508/* END_CASE */
1509
1510/* BEGIN_CASE */
Gilles Peskine0a749c82019-11-28 19:33:58 +01001511void hash_compute_fail( int alg_arg, data_t *input,
1512 int output_size_arg, int expected_status_arg )
1513{
1514 psa_algorithm_t alg = alg_arg;
1515 uint8_t *output = NULL;
1516 size_t output_size = output_size_arg;
1517 size_t output_length = INVALID_EXPORT_LENGTH;
1518 psa_status_t expected_status = expected_status_arg;
1519 psa_status_t status;
1520
1521 ASSERT_ALLOC( output, output_size );
1522
1523 PSA_ASSERT( psa_crypto_init( ) );
1524
1525 status = psa_hash_compute( alg, input->x, input->len,
1526 output, output_size, &output_length );
1527 TEST_EQUAL( status, expected_status );
1528 TEST_ASSERT( output_length <= output_size );
1529
1530exit:
1531 mbedtls_free( output );
1532 PSA_DONE( );
1533}
1534/* END_CASE */
1535
1536/* BEGIN_CASE */
Gilles Peskine88e08462020-01-28 20:43:00 +01001537void hash_compare_fail( int alg_arg, data_t *input,
1538 data_t *reference_hash,
1539 int expected_status_arg )
1540{
1541 psa_algorithm_t alg = alg_arg;
1542 psa_status_t expected_status = expected_status_arg;
1543 psa_status_t status;
1544
1545 PSA_ASSERT( psa_crypto_init( ) );
1546
1547 status = psa_hash_compare( alg, input->x, input->len,
1548 reference_hash->x, reference_hash->len );
1549 TEST_EQUAL( status, expected_status );
1550
1551exit:
1552 PSA_DONE( );
1553}
1554/* END_CASE */
1555
1556/* BEGIN_CASE */
Gilles Peskine0a749c82019-11-28 19:33:58 +01001557void hash_compute_compare( int alg_arg, data_t *input,
1558 data_t *expected_output )
1559{
1560 psa_algorithm_t alg = alg_arg;
1561 uint8_t output[PSA_HASH_MAX_SIZE + 1];
1562 size_t output_length = INVALID_EXPORT_LENGTH;
1563 size_t i;
1564
1565 PSA_ASSERT( psa_crypto_init( ) );
1566
1567 /* Compute with tight buffer */
1568 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001569 output, PSA_HASH_LENGTH( alg ),
Gilles Peskine0a749c82019-11-28 19:33:58 +01001570 &output_length ) );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001571 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001572 ASSERT_COMPARE( output, output_length,
1573 expected_output->x, expected_output->len );
1574
1575 /* Compute with larger buffer */
1576 PSA_ASSERT( psa_hash_compute( alg, input->x, input->len,
1577 output, sizeof( output ),
1578 &output_length ) );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001579 TEST_EQUAL( output_length, PSA_HASH_LENGTH( alg ) );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001580 ASSERT_COMPARE( output, output_length,
1581 expected_output->x, expected_output->len );
1582
1583 /* Compare with correct hash */
1584 PSA_ASSERT( psa_hash_compare( alg, input->x, input->len,
1585 output, output_length ) );
1586
1587 /* Compare with trailing garbage */
1588 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1589 output, output_length + 1 ),
1590 PSA_ERROR_INVALID_SIGNATURE );
1591
1592 /* Compare with truncated hash */
1593 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1594 output, output_length - 1 ),
1595 PSA_ERROR_INVALID_SIGNATURE );
1596
1597 /* Compare with corrupted value */
1598 for( i = 0; i < output_length; i++ )
1599 {
Chris Jones9634bb12021-01-20 15:56:42 +00001600 mbedtls_test_set_step( i );
Gilles Peskine0a749c82019-11-28 19:33:58 +01001601 output[i] ^= 1;
1602 TEST_EQUAL( psa_hash_compare( alg, input->x, input->len,
1603 output, output_length ),
1604 PSA_ERROR_INVALID_SIGNATURE );
1605 output[i] ^= 1;
1606 }
1607
1608exit:
1609 PSA_DONE( );
1610}
1611/* END_CASE */
1612
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001613/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrirf86548d2018-11-01 10:44:32 +02001614void hash_bad_order( )
1615{
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001616 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirf86548d2018-11-01 10:44:32 +02001617 unsigned char input[] = "";
1618 /* SHA-256 hash of an empty string */
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001619 const unsigned char valid_hash[] = {
itayzafrirf86548d2018-11-01 10:44:32 +02001620 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1621 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1622 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001623 unsigned char hash[sizeof(valid_hash)] = { 0 };
itayzafrirf86548d2018-11-01 10:44:32 +02001624 size_t hash_len;
Jaeden Amero6a25b412019-01-04 11:47:44 +00001625 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrirf86548d2018-11-01 10:44:32 +02001626
Gilles Peskine8817f612018-12-18 00:18:46 +01001627 PSA_ASSERT( psa_crypto_init( ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001628
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001629 /* Call setup twice in a row. */
1630 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001631 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001632 TEST_EQUAL( psa_hash_setup( &operation, alg ),
1633 PSA_ERROR_BAD_STATE );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001634 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001635 PSA_ASSERT( psa_hash_abort( &operation ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001636 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001637
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001638 /* Call update without calling setup beforehand. */
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001639 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001640 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001641 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001642
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001643 /* Check that update calls abort on error. */
1644 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgman6f710582021-06-24 18:14:52 +01001645 operation.id = UINT_MAX;
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001646 ASSERT_OPERATION_IS_ACTIVE( operation );
1647 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
1648 PSA_ERROR_BAD_STATE );
1649 ASSERT_OPERATION_IS_INACTIVE( operation );
1650 PSA_ASSERT( psa_hash_abort( &operation ) );
1651 ASSERT_OPERATION_IS_INACTIVE( operation );
1652
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001653 /* Call update after finish. */
1654 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1655 PSA_ASSERT( psa_hash_finish( &operation,
1656 hash, sizeof( hash ), &hash_len ) );
1657 TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001658 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001659 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001660
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001661 /* Call verify without calling setup beforehand. */
1662 TEST_EQUAL( psa_hash_verify( &operation,
1663 valid_hash, sizeof( valid_hash ) ),
1664 PSA_ERROR_BAD_STATE );
1665 PSA_ASSERT( psa_hash_abort( &operation ) );
1666
1667 /* Call verify after finish. */
1668 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1669 PSA_ASSERT( psa_hash_finish( &operation,
1670 hash, sizeof( hash ), &hash_len ) );
1671 TEST_EQUAL( psa_hash_verify( &operation,
1672 valid_hash, sizeof( valid_hash ) ),
1673 PSA_ERROR_BAD_STATE );
1674 PSA_ASSERT( psa_hash_abort( &operation ) );
1675
1676 /* Call verify twice in a row. */
1677 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001678 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001679 PSA_ASSERT( psa_hash_verify( &operation,
1680 valid_hash, sizeof( valid_hash ) ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001681 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001682 TEST_EQUAL( psa_hash_verify( &operation,
1683 valid_hash, sizeof( valid_hash ) ),
1684 PSA_ERROR_BAD_STATE );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001685 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001686 PSA_ASSERT( psa_hash_abort( &operation ) );
1687
1688 /* Call finish without calling setup beforehand. */
Gilles Peskinefe11b722018-12-18 00:24:04 +01001689 TEST_EQUAL( psa_hash_finish( &operation,
1690 hash, sizeof( hash ), &hash_len ),
Jaeden Ameroa0f625a2019-02-15 13:52:25 +00001691 PSA_ERROR_BAD_STATE );
Jaeden Amero11aa7ee2019-02-19 11:44:55 +00001692 PSA_ASSERT( psa_hash_abort( &operation ) );
1693
1694 /* Call finish twice in a row. */
1695 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1696 PSA_ASSERT( psa_hash_finish( &operation,
1697 hash, sizeof( hash ), &hash_len ) );
1698 TEST_EQUAL( psa_hash_finish( &operation,
1699 hash, sizeof( hash ), &hash_len ),
1700 PSA_ERROR_BAD_STATE );
1701 PSA_ASSERT( psa_hash_abort( &operation ) );
1702
1703 /* Call finish after calling verify. */
1704 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
1705 PSA_ASSERT( psa_hash_verify( &operation,
1706 valid_hash, sizeof( valid_hash ) ) );
1707 TEST_EQUAL( psa_hash_finish( &operation,
1708 hash, sizeof( hash ), &hash_len ),
1709 PSA_ERROR_BAD_STATE );
1710 PSA_ASSERT( psa_hash_abort( &operation ) );
itayzafrirf86548d2018-11-01 10:44:32 +02001711
1712exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001713 PSA_DONE( );
itayzafrirf86548d2018-11-01 10:44:32 +02001714}
1715/* END_CASE */
1716
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001717/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrir27e69452018-11-01 14:26:34 +02001718void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +03001719{
1720 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +02001721 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1722 * appended to it */
1723 unsigned char hash[] = {
1724 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1725 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1726 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001727 size_t expected_size = PSA_HASH_LENGTH( alg );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001728 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrirec93d302018-10-18 18:01:10 +03001729
Gilles Peskine8817f612018-12-18 00:18:46 +01001730 PSA_ASSERT( psa_crypto_init( ) );
itayzafrirec93d302018-10-18 18:01:10 +03001731
itayzafrir27e69452018-11-01 14:26:34 +02001732 /* psa_hash_verify with a smaller hash than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001733 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001734 ASSERT_OPERATION_IS_ACTIVE( operation );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001735 TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001736 PSA_ERROR_INVALID_SIGNATURE );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001737 ASSERT_OPERATION_IS_INACTIVE( operation );
1738 PSA_ASSERT( psa_hash_abort( &operation ) );
1739 ASSERT_OPERATION_IS_INACTIVE( operation );
itayzafrirec93d302018-10-18 18:01:10 +03001740
itayzafrir27e69452018-11-01 14:26:34 +02001741 /* psa_hash_verify with a non-matching hash */
Gilles Peskine8817f612018-12-18 00:18:46 +01001742 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001743 TEST_EQUAL( psa_hash_verify( &operation, hash + 1, expected_size ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001744 PSA_ERROR_INVALID_SIGNATURE );
itayzafrirec93d302018-10-18 18:01:10 +03001745
itayzafrir27e69452018-11-01 14:26:34 +02001746 /* psa_hash_verify with a hash longer than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001747 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001748 TEST_EQUAL( psa_hash_verify( &operation, hash, sizeof( hash ) ),
Gilles Peskinefe11b722018-12-18 00:24:04 +01001749 PSA_ERROR_INVALID_SIGNATURE );
itayzafrir4271df92018-10-24 18:16:19 +03001750
itayzafrirec93d302018-10-18 18:01:10 +03001751exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001752 PSA_DONE( );
itayzafrirec93d302018-10-18 18:01:10 +03001753}
1754/* END_CASE */
1755
Ronald Cronee414c72021-03-18 18:50:08 +01001756/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
itayzafrirb2dd5ed2018-11-01 11:58:59 +02001757void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +03001758{
1759 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +02001760 unsigned char hash[PSA_HASH_MAX_SIZE];
gabor-mezei-armcbcec212020-12-18 14:23:51 +01001761 size_t expected_size = PSA_HASH_LENGTH( alg );
Jaeden Amero6a25b412019-01-04 11:47:44 +00001762 psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
itayzafrir58028322018-10-25 10:22:01 +03001763 size_t hash_len;
1764
Gilles Peskine8817f612018-12-18 00:18:46 +01001765 PSA_ASSERT( psa_crypto_init( ) );
itayzafrir58028322018-10-25 10:22:01 +03001766
itayzafrir58028322018-10-25 10:22:01 +03001767 /* psa_hash_finish with a smaller hash buffer than expected */
Gilles Peskine8817f612018-12-18 00:18:46 +01001768 PSA_ASSERT( psa_hash_setup( &operation, alg ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01001769 TEST_EQUAL( psa_hash_finish( &operation,
Gilles Peskinef812dcf2018-12-18 00:33:25 +01001770 hash, expected_size - 1, &hash_len ),
1771 PSA_ERROR_BUFFER_TOO_SMALL );
itayzafrir58028322018-10-25 10:22:01 +03001772
1773exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001774 PSA_DONE( );
itayzafrir58028322018-10-25 10:22:01 +03001775}
1776/* END_CASE */
1777
Ronald Cronee414c72021-03-18 18:50:08 +01001778/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001779void hash_clone_source_state( )
1780{
1781 psa_algorithm_t alg = PSA_ALG_SHA_256;
1782 unsigned char hash[PSA_HASH_MAX_SIZE];
1783 psa_hash_operation_t op_source = PSA_HASH_OPERATION_INIT;
1784 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
1785 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
1786 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
1787 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
1788 size_t hash_len;
1789
1790 PSA_ASSERT( psa_crypto_init( ) );
1791 PSA_ASSERT( psa_hash_setup( &op_source, alg ) );
1792
1793 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
1794 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
1795 PSA_ASSERT( psa_hash_finish( &op_finished,
1796 hash, sizeof( hash ), &hash_len ) );
1797 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
1798 PSA_ASSERT( psa_hash_abort( &op_aborted ) );
1799
1800 TEST_EQUAL( psa_hash_clone( &op_source, &op_setup ),
1801 PSA_ERROR_BAD_STATE );
1802
1803 PSA_ASSERT( psa_hash_clone( &op_source, &op_init ) );
1804 PSA_ASSERT( psa_hash_finish( &op_init,
1805 hash, sizeof( hash ), &hash_len ) );
1806 PSA_ASSERT( psa_hash_clone( &op_source, &op_finished ) );
1807 PSA_ASSERT( psa_hash_finish( &op_finished,
1808 hash, sizeof( hash ), &hash_len ) );
1809 PSA_ASSERT( psa_hash_clone( &op_source, &op_aborted ) );
1810 PSA_ASSERT( psa_hash_finish( &op_aborted,
1811 hash, sizeof( hash ), &hash_len ) );
1812
1813exit:
1814 psa_hash_abort( &op_source );
1815 psa_hash_abort( &op_init );
1816 psa_hash_abort( &op_setup );
1817 psa_hash_abort( &op_finished );
1818 psa_hash_abort( &op_aborted );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001819 PSA_DONE( );
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001820}
1821/* END_CASE */
1822
Ronald Cronee414c72021-03-18 18:50:08 +01001823/* BEGIN_CASE depends_on:PSA_WANT_ALG_SHA_256 */
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001824void hash_clone_target_state( )
1825{
1826 psa_algorithm_t alg = PSA_ALG_SHA_256;
1827 unsigned char hash[PSA_HASH_MAX_SIZE];
1828 psa_hash_operation_t op_init = PSA_HASH_OPERATION_INIT;
1829 psa_hash_operation_t op_setup = PSA_HASH_OPERATION_INIT;
1830 psa_hash_operation_t op_finished = PSA_HASH_OPERATION_INIT;
1831 psa_hash_operation_t op_aborted = PSA_HASH_OPERATION_INIT;
1832 psa_hash_operation_t op_target = PSA_HASH_OPERATION_INIT;
1833 size_t hash_len;
1834
1835 PSA_ASSERT( psa_crypto_init( ) );
1836
1837 PSA_ASSERT( psa_hash_setup( &op_setup, alg ) );
1838 PSA_ASSERT( psa_hash_setup( &op_finished, alg ) );
1839 PSA_ASSERT( psa_hash_finish( &op_finished,
1840 hash, sizeof( hash ), &hash_len ) );
1841 PSA_ASSERT( psa_hash_setup( &op_aborted, alg ) );
1842 PSA_ASSERT( psa_hash_abort( &op_aborted ) );
1843
1844 PSA_ASSERT( psa_hash_clone( &op_setup, &op_target ) );
1845 PSA_ASSERT( psa_hash_finish( &op_target,
1846 hash, sizeof( hash ), &hash_len ) );
1847
1848 TEST_EQUAL( psa_hash_clone( &op_init, &op_target ), PSA_ERROR_BAD_STATE );
1849 TEST_EQUAL( psa_hash_clone( &op_finished, &op_target ),
1850 PSA_ERROR_BAD_STATE );
1851 TEST_EQUAL( psa_hash_clone( &op_aborted, &op_target ),
1852 PSA_ERROR_BAD_STATE );
1853
1854exit:
1855 psa_hash_abort( &op_target );
1856 psa_hash_abort( &op_init );
1857 psa_hash_abort( &op_setup );
1858 psa_hash_abort( &op_finished );
1859 psa_hash_abort( &op_aborted );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001860 PSA_DONE( );
Gilles Peskineebb2c3e2019-01-19 12:03:41 +01001861}
1862/* END_CASE */
1863
itayzafrir58028322018-10-25 10:22:01 +03001864/* BEGIN_CASE */
Jaeden Amero769ce272019-01-04 11:48:03 +00001865void mac_operation_init( )
1866{
Jaeden Amero252ef282019-02-15 14:05:35 +00001867 const uint8_t input[1] = { 0 };
1868
Jaeden Amero769ce272019-01-04 11:48:03 +00001869 /* Test each valid way of initializing the object, except for `= {0}`, as
1870 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
1871 * though it's OK by the C standard. We could test for this, but we'd need
1872 * to supress the Clang warning for the test. */
1873 psa_mac_operation_t func = psa_mac_operation_init( );
1874 psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
1875 psa_mac_operation_t zero;
1876
1877 memset( &zero, 0, sizeof( zero ) );
1878
Jaeden Amero252ef282019-02-15 14:05:35 +00001879 /* A freshly-initialized MAC operation should not be usable. */
1880 TEST_EQUAL( psa_mac_update( &func,
1881 input, sizeof( input ) ),
1882 PSA_ERROR_BAD_STATE );
1883 TEST_EQUAL( psa_mac_update( &init,
1884 input, sizeof( input ) ),
1885 PSA_ERROR_BAD_STATE );
1886 TEST_EQUAL( psa_mac_update( &zero,
1887 input, sizeof( input ) ),
1888 PSA_ERROR_BAD_STATE );
1889
Jaeden Amero5229bbb2019-02-07 16:33:37 +00001890 /* A default MAC operation should be abortable without error. */
1891 PSA_ASSERT( psa_mac_abort( &func ) );
1892 PSA_ASSERT( psa_mac_abort( &init ) );
1893 PSA_ASSERT( psa_mac_abort( &zero ) );
Jaeden Amero769ce272019-01-04 11:48:03 +00001894}
1895/* END_CASE */
1896
1897/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001898void mac_setup( int key_type_arg,
1899 data_t *key,
1900 int alg_arg,
1901 int expected_status_arg )
1902{
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001903 psa_key_type_t key_type = key_type_arg;
1904 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02001905 psa_status_t expected_status = expected_status_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00001906 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001907 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
1908#if defined(KNOWN_SUPPORTED_MAC_ALG)
1909 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
1910#endif
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001911
Gilles Peskine8817f612018-12-18 00:18:46 +01001912 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001913
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001914 if( ! exercise_mac_setup( key_type, key->x, key->len, alg,
1915 &operation, &status ) )
1916 goto exit;
Gilles Peskinefe11b722018-12-18 00:24:04 +01001917 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001918
Gilles Peskinef426e0f2019-02-25 17:42:03 +01001919 /* The operation object should be reusable. */
1920#if defined(KNOWN_SUPPORTED_MAC_ALG)
1921 if( ! exercise_mac_setup( KNOWN_SUPPORTED_MAC_KEY_TYPE,
1922 smoke_test_key_data,
1923 sizeof( smoke_test_key_data ),
1924 KNOWN_SUPPORTED_MAC_ALG,
1925 &operation, &status ) )
1926 goto exit;
1927 TEST_EQUAL( status, PSA_SUCCESS );
1928#endif
1929
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001930exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02001931 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001932}
1933/* END_CASE */
1934
Gilles Peskined6dc40c2021-01-12 12:55:31 +01001935/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256 */
Jaeden Amero252ef282019-02-15 14:05:35 +00001936void mac_bad_order( )
1937{
Ronald Cron5425a212020-08-04 14:58:35 +02001938 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Jaeden Amero252ef282019-02-15 14:05:35 +00001939 psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
1940 psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
Ronald Cron5425a212020-08-04 14:58:35 +02001941 const uint8_t key_data[] = {
Jaeden Amero252ef282019-02-15 14:05:35 +00001942 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1943 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1944 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001945 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Amero252ef282019-02-15 14:05:35 +00001946 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
1947 uint8_t sign_mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
1948 size_t sign_mac_length = 0;
1949 const uint8_t input[] = { 0xbb, 0xbb, 0xbb, 0xbb };
1950 const uint8_t verify_mac[] = {
1951 0x74, 0x65, 0x93, 0x8c, 0xeb, 0x1d, 0xb3, 0x76, 0x5a, 0x38, 0xe7, 0xdd,
1952 0x85, 0xc5, 0xad, 0x4f, 0x07, 0xe7, 0xd5, 0xb2, 0x64, 0xf0, 0x1a, 0x1a,
1953 0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
1954
1955 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01001956 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02001957 psa_set_key_algorithm( &attributes, alg );
1958 psa_set_key_type( &attributes, key_type );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001959
Ronald Cron5425a212020-08-04 14:58:35 +02001960 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
1961 &key ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02001962
Jaeden Amero252ef282019-02-15 14:05:35 +00001963 /* Call update without calling setup beforehand. */
1964 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
1965 PSA_ERROR_BAD_STATE );
1966 PSA_ASSERT( psa_mac_abort( &operation ) );
1967
1968 /* Call sign finish without calling setup beforehand. */
1969 TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ),
1970 &sign_mac_length),
1971 PSA_ERROR_BAD_STATE );
1972 PSA_ASSERT( psa_mac_abort( &operation ) );
1973
1974 /* Call verify finish without calling setup beforehand. */
1975 TEST_EQUAL( psa_mac_verify_finish( &operation,
1976 verify_mac, sizeof( verify_mac ) ),
1977 PSA_ERROR_BAD_STATE );
1978 PSA_ASSERT( psa_mac_abort( &operation ) );
1979
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001980 /* Call setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02001981 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001982 ASSERT_OPERATION_IS_ACTIVE( operation );
Ronald Cron5425a212020-08-04 14:58:35 +02001983 TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001984 PSA_ERROR_BAD_STATE );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001985 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001986 PSA_ASSERT( psa_mac_abort( &operation ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01001987 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00001988
Jaeden Amero252ef282019-02-15 14:05:35 +00001989 /* Call update after sign finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02001990 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00001991 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
1992 PSA_ASSERT( psa_mac_sign_finish( &operation,
1993 sign_mac, sizeof( sign_mac ),
1994 &sign_mac_length ) );
1995 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
1996 PSA_ERROR_BAD_STATE );
1997 PSA_ASSERT( psa_mac_abort( &operation ) );
1998
1999 /* Call update after verify finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02002000 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002001 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2002 PSA_ASSERT( psa_mac_verify_finish( &operation,
2003 verify_mac, sizeof( verify_mac ) ) );
2004 TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ),
2005 PSA_ERROR_BAD_STATE );
2006 PSA_ASSERT( psa_mac_abort( &operation ) );
2007
2008 /* Call sign finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002009 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002010 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2011 PSA_ASSERT( psa_mac_sign_finish( &operation,
2012 sign_mac, sizeof( sign_mac ),
2013 &sign_mac_length ) );
2014 TEST_EQUAL( psa_mac_sign_finish( &operation,
2015 sign_mac, sizeof( sign_mac ),
2016 &sign_mac_length ),
2017 PSA_ERROR_BAD_STATE );
2018 PSA_ASSERT( psa_mac_abort( &operation ) );
2019
2020 /* Call verify finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002021 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002022 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
2023 PSA_ASSERT( psa_mac_verify_finish( &operation,
2024 verify_mac, sizeof( verify_mac ) ) );
2025 TEST_EQUAL( psa_mac_verify_finish( &operation,
2026 verify_mac, sizeof( verify_mac ) ),
2027 PSA_ERROR_BAD_STATE );
2028 PSA_ASSERT( psa_mac_abort( &operation ) );
2029
2030 /* Setup sign but try verify. */
Ronald Cron5425a212020-08-04 14:58:35 +02002031 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002032 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002033 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002034 TEST_EQUAL( psa_mac_verify_finish( &operation,
2035 verify_mac, sizeof( verify_mac ) ),
2036 PSA_ERROR_BAD_STATE );
Dave Rodgman647791d2021-06-23 12:49:59 +01002037 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002038 PSA_ASSERT( psa_mac_abort( &operation ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002039 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002040
2041 /* Setup verify but try sign. */
Ronald Cron5425a212020-08-04 14:58:35 +02002042 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Jaeden Amero252ef282019-02-15 14:05:35 +00002043 PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002044 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002045 TEST_EQUAL( psa_mac_sign_finish( &operation,
2046 sign_mac, sizeof( sign_mac ),
2047 &sign_mac_length ),
2048 PSA_ERROR_BAD_STATE );
Dave Rodgman647791d2021-06-23 12:49:59 +01002049 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero252ef282019-02-15 14:05:35 +00002050 PSA_ASSERT( psa_mac_abort( &operation ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002051 ASSERT_OPERATION_IS_INACTIVE( operation );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002052
Ronald Cron5425a212020-08-04 14:58:35 +02002053 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02002054
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002055exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002056 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002057}
2058/* END_CASE */
2059
2060/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002061void mac_sign( int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002062 data_t *key_data,
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002063 int alg_arg,
2064 data_t *input,
2065 data_t *expected_mac )
2066{
Ronald Cron5425a212020-08-04 14:58:35 +02002067 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002068 psa_key_type_t key_type = key_type_arg;
2069 psa_algorithm_t alg = alg_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00002070 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002071 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002072 uint8_t *actual_mac = NULL;
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002073 size_t mac_buffer_size =
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002074 PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002075 size_t mac_length = 0;
Gilles Peskine8b356b52020-08-25 23:44:59 +02002076 const size_t output_sizes_to_test[] = {
2077 0,
2078 1,
2079 expected_mac->len - 1,
2080 expected_mac->len,
2081 expected_mac->len + 1,
2082 };
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002083
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002084 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002085 /* We expect PSA_MAC_LENGTH to be exact. */
Gilles Peskine3d404d62020-08-25 23:47:36 +02002086 TEST_ASSERT( expected_mac->len == mac_buffer_size );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002087
Gilles Peskine8817f612018-12-18 00:18:46 +01002088 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002089
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01002090 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002091 psa_set_key_algorithm( &attributes, alg );
2092 psa_set_key_type( &attributes, key_type );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002093
Ronald Cron5425a212020-08-04 14:58:35 +02002094 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2095 &key ) );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002096
Gilles Peskine8b356b52020-08-25 23:44:59 +02002097 for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ )
2098 {
2099 const size_t output_size = output_sizes_to_test[i];
2100 psa_status_t expected_status =
2101 ( output_size >= expected_mac->len ? PSA_SUCCESS :
2102 PSA_ERROR_BUFFER_TOO_SMALL );
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002103
Chris Jones9634bb12021-01-20 15:56:42 +00002104 mbedtls_test_set_step( output_size );
Gilles Peskine8b356b52020-08-25 23:44:59 +02002105 ASSERT_ALLOC( actual_mac, output_size );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002106
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002107 /* Calculate the MAC, one-shot case. */
2108 TEST_EQUAL( psa_mac_compute( key, alg,
2109 input->x, input->len,
2110 actual_mac, output_size, &mac_length ),
2111 expected_status );
2112 if( expected_status == PSA_SUCCESS )
2113 {
2114 ASSERT_COMPARE( expected_mac->x, expected_mac->len,
2115 actual_mac, mac_length );
2116 }
2117
2118 if( output_size > 0 )
2119 memset( actual_mac, 0, output_size );
2120
2121 /* Calculate the MAC, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002122 PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
Gilles Peskine8b356b52020-08-25 23:44:59 +02002123 PSA_ASSERT( psa_mac_update( &operation,
2124 input->x, input->len ) );
2125 TEST_EQUAL( psa_mac_sign_finish( &operation,
2126 actual_mac, output_size,
2127 &mac_length ),
2128 expected_status );
2129 PSA_ASSERT( psa_mac_abort( &operation ) );
2130
2131 if( expected_status == PSA_SUCCESS )
2132 {
2133 ASSERT_COMPARE( expected_mac->x, expected_mac->len,
2134 actual_mac, mac_length );
2135 }
2136 mbedtls_free( actual_mac );
2137 actual_mac = NULL;
2138 }
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002139
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002140exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002141 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002142 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002143 PSA_DONE( );
Gilles Peskine5e65cec2020-08-25 23:38:39 +02002144 mbedtls_free( actual_mac );
Gilles Peskinea7aa4422018-08-14 15:17:54 +02002145}
2146/* END_CASE */
2147
2148/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002149void mac_verify( int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002150 data_t *key_data,
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002151 int alg_arg,
2152 data_t *input,
2153 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +01002154{
Ronald Cron5425a212020-08-04 14:58:35 +02002155 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine8c9def32018-02-08 10:02:12 +01002156 psa_key_type_t key_type = key_type_arg;
2157 psa_algorithm_t alg = alg_arg;
Jaeden Amero769ce272019-01-04 11:48:03 +00002158 psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002159 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002160 uint8_t *perturbed_mac = NULL;
Gilles Peskine8c9def32018-02-08 10:02:12 +01002161
Gilles Peskine69c12672018-06-28 00:07:19 +02002162 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
2163
Gilles Peskine8817f612018-12-18 00:18:46 +01002164 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002165
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01002166 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002167 psa_set_key_algorithm( &attributes, alg );
2168 psa_set_key_type( &attributes, key_type );
mohammad16036df908f2018-04-02 08:34:15 -07002169
Ronald Cron5425a212020-08-04 14:58:35 +02002170 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2171 &key ) );
Gilles Peskinec0ec9722018-06-18 17:03:37 +02002172
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002173 /* Verify correct MAC, one-shot case. */
2174 PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len,
2175 expected_mac->x, expected_mac->len ) );
2176
2177 /* Verify correct MAC, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002178 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine8817f612018-12-18 00:18:46 +01002179 PSA_ASSERT( psa_mac_update( &operation,
2180 input->x, input->len ) );
2181 PSA_ASSERT( psa_mac_verify_finish( &operation,
2182 expected_mac->x,
2183 expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002184
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002185 /* Test a MAC that's too short, one-shot case. */
2186 TEST_EQUAL( psa_mac_verify( key, alg,
2187 input->x, input->len,
2188 expected_mac->x,
2189 expected_mac->len - 1 ),
2190 PSA_ERROR_INVALID_SIGNATURE );
2191
2192 /* Test a MAC that's too short, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002193 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002194 PSA_ASSERT( psa_mac_update( &operation,
2195 input->x, input->len ) );
2196 TEST_EQUAL( psa_mac_verify_finish( &operation,
2197 expected_mac->x,
2198 expected_mac->len - 1 ),
2199 PSA_ERROR_INVALID_SIGNATURE );
2200
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002201 /* Test a MAC that's too long, one-shot case. */
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002202 ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
2203 memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002204 TEST_EQUAL( psa_mac_verify( key, alg,
2205 input->x, input->len,
2206 perturbed_mac, expected_mac->len + 1 ),
2207 PSA_ERROR_INVALID_SIGNATURE );
2208
2209 /* Test a MAC that's too long, multi-part case. */
Ronald Cron5425a212020-08-04 14:58:35 +02002210 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002211 PSA_ASSERT( psa_mac_update( &operation,
2212 input->x, input->len ) );
2213 TEST_EQUAL( psa_mac_verify_finish( &operation,
2214 perturbed_mac,
2215 expected_mac->len + 1 ),
2216 PSA_ERROR_INVALID_SIGNATURE );
2217
2218 /* Test changing one byte. */
2219 for( size_t i = 0; i < expected_mac->len; i++ )
2220 {
Chris Jones9634bb12021-01-20 15:56:42 +00002221 mbedtls_test_set_step( i );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002222 perturbed_mac[i] ^= 1;
gabor-mezei-arm534bb992021-03-01 15:35:48 +01002223
2224 TEST_EQUAL( psa_mac_verify( key, alg,
2225 input->x, input->len,
2226 perturbed_mac, expected_mac->len ),
2227 PSA_ERROR_INVALID_SIGNATURE );
2228
Ronald Cron5425a212020-08-04 14:58:35 +02002229 PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002230 PSA_ASSERT( psa_mac_update( &operation,
2231 input->x, input->len ) );
2232 TEST_EQUAL( psa_mac_verify_finish( &operation,
2233 perturbed_mac,
2234 expected_mac->len ),
2235 PSA_ERROR_INVALID_SIGNATURE );
2236 perturbed_mac[i] ^= 1;
2237 }
2238
Gilles Peskine8c9def32018-02-08 10:02:12 +01002239exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002240 psa_mac_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002241 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002242 PSA_DONE( );
Gilles Peskine29c4a6c2020-08-26 00:01:39 +02002243 mbedtls_free( perturbed_mac );
Gilles Peskine8c9def32018-02-08 10:02:12 +01002244}
2245/* END_CASE */
2246
2247/* BEGIN_CASE */
Jaeden Amero5bae2272019-01-04 11:48:27 +00002248void cipher_operation_init( )
2249{
Jaeden Ameroab439972019-02-15 14:12:05 +00002250 const uint8_t input[1] = { 0 };
2251 unsigned char output[1] = { 0 };
2252 size_t output_length;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002253 /* Test each valid way of initializing the object, except for `= {0}`, as
2254 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
2255 * though it's OK by the C standard. We could test for this, but we'd need
2256 * to supress the Clang warning for the test. */
2257 psa_cipher_operation_t func = psa_cipher_operation_init( );
2258 psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
2259 psa_cipher_operation_t zero;
2260
2261 memset( &zero, 0, sizeof( zero ) );
2262
Jaeden Ameroab439972019-02-15 14:12:05 +00002263 /* A freshly-initialized cipher operation should not be usable. */
2264 TEST_EQUAL( psa_cipher_update( &func,
2265 input, sizeof( input ),
2266 output, sizeof( output ),
2267 &output_length ),
2268 PSA_ERROR_BAD_STATE );
2269 TEST_EQUAL( psa_cipher_update( &init,
2270 input, sizeof( input ),
2271 output, sizeof( output ),
2272 &output_length ),
2273 PSA_ERROR_BAD_STATE );
2274 TEST_EQUAL( psa_cipher_update( &zero,
2275 input, sizeof( input ),
2276 output, sizeof( output ),
2277 &output_length ),
2278 PSA_ERROR_BAD_STATE );
2279
Jaeden Amero5229bbb2019-02-07 16:33:37 +00002280 /* A default cipher operation should be abortable without error. */
2281 PSA_ASSERT( psa_cipher_abort( &func ) );
2282 PSA_ASSERT( psa_cipher_abort( &init ) );
2283 PSA_ASSERT( psa_cipher_abort( &zero ) );
Jaeden Amero5bae2272019-01-04 11:48:27 +00002284}
2285/* END_CASE */
2286
2287/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002288void cipher_setup( int key_type_arg,
2289 data_t *key,
2290 int alg_arg,
2291 int expected_status_arg )
2292{
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002293 psa_key_type_t key_type = key_type_arg;
2294 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002295 psa_status_t expected_status = expected_status_arg;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002296 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002297 psa_status_t status;
Gilles Peskine612ffd22021-01-20 18:51:00 +01002298#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002299 const uint8_t smoke_test_key_data[16] = "kkkkkkkkkkkkkkkk";
2300#endif
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002301
Gilles Peskine8817f612018-12-18 00:18:46 +01002302 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002303
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002304 if( ! exercise_cipher_setup( key_type, key->x, key->len, alg,
2305 &operation, &status ) )
2306 goto exit;
Gilles Peskinefe11b722018-12-18 00:24:04 +01002307 TEST_EQUAL( status, expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002308
Gilles Peskinef426e0f2019-02-25 17:42:03 +01002309 /* The operation object should be reusable. */
2310#if defined(KNOWN_SUPPORTED_CIPHER_ALG)
2311 if( ! exercise_cipher_setup( KNOWN_SUPPORTED_CIPHER_KEY_TYPE,
2312 smoke_test_key_data,
2313 sizeof( smoke_test_key_data ),
2314 KNOWN_SUPPORTED_CIPHER_ALG,
2315 &operation, &status ) )
2316 goto exit;
2317 TEST_EQUAL( status, PSA_SUCCESS );
2318#endif
2319
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002320exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002321 psa_cipher_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002322 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002323}
2324/* END_CASE */
2325
Ronald Cronee414c72021-03-18 18:50:08 +01002326/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_PKCS7 */
Jaeden Ameroab439972019-02-15 14:12:05 +00002327void cipher_bad_order( )
2328{
Ronald Cron5425a212020-08-04 14:58:35 +02002329 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Jaeden Ameroab439972019-02-15 14:12:05 +00002330 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
2331 psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002332 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Jaeden Ameroab439972019-02-15 14:12:05 +00002333 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002334 unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
Ronald Cron5425a212020-08-04 14:58:35 +02002335 const uint8_t key_data[] = {
Jaeden Ameroab439972019-02-15 14:12:05 +00002336 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
2337 0xaa, 0xaa, 0xaa, 0xaa };
2338 const uint8_t text[] = {
2339 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
2340 0xbb, 0xbb, 0xbb, 0xbb };
gabor-mezei-armcbcec212020-12-18 14:23:51 +01002341 uint8_t buffer[PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES)] = { 0 };
Jaeden Ameroab439972019-02-15 14:12:05 +00002342 size_t length = 0;
2343
2344 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002345 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
2346 psa_set_key_algorithm( &attributes, alg );
2347 psa_set_key_type( &attributes, key_type );
Ronald Cron5425a212020-08-04 14:58:35 +02002348 PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ),
2349 &key ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002350
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002351 /* Call encrypt setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002352 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01002353 ASSERT_OPERATION_IS_ACTIVE( operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002354 TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002355 PSA_ERROR_BAD_STATE );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01002356 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002357 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01002358 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002359
2360 /* Call decrypt setup twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002361 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01002362 ASSERT_OPERATION_IS_ACTIVE( operation );
Ronald Cron5425a212020-08-04 14:58:35 +02002363 TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002364 PSA_ERROR_BAD_STATE );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01002365 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002366 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman5ae6f752021-06-24 11:36:14 +01002367 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Amero36ee5d02019-02-19 09:25:10 +00002368
Jaeden Ameroab439972019-02-15 14:12:05 +00002369 /* Generate an IV without calling setup beforehand. */
2370 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2371 buffer, sizeof( buffer ),
2372 &length ),
2373 PSA_ERROR_BAD_STATE );
2374 PSA_ASSERT( psa_cipher_abort( &operation ) );
2375
2376 /* Generate an IV twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002377 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002378 PSA_ASSERT( psa_cipher_generate_iv( &operation,
2379 buffer, sizeof( buffer ),
2380 &length ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002381 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002382 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2383 buffer, sizeof( buffer ),
2384 &length ),
2385 PSA_ERROR_BAD_STATE );
Dave Rodgman647791d2021-06-23 12:49:59 +01002386 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002387 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002388 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002389
2390 /* Generate an IV after it's already set. */
Ronald Cron5425a212020-08-04 14:58:35 +02002391 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002392 PSA_ASSERT( psa_cipher_set_iv( &operation,
2393 iv, sizeof( iv ) ) );
2394 TEST_EQUAL( psa_cipher_generate_iv( &operation,
2395 buffer, sizeof( buffer ),
2396 &length ),
2397 PSA_ERROR_BAD_STATE );
2398 PSA_ASSERT( psa_cipher_abort( &operation ) );
2399
2400 /* Set an IV without calling setup beforehand. */
2401 TEST_EQUAL( psa_cipher_set_iv( &operation,
2402 iv, sizeof( iv ) ),
2403 PSA_ERROR_BAD_STATE );
2404 PSA_ASSERT( psa_cipher_abort( &operation ) );
2405
2406 /* Set an IV after it's already set. */
Ronald Cron5425a212020-08-04 14:58:35 +02002407 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002408 PSA_ASSERT( psa_cipher_set_iv( &operation,
2409 iv, sizeof( iv ) ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002410 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002411 TEST_EQUAL( psa_cipher_set_iv( &operation,
2412 iv, sizeof( iv ) ),
2413 PSA_ERROR_BAD_STATE );
Dave Rodgman647791d2021-06-23 12:49:59 +01002414 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002415 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002416 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002417
2418 /* Set an IV after it's already generated. */
Ronald Cron5425a212020-08-04 14:58:35 +02002419 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002420 PSA_ASSERT( psa_cipher_generate_iv( &operation,
2421 buffer, sizeof( buffer ),
2422 &length ) );
2423 TEST_EQUAL( psa_cipher_set_iv( &operation,
2424 iv, sizeof( iv ) ),
2425 PSA_ERROR_BAD_STATE );
2426 PSA_ASSERT( psa_cipher_abort( &operation ) );
2427
2428 /* Call update without calling setup beforehand. */
2429 TEST_EQUAL( psa_cipher_update( &operation,
2430 text, sizeof( text ),
2431 buffer, sizeof( buffer ),
2432 &length ),
2433 PSA_ERROR_BAD_STATE );
2434 PSA_ASSERT( psa_cipher_abort( &operation ) );
2435
2436 /* Call update without an IV where an IV is required. */
Dave Rodgman095dadc2021-06-23 12:48:52 +01002437 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002438 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002439 TEST_EQUAL( psa_cipher_update( &operation,
2440 text, sizeof( text ),
2441 buffer, sizeof( buffer ),
2442 &length ),
2443 PSA_ERROR_BAD_STATE );
Dave Rodgman647791d2021-06-23 12:49:59 +01002444 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002445 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002446 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002447
2448 /* Call update after finish. */
Ronald Cron5425a212020-08-04 14:58:35 +02002449 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002450 PSA_ASSERT( psa_cipher_set_iv( &operation,
2451 iv, sizeof( iv ) ) );
2452 PSA_ASSERT( psa_cipher_finish( &operation,
2453 buffer, sizeof( buffer ), &length ) );
2454 TEST_EQUAL( psa_cipher_update( &operation,
2455 text, sizeof( text ),
2456 buffer, sizeof( buffer ),
2457 &length ),
2458 PSA_ERROR_BAD_STATE );
2459 PSA_ASSERT( psa_cipher_abort( &operation ) );
2460
2461 /* Call finish without calling setup beforehand. */
2462 TEST_EQUAL( psa_cipher_finish( &operation,
2463 buffer, sizeof( buffer ), &length ),
2464 PSA_ERROR_BAD_STATE );
2465 PSA_ASSERT( psa_cipher_abort( &operation ) );
2466
2467 /* Call finish without an IV where an IV is required. */
Ronald Cron5425a212020-08-04 14:58:35 +02002468 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002469 /* Not calling update means we are encrypting an empty buffer, which is OK
2470 * for cipher modes with padding. */
Dave Rodgman647791d2021-06-23 12:49:59 +01002471 ASSERT_OPERATION_IS_ACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002472 TEST_EQUAL( psa_cipher_finish( &operation,
2473 buffer, sizeof( buffer ), &length ),
2474 PSA_ERROR_BAD_STATE );
Dave Rodgman647791d2021-06-23 12:49:59 +01002475 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002476 PSA_ASSERT( psa_cipher_abort( &operation ) );
Dave Rodgman647791d2021-06-23 12:49:59 +01002477 ASSERT_OPERATION_IS_INACTIVE( operation );
Jaeden Ameroab439972019-02-15 14:12:05 +00002478
2479 /* Call finish twice in a row. */
Ronald Cron5425a212020-08-04 14:58:35 +02002480 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Jaeden Ameroab439972019-02-15 14:12:05 +00002481 PSA_ASSERT( psa_cipher_set_iv( &operation,
2482 iv, sizeof( iv ) ) );
2483 PSA_ASSERT( psa_cipher_finish( &operation,
2484 buffer, sizeof( buffer ), &length ) );
2485 TEST_EQUAL( psa_cipher_finish( &operation,
2486 buffer, sizeof( buffer ), &length ),
2487 PSA_ERROR_BAD_STATE );
2488 PSA_ASSERT( psa_cipher_abort( &operation ) );
2489
Ronald Cron5425a212020-08-04 14:58:35 +02002490 PSA_ASSERT( psa_destroy_key( key ) );
Gilles Peskine76b29a72019-05-28 14:08:50 +02002491
Jaeden Ameroab439972019-02-15 14:12:05 +00002492exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002493 psa_cipher_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002494 PSA_DONE( );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +02002495}
2496/* END_CASE */
2497
2498/* BEGIN_CASE */
gabor-mezei-arma56756e2021-06-25 15:49:14 +02002499void cipher_encrypt_fail( int alg_arg,
2500 int key_type_arg,
2501 data_t *key_data,
2502 data_t *input,
2503 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002504{
Ronald Cron5425a212020-08-04 14:58:35 +02002505 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002506 psa_status_t status;
2507 psa_key_type_t key_type = key_type_arg;
2508 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +02002509 psa_status_t expected_status = expected_status_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002510 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002511 size_t output_buffer_size = 0;
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002512 size_t output_length = 0;
2513 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2514
2515 if ( PSA_ERROR_BAD_STATE != expected_status )
2516 {
2517 PSA_ASSERT( psa_crypto_init( ) );
2518
2519 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2520 psa_set_key_algorithm( &attributes, alg );
2521 psa_set_key_type( &attributes, key_type );
2522
2523 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
2524 input->len );
2525 ASSERT_ALLOC( output, output_buffer_size );
2526
2527 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2528 &key ) );
2529 }
2530
2531 status = psa_cipher_encrypt( key, alg, input->x, input->len, output,
2532 output_buffer_size, &output_length );
2533
2534 TEST_EQUAL( status, expected_status );
2535
2536exit:
2537 mbedtls_free( output );
2538 psa_destroy_key( key );
2539 PSA_DONE( );
2540}
2541/* END_CASE */
2542
2543/* BEGIN_CASE */
gabor-mezei-arma56756e2021-06-25 15:49:14 +02002544void cipher_encrypt_alg_without_iv( int alg_arg,
2545 int key_type_arg,
2546 data_t *key_data,
2547 data_t *input,
2548 data_t *expected_output )
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002549{
2550 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2551 psa_key_type_t key_type = key_type_arg;
2552 psa_algorithm_t alg = alg_arg;
2553 unsigned char *output = NULL;
2554 size_t output_buffer_size = 0;
2555 size_t output_length = 0;
2556 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2557
2558 PSA_ASSERT( psa_crypto_init( ) );
2559
2560 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2561 psa_set_key_algorithm( &attributes, alg );
2562 psa_set_key_type( &attributes, key_type );
2563
2564 output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2565 ASSERT_ALLOC( output, output_buffer_size );
2566
2567 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2568 &key ) );
2569
2570 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
2571 output_buffer_size, &output_length ) );
2572 TEST_ASSERT( output_length <=
2573 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
2574 TEST_ASSERT( output_length <=
2575 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
2576
2577 ASSERT_COMPARE( expected_output->x, expected_output->len,
2578 output, output_length );
2579exit:
2580 mbedtls_free( output );
2581 psa_destroy_key( key );
2582 PSA_DONE( );
2583}
2584/* END_CASE */
2585
2586/* BEGIN_CASE */
Paul Elliotta417f562021-07-14 12:31:21 +01002587void cipher_bad_key( int alg_arg, int key_type_arg, data_t *key_data )
2588{
2589 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2590 psa_algorithm_t alg = alg_arg;
2591 psa_key_type_t key_type = key_type_arg;
2592 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2593 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
2594 psa_status_t status;
2595
2596 PSA_ASSERT( psa_crypto_init( ) );
2597
2598 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2599 psa_set_key_algorithm( &attributes, alg );
2600 psa_set_key_type( &attributes, key_type );
2601
2602 /* Usage of either of these two size macros would cause divide by zero
2603 * with incorrect key types previously. Input length should be irrelevant
2604 * here. */
2605 TEST_EQUAL( PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, 16 ),
2606 0 );
2607 TEST_EQUAL( PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, 16 ), 0 );
2608
2609
2610 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2611 &key ) );
2612
2613 /* Should fail due to invalid alg type (to support invalid key type).
2614 * Encrypt or decrypt will end up in the same place. */
2615 status = psa_cipher_encrypt_setup( &operation, key, alg );
2616
2617 TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
2618
2619exit:
2620 psa_cipher_abort( &operation );
2621 psa_destroy_key( key );
2622 PSA_DONE( );
2623}
2624/* END_CASE */
2625
2626/* BEGIN_CASE */
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002627void cipher_encrypt_validation( int alg_arg,
2628 int key_type_arg,
2629 data_t *key_data,
2630 data_t *input )
2631{
2632 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2633 psa_key_type_t key_type = key_type_arg;
2634 psa_algorithm_t alg = alg_arg;
2635 size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
2636 unsigned char *output1 = NULL;
2637 size_t output1_buffer_size = 0;
2638 size_t output1_length = 0;
2639 unsigned char *output2 = NULL;
2640 size_t output2_buffer_size = 0;
2641 size_t output2_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002642 size_t function_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002643 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002644 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002645
Gilles Peskine8817f612018-12-18 00:18:46 +01002646 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002647
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002648 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2649 psa_set_key_algorithm( &attributes, alg );
2650 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002651
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002652 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
2653 output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
2654 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
2655 ASSERT_ALLOC( output1, output1_buffer_size );
2656 ASSERT_ALLOC( output2, output2_buffer_size );
2657
Ronald Cron5425a212020-08-04 14:58:35 +02002658 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2659 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002660
gabor-mezei-arm50c86cf2021-06-25 15:47:50 +02002661 /* The one-shot cipher encryption uses generated iv so validating
2662 the output is not possible. Validating with multipart encryption. */
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002663 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
2664 output1_buffer_size, &output1_length ) );
2665 TEST_ASSERT( output1_length <=
2666 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
2667 TEST_ASSERT( output1_length <=
gabor-mezei-armceface22021-01-21 12:26:17 +01002668 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002669
2670 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
2671 PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002672
Gilles Peskine8817f612018-12-18 00:18:46 +01002673 PSA_ASSERT( psa_cipher_update( &operation,
2674 input->x, input->len,
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002675 output2, output2_buffer_size,
Gilles Peskine8817f612018-12-18 00:18:46 +01002676 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002677 TEST_ASSERT( function_output_length <=
2678 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
2679 TEST_ASSERT( function_output_length <=
2680 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002681 output2_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002682
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002683 PSA_ASSERT( psa_cipher_finish( &operation,
2684 output2 + output2_length,
2685 output2_buffer_size - output2_length,
2686 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01002687 TEST_ASSERT( function_output_length <=
2688 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2689 TEST_ASSERT( function_output_length <=
2690 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002691 output2_length += function_output_length;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002692
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002693 PSA_ASSERT( psa_cipher_abort( &operation ) );
2694 ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
2695 output2, output2_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002696
Gilles Peskine50e586b2018-06-08 14:28:46 +02002697exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002698 psa_cipher_abort( &operation );
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002699 mbedtls_free( output1 );
2700 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02002701 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002702 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002703}
2704/* END_CASE */
2705
2706/* BEGIN_CASE */
2707void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002708 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002709 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002710 int first_part_size_arg,
2711 int output1_length_arg, int output2_length_arg,
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002712 data_t *expected_output,
2713 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002714{
Ronald Cron5425a212020-08-04 14:58:35 +02002715 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002716 psa_key_type_t key_type = key_type_arg;
2717 psa_algorithm_t alg = alg_arg;
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002718 psa_status_t status;
2719 psa_status_t expected_status = expected_status_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002720 size_t first_part_size = first_part_size_arg;
2721 size_t output1_length = output1_length_arg;
2722 size_t output2_length = output2_length_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002723 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002724 size_t output_buffer_size = 0;
2725 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002726 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002727 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002728 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002729
Gilles Peskine8817f612018-12-18 00:18:46 +01002730 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002731
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002732 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
2733 psa_set_key_algorithm( &attributes, alg );
2734 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002735
Ronald Cron5425a212020-08-04 14:58:35 +02002736 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2737 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002738
Ronald Cron5425a212020-08-04 14:58:35 +02002739 PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002740
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002741 if( iv->len > 0 )
2742 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002743 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002744 }
2745
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002746 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
2747 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002748 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002749
Gilles Peskinee0866522019-02-19 19:44:00 +01002750 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine8817f612018-12-18 00:18:46 +01002751 PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
2752 output, output_buffer_size,
2753 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002754 TEST_ASSERT( function_output_length == output1_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002755 TEST_ASSERT( function_output_length <=
2756 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2757 TEST_ASSERT( function_output_length <=
2758 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002759 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002760
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002761 if( first_part_size < input->len )
2762 {
2763 PSA_ASSERT( psa_cipher_update( &operation,
2764 input->x + first_part_size,
2765 input->len - first_part_size,
2766 ( output_buffer_size == 0 ? NULL :
2767 output + total_output_length ),
2768 output_buffer_size - total_output_length,
2769 &function_output_length ) );
2770 TEST_ASSERT( function_output_length == output2_length );
2771 TEST_ASSERT( function_output_length <=
2772 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2773 alg,
2774 input->len - first_part_size ) );
2775 TEST_ASSERT( function_output_length <=
2776 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
2777 total_output_length += function_output_length;
2778 }
gabor-mezei-armceface22021-01-21 12:26:17 +01002779
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002780 status = psa_cipher_finish( &operation,
2781 ( output_buffer_size == 0 ? NULL :
2782 output + total_output_length ),
2783 output_buffer_size - total_output_length,
2784 &function_output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002785 TEST_ASSERT( function_output_length <=
2786 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2787 TEST_ASSERT( function_output_length <=
2788 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002789 total_output_length += function_output_length;
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002790 TEST_EQUAL( status, expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002791
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002792 if( expected_status == PSA_SUCCESS )
2793 {
2794 PSA_ASSERT( psa_cipher_abort( &operation ) );
2795
2796 ASSERT_COMPARE( expected_output->x, expected_output->len,
2797 output, total_output_length );
2798 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002799
2800exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002801 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002802 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002803 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002804 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002805}
2806/* END_CASE */
2807
2808/* BEGIN_CASE */
2809void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02002810 data_t *key_data, data_t *iv,
itayzafrir3e02b3b2018-06-12 17:06:52 +03002811 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01002812 int first_part_size_arg,
2813 int output1_length_arg, int output2_length_arg,
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002814 data_t *expected_output,
2815 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +02002816{
Ronald Cron5425a212020-08-04 14:58:35 +02002817 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002818 psa_key_type_t key_type = key_type_arg;
2819 psa_algorithm_t alg = alg_arg;
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002820 psa_status_t status;
2821 psa_status_t expected_status = expected_status_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01002822 size_t first_part_size = first_part_size_arg;
2823 size_t output1_length = output1_length_arg;
2824 size_t output2_length = output2_length_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03002825 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002826 size_t output_buffer_size = 0;
2827 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002828 size_t total_output_length = 0;
Jaeden Amero5bae2272019-01-04 11:48:27 +00002829 psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002830 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine50e586b2018-06-08 14:28:46 +02002831
Gilles Peskine8817f612018-12-18 00:18:46 +01002832 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002833
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02002834 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2835 psa_set_key_algorithm( &attributes, alg );
2836 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03002837
Ronald Cron5425a212020-08-04 14:58:35 +02002838 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2839 &key ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002840
Ronald Cron5425a212020-08-04 14:58:35 +02002841 PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002842
Steven Cooreman177deba2020-09-07 17:14:14 +02002843 if( iv->len > 0 )
2844 {
Steven Cooremana6033e92020-08-25 11:47:50 +02002845 PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002846 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002847
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002848 output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
2849 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02002850 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002851
Gilles Peskinee0866522019-02-19 19:44:00 +01002852 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine8817f612018-12-18 00:18:46 +01002853 PSA_ASSERT( psa_cipher_update( &operation,
2854 input->x, first_part_size,
2855 output, output_buffer_size,
2856 &function_output_length ) );
Gilles Peskinee0866522019-02-19 19:44:00 +01002857 TEST_ASSERT( function_output_length == output1_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002858 TEST_ASSERT( function_output_length <=
2859 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
2860 TEST_ASSERT( function_output_length <=
2861 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002862 total_output_length += function_output_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01002863
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002864 if( first_part_size < input->len )
Steven Cooreman177deba2020-09-07 17:14:14 +02002865 {
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002866 PSA_ASSERT( psa_cipher_update( &operation,
2867 input->x + first_part_size,
2868 input->len - first_part_size,
2869 ( output_buffer_size == 0 ? NULL :
2870 output + total_output_length ),
2871 output_buffer_size - total_output_length,
2872 &function_output_length ) );
2873 TEST_ASSERT( function_output_length == output2_length );
2874 TEST_ASSERT( function_output_length <=
2875 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
2876 alg,
2877 input->len - first_part_size ) );
2878 TEST_ASSERT( function_output_length <=
2879 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
2880 total_output_length += function_output_length;
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02002881 }
Gilles Peskine50e586b2018-06-08 14:28:46 +02002882
Gilles Peskine50e586b2018-06-08 14:28:46 +02002883 status = psa_cipher_finish( &operation,
Gilles Peskine0c510f32021-03-24 00:41:51 +01002884 ( output_buffer_size == 0 ? NULL :
2885 output + total_output_length ),
Gilles Peskineee46fe72019-02-19 19:05:33 +01002886 output_buffer_size - total_output_length,
Gilles Peskine50e586b2018-06-08 14:28:46 +02002887 &function_output_length );
gabor-mezei-armceface22021-01-21 12:26:17 +01002888 TEST_ASSERT( function_output_length <=
2889 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
2890 TEST_ASSERT( function_output_length <=
2891 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +02002892 total_output_length += function_output_length;
Gilles Peskinefe11b722018-12-18 00:24:04 +01002893 TEST_EQUAL( status, expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002894
2895 if( expected_status == PSA_SUCCESS )
2896 {
Gilles Peskine8817f612018-12-18 00:18:46 +01002897 PSA_ASSERT( psa_cipher_abort( &operation ) );
gabor-mezei-arm95aad832021-06-25 18:21:33 +02002898
Gilles Peskinebd7dea92018-09-27 13:57:19 +02002899 ASSERT_COMPARE( expected_output->x, expected_output->len,
2900 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002901 }
2902
Gilles Peskine50e586b2018-06-08 14:28:46 +02002903exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02002904 psa_cipher_abort( &operation );
itayzafrir3e02b3b2018-06-12 17:06:52 +03002905 mbedtls_free( output );
Ronald Cron5425a212020-08-04 14:58:35 +02002906 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02002907 PSA_DONE( );
Gilles Peskine50e586b2018-06-08 14:28:46 +02002908}
2909/* END_CASE */
2910
Gilles Peskine50e586b2018-06-08 14:28:46 +02002911/* BEGIN_CASE */
gabor-mezei-arma56756e2021-06-25 15:49:14 +02002912void cipher_decrypt_fail( int alg_arg,
2913 int key_type_arg,
2914 data_t *key_data,
2915 data_t *iv,
2916 data_t *input_arg,
2917 int expected_status_arg )
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01002918{
2919 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2920 psa_status_t status;
2921 psa_key_type_t key_type = key_type_arg;
2922 psa_algorithm_t alg = alg_arg;
2923 psa_status_t expected_status = expected_status_arg;
2924 unsigned char *input = NULL;
2925 size_t input_buffer_size = 0;
2926 unsigned char *output = NULL;
2927 size_t output_buffer_size = 0;
2928 size_t output_length = 0;
2929 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2930
2931 if ( PSA_ERROR_BAD_STATE != expected_status )
2932 {
2933 PSA_ASSERT( psa_crypto_init( ) );
2934
2935 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2936 psa_set_key_algorithm( &attributes, alg );
2937 psa_set_key_type( &attributes, key_type );
2938
2939 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
2940 &key ) );
2941 }
2942
2943 /* Allocate input buffer and copy the iv and the plaintext */
2944 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
2945 if ( input_buffer_size > 0 )
2946 {
2947 ASSERT_ALLOC( input, input_buffer_size );
2948 memcpy( input, iv->x, iv->len );
2949 memcpy( input + iv->len, input_arg->x, input_arg->len );
2950 }
2951
2952 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
2953 ASSERT_ALLOC( output, output_buffer_size );
2954
2955 status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
2956 output_buffer_size, &output_length );
2957 TEST_EQUAL( status, expected_status );
2958
2959exit:
2960 mbedtls_free( input );
2961 mbedtls_free( output );
2962 psa_destroy_key( key );
2963 PSA_DONE( );
2964}
2965/* END_CASE */
2966
2967/* BEGIN_CASE */
2968void cipher_decrypt( int alg_arg,
2969 int key_type_arg,
2970 data_t *key_data,
2971 data_t *iv,
2972 data_t *input_arg,
2973 data_t *expected_output )
2974{
2975 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
2976 psa_key_type_t key_type = key_type_arg;
2977 psa_algorithm_t alg = alg_arg;
2978 unsigned char *input = NULL;
2979 size_t input_buffer_size = 0;
2980 unsigned char *output = NULL;
2981 size_t output_buffer_size = 0;
2982 size_t output_length = 0;
2983 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2984
2985 PSA_ASSERT( psa_crypto_init( ) );
2986
2987 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
2988 psa_set_key_algorithm( &attributes, alg );
2989 psa_set_key_type( &attributes, key_type );
2990
2991 /* Allocate input buffer and copy the iv and the plaintext */
2992 input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
2993 if ( input_buffer_size > 0 )
2994 {
2995 ASSERT_ALLOC( input, input_buffer_size );
2996 memcpy( input, iv->x, iv->len );
2997 memcpy( input + iv->len, input_arg->x, input_arg->len );
2998 }
2999
3000 output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
3001 ASSERT_ALLOC( output, output_buffer_size );
3002
3003 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3004 &key ) );
3005
3006 PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
3007 output_buffer_size, &output_length ) );
3008 TEST_ASSERT( output_length <=
3009 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
3010 TEST_ASSERT( output_length <=
3011 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
3012
3013 ASSERT_COMPARE( expected_output->x, expected_output->len,
3014 output, output_length );
3015exit:
3016 mbedtls_free( input );
3017 mbedtls_free( output );
3018 psa_destroy_key( key );
3019 PSA_DONE( );
3020}
3021/* END_CASE */
3022
3023/* BEGIN_CASE */
3024void cipher_verify_output( int alg_arg,
3025 int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02003026 data_t *key_data,
itayzafrir3e02b3b2018-06-12 17:06:52 +03003027 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +02003028{
Ronald Cron5425a212020-08-04 14:58:35 +02003029 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003030 psa_key_type_t key_type = key_type_arg;
3031 psa_algorithm_t alg = alg_arg;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003032 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003033 size_t output1_size = 0;
3034 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003035 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003036 size_t output2_size = 0;
3037 size_t output2_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003038 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003039
Gilles Peskine8817f612018-12-18 00:18:46 +01003040 PSA_ASSERT( psa_crypto_init( ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003041
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003042 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3043 psa_set_key_algorithm( &attributes, alg );
3044 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03003045
Ronald Cron5425a212020-08-04 14:58:35 +02003046 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3047 &key ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003048 output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003049 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +03003050
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01003051 PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len,
3052 output1, output1_size,
3053 &output1_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003054 TEST_ASSERT( output1_length <=
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01003055 PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003056 TEST_ASSERT( output1_length <=
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01003057 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Moran Pekerded84402018-06-06 16:36:50 +03003058
3059 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003060 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +03003061
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01003062 PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length,
3063 output2, output2_size,
3064 &output2_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003065 TEST_ASSERT( output2_length <=
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01003066 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003067 TEST_ASSERT( output2_length <=
gabor-mezei-armf494bcd2021-03-01 15:11:46 +01003068 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
Moran Pekerded84402018-06-06 16:36:50 +03003069
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003070 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +03003071
3072exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +03003073 mbedtls_free( output1 );
3074 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02003075 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003076 PSA_DONE( );
Moran Pekerded84402018-06-06 16:36:50 +03003077}
3078/* END_CASE */
3079
3080/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +02003081void cipher_verify_output_multipart( int alg_arg,
3082 int key_type_arg,
Ronald Cron5425a212020-08-04 14:58:35 +02003083 data_t *key_data,
itayzafrir3e02b3b2018-06-12 17:06:52 +03003084 data_t *input,
Gilles Peskinee0866522019-02-19 19:44:00 +01003085 int first_part_size_arg )
Moran Pekerded84402018-06-06 16:36:50 +03003086{
Ronald Cron5425a212020-08-04 14:58:35 +02003087 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Moran Pekerded84402018-06-06 16:36:50 +03003088 psa_key_type_t key_type = key_type_arg;
3089 psa_algorithm_t alg = alg_arg;
Gilles Peskinee0866522019-02-19 19:44:00 +01003090 size_t first_part_size = first_part_size_arg;
Moran Pekerded84402018-06-06 16:36:50 +03003091 unsigned char iv[16] = {0};
3092 size_t iv_size = 16;
3093 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003094 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +02003095 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +03003096 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +03003097 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +02003098 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +03003099 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +02003100 size_t function_output_length;
Jaeden Amero5bae2272019-01-04 11:48:27 +00003101 psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
3102 psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003103 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Moran Pekerded84402018-06-06 16:36:50 +03003104
Gilles Peskine8817f612018-12-18 00:18:46 +01003105 PSA_ASSERT( psa_crypto_init( ) );
Moran Pekerded84402018-06-06 16:36:50 +03003106
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003107 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3108 psa_set_key_algorithm( &attributes, alg );
3109 psa_set_key_type( &attributes, key_type );
Moran Pekered346952018-07-05 15:22:45 +03003110
Ronald Cron5425a212020-08-04 14:58:35 +02003111 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3112 &key ) );
Moran Pekerded84402018-06-06 16:36:50 +03003113
Ronald Cron5425a212020-08-04 14:58:35 +02003114 PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
3115 PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
Moran Pekerded84402018-06-06 16:36:50 +03003116
Steven Cooreman177deba2020-09-07 17:14:14 +02003117 if( alg != PSA_ALG_ECB_NO_PADDING )
3118 {
Steven Cooremana6033e92020-08-25 11:47:50 +02003119 PSA_ASSERT( psa_cipher_generate_iv( &operation1,
3120 iv, iv_size,
3121 &iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02003122 }
3123
gabor-mezei-armceface22021-01-21 12:26:17 +01003124 output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
3125 TEST_ASSERT( output1_buffer_size <=
3126 PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003127 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +03003128
Gilles Peskinee0866522019-02-19 19:44:00 +01003129 TEST_ASSERT( first_part_size <= input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02003130
Gilles Peskine8817f612018-12-18 00:18:46 +01003131 PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
3132 output1, output1_buffer_size,
3133 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003134 TEST_ASSERT( function_output_length <=
3135 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
3136 TEST_ASSERT( function_output_length <=
3137 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003138 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003139
Gilles Peskine8817f612018-12-18 00:18:46 +01003140 PSA_ASSERT( psa_cipher_update( &operation1,
3141 input->x + first_part_size,
3142 input->len - first_part_size,
3143 output1, output1_buffer_size,
3144 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003145 TEST_ASSERT( function_output_length <=
3146 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
3147 alg,
3148 input->len - first_part_size ) );
3149 TEST_ASSERT( function_output_length <=
3150 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003151 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003152
Gilles Peskine8817f612018-12-18 00:18:46 +01003153 PSA_ASSERT( psa_cipher_finish( &operation1,
3154 output1 + output1_length,
3155 output1_buffer_size - output1_length,
3156 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003157 TEST_ASSERT( function_output_length <=
3158 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
3159 TEST_ASSERT( function_output_length <=
3160 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003161 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +02003162
Gilles Peskine8817f612018-12-18 00:18:46 +01003163 PSA_ASSERT( psa_cipher_abort( &operation1 ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003164
Gilles Peskine048b7f02018-06-08 14:20:49 +02003165 output2_buffer_size = output1_length;
gabor-mezei-armceface22021-01-21 12:26:17 +01003166 TEST_ASSERT( output2_buffer_size <=
3167 PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
3168 TEST_ASSERT( output2_buffer_size <=
3169 PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003170 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003171
Steven Cooreman177deba2020-09-07 17:14:14 +02003172 if( iv_length > 0 )
3173 {
Steven Cooremana6033e92020-08-25 11:47:50 +02003174 PSA_ASSERT( psa_cipher_set_iv( &operation2,
3175 iv, iv_length ) );
Steven Cooremaned3c9ec2020-07-06 14:08:59 +02003176 }
Moran Pekerded84402018-06-06 16:36:50 +03003177
Gilles Peskine8817f612018-12-18 00:18:46 +01003178 PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
3179 output2, output2_buffer_size,
3180 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003181 TEST_ASSERT( function_output_length <=
3182 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
3183 TEST_ASSERT( function_output_length <=
3184 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003185 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003186
Gilles Peskine8817f612018-12-18 00:18:46 +01003187 PSA_ASSERT( psa_cipher_update( &operation2,
3188 output1 + first_part_size,
3189 output1_length - first_part_size,
3190 output2, output2_buffer_size,
3191 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003192 TEST_ASSERT( function_output_length <=
3193 PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
3194 alg,
3195 output1_length - first_part_size ) );
3196 TEST_ASSERT( function_output_length <=
3197 PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003198 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +03003199
Gilles Peskine8817f612018-12-18 00:18:46 +01003200 PSA_ASSERT( psa_cipher_finish( &operation2,
3201 output2 + output2_length,
3202 output2_buffer_size - output2_length,
3203 &function_output_length ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01003204 TEST_ASSERT( function_output_length <=
3205 PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
3206 TEST_ASSERT( function_output_length <=
3207 PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
Gilles Peskine048b7f02018-06-08 14:20:49 +02003208 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +02003209
Gilles Peskine8817f612018-12-18 00:18:46 +01003210 PSA_ASSERT( psa_cipher_abort( &operation2 ) );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003211
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003212 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003213
3214exit:
Gilles Peskine64f13ef2020-08-25 23:15:20 +02003215 psa_cipher_abort( &operation1 );
3216 psa_cipher_abort( &operation2 );
itayzafrir3e02b3b2018-06-12 17:06:52 +03003217 mbedtls_free( output1 );
3218 mbedtls_free( output2 );
Ronald Cron5425a212020-08-04 14:58:35 +02003219 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003220 PSA_DONE( );
mohammad1603d7d7ba52018-03-12 18:51:53 +02003221}
3222/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +02003223
Gilles Peskine20035e32018-02-03 22:44:14 +01003224/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003225void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003226 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +02003227 data_t *nonce,
3228 data_t *additional_data,
3229 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003230 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003231{
Ronald Cron5425a212020-08-04 14:58:35 +02003232 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003233 psa_key_type_t key_type = key_type_arg;
3234 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003235 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003236 unsigned char *output_data = NULL;
3237 size_t output_size = 0;
3238 size_t output_length = 0;
3239 unsigned char *output_data2 = NULL;
3240 size_t output_length2 = 0;
Steven Cooremanf49478b2021-02-15 15:19:25 +01003241 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskine4abf7412018-06-18 16:35:34 +02003242 psa_status_t expected_result = expected_result_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003243 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003244
Gilles Peskine8817f612018-12-18 00:18:46 +01003245 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003246
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003247 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
3248 psa_set_key_algorithm( &attributes, alg );
3249 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003250
Gilles Peskine049c7532019-05-15 20:22:09 +02003251 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003252 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003253 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3254 key_bits = psa_get_key_bits( &attributes );
3255
3256 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3257 alg );
3258 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
3259 * should be exact. */
3260 if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
3261 expected_result != PSA_ERROR_NOT_SUPPORTED )
3262 {
3263 TEST_EQUAL( output_size,
3264 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3265 TEST_ASSERT( output_size <=
3266 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3267 }
3268 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003269
Steven Cooremanf49478b2021-02-15 15:19:25 +01003270 status = psa_aead_encrypt( key, alg,
3271 nonce->x, nonce->len,
3272 additional_data->x,
3273 additional_data->len,
3274 input_data->x, input_data->len,
3275 output_data, output_size,
3276 &output_length );
3277
3278 /* If the operation is not supported, just skip and not fail in case the
3279 * encryption involves a common limitation of cryptography hardwares and
3280 * an alternative implementation. */
3281 if( status == PSA_ERROR_NOT_SUPPORTED )
3282 {
3283 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3284 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
3285 }
3286
3287 TEST_EQUAL( status, expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003288
3289 if( PSA_SUCCESS == expected_result )
3290 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003291 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003292
Gilles Peskine003a4a92019-05-14 16:09:40 +02003293 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
3294 * should be exact. */
3295 TEST_EQUAL( input_data->len,
Bence Szépkútiec174e22021-03-19 18:46:15 +01003296 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
Gilles Peskine003a4a92019-05-14 16:09:40 +02003297
gabor-mezei-armceface22021-01-21 12:26:17 +01003298 TEST_ASSERT( input_data->len <=
3299 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
3300
Ronald Cron5425a212020-08-04 14:58:35 +02003301 TEST_EQUAL( psa_aead_decrypt( key, alg,
Gilles Peskinefe11b722018-12-18 00:24:04 +01003302 nonce->x, nonce->len,
3303 additional_data->x,
3304 additional_data->len,
3305 output_data, output_length,
3306 output_data2, output_length,
Gilles Peskinef812dcf2018-12-18 00:33:25 +01003307 &output_length2 ),
3308 expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +02003309
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003310 ASSERT_COMPARE( input_data->x, input_data->len,
3311 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003312 }
Gilles Peskine2d277862018-06-18 15:41:12 +02003313
Gilles Peskinea1cac842018-06-11 19:33:02 +02003314exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003315 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003316 mbedtls_free( output_data );
3317 mbedtls_free( output_data2 );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003318 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003319}
3320/* END_CASE */
3321
3322/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003323void aead_encrypt( int key_type_arg, data_t *key_data,
3324 int alg_arg,
3325 data_t *nonce,
3326 data_t *additional_data,
3327 data_t *input_data,
3328 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003329{
Ronald Cron5425a212020-08-04 14:58:35 +02003330 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003331 psa_key_type_t key_type = key_type_arg;
3332 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003333 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003334 unsigned char *output_data = NULL;
3335 size_t output_size = 0;
3336 size_t output_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003337 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Steven Cooremand588ea12021-01-11 19:36:04 +01003338 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003339
Gilles Peskine8817f612018-12-18 00:18:46 +01003340 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003341
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003342 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
3343 psa_set_key_algorithm( &attributes, alg );
3344 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003345
Gilles Peskine049c7532019-05-15 20:22:09 +02003346 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003347 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003348 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3349 key_bits = psa_get_key_bits( &attributes );
3350
3351 output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3352 alg );
3353 /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
3354 * should be exact. */
3355 TEST_EQUAL( output_size,
3356 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3357 TEST_ASSERT( output_size <=
3358 PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3359 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003360
Steven Cooremand588ea12021-01-11 19:36:04 +01003361 status = psa_aead_encrypt( key, alg,
3362 nonce->x, nonce->len,
3363 additional_data->x, additional_data->len,
3364 input_data->x, input_data->len,
3365 output_data, output_size,
3366 &output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003367
Ronald Cron28a45ed2021-02-09 20:35:42 +01003368 /* If the operation is not supported, just skip and not fail in case the
3369 * encryption involves a common limitation of cryptography hardwares and
3370 * an alternative implementation. */
3371 if( status == PSA_ERROR_NOT_SUPPORTED )
Steven Cooremand588ea12021-01-11 19:36:04 +01003372 {
Ronald Cron28a45ed2021-02-09 20:35:42 +01003373 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3374 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
Steven Cooremand588ea12021-01-11 19:36:04 +01003375 }
Steven Cooremand588ea12021-01-11 19:36:04 +01003376
3377 PSA_ASSERT( status );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003378 ASSERT_COMPARE( expected_result->x, expected_result->len,
3379 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +02003380
Gilles Peskinea1cac842018-06-11 19:33:02 +02003381exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003382 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003383 mbedtls_free( output_data );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003384 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003385}
3386/* END_CASE */
3387
3388/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +02003389void aead_decrypt( int key_type_arg, data_t *key_data,
3390 int alg_arg,
3391 data_t *nonce,
3392 data_t *additional_data,
3393 data_t *input_data,
3394 data_t *expected_data,
3395 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +02003396{
Ronald Cron5425a212020-08-04 14:58:35 +02003397 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003398 psa_key_type_t key_type = key_type_arg;
3399 psa_algorithm_t alg = alg_arg;
Bence Szépkútiec174e22021-03-19 18:46:15 +01003400 size_t key_bits;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003401 unsigned char *output_data = NULL;
3402 size_t output_size = 0;
3403 size_t output_length = 0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003404 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine4abf7412018-06-18 16:35:34 +02003405 psa_status_t expected_result = expected_result_arg;
Steven Cooremand588ea12021-01-11 19:36:04 +01003406 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
Gilles Peskinea1cac842018-06-11 19:33:02 +02003407
Gilles Peskine8817f612018-12-18 00:18:46 +01003408 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003409
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003410 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
3411 psa_set_key_algorithm( &attributes, alg );
3412 psa_set_key_type( &attributes, key_type );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003413
Gilles Peskine049c7532019-05-15 20:22:09 +02003414 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003415 &key ) );
Bence Szépkútiec174e22021-03-19 18:46:15 +01003416 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3417 key_bits = psa_get_key_bits( &attributes );
3418
3419 output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
3420 alg );
3421 if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
3422 expected_result != PSA_ERROR_NOT_SUPPORTED )
3423 {
3424 /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
3425 * should be exact. */
3426 TEST_EQUAL( output_size,
3427 PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
3428 TEST_ASSERT( output_size <=
3429 PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
3430 }
3431 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003432
Steven Cooremand588ea12021-01-11 19:36:04 +01003433 status = psa_aead_decrypt( key, alg,
3434 nonce->x, nonce->len,
3435 additional_data->x,
3436 additional_data->len,
3437 input_data->x, input_data->len,
3438 output_data, output_size,
3439 &output_length );
3440
Ronald Cron28a45ed2021-02-09 20:35:42 +01003441 /* If the operation is not supported, just skip and not fail in case the
3442 * decryption involves a common limitation of cryptography hardwares and
3443 * an alternative implementation. */
3444 if( status == PSA_ERROR_NOT_SUPPORTED )
Steven Cooremand588ea12021-01-11 19:36:04 +01003445 {
Ronald Cron28a45ed2021-02-09 20:35:42 +01003446 MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 );
3447 MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len );
Steven Cooremand588ea12021-01-11 19:36:04 +01003448 }
Steven Cooremand588ea12021-01-11 19:36:04 +01003449
3450 TEST_EQUAL( status, expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003451
Gilles Peskine2d277862018-06-18 15:41:12 +02003452 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003453 ASSERT_COMPARE( expected_data->x, expected_data->len,
3454 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003455
Gilles Peskinea1cac842018-06-11 19:33:02 +02003456exit:
Ronald Cron5425a212020-08-04 14:58:35 +02003457 psa_destroy_key( key );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003458 mbedtls_free( output_data );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003459 PSA_DONE( );
Gilles Peskinea1cac842018-06-11 19:33:02 +02003460}
3461/* END_CASE */
3462
3463/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003464void signature_size( int type_arg,
3465 int bits,
3466 int alg_arg,
3467 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +01003468{
3469 psa_key_type_t type = type_arg;
3470 psa_algorithm_t alg = alg_arg;
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003471 size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskine841b14b2019-11-26 17:37:37 +01003472
Gilles Peskinefe11b722018-12-18 00:24:04 +01003473 TEST_EQUAL( actual_size, (size_t) expected_size_arg );
Gilles Peskine841b14b2019-11-26 17:37:37 +01003474
Gilles Peskinee59236f2018-01-27 23:32:46 +01003475exit:
3476 ;
3477}
3478/* END_CASE */
3479
3480/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003481void sign_hash_deterministic( int key_type_arg, data_t *key_data,
3482 int alg_arg, data_t *input_data,
3483 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +01003484{
Ronald Cron5425a212020-08-04 14:58:35 +02003485 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinee59236f2018-01-27 23:32:46 +01003486 psa_key_type_t key_type = key_type_arg;
3487 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +01003488 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +01003489 unsigned char *signature = NULL;
3490 size_t signature_size;
3491 size_t signature_length = 0xdeadbeef;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003492 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003493
Gilles Peskine8817f612018-12-18 00:18:46 +01003494 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003495
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003496 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003497 psa_set_key_algorithm( &attributes, alg );
3498 psa_set_key_type( &attributes, key_type );
mohammad1603a97cb8c2018-03-28 03:46:26 -07003499
Gilles Peskine049c7532019-05-15 20:22:09 +02003500 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003501 &key ) );
3502 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003503 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine20035e32018-02-03 22:44:14 +01003504
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003505 /* Allocate a buffer which has the size advertized by the
3506 * library. */
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003507 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +02003508 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +01003509 TEST_ASSERT( signature_size != 0 );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003510 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003511 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003512
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003513 /* Perform the signature. */
Ronald Cron5425a212020-08-04 14:58:35 +02003514 PSA_ASSERT( psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003515 input_data->x, input_data->len,
3516 signature, signature_size,
3517 &signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003518 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +02003519 ASSERT_COMPARE( output_data->x, output_data->len,
3520 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +01003521
3522exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003523 /*
3524 * Key attributes may have been returned by psa_get_key_attributes()
3525 * thus reset them as required.
3526 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003527 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003528
Ronald Cron5425a212020-08-04 14:58:35 +02003529 psa_destroy_key( key );
Gilles Peskine0189e752018-02-03 23:57:22 +01003530 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003531 PSA_DONE( );
Gilles Peskine20035e32018-02-03 22:44:14 +01003532}
3533/* END_CASE */
3534
3535/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003536void sign_hash_fail( int key_type_arg, data_t *key_data,
3537 int alg_arg, data_t *input_data,
3538 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +01003539{
Ronald Cron5425a212020-08-04 14:58:35 +02003540 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003541 psa_key_type_t key_type = key_type_arg;
3542 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003543 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +01003544 psa_status_t actual_status;
3545 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +01003546 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +01003547 size_t signature_length = 0xdeadbeef;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003548 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine20035e32018-02-03 22:44:14 +01003549
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003550 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003551
Gilles Peskine8817f612018-12-18 00:18:46 +01003552 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003553
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003554 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003555 psa_set_key_algorithm( &attributes, alg );
3556 psa_set_key_type( &attributes, key_type );
mohammad1603a97cb8c2018-03-28 03:46:26 -07003557
Gilles Peskine049c7532019-05-15 20:22:09 +02003558 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003559 &key ) );
Gilles Peskine20035e32018-02-03 22:44:14 +01003560
Ronald Cron5425a212020-08-04 14:58:35 +02003561 actual_status = psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003562 input_data->x, input_data->len,
3563 signature, signature_size,
3564 &signature_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003565 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +02003566 /* The value of *signature_length is unspecified on error, but
3567 * whatever it is, it should be less than signature_size, so that
3568 * if the caller tries to read *signature_length bytes without
3569 * checking the error code then they don't overflow a buffer. */
3570 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +01003571
3572exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003573 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003574 psa_destroy_key( key );
Gilles Peskine20035e32018-02-03 22:44:14 +01003575 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003576 PSA_DONE( );
Gilles Peskine20035e32018-02-03 22:44:14 +01003577}
3578/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +03003579
3580/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003581void sign_verify_hash( int key_type_arg, data_t *key_data,
3582 int alg_arg, data_t *input_data )
Gilles Peskine9911b022018-06-29 17:30:48 +02003583{
Ronald Cron5425a212020-08-04 14:58:35 +02003584 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine9911b022018-06-29 17:30:48 +02003585 psa_key_type_t key_type = key_type_arg;
3586 psa_algorithm_t alg = alg_arg;
3587 size_t key_bits;
3588 unsigned char *signature = NULL;
3589 size_t signature_size;
3590 size_t signature_length = 0xdeadbeef;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003591 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine9911b022018-06-29 17:30:48 +02003592
Gilles Peskine8817f612018-12-18 00:18:46 +01003593 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003594
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003595 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003596 psa_set_key_algorithm( &attributes, alg );
3597 psa_set_key_type( &attributes, key_type );
Gilles Peskine9911b022018-06-29 17:30:48 +02003598
Gilles Peskine049c7532019-05-15 20:22:09 +02003599 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003600 &key ) );
3601 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003602 key_bits = psa_get_key_bits( &attributes );
Gilles Peskine9911b022018-06-29 17:30:48 +02003603
3604 /* Allocate a buffer which has the size advertized by the
3605 * library. */
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003606 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
Gilles Peskine9911b022018-06-29 17:30:48 +02003607 key_bits, alg );
3608 TEST_ASSERT( signature_size != 0 );
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003609 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003610 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +02003611
3612 /* Perform the signature. */
Ronald Cron5425a212020-08-04 14:58:35 +02003613 PSA_ASSERT( psa_sign_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003614 input_data->x, input_data->len,
3615 signature, signature_size,
3616 &signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003617 /* Check that the signature length looks sensible. */
3618 TEST_ASSERT( signature_length <= signature_size );
3619 TEST_ASSERT( signature_length > 0 );
3620
3621 /* Use the library to verify that the signature is correct. */
Ronald Cron5425a212020-08-04 14:58:35 +02003622 PSA_ASSERT( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003623 input_data->x, input_data->len,
3624 signature, signature_length ) );
Gilles Peskine9911b022018-06-29 17:30:48 +02003625
3626 if( input_data->len != 0 )
3627 {
3628 /* Flip a bit in the input and verify that the signature is now
3629 * detected as invalid. Flip a bit at the beginning, not at the end,
3630 * because ECDSA may ignore the last few bits of the input. */
3631 input_data->x[0] ^= 1;
Ronald Cron5425a212020-08-04 14:58:35 +02003632 TEST_EQUAL( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003633 input_data->x, input_data->len,
3634 signature, signature_length ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01003635 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine9911b022018-06-29 17:30:48 +02003636 }
3637
3638exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003639 /*
3640 * Key attributes may have been returned by psa_get_key_attributes()
3641 * thus reset them as required.
3642 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003643 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01003644
Ronald Cron5425a212020-08-04 14:58:35 +02003645 psa_destroy_key( key );
Gilles Peskine9911b022018-06-29 17:30:48 +02003646 mbedtls_free( signature );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003647 PSA_DONE( );
Gilles Peskine9911b022018-06-29 17:30:48 +02003648}
3649/* END_CASE */
3650
3651/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003652void verify_hash( int key_type_arg, data_t *key_data,
3653 int alg_arg, data_t *hash_data,
3654 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +03003655{
Ronald Cron5425a212020-08-04 14:58:35 +02003656 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
itayzafrir5c753392018-05-08 11:18:38 +03003657 psa_key_type_t key_type = key_type_arg;
3658 psa_algorithm_t alg = alg_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003659 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
itayzafrir5c753392018-05-08 11:18:38 +03003660
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003661 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
Gilles Peskine69c12672018-06-28 00:07:19 +02003662
Gilles Peskine8817f612018-12-18 00:18:46 +01003663 PSA_ASSERT( psa_crypto_init( ) );
itayzafrir5c753392018-05-08 11:18:38 +03003664
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003665 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003666 psa_set_key_algorithm( &attributes, alg );
3667 psa_set_key_type( &attributes, key_type );
itayzafrir5c753392018-05-08 11:18:38 +03003668
Gilles Peskine049c7532019-05-15 20:22:09 +02003669 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003670 &key ) );
itayzafrir5c753392018-05-08 11:18:38 +03003671
Ronald Cron5425a212020-08-04 14:58:35 +02003672 PSA_ASSERT( psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003673 hash_data->x, hash_data->len,
3674 signature_data->x, signature_data->len ) );
Gilles Peskine0627f982019-11-26 19:12:16 +01003675
itayzafrir5c753392018-05-08 11:18:38 +03003676exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003677 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003678 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003679 PSA_DONE( );
itayzafrir5c753392018-05-08 11:18:38 +03003680}
3681/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003682
3683/* BEGIN_CASE */
gabor-mezei-armb9530232021-04-16 14:21:21 +02003684void verify_hash_fail( int key_type_arg, data_t *key_data,
3685 int alg_arg, data_t *hash_data,
3686 data_t *signature_data,
3687 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003688{
Ronald Cron5425a212020-08-04 14:58:35 +02003689 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003690 psa_key_type_t key_type = key_type_arg;
3691 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003692 psa_status_t actual_status;
3693 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003694 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003695
Gilles Peskine8817f612018-12-18 00:18:46 +01003696 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003697
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003698 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003699 psa_set_key_algorithm( &attributes, alg );
3700 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03003701
Gilles Peskine049c7532019-05-15 20:22:09 +02003702 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003703 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003704
Ronald Cron5425a212020-08-04 14:58:35 +02003705 actual_status = psa_verify_hash( key, alg,
Gilles Peskine89d8c5c2019-11-26 17:01:59 +01003706 hash_data->x, hash_data->len,
3707 signature_data->x, signature_data->len );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003708 TEST_EQUAL( actual_status, expected_status );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003709
3710exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02003711 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02003712 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02003713 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003714}
3715/* END_CASE */
3716
Nir Sonnenschein39e59142018-05-02 23:16:26 +03003717/* BEGIN_CASE */
gabor-mezei-arm53028482021-04-15 18:19:50 +02003718void sign_message_deterministic( int key_type_arg,
3719 data_t *key_data,
3720 int alg_arg,
3721 data_t *input_data,
3722 data_t *output_data )
3723{
3724 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3725 psa_key_type_t key_type = key_type_arg;
3726 psa_algorithm_t alg = alg_arg;
3727 size_t key_bits;
3728 unsigned char *signature = NULL;
3729 size_t signature_size;
3730 size_t signature_length = 0xdeadbeef;
3731 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3732
3733 PSA_ASSERT( psa_crypto_init( ) );
3734
3735 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3736 psa_set_key_algorithm( &attributes, alg );
3737 psa_set_key_type( &attributes, key_type );
3738
3739 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3740 &key ) );
3741 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3742 key_bits = psa_get_key_bits( &attributes );
3743
3744 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
3745 TEST_ASSERT( signature_size != 0 );
3746 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
3747 ASSERT_ALLOC( signature, signature_size );
3748
3749 PSA_ASSERT( psa_sign_message( key, alg,
3750 input_data->x, input_data->len,
3751 signature, signature_size,
3752 &signature_length ) );
3753
3754 ASSERT_COMPARE( output_data->x, output_data->len,
3755 signature, signature_length );
3756
3757exit:
3758 psa_reset_key_attributes( &attributes );
3759
3760 psa_destroy_key( key );
3761 mbedtls_free( signature );
3762 PSA_DONE( );
3763
3764}
3765/* END_CASE */
3766
3767/* BEGIN_CASE */
3768void sign_message_fail( int key_type_arg,
3769 data_t *key_data,
3770 int alg_arg,
3771 data_t *input_data,
3772 int signature_size_arg,
3773 int expected_status_arg )
3774{
3775 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3776 psa_key_type_t key_type = key_type_arg;
3777 psa_algorithm_t alg = alg_arg;
3778 size_t signature_size = signature_size_arg;
3779 psa_status_t actual_status;
3780 psa_status_t expected_status = expected_status_arg;
3781 unsigned char *signature = NULL;
3782 size_t signature_length = 0xdeadbeef;
3783 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3784
3785 ASSERT_ALLOC( signature, signature_size );
3786
3787 PSA_ASSERT( psa_crypto_init( ) );
3788
3789 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
3790 psa_set_key_algorithm( &attributes, alg );
3791 psa_set_key_type( &attributes, key_type );
3792
3793 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3794 &key ) );
3795
3796 actual_status = psa_sign_message( key, alg,
3797 input_data->x, input_data->len,
3798 signature, signature_size,
3799 &signature_length );
3800 TEST_EQUAL( actual_status, expected_status );
3801 /* The value of *signature_length is unspecified on error, but
3802 * whatever it is, it should be less than signature_size, so that
3803 * if the caller tries to read *signature_length bytes without
3804 * checking the error code then they don't overflow a buffer. */
3805 TEST_ASSERT( signature_length <= signature_size );
3806
3807exit:
3808 psa_reset_key_attributes( &attributes );
3809 psa_destroy_key( key );
3810 mbedtls_free( signature );
3811 PSA_DONE( );
3812}
3813/* END_CASE */
3814
3815/* BEGIN_CASE */
3816void sign_verify_message( int key_type_arg,
3817 data_t *key_data,
3818 int alg_arg,
3819 data_t *input_data )
3820{
3821 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3822 psa_key_type_t key_type = key_type_arg;
3823 psa_algorithm_t alg = alg_arg;
3824 size_t key_bits;
3825 unsigned char *signature = NULL;
3826 size_t signature_size;
3827 size_t signature_length = 0xdeadbeef;
3828 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3829
3830 PSA_ASSERT( psa_crypto_init( ) );
3831
3832 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE |
3833 PSA_KEY_USAGE_VERIFY_MESSAGE );
3834 psa_set_key_algorithm( &attributes, alg );
3835 psa_set_key_type( &attributes, key_type );
3836
3837 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3838 &key ) );
3839 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
3840 key_bits = psa_get_key_bits( &attributes );
3841
3842 signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
3843 TEST_ASSERT( signature_size != 0 );
3844 TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
3845 ASSERT_ALLOC( signature, signature_size );
3846
3847 PSA_ASSERT( psa_sign_message( key, alg,
3848 input_data->x, input_data->len,
3849 signature, signature_size,
3850 &signature_length ) );
3851 TEST_ASSERT( signature_length <= signature_size );
3852 TEST_ASSERT( signature_length > 0 );
3853
3854 PSA_ASSERT( psa_verify_message( key, alg,
3855 input_data->x, input_data->len,
3856 signature, signature_length ) );
3857
3858 if( input_data->len != 0 )
3859 {
3860 /* Flip a bit in the input and verify that the signature is now
3861 * detected as invalid. Flip a bit at the beginning, not at the end,
3862 * because ECDSA may ignore the last few bits of the input. */
3863 input_data->x[0] ^= 1;
3864 TEST_EQUAL( psa_verify_message( key, alg,
3865 input_data->x, input_data->len,
3866 signature, signature_length ),
3867 PSA_ERROR_INVALID_SIGNATURE );
3868 }
3869
3870exit:
3871 psa_reset_key_attributes( &attributes );
3872
3873 psa_destroy_key( key );
3874 mbedtls_free( signature );
3875 PSA_DONE( );
3876}
3877/* END_CASE */
3878
3879/* BEGIN_CASE */
3880void verify_message( int key_type_arg,
3881 data_t *key_data,
3882 int alg_arg,
3883 data_t *input_data,
3884 data_t *signature_data )
3885{
3886 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3887 psa_key_type_t key_type = key_type_arg;
3888 psa_algorithm_t alg = alg_arg;
3889 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3890
3891 TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
3892
3893 PSA_ASSERT( psa_crypto_init( ) );
3894
3895 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
3896 psa_set_key_algorithm( &attributes, alg );
3897 psa_set_key_type( &attributes, key_type );
3898
3899 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3900 &key ) );
3901
3902 PSA_ASSERT( psa_verify_message( key, alg,
3903 input_data->x, input_data->len,
3904 signature_data->x, signature_data->len ) );
3905
3906exit:
3907 psa_reset_key_attributes( &attributes );
3908 psa_destroy_key( key );
3909 PSA_DONE( );
3910}
3911/* END_CASE */
3912
3913/* BEGIN_CASE */
3914void verify_message_fail( int key_type_arg,
3915 data_t *key_data,
3916 int alg_arg,
3917 data_t *hash_data,
3918 data_t *signature_data,
3919 int expected_status_arg )
3920{
3921 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
3922 psa_key_type_t key_type = key_type_arg;
3923 psa_algorithm_t alg = alg_arg;
3924 psa_status_t actual_status;
3925 psa_status_t expected_status = expected_status_arg;
3926 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
3927
3928 PSA_ASSERT( psa_crypto_init( ) );
3929
3930 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
3931 psa_set_key_algorithm( &attributes, alg );
3932 psa_set_key_type( &attributes, key_type );
3933
3934 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
3935 &key ) );
3936
3937 actual_status = psa_verify_message( key, alg,
3938 hash_data->x, hash_data->len,
3939 signature_data->x,
3940 signature_data->len );
3941 TEST_EQUAL( actual_status, expected_status );
3942
3943exit:
3944 psa_reset_key_attributes( &attributes );
3945 psa_destroy_key( key );
3946 PSA_DONE( );
3947}
3948/* END_CASE */
3949
3950/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +02003951void asymmetric_encrypt( int key_type_arg,
3952 data_t *key_data,
3953 int alg_arg,
3954 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +02003955 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +02003956 int expected_output_length_arg,
3957 int expected_status_arg )
3958{
Ronald Cron5425a212020-08-04 14:58:35 +02003959 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine656896e2018-06-29 19:12:28 +02003960 psa_key_type_t key_type = key_type_arg;
3961 psa_algorithm_t alg = alg_arg;
3962 size_t expected_output_length = expected_output_length_arg;
3963 size_t key_bits;
3964 unsigned char *output = NULL;
3965 size_t output_size;
3966 size_t output_length = ~0;
3967 psa_status_t actual_status;
3968 psa_status_t expected_status = expected_status_arg;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003969 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine656896e2018-06-29 19:12:28 +02003970
Gilles Peskine8817f612018-12-18 00:18:46 +01003971 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskinebdf309c2018-12-03 15:36:32 +01003972
Gilles Peskine656896e2018-06-29 19:12:28 +02003973 /* Import the key */
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02003974 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
3975 psa_set_key_algorithm( &attributes, alg );
3976 psa_set_key_type( &attributes, key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02003977 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02003978 &key ) );
Gilles Peskine656896e2018-06-29 19:12:28 +02003979
3980 /* Determine the maximum output length */
Ronald Cron5425a212020-08-04 14:58:35 +02003981 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02003982 key_bits = psa_get_key_bits( &attributes );
gabor-mezei-armceface22021-01-21 12:26:17 +01003983
Gilles Peskine656896e2018-06-29 19:12:28 +02003984 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
gabor-mezei-armceface22021-01-21 12:26:17 +01003985 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02003986 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +02003987
3988 /* Encrypt the input */
Ronald Cron5425a212020-08-04 14:58:35 +02003989 actual_status = psa_asymmetric_encrypt( key, alg,
Gilles Peskine656896e2018-06-29 19:12:28 +02003990 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +02003991 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +02003992 output, output_size,
3993 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01003994 TEST_EQUAL( actual_status, expected_status );
3995 TEST_EQUAL( output_length, expected_output_length );
Gilles Peskine656896e2018-06-29 19:12:28 +02003996
Gilles Peskine68428122018-06-30 18:42:41 +02003997 /* If the label is empty, the test framework puts a non-null pointer
3998 * in label->x. Test that a null pointer works as well. */
3999 if( label->len == 0 )
4000 {
4001 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004002 if( output_size != 0 )
4003 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02004004 actual_status = psa_asymmetric_encrypt( key, alg,
Gilles Peskine68428122018-06-30 18:42:41 +02004005 input_data->x, input_data->len,
4006 NULL, label->len,
4007 output, output_size,
4008 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004009 TEST_EQUAL( actual_status, expected_status );
4010 TEST_EQUAL( output_length, expected_output_length );
Gilles Peskine68428122018-06-30 18:42:41 +02004011 }
4012
Gilles Peskine656896e2018-06-29 19:12:28 +02004013exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004014 /*
4015 * Key attributes may have been returned by psa_get_key_attributes()
4016 * thus reset them as required.
4017 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004018 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004019
Ronald Cron5425a212020-08-04 14:58:35 +02004020 psa_destroy_key( key );
Gilles Peskine656896e2018-06-29 19:12:28 +02004021 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004022 PSA_DONE( );
Gilles Peskine656896e2018-06-29 19:12:28 +02004023}
4024/* END_CASE */
4025
4026/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02004027void asymmetric_encrypt_decrypt( int key_type_arg,
4028 data_t *key_data,
4029 int alg_arg,
4030 data_t *input_data,
4031 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004032{
Ronald Cron5425a212020-08-04 14:58:35 +02004033 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004034 psa_key_type_t key_type = key_type_arg;
4035 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004036 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004037 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004038 size_t output_size;
4039 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +03004040 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004041 size_t output2_size;
4042 size_t output2_length = ~0;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004043 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004044
Gilles Peskine8817f612018-12-18 00:18:46 +01004045 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004046
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004047 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
4048 psa_set_key_algorithm( &attributes, alg );
4049 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03004050
Gilles Peskine049c7532019-05-15 20:22:09 +02004051 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004052 &key ) );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004053
4054 /* Determine the maximum ciphertext length */
Ronald Cron5425a212020-08-04 14:58:35 +02004055 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004056 key_bits = psa_get_key_bits( &attributes );
gabor-mezei-armceface22021-01-21 12:26:17 +01004057
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004058 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
gabor-mezei-armceface22021-01-21 12:26:17 +01004059 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004060 ASSERT_ALLOC( output, output_size );
gabor-mezei-armceface22021-01-21 12:26:17 +01004061
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004062 output2_size = input_data->len;
gabor-mezei-armceface22021-01-21 12:26:17 +01004063 TEST_ASSERT( output2_size <=
4064 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
4065 TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004066 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004067
Gilles Peskineeebd7382018-06-08 18:11:54 +02004068 /* We test encryption by checking that encrypt-then-decrypt gives back
4069 * the original plaintext because of the non-optional random
4070 * part of encryption process which prevents using fixed vectors. */
Ronald Cron5425a212020-08-04 14:58:35 +02004071 PSA_ASSERT( psa_asymmetric_encrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004072 input_data->x, input_data->len,
4073 label->x, label->len,
4074 output, output_size,
4075 &output_length ) );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004076 /* We don't know what ciphertext length to expect, but check that
4077 * it looks sensible. */
4078 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +03004079
Ronald Cron5425a212020-08-04 14:58:35 +02004080 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004081 output, output_length,
4082 label->x, label->len,
4083 output2, output2_size,
4084 &output2_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02004085 ASSERT_COMPARE( input_data->x, input_data->len,
4086 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004087
4088exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004089 /*
4090 * Key attributes may have been returned by psa_get_key_attributes()
4091 * thus reset them as required.
4092 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004093 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004094
Ronald Cron5425a212020-08-04 14:58:35 +02004095 psa_destroy_key( key );
itayzafrir3e02b3b2018-06-12 17:06:52 +03004096 mbedtls_free( output );
4097 mbedtls_free( output2 );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004098 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004099}
4100/* END_CASE */
4101
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004102/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02004103void asymmetric_decrypt( int key_type_arg,
4104 data_t *key_data,
4105 int alg_arg,
4106 data_t *input_data,
4107 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +02004108 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004109{
Ronald Cron5425a212020-08-04 14:58:35 +02004110 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004111 psa_key_type_t key_type = key_type_arg;
4112 psa_algorithm_t alg = alg_arg;
gabor-mezei-armceface22021-01-21 12:26:17 +01004113 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004114 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +03004115 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004116 size_t output_length = ~0;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004117 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004118
Gilles Peskine8817f612018-12-18 00:18:46 +01004119 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004120
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004121 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
4122 psa_set_key_algorithm( &attributes, alg );
4123 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03004124
Gilles Peskine049c7532019-05-15 20:22:09 +02004125 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004126 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004127
gabor-mezei-armceface22021-01-21 12:26:17 +01004128 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
4129 key_bits = psa_get_key_bits( &attributes );
4130
4131 /* Determine the maximum ciphertext length */
4132 output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
4133 TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
4134 ASSERT_ALLOC( output, output_size );
4135
Ronald Cron5425a212020-08-04 14:58:35 +02004136 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004137 input_data->x, input_data->len,
4138 label->x, label->len,
4139 output,
4140 output_size,
4141 &output_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02004142 ASSERT_COMPARE( expected_data->x, expected_data->len,
4143 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004144
Gilles Peskine68428122018-06-30 18:42:41 +02004145 /* If the label is empty, the test framework puts a non-null pointer
4146 * in label->x. Test that a null pointer works as well. */
4147 if( label->len == 0 )
4148 {
4149 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004150 if( output_size != 0 )
4151 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02004152 PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
Gilles Peskine8817f612018-12-18 00:18:46 +01004153 input_data->x, input_data->len,
4154 NULL, label->len,
4155 output,
4156 output_size,
4157 &output_length ) );
Gilles Peskinebd7dea92018-09-27 13:57:19 +02004158 ASSERT_COMPARE( expected_data->x, expected_data->len,
4159 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +02004160 }
4161
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004162exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004163 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02004164 psa_destroy_key( key );
itayzafrir3e02b3b2018-06-12 17:06:52 +03004165 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004166 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004167}
4168/* END_CASE */
4169
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004170/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +02004171void asymmetric_decrypt_fail( int key_type_arg,
4172 data_t *key_data,
4173 int alg_arg,
4174 data_t *input_data,
4175 data_t *label,
Jaeden Amerof8daab72019-02-06 12:57:46 +00004176 int output_size_arg,
Gilles Peskine2d277862018-06-18 15:41:12 +02004177 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004178{
Ronald Cron5425a212020-08-04 14:58:35 +02004179 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004180 psa_key_type_t key_type = key_type_arg;
4181 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004182 unsigned char *output = NULL;
Jaeden Amerof8daab72019-02-06 12:57:46 +00004183 size_t output_size = output_size_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004184 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004185 psa_status_t actual_status;
4186 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004187 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004188
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004189 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +02004190
Gilles Peskine8817f612018-12-18 00:18:46 +01004191 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004192
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004193 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
4194 psa_set_key_algorithm( &attributes, alg );
4195 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheind7082602018-06-04 16:45:27 +03004196
Gilles Peskine049c7532019-05-15 20:22:09 +02004197 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004198 &key ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004199
Ronald Cron5425a212020-08-04 14:58:35 +02004200 actual_status = psa_asymmetric_decrypt( key, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +02004201 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +02004202 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +02004203 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +02004204 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004205 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004206 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004207
Gilles Peskine68428122018-06-30 18:42:41 +02004208 /* If the label is empty, the test framework puts a non-null pointer
4209 * in label->x. Test that a null pointer works as well. */
4210 if( label->len == 0 )
4211 {
4212 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02004213 if( output_size != 0 )
4214 memset( output, 0, output_size );
Ronald Cron5425a212020-08-04 14:58:35 +02004215 actual_status = psa_asymmetric_decrypt( key, alg,
Gilles Peskine68428122018-06-30 18:42:41 +02004216 input_data->x, input_data->len,
4217 NULL, label->len,
4218 output, output_size,
4219 &output_length );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004220 TEST_EQUAL( actual_status, expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +02004221 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +02004222 }
4223
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004224exit:
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004225 psa_reset_key_attributes( &attributes );
Ronald Cron5425a212020-08-04 14:58:35 +02004226 psa_destroy_key( key );
Gilles Peskine2d277862018-06-18 15:41:12 +02004227 mbedtls_free( output );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004228 PSA_DONE( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +03004229}
Gilles Peskine5b051bc2018-05-31 13:25:48 +02004230/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +02004231
4232/* BEGIN_CASE */
Gilles Peskinecbe66502019-05-16 16:59:18 +02004233void key_derivation_init( )
Jaeden Amerod94d6712019-01-04 14:11:48 +00004234{
4235 /* Test each valid way of initializing the object, except for `= {0}`, as
4236 * Clang 5 complains when `-Wmissing-field-initializers` is used, even
4237 * though it's OK by the C standard. We could test for this, but we'd need
4238 * to supress the Clang warning for the test. */
Jaeden Amero5229bbb2019-02-07 16:33:37 +00004239 size_t capacity;
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004240 psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
4241 psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
4242 psa_key_derivation_operation_t zero;
Jaeden Amerod94d6712019-01-04 14:11:48 +00004243
4244 memset( &zero, 0, sizeof( zero ) );
4245
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004246 /* A default operation should not be able to report its capacity. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004247 TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004248 PSA_ERROR_BAD_STATE );
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004249 TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004250 PSA_ERROR_BAD_STATE );
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004251 TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004252 PSA_ERROR_BAD_STATE );
Jaeden Amero5229bbb2019-02-07 16:33:37 +00004253
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004254 /* A default operation should be abortable without error. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02004255 PSA_ASSERT( psa_key_derivation_abort(&func) );
4256 PSA_ASSERT( psa_key_derivation_abort(&init) );
4257 PSA_ASSERT( psa_key_derivation_abort(&zero) );
Jaeden Amerod94d6712019-01-04 14:11:48 +00004258}
4259/* END_CASE */
4260
Janos Follath16de4a42019-06-13 16:32:24 +01004261/* BEGIN_CASE */
4262void derive_setup( int alg_arg, int expected_status_arg )
Gilles Peskineea0fb492018-07-12 17:17:20 +02004263{
Gilles Peskineea0fb492018-07-12 17:17:20 +02004264 psa_algorithm_t alg = alg_arg;
Gilles Peskineea0fb492018-07-12 17:17:20 +02004265 psa_status_t expected_status = expected_status_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004266 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineea0fb492018-07-12 17:17:20 +02004267
Gilles Peskine8817f612018-12-18 00:18:46 +01004268 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004269
Janos Follath16de4a42019-06-13 16:32:24 +01004270 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01004271 expected_status );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004272
4273exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004274 psa_key_derivation_abort( &operation );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004275 PSA_DONE( );
Gilles Peskineea0fb492018-07-12 17:17:20 +02004276}
4277/* END_CASE */
4278
Janos Follathaf3c2a02019-06-12 12:34:34 +01004279/* BEGIN_CASE */
Janos Follatha27c9272019-06-14 09:59:36 +01004280void derive_set_capacity( int alg_arg, int capacity_arg,
4281 int expected_status_arg )
4282{
4283 psa_algorithm_t alg = alg_arg;
4284 size_t capacity = capacity_arg;
4285 psa_status_t expected_status = expected_status_arg;
4286 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4287
4288 PSA_ASSERT( psa_crypto_init( ) );
4289
4290 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4291
4292 TEST_EQUAL( psa_key_derivation_set_capacity( &operation, capacity ),
4293 expected_status );
4294
4295exit:
4296 psa_key_derivation_abort( &operation );
4297 PSA_DONE( );
4298}
4299/* END_CASE */
4300
4301/* BEGIN_CASE */
Janos Follathaf3c2a02019-06-12 12:34:34 +01004302void derive_input( int alg_arg,
Gilles Peskine6842ba42019-09-23 13:49:33 +02004303 int step_arg1, int key_type_arg1, data_t *input1,
Janos Follathaf3c2a02019-06-12 12:34:34 +01004304 int expected_status_arg1,
Gilles Peskine2058c072019-09-24 17:19:33 +02004305 int step_arg2, int key_type_arg2, data_t *input2,
Janos Follathaf3c2a02019-06-12 12:34:34 +01004306 int expected_status_arg2,
Gilles Peskine2058c072019-09-24 17:19:33 +02004307 int step_arg3, int key_type_arg3, data_t *input3,
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004308 int expected_status_arg3,
4309 int output_key_type_arg, int expected_output_status_arg )
Janos Follathaf3c2a02019-06-12 12:34:34 +01004310{
4311 psa_algorithm_t alg = alg_arg;
Gilles Peskine6842ba42019-09-23 13:49:33 +02004312 psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3};
4313 psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3};
Janos Follathaf3c2a02019-06-12 12:34:34 +01004314 psa_status_t expected_statuses[] = {expected_status_arg1,
4315 expected_status_arg2,
4316 expected_status_arg3};
4317 data_t *inputs[] = {input1, input2, input3};
Ronald Cron5425a212020-08-04 14:58:35 +02004318 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
4319 MBEDTLS_SVC_KEY_ID_INIT,
4320 MBEDTLS_SVC_KEY_ID_INIT };
Janos Follathaf3c2a02019-06-12 12:34:34 +01004321 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4322 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
4323 size_t i;
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004324 psa_key_type_t output_key_type = output_key_type_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02004325 mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004326 psa_status_t expected_output_status = expected_output_status_arg;
4327 psa_status_t actual_output_status;
Janos Follathaf3c2a02019-06-12 12:34:34 +01004328
4329 PSA_ASSERT( psa_crypto_init( ) );
4330
4331 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4332 psa_set_key_algorithm( &attributes, alg );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004333
4334 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4335
4336 for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
4337 {
Gilles Peskine4023c012021-05-27 13:21:20 +02004338 mbedtls_test_set_step( i );
4339 if( steps[i] == 0 )
4340 {
4341 /* Skip this step */
4342 }
4343 else if( key_types[i] != PSA_KEY_TYPE_NONE )
Janos Follathaf3c2a02019-06-12 12:34:34 +01004344 {
Gilles Peskine6842ba42019-09-23 13:49:33 +02004345 psa_set_key_type( &attributes, key_types[i] );
4346 PSA_ASSERT( psa_import_key( &attributes,
4347 inputs[i]->x, inputs[i]->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004348 &keys[i] ) );
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004349 if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) &&
4350 steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET )
4351 {
4352 // When taking a private key as secret input, use key agreement
4353 // to add the shared secret to the derivation
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004354 TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self(
4355 &operation, keys[i] ),
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004356 expected_statuses[i] );
4357 }
4358 else
4359 {
4360 TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
Ronald Cron5425a212020-08-04 14:58:35 +02004361 keys[i] ),
Steven Cooreman0ee0d522020-10-05 16:03:42 +02004362 expected_statuses[i] );
4363 }
Gilles Peskine6842ba42019-09-23 13:49:33 +02004364 }
4365 else
4366 {
4367 TEST_EQUAL( psa_key_derivation_input_bytes(
4368 &operation, steps[i],
4369 inputs[i]->x, inputs[i]->len ),
4370 expected_statuses[i] );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004371 }
4372 }
4373
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004374 if( output_key_type != PSA_KEY_TYPE_NONE )
4375 {
4376 psa_reset_key_attributes( &attributes );
4377 psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
4378 psa_set_key_bits( &attributes, 8 );
4379 actual_output_status =
4380 psa_key_derivation_output_key( &attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004381 &output_key );
Gilles Peskine1a2904c2019-09-24 17:45:07 +02004382 }
4383 else
4384 {
4385 uint8_t buffer[1];
4386 actual_output_status =
4387 psa_key_derivation_output_bytes( &operation,
4388 buffer, sizeof( buffer ) );
4389 }
4390 TEST_EQUAL( actual_output_status, expected_output_status );
4391
Janos Follathaf3c2a02019-06-12 12:34:34 +01004392exit:
4393 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004394 for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
4395 psa_destroy_key( keys[i] );
4396 psa_destroy_key( output_key );
Janos Follathaf3c2a02019-06-12 12:34:34 +01004397 PSA_DONE( );
4398}
4399/* END_CASE */
4400
Janos Follathd958bb72019-07-03 15:02:16 +01004401/* BEGIN_CASE */
Gilles Peskine1c77edd2021-05-27 11:55:02 +02004402void derive_over_capacity( int alg_arg )
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004403{
Janos Follathd958bb72019-07-03 15:02:16 +01004404 psa_algorithm_t alg = alg_arg;
Ronald Cron5425a212020-08-04 14:58:35 +02004405 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Nir Sonnenschein4eda37b2018-10-31 12:15:58 +02004406 size_t key_type = PSA_KEY_TYPE_DERIVE;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004407 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Janos Follathd958bb72019-07-03 15:02:16 +01004408 unsigned char input1[] = "Input 1";
4409 size_t input1_length = sizeof( input1 );
4410 unsigned char input2[] = "Input 2";
4411 size_t input2_length = sizeof( input2 );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004412 uint8_t buffer[42];
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +02004413 size_t capacity = sizeof( buffer );
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +02004414 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4415 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
4416 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004417 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004418
Gilles Peskine8817f612018-12-18 00:18:46 +01004419 PSA_ASSERT( psa_crypto_init( ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004420
Gilles Peskine2c2cf0e2019-04-19 19:58:20 +02004421 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4422 psa_set_key_algorithm( &attributes, alg );
4423 psa_set_key_type( &attributes, key_type );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004424
Gilles Peskine73676cb2019-05-15 20:15:10 +02004425 PSA_ASSERT( psa_import_key( &attributes,
4426 key_data, sizeof( key_data ),
Ronald Cron5425a212020-08-04 14:58:35 +02004427 &key ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004428
4429 /* valid key derivation */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004430 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
4431 input1, input1_length,
4432 input2, input2_length,
4433 capacity ) )
Janos Follathd958bb72019-07-03 15:02:16 +01004434 goto exit;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004435
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004436 /* state of operation shouldn't allow additional generation */
Janos Follathd958bb72019-07-03 15:02:16 +01004437 TEST_EQUAL( psa_key_derivation_setup( &operation, alg ),
Gilles Peskinef812dcf2018-12-18 00:33:25 +01004438 PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004439
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004440 PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004441
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004442 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
David Saadab4ecc272019-02-14 13:48:10 +02004443 PSA_ERROR_INSUFFICIENT_DATA );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004444
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004445exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004446 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004447 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004448 PSA_DONE( );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004449}
4450/* END_CASE */
4451
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004452/* BEGIN_CASE */
Gilles Peskine1c77edd2021-05-27 11:55:02 +02004453void derive_actions_without_setup( )
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004454{
4455 uint8_t output_buffer[16];
4456 size_t buffer_size = 16;
4457 size_t capacity = 0;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004458 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004459
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004460 TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
4461 output_buffer, buffer_size )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004462 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004463
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004464 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004465 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004466
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004467 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004468
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004469 TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
4470 output_buffer, buffer_size )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004471 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004472
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004473 TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
Jaeden Amerocf2010c2019-02-15 13:05:49 +00004474 == PSA_ERROR_BAD_STATE );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +03004475
4476exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004477 psa_key_derivation_abort( &operation );
Nir Sonnenscheine5204c92018-10-22 17:24:55 +03004478}
4479/* END_CASE */
4480
4481/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004482void derive_output( int alg_arg,
Gilles Peskine1468da72019-05-29 17:35:49 +02004483 int step1_arg, data_t *input1,
4484 int step2_arg, data_t *input2,
4485 int step3_arg, data_t *input3,
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004486 int requested_capacity_arg,
4487 data_t *expected_output1,
4488 data_t *expected_output2 )
4489{
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004490 psa_algorithm_t alg = alg_arg;
Gilles Peskine1468da72019-05-29 17:35:49 +02004491 psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
4492 data_t *inputs[] = {input1, input2, input3};
Ronald Cron5425a212020-08-04 14:58:35 +02004493 mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT,
4494 MBEDTLS_SVC_KEY_ID_INIT,
4495 MBEDTLS_SVC_KEY_ID_INIT };
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004496 size_t requested_capacity = requested_capacity_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004497 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004498 uint8_t *expected_outputs[2] =
4499 {expected_output1->x, expected_output2->x};
4500 size_t output_sizes[2] =
4501 {expected_output1->len, expected_output2->len};
4502 size_t output_buffer_size = 0;
4503 uint8_t *output_buffer = NULL;
4504 size_t expected_capacity;
4505 size_t current_capacity;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004506 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004507 psa_status_t status;
Gilles Peskine1468da72019-05-29 17:35:49 +02004508 size_t i;
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004509
4510 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
4511 {
4512 if( output_sizes[i] > output_buffer_size )
4513 output_buffer_size = output_sizes[i];
4514 if( output_sizes[i] == 0 )
4515 expected_outputs[i] = NULL;
4516 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004517 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine8817f612018-12-18 00:18:46 +01004518 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004519
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004520 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4521 psa_set_key_algorithm( &attributes, alg );
4522 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004523
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004524 /* Extraction phase. */
Gilles Peskine1468da72019-05-29 17:35:49 +02004525 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
4526 PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
4527 requested_capacity ) );
4528 for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
Gilles Peskineb70a0fd2019-01-07 22:59:38 +01004529 {
Gilles Peskine1468da72019-05-29 17:35:49 +02004530 switch( steps[i] )
4531 {
4532 case 0:
4533 break;
4534 case PSA_KEY_DERIVATION_INPUT_SECRET:
4535 PSA_ASSERT( psa_import_key( &attributes,
4536 inputs[i]->x, inputs[i]->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004537 &keys[i] ) );
gabor-mezei-armceface22021-01-21 12:26:17 +01004538
4539 if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
4540 {
4541 PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
4542 TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
4543 PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
4544 }
4545
Gilles Peskine1468da72019-05-29 17:35:49 +02004546 PSA_ASSERT( psa_key_derivation_input_key(
Ronald Cron5425a212020-08-04 14:58:35 +02004547 &operation, steps[i], keys[i] ) );
Gilles Peskine1468da72019-05-29 17:35:49 +02004548 break;
4549 default:
4550 PSA_ASSERT( psa_key_derivation_input_bytes(
4551 &operation, steps[i],
4552 inputs[i]->x, inputs[i]->len ) );
4553 break;
4554 }
Gilles Peskineb70a0fd2019-01-07 22:59:38 +01004555 }
Gilles Peskine1468da72019-05-29 17:35:49 +02004556
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004557 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004558 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004559 TEST_EQUAL( current_capacity, requested_capacity );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004560 expected_capacity = requested_capacity;
4561
4562 /* Expansion phase. */
4563 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
4564 {
4565 /* Read some bytes. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004566 status = psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004567 output_buffer, output_sizes[i] );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004568 if( expected_capacity == 0 && output_sizes[i] == 0 )
4569 {
4570 /* Reading 0 bytes when 0 bytes are available can go either way. */
4571 TEST_ASSERT( status == PSA_SUCCESS ||
David Saadab4ecc272019-02-14 13:48:10 +02004572 status == PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004573 continue;
4574 }
4575 else if( expected_capacity == 0 ||
4576 output_sizes[i] > expected_capacity )
4577 {
4578 /* Capacity exceeded. */
David Saadab4ecc272019-02-14 13:48:10 +02004579 TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004580 expected_capacity = 0;
4581 continue;
4582 }
4583 /* Success. Check the read data. */
Gilles Peskine8817f612018-12-18 00:18:46 +01004584 PSA_ASSERT( status );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004585 if( output_sizes[i] != 0 )
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004586 ASSERT_COMPARE( output_buffer, output_sizes[i],
4587 expected_outputs[i], output_sizes[i] );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004588 /* Check the operation status. */
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004589 expected_capacity -= output_sizes[i];
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004590 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004591 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004592 TEST_EQUAL( expected_capacity, current_capacity );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004593 }
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004594 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004595
4596exit:
4597 mbedtls_free( output_buffer );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004598 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004599 for( i = 0; i < ARRAY_LENGTH( keys ); i++ )
4600 psa_destroy_key( keys[i] );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004601 PSA_DONE( );
Gilles Peskine96ee5c72018-07-12 17:24:54 +02004602}
4603/* END_CASE */
4604
4605/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +02004606void derive_full( int alg_arg,
4607 data_t *key_data,
Janos Follath47f27ed2019-06-25 13:24:52 +01004608 data_t *input1,
4609 data_t *input2,
Gilles Peskined54931c2018-07-17 21:06:59 +02004610 int requested_capacity_arg )
4611{
Ronald Cron5425a212020-08-04 14:58:35 +02004612 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004613 psa_algorithm_t alg = alg_arg;
4614 size_t requested_capacity = requested_capacity_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004615 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004616 unsigned char output_buffer[16];
4617 size_t expected_capacity = requested_capacity;
4618 size_t current_capacity;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004619 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskined54931c2018-07-17 21:06:59 +02004620
Gilles Peskine8817f612018-12-18 00:18:46 +01004621 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004622
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004623 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4624 psa_set_key_algorithm( &attributes, alg );
4625 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskined54931c2018-07-17 21:06:59 +02004626
Gilles Peskine049c7532019-05-15 20:22:09 +02004627 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004628 &key ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004629
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004630 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, key, alg,
4631 input1->x, input1->len,
4632 input2->x, input2->len,
4633 requested_capacity ) )
Janos Follathf2815ea2019-07-03 12:41:36 +01004634 goto exit;
Janos Follath47f27ed2019-06-25 13:24:52 +01004635
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004636 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004637 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004638 TEST_EQUAL( current_capacity, expected_capacity );
Gilles Peskined54931c2018-07-17 21:06:59 +02004639
4640 /* Expansion phase. */
4641 while( current_capacity > 0 )
4642 {
4643 size_t read_size = sizeof( output_buffer );
4644 if( read_size > current_capacity )
4645 read_size = current_capacity;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004646 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004647 output_buffer,
4648 read_size ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004649 expected_capacity -= read_size;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004650 PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004651 &current_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004652 TEST_EQUAL( current_capacity, expected_capacity );
Gilles Peskined54931c2018-07-17 21:06:59 +02004653 }
4654
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004655 /* Check that the operation refuses to go over capacity. */
4656 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
David Saadab4ecc272019-02-14 13:48:10 +02004657 PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskined54931c2018-07-17 21:06:59 +02004658
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004659 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskined54931c2018-07-17 21:06:59 +02004660
4661exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004662 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004663 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004664 PSA_DONE( );
Gilles Peskined54931c2018-07-17 21:06:59 +02004665}
4666/* END_CASE */
4667
Janos Follathe60c9052019-07-03 13:51:30 +01004668/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +02004669void derive_key_exercise( int alg_arg,
4670 data_t *key_data,
Janos Follathe60c9052019-07-03 13:51:30 +01004671 data_t *input1,
4672 data_t *input2,
Gilles Peskine0386fba2018-07-12 17:29:22 +02004673 int derived_type_arg,
4674 int derived_bits_arg,
4675 int derived_usage_arg,
4676 int derived_alg_arg )
4677{
Ronald Cron5425a212020-08-04 14:58:35 +02004678 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4679 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004680 psa_algorithm_t alg = alg_arg;
4681 psa_key_type_t derived_type = derived_type_arg;
4682 size_t derived_bits = derived_bits_arg;
4683 psa_key_usage_t derived_usage = derived_usage_arg;
4684 psa_algorithm_t derived_alg = derived_alg_arg;
4685 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004686 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004687 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004688 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004689
Gilles Peskine8817f612018-12-18 00:18:46 +01004690 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004691
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004692 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4693 psa_set_key_algorithm( &attributes, alg );
4694 psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02004695 PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004696 &base_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004697
4698 /* Derive a key. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004699 if ( mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4700 input1->x, input1->len,
4701 input2->x, input2->len,
4702 capacity ) )
Janos Follathe60c9052019-07-03 13:51:30 +01004703 goto exit;
4704
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004705 psa_set_key_usage_flags( &attributes, derived_usage );
4706 psa_set_key_algorithm( &attributes, derived_alg );
4707 psa_set_key_type( &attributes, derived_type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004708 psa_set_key_bits( &attributes, derived_bits );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004709 PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004710 &derived_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004711
4712 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02004713 PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02004714 TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type );
4715 TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004716
4717 /* Exercise the derived key. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004718 if( ! mbedtls_test_psa_exercise_key( derived_key, derived_usage, derived_alg ) )
Gilles Peskine0386fba2018-07-12 17:29:22 +02004719 goto exit;
4720
4721exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004722 /*
4723 * Key attributes may have been returned by psa_get_key_attributes()
4724 * thus reset them as required.
4725 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02004726 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01004727
4728 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004729 psa_destroy_key( base_key );
4730 psa_destroy_key( derived_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004731 PSA_DONE( );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004732}
4733/* END_CASE */
4734
Janos Follath42fd8882019-07-03 14:17:09 +01004735/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +02004736void derive_key_export( int alg_arg,
4737 data_t *key_data,
Janos Follath42fd8882019-07-03 14:17:09 +01004738 data_t *input1,
4739 data_t *input2,
Gilles Peskine0386fba2018-07-12 17:29:22 +02004740 int bytes1_arg,
4741 int bytes2_arg )
4742{
Ronald Cron5425a212020-08-04 14:58:35 +02004743 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4744 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004745 psa_algorithm_t alg = alg_arg;
4746 size_t bytes1 = bytes1_arg;
4747 size_t bytes2 = bytes2_arg;
4748 size_t capacity = bytes1 + bytes2;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004749 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004750 uint8_t *output_buffer = NULL;
4751 uint8_t *export_buffer = NULL;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004752 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
4753 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine0386fba2018-07-12 17:29:22 +02004754 size_t length;
4755
Gilles Peskine8cebbba2018-09-27 13:54:18 +02004756 ASSERT_ALLOC( output_buffer, capacity );
4757 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine8817f612018-12-18 00:18:46 +01004758 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004759
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004760 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
4761 psa_set_key_algorithm( &base_attributes, alg );
4762 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02004763 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004764 &base_key ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004765
4766 /* Derive some material and output it. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004767 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4768 input1->x, input1->len,
4769 input2->x, input2->len,
4770 capacity ) )
Janos Follath42fd8882019-07-03 14:17:09 +01004771 goto exit;
4772
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004773 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004774 output_buffer,
4775 capacity ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004776 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004777
4778 /* Derive the same output again, but this time store it in key objects. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004779 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4780 input1->x, input1->len,
4781 input2->x, input2->len,
4782 capacity ) )
Janos Follath42fd8882019-07-03 14:17:09 +01004783 goto exit;
4784
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004785 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
4786 psa_set_key_algorithm( &derived_attributes, 0 );
4787 psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004788 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004789 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004790 &derived_key ) );
4791 PSA_ASSERT( psa_export_key( derived_key,
Gilles Peskine8817f612018-12-18 00:18:46 +01004792 export_buffer, bytes1,
4793 &length ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004794 TEST_EQUAL( length, bytes1 );
Ronald Cron5425a212020-08-04 14:58:35 +02004795 PSA_ASSERT( psa_destroy_key( derived_key ) );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02004796 psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004797 PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02004798 &derived_key ) );
4799 PSA_ASSERT( psa_export_key( derived_key,
Gilles Peskine8817f612018-12-18 00:18:46 +01004800 export_buffer + bytes1, bytes2,
4801 &length ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01004802 TEST_EQUAL( length, bytes2 );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004803
4804 /* Compare the outputs from the two runs. */
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01004805 ASSERT_COMPARE( output_buffer, bytes1 + bytes2,
4806 export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004807
4808exit:
4809 mbedtls_free( output_buffer );
4810 mbedtls_free( export_buffer );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004811 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004812 psa_destroy_key( base_key );
4813 psa_destroy_key( derived_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004814 PSA_DONE( );
Gilles Peskine0386fba2018-07-12 17:29:22 +02004815}
4816/* END_CASE */
4817
4818/* BEGIN_CASE */
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004819void derive_key( int alg_arg,
4820 data_t *key_data, data_t *input1, data_t *input2,
4821 int type_arg, int bits_arg,
Steven Cooreman83fdb702021-01-21 14:24:39 +01004822 int expected_status_arg,
4823 int is_large_output )
Gilles Peskinec744d992019-07-30 17:26:54 +02004824{
Ronald Cron5425a212020-08-04 14:58:35 +02004825 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
4826 mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec744d992019-07-30 17:26:54 +02004827 psa_algorithm_t alg = alg_arg;
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004828 psa_key_type_t type = type_arg;
Gilles Peskinec744d992019-07-30 17:26:54 +02004829 size_t bits = bits_arg;
4830 psa_status_t expected_status = expected_status_arg;
4831 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
4832 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
4833 psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
4834
4835 PSA_ASSERT( psa_crypto_init( ) );
4836
4837 psa_set_key_usage_flags( &base_attributes, PSA_KEY_USAGE_DERIVE );
4838 psa_set_key_algorithm( &base_attributes, alg );
4839 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
4840 PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02004841 &base_key ) );
Gilles Peskinec744d992019-07-30 17:26:54 +02004842
Gilles Peskinec18e25f2021-02-12 23:48:20 +01004843 if( !mbedtls_test_psa_setup_key_derivation_wrap( &operation, base_key, alg,
4844 input1->x, input1->len,
4845 input2->x, input2->len,
4846 SIZE_MAX ) )
Gilles Peskinec744d992019-07-30 17:26:54 +02004847 goto exit;
4848
4849 psa_set_key_usage_flags( &derived_attributes, PSA_KEY_USAGE_EXPORT );
4850 psa_set_key_algorithm( &derived_attributes, 0 );
Gilles Peskine7c227ae2019-07-31 15:14:44 +02004851 psa_set_key_type( &derived_attributes, type );
Gilles Peskinec744d992019-07-30 17:26:54 +02004852 psa_set_key_bits( &derived_attributes, bits );
Steven Cooreman83fdb702021-01-21 14:24:39 +01004853
4854 psa_status_t status =
4855 psa_key_derivation_output_key( &derived_attributes,
4856 &operation,
4857 &derived_key );
4858 if( is_large_output > 0 )
4859 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
4860 TEST_EQUAL( status, expected_status );
Gilles Peskinec744d992019-07-30 17:26:54 +02004861
4862exit:
4863 psa_key_derivation_abort( &operation );
Ronald Cron5425a212020-08-04 14:58:35 +02004864 psa_destroy_key( base_key );
4865 psa_destroy_key( derived_key );
Gilles Peskinec744d992019-07-30 17:26:54 +02004866 PSA_DONE( );
4867}
4868/* END_CASE */
4869
4870/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +02004871void key_agreement_setup( int alg_arg,
Steven Cooremance48e852020-10-05 16:02:45 +02004872 int our_key_type_arg, int our_key_alg_arg,
4873 data_t *our_key_data, data_t *peer_key_data,
Gilles Peskine01d718c2018-09-18 12:01:02 +02004874 int expected_status_arg )
4875{
Ronald Cron5425a212020-08-04 14:58:35 +02004876 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004877 psa_algorithm_t alg = alg_arg;
Steven Cooremanfa5e6312020-10-15 17:07:12 +02004878 psa_algorithm_t our_key_alg = our_key_alg_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004879 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004880 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004881 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine77f40d82019-04-11 21:27:06 +02004882 psa_status_t expected_status = expected_status_arg;
4883 psa_status_t status;
Gilles Peskine01d718c2018-09-18 12:01:02 +02004884
Gilles Peskine8817f612018-12-18 00:18:46 +01004885 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004886
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004887 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
Steven Cooremanfa5e6312020-10-15 17:07:12 +02004888 psa_set_key_algorithm( &attributes, our_key_alg );
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004889 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004890 PSA_ASSERT( psa_import_key( &attributes,
4891 our_key_data->x, our_key_data->len,
4892 &our_key ) );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004893
Gilles Peskine77f40d82019-04-11 21:27:06 +02004894 /* The tests currently include inputs that should fail at either step.
4895 * Test cases that fail at the setup step should be changed to call
4896 * key_derivation_setup instead, and this function should be renamed
4897 * to key_agreement_fail. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004898 status = psa_key_derivation_setup( &operation, alg );
Gilles Peskine77f40d82019-04-11 21:27:06 +02004899 if( status == PSA_SUCCESS )
4900 {
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004901 TEST_EQUAL( psa_key_derivation_key_agreement(
4902 &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
4903 our_key,
4904 peer_key_data->x, peer_key_data->len ),
Gilles Peskine77f40d82019-04-11 21:27:06 +02004905 expected_status );
4906 }
4907 else
4908 {
4909 TEST_ASSERT( status == expected_status );
4910 }
Gilles Peskine01d718c2018-09-18 12:01:02 +02004911
4912exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004913 psa_key_derivation_abort( &operation );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004914 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004915 PSA_DONE( );
Gilles Peskine01d718c2018-09-18 12:01:02 +02004916}
4917/* END_CASE */
4918
4919/* BEGIN_CASE */
Gilles Peskinef0cba732019-04-11 22:12:38 +02004920void raw_key_agreement( int alg_arg,
4921 int our_key_type_arg, data_t *our_key_data,
4922 data_t *peer_key_data,
4923 data_t *expected_output )
4924{
Ronald Cron5425a212020-08-04 14:58:35 +02004925 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinef0cba732019-04-11 22:12:38 +02004926 psa_algorithm_t alg = alg_arg;
4927 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004928 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskinef0cba732019-04-11 22:12:38 +02004929 unsigned char *output = NULL;
4930 size_t output_length = ~0;
gabor-mezei-armceface22021-01-21 12:26:17 +01004931 size_t key_bits;
Gilles Peskinef0cba732019-04-11 22:12:38 +02004932
4933 ASSERT_ALLOC( output, expected_output->len );
4934 PSA_ASSERT( psa_crypto_init( ) );
4935
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004936 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4937 psa_set_key_algorithm( &attributes, alg );
4938 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004939 PSA_ASSERT( psa_import_key( &attributes,
4940 our_key_data->x, our_key_data->len,
4941 &our_key ) );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004942
gabor-mezei-armceface22021-01-21 12:26:17 +01004943 PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
4944 key_bits = psa_get_key_bits( &attributes );
4945
Gilles Peskinebe697d82019-05-16 18:00:41 +02004946 PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
4947 peer_key_data->x, peer_key_data->len,
4948 output, expected_output->len,
4949 &output_length ) );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004950 ASSERT_COMPARE( output, output_length,
4951 expected_output->x, expected_output->len );
gabor-mezei-armceface22021-01-21 12:26:17 +01004952 TEST_ASSERT( output_length <=
4953 PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
4954 TEST_ASSERT( output_length <=
4955 PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004956
4957exit:
4958 mbedtls_free( output );
4959 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02004960 PSA_DONE( );
Gilles Peskinef0cba732019-04-11 22:12:38 +02004961}
4962/* END_CASE */
4963
4964/* BEGIN_CASE */
Gilles Peskine59685592018-09-18 12:11:34 +02004965void key_agreement_capacity( int alg_arg,
4966 int our_key_type_arg, data_t *our_key_data,
4967 data_t *peer_key_data,
4968 int expected_capacity_arg )
4969{
Ronald Cron5425a212020-08-04 14:58:35 +02004970 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02004971 psa_algorithm_t alg = alg_arg;
4972 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004973 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004974 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02004975 size_t actual_capacity;
Gilles Peskinebf491972018-10-25 22:36:12 +02004976 unsigned char output[16];
Gilles Peskine59685592018-09-18 12:11:34 +02004977
Gilles Peskine8817f612018-12-18 00:18:46 +01004978 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004979
Gilles Peskineff5f0e72019-04-18 12:53:30 +02004980 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
4981 psa_set_key_algorithm( &attributes, alg );
4982 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02004983 PSA_ASSERT( psa_import_key( &attributes,
4984 our_key_data->x, our_key_data->len,
4985 &our_key ) );
Gilles Peskine59685592018-09-18 12:11:34 +02004986
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004987 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02004988 PSA_ASSERT( psa_key_derivation_key_agreement(
4989 &operation,
4990 PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
4991 peer_key_data->x, peer_key_data->len ) );
Gilles Peskinef8a9d942019-04-11 22:13:20 +02004992 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
4993 {
4994 /* The test data is for info="" */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02004995 PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
Gilles Peskine03410b52019-05-16 16:05:19 +02004996 PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskinef8a9d942019-04-11 22:13:20 +02004997 NULL, 0 ) );
4998 }
Gilles Peskine59685592018-09-18 12:11:34 +02004999
Gilles Peskinebf491972018-10-25 22:36:12 +02005000 /* Test the advertized capacity. */
Gilles Peskinea99d3fb2019-05-16 15:28:51 +02005001 PSA_ASSERT( psa_key_derivation_get_capacity(
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005002 &operation, &actual_capacity ) );
Gilles Peskinefe11b722018-12-18 00:24:04 +01005003 TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
Gilles Peskine59685592018-09-18 12:11:34 +02005004
Gilles Peskinebf491972018-10-25 22:36:12 +02005005 /* Test the actual capacity by reading the output. */
5006 while( actual_capacity > sizeof( output ) )
5007 {
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005008 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005009 output, sizeof( output ) ) );
Gilles Peskinebf491972018-10-25 22:36:12 +02005010 actual_capacity -= sizeof( output );
5011 }
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005012 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005013 output, actual_capacity ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005014 TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
David Saadab4ecc272019-02-14 13:48:10 +02005015 PSA_ERROR_INSUFFICIENT_DATA );
Gilles Peskinebf491972018-10-25 22:36:12 +02005016
Gilles Peskine59685592018-09-18 12:11:34 +02005017exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005018 psa_key_derivation_abort( &operation );
Gilles Peskine59685592018-09-18 12:11:34 +02005019 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005020 PSA_DONE( );
Gilles Peskine59685592018-09-18 12:11:34 +02005021}
5022/* END_CASE */
5023
5024/* BEGIN_CASE */
5025void key_agreement_output( int alg_arg,
5026 int our_key_type_arg, data_t *our_key_data,
5027 data_t *peer_key_data,
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005028 data_t *expected_output1, data_t *expected_output2 )
Gilles Peskine59685592018-09-18 12:11:34 +02005029{
Ronald Cron5425a212020-08-04 14:58:35 +02005030 mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine59685592018-09-18 12:11:34 +02005031 psa_algorithm_t alg = alg_arg;
5032 psa_key_type_t our_key_type = our_key_type_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005033 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005034 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005035 uint8_t *actual_output = NULL;
Gilles Peskine59685592018-09-18 12:11:34 +02005036
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005037 ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
5038 expected_output2->len ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005039
Gilles Peskine8817f612018-12-18 00:18:46 +01005040 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005041
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005042 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
5043 psa_set_key_algorithm( &attributes, alg );
5044 psa_set_key_type( &attributes, our_key_type );
Gilles Peskine049c7532019-05-15 20:22:09 +02005045 PSA_ASSERT( psa_import_key( &attributes,
5046 our_key_data->x, our_key_data->len,
5047 &our_key ) );
Gilles Peskine59685592018-09-18 12:11:34 +02005048
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005049 PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005050 PSA_ASSERT( psa_key_derivation_key_agreement(
5051 &operation,
5052 PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
5053 peer_key_data->x, peer_key_data->len ) );
Gilles Peskinef8a9d942019-04-11 22:13:20 +02005054 if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
5055 {
5056 /* The test data is for info="" */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005057 PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
Gilles Peskine03410b52019-05-16 16:05:19 +02005058 PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskinef8a9d942019-04-11 22:13:20 +02005059 NULL, 0 ) );
5060 }
Gilles Peskine59685592018-09-18 12:11:34 +02005061
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005062 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005063 actual_output,
5064 expected_output1->len ) );
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01005065 ASSERT_COMPARE( actual_output, expected_output1->len,
5066 expected_output1->x, expected_output1->len );
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005067 if( expected_output2->len != 0 )
5068 {
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005069 PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005070 actual_output,
5071 expected_output2->len ) );
Gilles Peskine0dfba2d2018-12-18 00:40:50 +01005072 ASSERT_COMPARE( actual_output, expected_output2->len,
5073 expected_output2->x, expected_output2->len );
Gilles Peskine3ec8ed82018-10-25 22:37:15 +02005074 }
Gilles Peskine59685592018-09-18 12:11:34 +02005075
5076exit:
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005077 psa_key_derivation_abort( &operation );
Gilles Peskine59685592018-09-18 12:11:34 +02005078 psa_destroy_key( our_key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005079 PSA_DONE( );
Gilles Peskine59685592018-09-18 12:11:34 +02005080 mbedtls_free( actual_output );
5081}
5082/* END_CASE */
5083
5084/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +02005085void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +02005086{
Gilles Peskinea50d7392018-06-21 10:22:13 +02005087 size_t bytes = bytes_arg;
Gilles Peskine8cebbba2018-09-27 13:54:18 +02005088 unsigned char *output = NULL;
5089 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +02005090 size_t i;
5091 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +02005092
Simon Butcher49f8e312020-03-03 15:51:50 +00005093 TEST_ASSERT( bytes_arg >= 0 );
5094
Gilles Peskine91892022021-02-08 19:50:26 +01005095 ASSERT_ALLOC( output, bytes );
Gilles Peskine8cebbba2018-09-27 13:54:18 +02005096 ASSERT_ALLOC( changed, bytes );
Gilles Peskine05d69892018-06-19 22:00:52 +02005097
Gilles Peskine8817f612018-12-18 00:18:46 +01005098 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine05d69892018-06-19 22:00:52 +02005099
Gilles Peskinea50d7392018-06-21 10:22:13 +02005100 /* Run several times, to ensure that every output byte will be
5101 * nonzero at least once with overwhelming probability
5102 * (2^(-8*number_of_runs)). */
5103 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +02005104 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +02005105 if( bytes != 0 )
5106 memset( output, 0, bytes );
Gilles Peskine8817f612018-12-18 00:18:46 +01005107 PSA_ASSERT( psa_generate_random( output, bytes ) );
Gilles Peskinea50d7392018-06-21 10:22:13 +02005108
Gilles Peskinea50d7392018-06-21 10:22:13 +02005109 for( i = 0; i < bytes; i++ )
5110 {
5111 if( output[i] != 0 )
5112 ++changed[i];
5113 }
Gilles Peskine05d69892018-06-19 22:00:52 +02005114 }
Gilles Peskinea50d7392018-06-21 10:22:13 +02005115
5116 /* Check that every byte was changed to nonzero at least once. This
5117 * validates that psa_generate_random is overwriting every byte of
5118 * the output buffer. */
5119 for( i = 0; i < bytes; i++ )
5120 {
5121 TEST_ASSERT( changed[i] != 0 );
5122 }
Gilles Peskine05d69892018-06-19 22:00:52 +02005123
5124exit:
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005125 PSA_DONE( );
Gilles Peskinea50d7392018-06-21 10:22:13 +02005126 mbedtls_free( output );
5127 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +02005128}
5129/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +02005130
5131/* BEGIN_CASE */
5132void generate_key( int type_arg,
5133 int bits_arg,
5134 int usage_arg,
5135 int alg_arg,
Steven Cooreman83fdb702021-01-21 14:24:39 +01005136 int expected_status_arg,
5137 int is_large_key )
Gilles Peskine12313cd2018-06-20 00:20:32 +02005138{
Ronald Cron5425a212020-08-04 14:58:35 +02005139 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005140 psa_key_type_t type = type_arg;
5141 psa_key_usage_t usage = usage_arg;
5142 size_t bits = bits_arg;
5143 psa_algorithm_t alg = alg_arg;
5144 psa_status_t expected_status = expected_status_arg;
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005145 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02005146 psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005147
Gilles Peskine8817f612018-12-18 00:18:46 +01005148 PSA_ASSERT( psa_crypto_init( ) );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005149
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005150 psa_set_key_usage_flags( &attributes, usage );
5151 psa_set_key_algorithm( &attributes, alg );
5152 psa_set_key_type( &attributes, type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02005153 psa_set_key_bits( &attributes, bits );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005154
5155 /* Generate a key */
Steven Cooreman83fdb702021-01-21 14:24:39 +01005156 psa_status_t status = psa_generate_key( &attributes, &key );
5157
5158 if( is_large_key > 0 )
5159 TEST_ASSUME( status != PSA_ERROR_INSUFFICIENT_MEMORY );
5160 TEST_EQUAL( status , expected_status );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005161 if( expected_status != PSA_SUCCESS )
Gilles Peskineff5f0e72019-04-18 12:53:30 +02005162 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005163
5164 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02005165 PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
Gilles Peskine8c8f2ab2019-04-18 21:44:46 +02005166 TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
5167 TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005168
Gilles Peskine818ca122018-06-20 18:16:48 +02005169 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005170 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskine02b75072018-07-01 22:31:34 +02005171 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +02005172
5173exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005174 /*
5175 * Key attributes may have been returned by psa_get_key_attributes()
5176 * thus reset them as required.
5177 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02005178 psa_reset_key_attributes( &got_attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005179
Ronald Cron5425a212020-08-04 14:58:35 +02005180 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005181 PSA_DONE( );
Gilles Peskine12313cd2018-06-20 00:20:32 +02005182}
5183/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +03005184
Ronald Cronee414c72021-03-18 18:50:08 +01005185/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_GENPRIME */
Gilles Peskinee56e8782019-04-26 17:34:02 +02005186void generate_key_rsa( int bits_arg,
5187 data_t *e_arg,
5188 int expected_status_arg )
5189{
Ronald Cron5425a212020-08-04 14:58:35 +02005190 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskinec93b80c2019-05-16 19:39:54 +02005191 psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
Gilles Peskinee56e8782019-04-26 17:34:02 +02005192 size_t bits = bits_arg;
5193 psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
5194 psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW;
5195 psa_status_t expected_status = expected_status_arg;
5196 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
5197 uint8_t *exported = NULL;
5198 size_t exported_size =
gabor-mezei-armcbcec212020-12-18 14:23:51 +01005199 PSA_EXPORT_KEY_OUTPUT_SIZE( PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005200 size_t exported_length = SIZE_MAX;
5201 uint8_t *e_read_buffer = NULL;
5202 int is_default_public_exponent = 0;
Gilles Peskineaa02c172019-04-28 11:44:17 +02005203 size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE( type, bits );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005204 size_t e_read_length = SIZE_MAX;
5205
5206 if( e_arg->len == 0 ||
5207 ( e_arg->len == 3 &&
5208 e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1 ) )
5209 {
5210 is_default_public_exponent = 1;
5211 e_read_size = 0;
5212 }
5213 ASSERT_ALLOC( e_read_buffer, e_read_size );
5214 ASSERT_ALLOC( exported, exported_size );
5215
5216 PSA_ASSERT( psa_crypto_init( ) );
5217
5218 psa_set_key_usage_flags( &attributes, usage );
5219 psa_set_key_algorithm( &attributes, alg );
5220 PSA_ASSERT( psa_set_key_domain_parameters( &attributes, type,
5221 e_arg->x, e_arg->len ) );
5222 psa_set_key_bits( &attributes, bits );
5223
5224 /* Generate a key */
Ronald Cron5425a212020-08-04 14:58:35 +02005225 TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005226 if( expected_status != PSA_SUCCESS )
5227 goto exit;
5228
5229 /* Test the key information */
Ronald Cron5425a212020-08-04 14:58:35 +02005230 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005231 TEST_EQUAL( psa_get_key_type( &attributes ), type );
5232 TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
5233 PSA_ASSERT( psa_get_key_domain_parameters( &attributes,
5234 e_read_buffer, e_read_size,
5235 &e_read_length ) );
5236 if( is_default_public_exponent )
5237 TEST_EQUAL( e_read_length, 0 );
5238 else
5239 ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len );
5240
5241 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005242 if( ! mbedtls_test_psa_exercise_key( key, usage, alg ) )
Gilles Peskinee56e8782019-04-26 17:34:02 +02005243 goto exit;
5244
5245 /* Export the key and check the public exponent. */
Ronald Cron5425a212020-08-04 14:58:35 +02005246 PSA_ASSERT( psa_export_public_key( key,
Gilles Peskinee56e8782019-04-26 17:34:02 +02005247 exported, exported_size,
5248 &exported_length ) );
5249 {
5250 uint8_t *p = exported;
5251 uint8_t *end = exported + exported_length;
5252 size_t len;
5253 /* RSAPublicKey ::= SEQUENCE {
5254 * modulus INTEGER, -- n
5255 * publicExponent INTEGER } -- e
5256 */
5257 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005258 MBEDTLS_ASN1_SEQUENCE |
5259 MBEDTLS_ASN1_CONSTRUCTED ) );
Gilles Peskine8e94efe2021-02-13 00:25:53 +01005260 TEST_ASSERT( mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005261 TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
5262 MBEDTLS_ASN1_INTEGER ) );
5263 if( len >= 1 && p[0] == 0 )
5264 {
5265 ++p;
5266 --len;
5267 }
5268 if( e_arg->len == 0 )
5269 {
5270 TEST_EQUAL( len, 3 );
5271 TEST_EQUAL( p[0], 1 );
5272 TEST_EQUAL( p[1], 0 );
5273 TEST_EQUAL( p[2], 1 );
5274 }
5275 else
5276 ASSERT_COMPARE( p, len, e_arg->x, e_arg->len );
5277 }
5278
5279exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005280 /*
5281 * Key attributes may have been returned by psa_get_key_attributes() or
5282 * set by psa_set_key_domain_parameters() thus reset them as required.
5283 */
Gilles Peskinee56e8782019-04-26 17:34:02 +02005284 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005285
Ronald Cron5425a212020-08-04 14:58:35 +02005286 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005287 PSA_DONE( );
Gilles Peskinee56e8782019-04-26 17:34:02 +02005288 mbedtls_free( e_read_buffer );
5289 mbedtls_free( exported );
5290}
5291/* END_CASE */
5292
Darryl Greend49a4992018-06-18 17:27:26 +01005293/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005294void persistent_key_load_key_from_storage( data_t *data,
5295 int type_arg, int bits_arg,
5296 int usage_flags_arg, int alg_arg,
5297 int generation_method )
Darryl Greend49a4992018-06-18 17:27:26 +01005298{
Ronald Cron71016a92020-08-28 19:01:50 +02005299 mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005300 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Cron5425a212020-08-04 14:58:35 +02005301 mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
5302 mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005303 psa_key_type_t type = type_arg;
5304 size_t bits = bits_arg;
5305 psa_key_usage_t usage_flags = usage_flags_arg;
5306 psa_algorithm_t alg = alg_arg;
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005307 psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
Darryl Greend49a4992018-06-18 17:27:26 +01005308 unsigned char *first_export = NULL;
5309 unsigned char *second_export = NULL;
gabor-mezei-armcbcec212020-12-18 14:23:51 +01005310 size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE( type, bits );
Darryl Greend49a4992018-06-18 17:27:26 +01005311 size_t first_exported_length;
5312 size_t second_exported_length;
5313
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005314 if( usage_flags & PSA_KEY_USAGE_EXPORT )
5315 {
5316 ASSERT_ALLOC( first_export, export_size );
5317 ASSERT_ALLOC( second_export, export_size );
5318 }
Darryl Greend49a4992018-06-18 17:27:26 +01005319
Gilles Peskine8817f612018-12-18 00:18:46 +01005320 PSA_ASSERT( psa_crypto_init() );
Darryl Greend49a4992018-06-18 17:27:26 +01005321
Gilles Peskinec87af662019-05-15 16:12:22 +02005322 psa_set_key_id( &attributes, key_id );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005323 psa_set_key_usage_flags( &attributes, usage_flags );
5324 psa_set_key_algorithm( &attributes, alg );
5325 psa_set_key_type( &attributes, type );
Gilles Peskine3a4f1f82019-04-26 13:49:28 +02005326 psa_set_key_bits( &attributes, bits );
Darryl Greend49a4992018-06-18 17:27:26 +01005327
Darryl Green0c6575a2018-11-07 16:05:30 +00005328 switch( generation_method )
5329 {
5330 case IMPORT_KEY:
5331 /* Import the key */
Gilles Peskine049c7532019-05-15 20:22:09 +02005332 PSA_ASSERT( psa_import_key( &attributes, data->x, data->len,
Ronald Cron5425a212020-08-04 14:58:35 +02005333 &key ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005334 break;
Darryl Greend49a4992018-06-18 17:27:26 +01005335
Darryl Green0c6575a2018-11-07 16:05:30 +00005336 case GENERATE_KEY:
5337 /* Generate a key */
Ronald Cron5425a212020-08-04 14:58:35 +02005338 PSA_ASSERT( psa_generate_key( &attributes, &key ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005339 break;
5340
5341 case DERIVE_KEY:
Steven Cooreman70f654a2021-02-15 10:51:43 +01005342#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005343 {
5344 /* Create base key */
5345 psa_algorithm_t derive_alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
5346 psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
5347 psa_set_key_usage_flags( &base_attributes,
5348 PSA_KEY_USAGE_DERIVE );
5349 psa_set_key_algorithm( &base_attributes, derive_alg );
5350 psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE );
Gilles Peskine049c7532019-05-15 20:22:09 +02005351 PSA_ASSERT( psa_import_key( &base_attributes,
5352 data->x, data->len,
5353 &base_key ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005354 /* Derive a key. */
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005355 PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005356 PSA_ASSERT( psa_key_derivation_input_key(
5357 &operation,
5358 PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005359 PSA_ASSERT( psa_key_derivation_input_bytes(
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005360 &operation, PSA_KEY_DERIVATION_INPUT_INFO,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005361 NULL, 0 ) );
Gilles Peskinecf7292e2019-05-16 17:53:40 +02005362 PSA_ASSERT( psa_key_derivation_output_key( &attributes,
5363 &operation,
Ronald Cron5425a212020-08-04 14:58:35 +02005364 &key ) );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005365 PSA_ASSERT( psa_key_derivation_abort( &operation ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005366 PSA_ASSERT( psa_destroy_key( base_key ) );
Ronald Cron5425a212020-08-04 14:58:35 +02005367 base_key = MBEDTLS_SVC_KEY_ID_INIT;
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005368 }
Gilles Peskine6fea21d2021-01-12 00:02:15 +01005369#else
5370 TEST_ASSUME( ! "KDF not supported in this configuration" );
5371#endif
5372 break;
5373
5374 default:
5375 TEST_ASSERT( ! "generation_method not implemented in test" );
5376 break;
Darryl Green0c6575a2018-11-07 16:05:30 +00005377 }
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005378 psa_reset_key_attributes( &attributes );
Darryl Greend49a4992018-06-18 17:27:26 +01005379
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005380 /* Export the key if permitted by the key policy. */
5381 if( usage_flags & PSA_KEY_USAGE_EXPORT )
5382 {
Ronald Cron5425a212020-08-04 14:58:35 +02005383 PSA_ASSERT( psa_export_key( key,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005384 first_export, export_size,
5385 &first_exported_length ) );
5386 if( generation_method == IMPORT_KEY )
5387 ASSERT_COMPARE( data->x, data->len,
5388 first_export, first_exported_length );
5389 }
Darryl Greend49a4992018-06-18 17:27:26 +01005390
5391 /* Shutdown and restart */
Ronald Cron5425a212020-08-04 14:58:35 +02005392 PSA_ASSERT( psa_purge_key( key ) );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005393 PSA_DONE();
Gilles Peskine8817f612018-12-18 00:18:46 +01005394 PSA_ASSERT( psa_crypto_init() );
Darryl Greend49a4992018-06-18 17:27:26 +01005395
Darryl Greend49a4992018-06-18 17:27:26 +01005396 /* Check key slot still contains key data */
Ronald Cron5425a212020-08-04 14:58:35 +02005397 PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
Ronald Cronecfb2372020-07-23 17:13:42 +02005398 TEST_ASSERT( mbedtls_svc_key_id_equal(
5399 psa_get_key_id( &attributes ), key_id ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005400 TEST_EQUAL( psa_get_key_lifetime( &attributes ),
5401 PSA_KEY_LIFETIME_PERSISTENT );
5402 TEST_EQUAL( psa_get_key_type( &attributes ), type );
5403 TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
gabor-mezei-arm4ff73032021-05-13 12:05:01 +02005404 TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
gabor-mezei-arm98a34352021-06-28 14:05:00 +02005405 mbedtls_test_update_key_usage_flags( usage_flags ) );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005406 TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
Darryl Greend49a4992018-06-18 17:27:26 +01005407
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005408 /* Export the key again if permitted by the key policy. */
5409 if( usage_flags & PSA_KEY_USAGE_EXPORT )
Darryl Green0c6575a2018-11-07 16:05:30 +00005410 {
Ronald Cron5425a212020-08-04 14:58:35 +02005411 PSA_ASSERT( psa_export_key( key,
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005412 second_export, export_size,
5413 &second_exported_length ) );
Darryl Green0c6575a2018-11-07 16:05:30 +00005414 ASSERT_COMPARE( first_export, first_exported_length,
5415 second_export, second_exported_length );
Darryl Green0c6575a2018-11-07 16:05:30 +00005416 }
5417
5418 /* Do something with the key according to its type and permitted usage. */
Gilles Peskinec18e25f2021-02-12 23:48:20 +01005419 if( ! mbedtls_test_psa_exercise_key( key, usage_flags, alg ) )
Darryl Green0c6575a2018-11-07 16:05:30 +00005420 goto exit;
Darryl Greend49a4992018-06-18 17:27:26 +01005421
5422exit:
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005423 /*
5424 * Key attributes may have been returned by psa_get_key_attributes()
5425 * thus reset them as required.
5426 */
Gilles Peskinea1ace9c2019-04-26 16:03:33 +02005427 psa_reset_key_attributes( &attributes );
Ronald Cron3a4f0e32020-11-19 17:55:23 +01005428
Darryl Greend49a4992018-06-18 17:27:26 +01005429 mbedtls_free( first_export );
5430 mbedtls_free( second_export );
Gilles Peskine51ae0e42019-05-16 17:31:03 +02005431 psa_key_derivation_abort( &operation );
Gilles Peskine5c648ab2019-04-19 14:06:53 +02005432 psa_destroy_key( base_key );
Ronald Cron5425a212020-08-04 14:58:35 +02005433 psa_destroy_key( key );
Gilles Peskine1153e7b2019-05-28 15:10:21 +02005434 PSA_DONE();
Darryl Greend49a4992018-06-18 17:27:26 +01005435}
5436/* END_CASE */