TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d7c75707b88d3e3aca2f2fdcdcad9f76cfafff83 / . / tests / suites / test_suite_psa_crypto.function
blob: 2fa060b25e8d50967596ad82b48e9e479b0489a2 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/* BEGIN_HEADER */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2#include <stdint.h>
mohammad160327010052018-07-03 13:16:15 +0300[diff] [blame]3
4#if defined(MBEDTLS_PSA_CRYPTO_SPM)
5#include "spm/psa_defs.h"
6#endif
7
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]8#include "mbedtls/asn1.h"
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]9#include "mbedtls/asn1write.h"
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]10#include "mbedtls/oid.h"
11
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]12#include "psa/crypto.h"
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]13
Gilles Peskinefc411f12018-10-25 22:34:48 +0200[diff] [blame]14#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
15
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]16#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
17
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]18#if(UINT32_MAX > SIZE_MAX)
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]19#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX )
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]20#else
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]21#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]22#endif
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]23
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]24/** An invalid export length that will never be set by psa_export_key(). */
25static const size_t INVALID_EXPORT_LENGTH = ~0U;
26
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]27/** Test if a buffer contains a constant byte value.
28 *
29 * `mem_is_char(buffer, c, size)` is true after `memset(buffer, c, size)`.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]30 *
31 * \param buffer Pointer to the beginning of the buffer.
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]32 * \param c Expected value of every byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]33 * \param size Size of the buffer in bytes.
34 *
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]35 * \return 1 if the buffer is all-bits-zero.
36 * \return 0 if there is at least one nonzero byte.
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]37 */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]38static int mem_is_char( void *buffer, unsigned char c, size_t size )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]39{
40 size_t i;
41 for( i = 0; i < size; i++ )
42 {
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]43 if( ( (unsigned char *) buffer )[i] != c )
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]44 return( 0 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]45 }
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]46 return( 1 );
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]47}
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]48
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]49/* Write the ASN.1 INTEGER with the value 2^(bits-1)+x backwards from *p. */
50static int asn1_write_10x( unsigned char **p,
51 unsigned char *start,
52 size_t bits,
53 unsigned char x )
54{
55 int ret;
56 int len = bits / 8 + 1;
Gilles Peskine480416a2018-06-28 19:04:07 +0200[diff] [blame]57 if( bits == 0 )
58 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
59 if( bits <= 8 && x >= 1 << ( bits - 1 ) )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]60 return( MBEDTLS_ERR_ASN1_INVALID_DATA );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]61 if( *p < start || *p - start < (ptrdiff_t) len )
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]62 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
63 *p -= len;
64 ( *p )[len-1] = x;
65 if( bits % 8 == 0 )
66 ( *p )[1] |= 1;
67 else
68 ( *p )[0] |= 1 << ( bits % 8 );
69 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
70 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
71 MBEDTLS_ASN1_INTEGER ) );
72 return( len );
73}
74
75static int construct_fake_rsa_key( unsigned char *buffer,
76 size_t buffer_size,
77 unsigned char **p,
78 size_t bits,
79 int keypair )
80{
81 size_t half_bits = ( bits + 1 ) / 2;
82 int ret;
83 int len = 0;
84 /* Construct something that looks like a DER encoding of
85 * as defined by PKCS#1 v2.2 (RFC 8017) section A.1.2:
86 * RSAPrivateKey ::= SEQUENCE {
87 * version Version,
88 * modulus INTEGER, -- n
89 * publicExponent INTEGER, -- e
90 * privateExponent INTEGER, -- d
91 * prime1 INTEGER, -- p
92 * prime2 INTEGER, -- q
93 * exponent1 INTEGER, -- d mod (p-1)
94 * exponent2 INTEGER, -- d mod (q-1)
95 * coefficient INTEGER, -- (inverse of q) mod p
96 * otherPrimeInfos OtherPrimeInfos OPTIONAL
97 * }
98 * Or, for a public key, the same structure with only
99 * version, modulus and publicExponent.
100 */
101 *p = buffer + buffer_size;
102 if( keypair )
103 {
104 MBEDTLS_ASN1_CHK_ADD( len, /* pq */
105 asn1_write_10x( p, buffer, half_bits, 1 ) );
106 MBEDTLS_ASN1_CHK_ADD( len, /* dq */
107 asn1_write_10x( p, buffer, half_bits, 1 ) );
108 MBEDTLS_ASN1_CHK_ADD( len, /* dp */
109 asn1_write_10x( p, buffer, half_bits, 1 ) );
110 MBEDTLS_ASN1_CHK_ADD( len, /* q */
111 asn1_write_10x( p, buffer, half_bits, 1 ) );
112 MBEDTLS_ASN1_CHK_ADD( len, /* p != q to pass mbedtls sanity checks */
113 asn1_write_10x( p, buffer, half_bits, 3 ) );
114 MBEDTLS_ASN1_CHK_ADD( len, /* d */
115 asn1_write_10x( p, buffer, bits, 1 ) );
116 }
117 MBEDTLS_ASN1_CHK_ADD( len, /* e = 65537 */
118 asn1_write_10x( p, buffer, 17, 1 ) );
119 MBEDTLS_ASN1_CHK_ADD( len, /* n */
120 asn1_write_10x( p, buffer, bits, 1 ) );
121 if( keypair )
122 MBEDTLS_ASN1_CHK_ADD( len, /* version = 0 */
123 mbedtls_asn1_write_int( p, buffer, 0 ) );
124 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, buffer, len ) );
125 {
126 const unsigned char tag =
127 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
128 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, buffer, tag ) );
129 }
130 return( len );
131}
132
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]133static int exercise_mac_key( psa_key_slot_t key,
134 psa_key_usage_t usage,
135 psa_algorithm_t alg )
136{
137 psa_mac_operation_t operation;
138 const unsigned char input[] = "foo";
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]139 unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]140 size_t mac_length = sizeof( mac );
141
142 if( usage & PSA_KEY_USAGE_SIGN )
143 {
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]144 TEST_ASSERT( psa_mac_sign_setup( &operation,
145 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]146 TEST_ASSERT( psa_mac_update( &operation,
147 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]148 TEST_ASSERT( psa_mac_sign_finish( &operation,
Gilles Peskineef0cb402018-07-12 16:55:59 +0200[diff] [blame]149 mac, sizeof( mac ),
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]150 &mac_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]151 }
152
153 if( usage & PSA_KEY_USAGE_VERIFY )
154 {
155 psa_status_t verify_status =
156 ( usage & PSA_KEY_USAGE_SIGN ?
157 PSA_SUCCESS :
158 PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]159 TEST_ASSERT( psa_mac_verify_setup( &operation,
160 key, alg ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]161 TEST_ASSERT( psa_mac_update( &operation,
162 input, sizeof( input ) ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]163 TEST_ASSERT( psa_mac_verify_finish( &operation,
164 mac,
165 mac_length ) == verify_status );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]166 }
167
168 return( 1 );
169
170exit:
171 psa_mac_abort( &operation );
172 return( 0 );
173}
174
175static int exercise_cipher_key( psa_key_slot_t key,
176 psa_key_usage_t usage,
177 psa_algorithm_t alg )
178{
179 psa_cipher_operation_t operation;
180 unsigned char iv[16] = {0};
181 size_t iv_length = sizeof( iv );
182 const unsigned char plaintext[16] = "Hello, world...";
183 unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
184 size_t ciphertext_length = sizeof( ciphertext );
185 unsigned char decrypted[sizeof( ciphertext )];
186 size_t part_length;
187
188 if( usage & PSA_KEY_USAGE_ENCRYPT )
189 {
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]190 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
191 key, alg ) == PSA_SUCCESS );
192 TEST_ASSERT( psa_cipher_generate_iv( &operation,
193 iv, sizeof( iv ),
194 &iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]195 TEST_ASSERT( psa_cipher_update( &operation,
196 plaintext, sizeof( plaintext ),
197 ciphertext, sizeof( ciphertext ),
198 &ciphertext_length ) == PSA_SUCCESS );
199 TEST_ASSERT( psa_cipher_finish( &operation,
200 ciphertext + ciphertext_length,
201 sizeof( ciphertext ) - ciphertext_length,
202 &part_length ) == PSA_SUCCESS );
203 ciphertext_length += part_length;
204 }
205
206 if( usage & PSA_KEY_USAGE_DECRYPT )
207 {
208 psa_status_t status;
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]209 psa_key_type_t type = PSA_KEY_TYPE_NONE;
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]210 if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) )
211 {
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]212 size_t bits;
213 TEST_ASSERT( psa_get_key_information( key, &type, &bits ) );
214 iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type );
215 }
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]216 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
217 key, alg ) == PSA_SUCCESS );
218 TEST_ASSERT( psa_cipher_set_iv( &operation,
219 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]220 TEST_ASSERT( psa_cipher_update( &operation,
221 ciphertext, ciphertext_length,
222 decrypted, sizeof( decrypted ),
223 &part_length ) == PSA_SUCCESS );
224 status = psa_cipher_finish( &operation,
225 decrypted + part_length,
226 sizeof( decrypted ) - part_length,
227 &part_length );
228 /* For a stream cipher, all inputs are valid. For a block cipher,
229 * if the input is some aribtrary data rather than an actual
230 ciphertext, a padding error is likely. */
Mohammad AboMokh65fa0b82018-06-28 02:14:00 -0700[diff] [blame]231 if( ( usage & PSA_KEY_USAGE_ENCRYPT ) ||
Mohammad AboMokhadb9b232018-06-28 01:52:54 -0700[diff] [blame]232 PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) == 1 )
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]233 TEST_ASSERT( status == PSA_SUCCESS );
234 else
235 TEST_ASSERT( status == PSA_SUCCESS ||
236 status == PSA_ERROR_INVALID_PADDING );
237 }
238
239 return( 1 );
240
241exit:
242 psa_cipher_abort( &operation );
243 return( 0 );
244}
245
246static int exercise_aead_key( psa_key_slot_t key,
247 psa_key_usage_t usage,
248 psa_algorithm_t alg )
249{
250 unsigned char nonce[16] = {0};
251 size_t nonce_length = sizeof( nonce );
252 unsigned char plaintext[16] = "Hello, world...";
253 unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
254 size_t ciphertext_length = sizeof( ciphertext );
255 size_t plaintext_length = sizeof( ciphertext );
256
257 if( usage & PSA_KEY_USAGE_ENCRYPT )
258 {
259 TEST_ASSERT( psa_aead_encrypt( key, alg,
260 nonce, nonce_length,
261 NULL, 0,
262 plaintext, sizeof( plaintext ),
263 ciphertext, sizeof( ciphertext ),
264 &ciphertext_length ) == PSA_SUCCESS );
265 }
266
267 if( usage & PSA_KEY_USAGE_DECRYPT )
268 {
269 psa_status_t verify_status =
270 ( usage & PSA_KEY_USAGE_ENCRYPT ?
271 PSA_SUCCESS :
272 PSA_ERROR_INVALID_SIGNATURE );
273 TEST_ASSERT( psa_aead_decrypt( key, alg,
274 nonce, nonce_length,
275 NULL, 0,
276 ciphertext, ciphertext_length,
277 plaintext, sizeof( plaintext ),
278 &plaintext_length ) == verify_status );
279 }
280
281 return( 1 );
282
283exit:
284 return( 0 );
285}
286
287static int exercise_signature_key( psa_key_slot_t key,
288 psa_key_usage_t usage,
289 psa_algorithm_t alg )
290{
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]291 unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
292 size_t payload_length = 16;
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]293 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]294 size_t signature_length = sizeof( signature );
295
296 if( usage & PSA_KEY_USAGE_SIGN )
297 {
Gilles Peskinef969b3a2018-06-30 00:20:25 +0200[diff] [blame]298 /* Some algorithms require the payload to have the size of
299 * the hash encoded in the algorithm. Use this input size
300 * even for algorithms that allow other input sizes. */
301 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
302 if( hash_alg != 0 )
303 payload_length = PSA_HASH_SIZE( hash_alg );
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]304 TEST_ASSERT( psa_asymmetric_sign( key, alg,
305 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]306 signature, sizeof( signature ),
307 &signature_length ) == PSA_SUCCESS );
308 }
309
310 if( usage & PSA_KEY_USAGE_VERIFY )
311 {
312 psa_status_t verify_status =
313 ( usage & PSA_KEY_USAGE_SIGN ?
314 PSA_SUCCESS :
315 PSA_ERROR_INVALID_SIGNATURE );
316 TEST_ASSERT( psa_asymmetric_verify( key, alg,
317 payload, payload_length,
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]318 signature, signature_length ) ==
319 verify_status );
320 }
321
322 return( 1 );
323
324exit:
325 return( 0 );
326}
327
328static int exercise_asymmetric_encryption_key( psa_key_slot_t key,
329 psa_key_usage_t usage,
330 psa_algorithm_t alg )
331{
332 unsigned char plaintext[256] = "Hello, world...";
333 unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)";
334 size_t ciphertext_length = sizeof( ciphertext );
335 size_t plaintext_length = 16;
336
337 if( usage & PSA_KEY_USAGE_ENCRYPT )
338 {
339 TEST_ASSERT(
340 psa_asymmetric_encrypt( key, alg,
341 plaintext, plaintext_length,
342 NULL, 0,
343 ciphertext, sizeof( ciphertext ),
344 &ciphertext_length ) == PSA_SUCCESS );
345 }
346
347 if( usage & PSA_KEY_USAGE_DECRYPT )
348 {
349 psa_status_t status =
350 psa_asymmetric_decrypt( key, alg,
351 ciphertext, ciphertext_length,
352 NULL, 0,
353 plaintext, sizeof( plaintext ),
354 &plaintext_length );
355 TEST_ASSERT( status == PSA_SUCCESS ||
356 ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 &&
357 ( status == PSA_ERROR_INVALID_ARGUMENT ||
358 status == PSA_ERROR_INVALID_PADDING ) ) );
359 }
360
361 return( 1 );
362
363exit:
364 return( 0 );
365}
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]366
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]367static int exercise_key_derivation_key( psa_key_slot_t key,
368 psa_key_usage_t usage,
369 psa_algorithm_t alg )
370{
371 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
372 unsigned char label[16] = "This is a label.";
373 size_t label_length = sizeof( label );
374 unsigned char seed[16] = "abcdefghijklmnop";
375 size_t seed_length = sizeof( seed );
376 unsigned char output[1];
377
378 if( usage & PSA_KEY_USAGE_DERIVE )
379 {
380 TEST_ASSERT( psa_key_derivation( &generator,
381 key, alg,
382 label, label_length,
383 seed, seed_length,
384 sizeof( output ) ) == PSA_SUCCESS );
385 TEST_ASSERT( psa_generator_read( &generator,
386 output,
387 sizeof( output ) ) == PSA_SUCCESS );
388 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
389 }
390
391 return( 1 );
392
393exit:
394 return( 0 );
395}
396
Gilles Peskinec7998b72018-11-07 18:45:02 +0100[diff] [blame]397/* We need two keys to exercise key agreement. Exercise the
398 * private key against its own public key. */
399static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
400 psa_key_type_t key_slot,
401 psa_algorithm_t alg )
402{
403 psa_key_type_t private_key_type;
404 psa_key_type_t public_key_type;
405 size_t key_bits;
406 uint8_t *public_key = NULL;
407 size_t public_key_length;
408 /* Return UNKNOWN_ERROR if something other than the final call to
409 * psa_key_agreement fails. This isn't fully satisfactory, but it's
410 * good enough: callers will report it as a failed test anyway. */
411 psa_status_t status = PSA_ERROR_UNKNOWN_ERROR;
412
413 TEST_ASSERT( psa_get_key_information( key_slot,
414 &private_key_type,
415 &key_bits ) == PSA_SUCCESS );
416 public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( private_key_type );
417 public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits );
418 ASSERT_ALLOC( public_key, public_key_length );
419 TEST_ASSERT( public_key != NULL );
420 TEST_ASSERT( psa_export_public_key( key_slot,
421 public_key, public_key_length,
422 &public_key_length ) == PSA_SUCCESS );
423
424 status = psa_key_agreement( generator, key_slot,
425 public_key, public_key_length,
426 alg );
427exit:
428 mbedtls_free( public_key );
429 return( status );
430}
431
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]432static int exercise_key_agreement_key( psa_key_slot_t key,
433 psa_key_usage_t usage,
434 psa_algorithm_t alg )
435{
436 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]437 unsigned char output[1];
438 int ok = 0;
439
440 if( usage & PSA_KEY_USAGE_DERIVE )
441 {
442 /* We need two keys to exercise key agreement. Exercise the
443 * private key against its own public key. */
Gilles Peskinec7998b72018-11-07 18:45:02 +0100[diff] [blame]444 TEST_ASSERT( key_agreement_with_self( &generator, key, alg ) ==
445 PSA_SUCCESS );
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]446 TEST_ASSERT( psa_generator_read( &generator,
447 output,
448 sizeof( output ) ) == PSA_SUCCESS );
449 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
450 }
451 ok = 1;
452
453exit:
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]454 return( ok );
455}
456
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]457static int is_oid_of_key_type( psa_key_type_t type,
458 const uint8_t *oid, size_t oid_length )
459{
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]460 const uint8_t *expected_oid = NULL;
461 size_t expected_oid_length = 0;
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]462#if defined(MBEDTLS_RSA_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]463 if( PSA_KEY_TYPE_IS_RSA( type ) )
464 {
465 expected_oid = (uint8_t *) MBEDTLS_OID_PKCS1_RSA;
466 expected_oid_length = sizeof( MBEDTLS_OID_PKCS1_RSA ) - 1;
467 }
468 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]469#endif /* MBEDTLS_RSA_C */
470#if defined(MBEDTLS_ECP_C)
Gilles Peskineae3d2a22018-08-13 14:14:22 +0200[diff] [blame]471 if( PSA_KEY_TYPE_IS_ECC( type ) )
472 {
473 expected_oid = (uint8_t *) MBEDTLS_OID_EC_ALG_UNRESTRICTED;
474 expected_oid_length = sizeof( MBEDTLS_OID_EC_ALG_UNRESTRICTED ) - 1;
475 }
476 else
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]477#endif /* MBEDTLS_ECP_C */
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]478 {
479 char message[40];
480 mbedtls_snprintf( message, sizeof( message ),
481 "OID not known for key type=0x%08lx",
482 (unsigned long) type );
483 test_fail( message, __LINE__, __FILE__ );
484 return( 0 );
485 }
486
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]487 ASSERT_COMPARE( expected_oid, expected_oid_length, oid, oid_length );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]488 return( 1 );
489
490exit:
491 return( 0 );
492}
493
494static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
495 size_t min_bits, size_t max_bits,
496 int must_be_odd )
497{
498 size_t len;
499 size_t actual_bits;
500 unsigned char msb;
501 TEST_ASSERT( mbedtls_asn1_get_tag( p, end, &len,
502 MBEDTLS_ASN1_INTEGER ) == 0 );
503 /* Tolerate a slight departure from DER encoding:
504 * - 0 may be represented by an empty string or a 1-byte string.
505 * - The sign bit may be used as a value bit. */
506 if( ( len == 1 && ( *p )[0] == 0 ) ||
507 ( len > 1 && ( *p )[0] == 0 && ( ( *p )[1] & 0x80 ) != 0 ) )
508 {
509 ++( *p );
510 --len;
511 }
512 if( min_bits == 0 && len == 0 )
513 return( 1 );
514 msb = ( *p )[0];
515 TEST_ASSERT( msb != 0 );
516 actual_bits = 8 * ( len - 1 );
517 while( msb != 0 )
518 {
519 msb >>= 1;
520 ++actual_bits;
521 }
522 TEST_ASSERT( actual_bits >= min_bits );
523 TEST_ASSERT( actual_bits <= max_bits );
524 if( must_be_odd )
525 TEST_ASSERT( ( ( *p )[len-1] & 1 ) != 0 );
526 *p += len;
527 return( 1 );
528exit:
529 return( 0 );
530}
531
532static int asn1_get_implicit_tag( unsigned char **p, const unsigned char *end,
533 size_t *len,
534 unsigned char n, unsigned char tag )
535{
536 int ret;
537 ret = mbedtls_asn1_get_tag( p, end, len,
538 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
539 MBEDTLS_ASN1_CONSTRUCTED | ( n ) );
540 if( ret != 0 )
541 return( ret );
542 end = *p + *len;
543 ret = mbedtls_asn1_get_tag( p, end, len, tag );
544 if( ret != 0 )
545 return( ret );
546 if( *p + *len != end )
547 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
548 return( 0 );
549}
550
551static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
552 uint8_t *exported, size_t exported_length )
553{
554 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]555 TEST_ASSERT( exported_length == ( bits + 7 ) / 8 );
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]556 else
557 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, bits ) );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]558
559#if defined(MBEDTLS_DES_C)
560 if( type == PSA_KEY_TYPE_DES )
561 {
562 /* Check the parity bits. */
563 unsigned i;
564 for( i = 0; i < bits / 8; i++ )
565 {
566 unsigned bit_count = 0;
567 unsigned m;
568 for( m = 1; m <= 0x100; m <<= 1 )
569 {
570 if( exported[i] & m )
571 ++bit_count;
572 }
573 TEST_ASSERT( bit_count % 2 != 0 );
574 }
575 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]576 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]577#endif
578
579#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C)
580 if( type == PSA_KEY_TYPE_RSA_KEYPAIR )
581 {
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]582 uint8_t *p = exported;
583 uint8_t *end = exported + exported_length;
584 size_t len;
585 /* RSAPrivateKey ::= SEQUENCE {
Gilles Peskinedea46cf2018-08-21 16:12:54 +0200[diff] [blame]586 * version INTEGER, -- must be 0
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]587 * modulus INTEGER, -- n
588 * publicExponent INTEGER, -- e
589 * privateExponent INTEGER, -- d
590 * prime1 INTEGER, -- p
591 * prime2 INTEGER, -- q
592 * exponent1 INTEGER, -- d mod (p-1)
593 * exponent2 INTEGER, -- d mod (q-1)
594 * coefficient INTEGER, -- (inverse of q) mod p
595 * }
596 */
597 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
598 MBEDTLS_ASN1_SEQUENCE |
599 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
600 TEST_ASSERT( p + len == end );
601 if( ! asn1_skip_integer( &p, end, 0, 0, 0 ) )
602 goto exit;
603 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
604 goto exit;
605 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
606 goto exit;
607 /* Require d to be at least half the size of n. */
608 if( ! asn1_skip_integer( &p, end, bits / 2, bits, 1 ) )
609 goto exit;
610 /* Require p and q to be at most half the size of n, rounded up. */
611 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
612 goto exit;
613 if( ! asn1_skip_integer( &p, end, bits / 2, bits / 2 + 1, 1 ) )
614 goto exit;
615 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
616 goto exit;
617 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
618 goto exit;
619 if( ! asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
620 goto exit;
621 TEST_ASSERT( p == end );
622 }
623 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]624#endif /* MBEDTLS_RSA_C */
625
626#if defined(MBEDTLS_ECP_C)
627 if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
628 {
Gilles Peskine5b802a32018-10-29 19:21:41 +0100[diff] [blame]629 /* Just the secret value */
630 TEST_ASSERT( exported_length == PSA_BITS_TO_BYTES( bits ) );
631 }
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]632 else
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]633#endif /* MBEDTLS_ECP_C */
634
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]635 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
636 {
637 uint8_t *p = exported;
638 uint8_t *end = exported + exported_length;
639 size_t len;
640 mbedtls_asn1_buf alg;
641 mbedtls_asn1_buf params;
642 mbedtls_asn1_bitstring bitstring;
643 /* SubjectPublicKeyInfo ::= SEQUENCE {
644 * algorithm AlgorithmIdentifier,
645 * subjectPublicKey BIT STRING }
646 * AlgorithmIdentifier ::= SEQUENCE {
647 * algorithm OBJECT IDENTIFIER,
648 * parameters ANY DEFINED BY algorithm OPTIONAL }
649 */
650 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
651 MBEDTLS_ASN1_SEQUENCE |
652 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
653 TEST_ASSERT( p + len == end );
654 TEST_ASSERT( mbedtls_asn1_get_alg( &p, end, &alg, &params ) == 0 );
655 if( ! is_oid_of_key_type( type, alg.p, alg.len ) )
656 goto exit;
657 TEST_ASSERT( mbedtls_asn1_get_bitstring( &p, end, &bitstring ) == 0 );
658 TEST_ASSERT( p == end );
659 p = bitstring.p;
660#if defined(MBEDTLS_RSA_C)
661 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
662 {
663 /* RSAPublicKey ::= SEQUENCE {
664 * modulus INTEGER, -- n
665 * publicExponent INTEGER } -- e
666 */
667 TEST_ASSERT( bitstring.unused_bits == 0 );
668 TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
669 MBEDTLS_ASN1_SEQUENCE |
670 MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
671 TEST_ASSERT( p + len == end );
672 if( ! asn1_skip_integer( &p, end, bits, bits, 1 ) )
673 goto exit;
674 if( ! asn1_skip_integer( &p, end, 2, bits, 1 ) )
675 goto exit;
676 TEST_ASSERT( p == end );
677 }
678 else
679#endif /* MBEDTLS_RSA_C */
680#if defined(MBEDTLS_ECP_C)
681 if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
682 {
683 /* ECPoint ::= ...
Gilles Peskinec6290c02018-08-13 17:24:59 +0200[diff] [blame]684 * -- first 8 bits: 0x04 (uncompressed representation);
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]685 * -- then x_P as an n-bit string, big endian;
686 * -- then y_P as a n-bit string, big endian,
687 * -- where n is the order of the curve.
688 */
689 TEST_ASSERT( bitstring.unused_bits == 0 );
690 TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
691 TEST_ASSERT( p[0] == 4 );
692 }
693 else
694#endif /* MBEDTLS_ECP_C */
695 {
Jaeden Amero594a3302018-10-26 17:07:22 +0100[diff] [blame]696 char message[47];
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]697 mbedtls_snprintf( message, sizeof( message ),
698 "No sanity check for public key type=0x%08lx",
699 (unsigned long) type );
700 test_fail( message, __LINE__, __FILE__ );
701 return( 0 );
702 }
703 }
704 else
705
706 {
707 /* No sanity checks for other types */
708 }
709
710 return( 1 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]711
712exit:
Gilles Peskinedd2f95b2018-08-11 01:22:42 +0200[diff] [blame]713 return( 0 );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]714}
715
716static int exercise_export_key( psa_key_slot_t slot,
717 psa_key_usage_t usage )
718{
719 psa_key_type_t type;
720 size_t bits;
721 uint8_t *exported = NULL;
722 size_t exported_size = 0;
723 size_t exported_length = 0;
724 int ok = 0;
725
Gilles Peskineacec7b6f2018-09-13 20:34:11 +0200[diff] [blame]726 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
727
728 if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 &&
729 ! PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]730 {
731 TEST_ASSERT( psa_export_key( slot, NULL, 0, &exported_length ) ==
732 PSA_ERROR_NOT_PERMITTED );
733 return( 1 );
734 }
735
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]736 exported_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]737 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]738
739 TEST_ASSERT( psa_export_key( slot,
740 exported, exported_size,
741 &exported_length ) == PSA_SUCCESS );
742 ok = exported_key_sanity_check( type, bits, exported, exported_length );
743
744exit:
745 mbedtls_free( exported );
746 return( ok );
747}
748
749static int exercise_export_public_key( psa_key_slot_t slot )
750{
751 psa_key_type_t type;
752 psa_key_type_t public_type;
753 size_t bits;
754 uint8_t *exported = NULL;
755 size_t exported_size = 0;
756 size_t exported_length = 0;
757 int ok = 0;
758
759 TEST_ASSERT( psa_get_key_information( slot, &type, &bits ) == PSA_SUCCESS );
760 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
761 {
762 TEST_ASSERT( psa_export_public_key( slot,
763 NULL, 0, &exported_length ) ==
764 PSA_ERROR_INVALID_ARGUMENT );
765 return( 1 );
766 }
767
768 public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
769 exported_size = PSA_KEY_EXPORT_MAX_SIZE( public_type, bits );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]770 ASSERT_ALLOC( exported, exported_size );
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]771
772 TEST_ASSERT( psa_export_public_key( slot,
773 exported, exported_size,
774 &exported_length ) == PSA_SUCCESS );
775 ok = exported_key_sanity_check( public_type, bits,
776 exported, exported_length );
777
778exit:
779 mbedtls_free( exported );
780 return( ok );
781}
782
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]783static int exercise_key( psa_key_slot_t slot,
784 psa_key_usage_t usage,
785 psa_algorithm_t alg )
786{
787 int ok;
788 if( alg == 0 )
789 ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
790 else if( PSA_ALG_IS_MAC( alg ) )
791 ok = exercise_mac_key( slot, usage, alg );
792 else if( PSA_ALG_IS_CIPHER( alg ) )
793 ok = exercise_cipher_key( slot, usage, alg );
794 else if( PSA_ALG_IS_AEAD( alg ) )
795 ok = exercise_aead_key( slot, usage, alg );
796 else if( PSA_ALG_IS_SIGN( alg ) )
797 ok = exercise_signature_key( slot, usage, alg );
798 else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
799 ok = exercise_asymmetric_encryption_key( slot, usage, alg );
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]800 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
801 ok = exercise_key_derivation_key( slot, usage, alg );
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]802 else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
803 ok = exercise_key_agreement_key( slot, usage, alg );
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]804 else
805 {
806 char message[40];
807 mbedtls_snprintf( message, sizeof( message ),
808 "No code to exercise alg=0x%08lx",
809 (unsigned long) alg );
810 test_fail( message, __LINE__, __FILE__ );
811 ok = 0;
812 }
Gilles Peskined14664a2018-08-10 19:07:32 +0200[diff] [blame]813
814 ok = ok && exercise_export_key( slot, usage );
815 ok = ok && exercise_export_public_key( slot );
816
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]817 return( ok );
818}
819
Gilles Peskine10df3412018-10-25 22:35:43 +0200[diff] [blame]820static psa_key_usage_t usage_to_exercise( psa_key_type_t type,
821 psa_algorithm_t alg )
822{
823 if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
824 {
825 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
826 PSA_KEY_USAGE_VERIFY :
827 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
828 }
829 else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
830 PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
831 {
832 return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
833 PSA_KEY_USAGE_ENCRYPT :
834 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
835 }
836 else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ||
837 PSA_ALG_IS_KEY_AGREEMENT( alg ) )
838 {
839 return( PSA_KEY_USAGE_DERIVE );
840 }
841 else
842 {
843 return( 0 );
844 }
845
846}
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]847
848typedef enum {
849 IMPORT_KEY = 0,
850 GENERATE_KEY = 1,
851 DERIVE_KEY = 2
852} generate_method;
853
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]854/* END_HEADER */
855
856/* BEGIN_DEPENDENCIES
857 * depends_on:MBEDTLS_PSA_CRYPTO_C
858 * END_DEPENDENCIES
859 */
860
861/* BEGIN_CASE */
Gilles Peskinee1f2d7d2018-08-21 14:54:54 +0200[diff] [blame]862void static_checks( )
863{
864 size_t max_truncated_mac_size =
865 PSA_ALG_MAC_TRUNCATION_MASK >> PSA_MAC_TRUNCATION_OFFSET;
866
867 /* Check that the length for a truncated MAC always fits in the algorithm
868 * encoding. The shifted mask is the maximum truncated value. The
869 * untruncated algorithm may be one byte larger. */
870 TEST_ASSERT( PSA_MAC_MAX_SIZE <= 1 + max_truncated_mac_size );
871}
872/* END_CASE */
873
874/* BEGIN_CASE */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]875void fill_slots( int max_arg )
876{
877 /* Fill all the slots until we run out of memory or out of slots,
878 * or until some limit specified in the test data for the sake of
879 * implementations with an essentially unlimited number of slots.
880 * This test assumes that available slots are numbered from 1. */
881
882 psa_key_slot_t slot;
883 psa_key_slot_t max = 0;
884 psa_key_policy_t policy;
885 uint8_t exported[sizeof( max )];
886 size_t exported_size;
887 psa_status_t status;
888
889 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
890
891 psa_key_policy_init( &policy );
892 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
893
894 for( max = 1; max <= (size_t) max_arg; max++ )
895 {
896 status = psa_set_key_policy( max, &policy );
897 /* Stop filling slots if we run out of memory or out of
898 * available slots. */
899 TEST_ASSERT( status == PSA_SUCCESS ||
900 status == PSA_ERROR_INSUFFICIENT_MEMORY ||
901 status == PSA_ERROR_INVALID_ARGUMENT );
902 if( status != PSA_SUCCESS )
903 break;
904 status = psa_import_key( max, PSA_KEY_TYPE_RAW_DATA,
905 (uint8_t*) &max, sizeof( max ) );
906 /* Since psa_set_key_policy succeeded, we know that the slot
907 * number is valid. But we may legitimately run out of memory. */
908 TEST_ASSERT( status == PSA_SUCCESS ||
909 status == PSA_ERROR_INSUFFICIENT_MEMORY );
910 if( status != PSA_SUCCESS )
911 break;
912 }
913 /* `max` is now the first slot number that wasn't filled. */
914 max -= 1;
915
916 for( slot = 1; slot <= max; slot++ )
917 {
918 TEST_ASSERT( psa_export_key( slot,
919 exported, sizeof( exported ),
920 &exported_size ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]921 ASSERT_COMPARE( &slot, sizeof( slot ), exported, exported_size );
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]922 }
923
924exit:
Gilles Peskine9a056342018-08-01 15:46:54 +0200[diff] [blame]925 /* Do not destroy the keys. mbedtls_psa_crypto_free() should do it. */
Gilles Peskine996deb12018-08-01 15:45:45 +0200[diff] [blame]926 mbedtls_psa_crypto_free( );
927}
928/* END_CASE */
929
930/* BEGIN_CASE */
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]931void import( data_t *data, int type, int expected_status_arg )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]932{
933 int slot = 1;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]934 psa_status_t expected_status = expected_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]935 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]936
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]937 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]938 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]939 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
940
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]941 status = psa_import_key( slot, type, data->x, data->len );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]942 TEST_ASSERT( status == expected_status );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]943 if( status == PSA_SUCCESS )
944 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
945
946exit:
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]947 mbedtls_psa_crypto_free( );
948}
949/* END_CASE */
950
951/* BEGIN_CASE */
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]952void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg )
953{
954 int slot = 1;
955 size_t bits = bits_arg;
956 psa_status_t expected_status = expected_status_arg;
957 psa_status_t status;
958 psa_key_type_t type =
959 keypair ? PSA_KEY_TYPE_RSA_KEYPAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY;
960 size_t buffer_size = /* Slight overapproximations */
961 keypair ? bits * 9 / 16 + 80 : bits / 8 + 20;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]962 unsigned char *buffer = NULL;
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]963 unsigned char *p;
964 int ret;
965 size_t length;
966
967 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]968 ASSERT_ALLOC( buffer, buffer_size );
Gilles Peskine0b352bc2018-06-28 00:16:11 +0200[diff] [blame]969
970 TEST_ASSERT( ( ret = construct_fake_rsa_key( buffer, buffer_size, &p,
971 bits, keypair ) ) >= 0 );
972 length = ret;
973
974 /* Try importing the key */
975 status = psa_import_key( slot, type, p, length );
976 TEST_ASSERT( status == expected_status );
977 if( status == PSA_SUCCESS )
978 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
979
980exit:
981 mbedtls_free( buffer );
982 mbedtls_psa_crypto_free( );
983}
984/* END_CASE */
985
986/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]987void import_export( data_t *data,
Moran Pekera964a8f2018-06-04 18:42:36 +0300[diff] [blame]988 int type_arg,
989 int alg_arg,
990 int usage_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]991 int expected_bits,
992 int export_size_delta,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]993 int expected_export_status_arg,
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]994 int canonical_input )
995{
996 int slot = 1;
997 int slot2 = slot + 1;
998 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]999 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1000 psa_status_t expected_export_status = expected_export_status_arg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1001 psa_status_t status;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1002 unsigned char *exported = NULL;
1003 unsigned char *reexported = NULL;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1004 size_t export_size;
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]1005 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1006 size_t reexported_length;
1007 psa_key_type_t got_type;
1008 size_t got_bits;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1009 psa_key_policy_t policy;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1010
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1011 TEST_ASSERT( data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1012 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
Moran Pekercb088e72018-07-17 17:36:59 +0300[diff] [blame]1013 export_size = (ptrdiff_t) data->len + export_size_delta;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1014 ASSERT_ALLOC( exported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1015 if( ! canonical_input )
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1016 ASSERT_ALLOC( reexported, export_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1017 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1018
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1019 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1020 psa_key_policy_set_usage( &policy, usage_arg, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1021 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1022
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1023 /* Import the key */
1024 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1025 data->x, data->len ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1026
1027 /* Test the key information */
1028 TEST_ASSERT( psa_get_key_information( slot,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1029 &got_type,
1030 &got_bits ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1031 TEST_ASSERT( got_type == type );
1032 TEST_ASSERT( got_bits == (size_t) expected_bits );
1033
1034 /* Export the key */
1035 status = psa_export_key( slot,
1036 exported, export_size,
1037 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1038 TEST_ASSERT( status == expected_export_status );
Jaeden Amerof24c7f82018-06-27 17:20:43 +0100[diff] [blame]1039
1040 /* The exported length must be set by psa_export_key() to a value between 0
1041 * and export_size. On errors, the exported length must be 0. */
1042 TEST_ASSERT( exported_length != INVALID_EXPORT_LENGTH );
1043 TEST_ASSERT( status == PSA_SUCCESS || exported_length == 0 );
1044 TEST_ASSERT( exported_length <= export_size );
1045
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1046 TEST_ASSERT( mem_is_char( exported + exported_length, 0,
Gilles Peskine3f669c32018-06-21 09:21:51 +0200[diff] [blame]1047 export_size - exported_length ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1048 if( status != PSA_SUCCESS )
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1049 {
1050 TEST_ASSERT( exported_length == 0 );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1051 goto destroy;
Gilles Peskinee66ca3b2018-06-20 00:11:45 +0200[diff] [blame]1052 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1053
Gilles Peskine8f609232018-08-11 01:24:55 +0200[diff] [blame]1054 if( ! exercise_export_key( slot, usage_arg ) )
1055 goto exit;
1056
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1057 if( canonical_input )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1058 ASSERT_COMPARE( data->x, data->len, exported, exported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1059 else
1060 {
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]1061 TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );
1062
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1063 TEST_ASSERT( psa_import_key( slot2, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1064 exported,
Gilles Peskineb67f3082018-08-07 15:33:10 +0200[diff] [blame]1065 exported_length ) == PSA_SUCCESS );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1066 TEST_ASSERT( psa_export_key( slot2,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1067 reexported,
1068 export_size,
1069 &reexported_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]1070 ASSERT_COMPARE( exported, exported_length,
1071 reexported, reexported_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1072 }
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1073 TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, got_bits ) );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1074
1075destroy:
1076 /* Destroy the key */
1077 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1078 TEST_ASSERT( psa_get_key_information(
1079 slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );
1080
1081exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1082 mbedtls_free( exported );
1083 mbedtls_free( reexported );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1084 mbedtls_psa_crypto_free( );
1085}
1086/* END_CASE */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1087
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1088/* BEGIN_CASE */
Moran Peker28a38e62018-11-07 16:18:24 +0200[diff] [blame]1089void import_key_nonempty_slot( )
1090{
1091 int slot = 1;
1092 psa_key_type_t type = PSA_KEY_TYPE_RAW_DATA;
1093 psa_status_t status;
1094 const uint8_t data[] = { 0x1, 0x2, 0x3, 0x4, 0x5 };
1095 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1096
1097 /* Import the key */
1098 TEST_ASSERT( psa_import_key( slot, type,
1099 data, sizeof( data ) ) == PSA_SUCCESS );
1100
1101 /* Import the key again */
1102 status = psa_import_key( slot, type, data, sizeof( data ) );
1103 TEST_ASSERT( status == PSA_ERROR_OCCUPIED_SLOT );
1104
1105exit:
1106 mbedtls_psa_crypto_free( );
1107}
1108/* END_CASE */
1109
1110/* BEGIN_CASE */
1111void export_invalid_slot( int slot, int expected_export_status_arg )
1112{
1113 psa_status_t status;
1114 unsigned char *exported = NULL;
1115 size_t export_size = 0;
1116 size_t exported_length = INVALID_EXPORT_LENGTH;
1117 psa_status_t expected_export_status = expected_export_status_arg;
1118
1119 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1120
1121 /* Export the key */
1122 status = psa_export_key( slot,
1123 exported, export_size,
1124 &exported_length );
1125 TEST_ASSERT( status == expected_export_status );
1126
1127exit:
1128 mbedtls_psa_crypto_free( );
1129}
1130/* END_CASE */
1131
1132/* BEGIN_CASE */
Moran Peker34550092018-11-07 16:19:34 +0200[diff] [blame]1133void export_with_no_key_activity( )
1134{
1135 int slot = 1;
1136 psa_algorithm_t alg = PSA_ALG_CTR;
1137 psa_status_t status;
1138 psa_key_policy_t policy;
1139 unsigned char *exported = NULL;
1140 size_t export_size = 0;
1141 size_t exported_length = INVALID_EXPORT_LENGTH;
1142
1143 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1144
1145 psa_key_policy_init( &policy );
1146 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
1147 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1148
1149 /* Export the key */
1150 status = psa_export_key( slot,
1151 exported, export_size,
1152 &exported_length );
1153 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1154
1155exit:
1156 mbedtls_psa_crypto_free( );
1157}
1158/* END_CASE */
1159
1160/* BEGIN_CASE */
Moran Pekerce500072018-11-07 16:20:07 +0200[diff] [blame]1161void cipher_with_no_key_activity( )
1162{
1163 int slot = 1;
1164 psa_status_t status;
1165 psa_key_policy_t policy;
1166 psa_cipher_operation_t operation;
1167 int exercise_alg = PSA_ALG_CTR;
1168
1169 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1170
1171 psa_key_policy_init( &policy );
1172 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, exercise_alg );
1173 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1174
1175 status = psa_cipher_encrypt_setup( &operation, slot, exercise_alg );
1176 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1177
1178exit:
1179 psa_cipher_abort( &operation );
1180 mbedtls_psa_crypto_free( );
1181}
1182/* END_CASE */
1183
1184/* BEGIN_CASE */
Moran Peker34550092018-11-07 16:19:34 +0200[diff] [blame]1185void export_after_import_failure( data_t *data, int type_arg,
1186 int expected_import_status_arg )
1187{
1188 int slot = 1;
1189 psa_key_type_t type = type_arg;
1190 psa_status_t status;
1191 unsigned char *exported = NULL;
1192 size_t export_size = 0;
1193 psa_status_t expected_import_status = expected_import_status_arg;
1194 size_t exported_length = INVALID_EXPORT_LENGTH;
1195
1196 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1197
1198 /* Import the key - expect failure */
1199 status = psa_import_key( slot, type,
1200 data->x, data->len );
1201 TEST_ASSERT( status == expected_import_status );
1202
1203 /* Export the key */
1204 status = psa_export_key( slot,
1205 exported, export_size,
1206 &exported_length );
1207 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1208
1209exit:
1210 mbedtls_psa_crypto_free( );
1211}
1212/* END_CASE */
1213
1214/* BEGIN_CASE */
Moran Pekerce500072018-11-07 16:20:07 +0200[diff] [blame]1215void cipher_after_import_failure( data_t *data, int type_arg,
1216 int expected_import_status_arg )
1217{
1218 int slot = 1;
1219 psa_cipher_operation_t operation;
1220 psa_key_type_t type = type_arg;
1221 psa_status_t status;
1222 psa_status_t expected_import_status = expected_import_status_arg;
1223 int exercise_alg = PSA_ALG_CTR;
1224
1225 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1226
1227 /* Import the key - expect failure */
1228 status = psa_import_key( slot, type,
1229 data->x, data->len );
1230 TEST_ASSERT( status == expected_import_status );
1231
1232 status = psa_cipher_encrypt_setup( &operation, slot, exercise_alg );
1233 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1234
1235exit:
1236 psa_cipher_abort( &operation );
1237 mbedtls_psa_crypto_free( );
1238}
1239/* END_CASE */
1240
1241/* BEGIN_CASE */
Moran Peker34550092018-11-07 16:19:34 +0200[diff] [blame]1242void export_after_destroy_key( data_t *data, int type_arg )
1243{
1244 int slot = 1;
1245 psa_key_type_t type = type_arg;
1246 psa_status_t status;
1247 psa_key_policy_t policy;
1248 psa_algorithm_t alg = PSA_ALG_CTR;
1249 unsigned char *exported = NULL;
1250 size_t export_size = 0;
1251 size_t exported_length = INVALID_EXPORT_LENGTH;
1252
1253 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1254
1255 psa_key_policy_init( &policy );
1256 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
1257 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1258 export_size = (ptrdiff_t) data->len;
1259 ASSERT_ALLOC( exported, export_size );
1260
1261 /* Import the key */
1262 TEST_ASSERT( psa_import_key( slot, type,
1263 data->x, data->len ) == PSA_SUCCESS );
1264
1265 TEST_ASSERT( psa_export_key( slot, exported, export_size,
1266 &exported_length ) == PSA_SUCCESS );
1267
1268 /* Destroy the key */
1269 TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
1270
1271 /* Export the key */
1272 status = psa_export_key( slot, exported, export_size,
1273 &exported_length );
1274 TEST_ASSERT( status == PSA_ERROR_EMPTY_SLOT );
1275
1276exit:
1277 mbedtls_free( exported );
1278 mbedtls_psa_crypto_free( );
1279}
1280/* END_CASE */
1281
1282/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1283void import_export_public_key( data_t *data,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1284 int type_arg,
1285 int alg_arg,
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1286 int export_size_delta,
1287 int expected_export_status_arg,
1288 data_t *expected_public_key )
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1289{
1290 int slot = 1;
1291 psa_key_type_t type = type_arg;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1292 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1293 psa_status_t expected_export_status = expected_export_status_arg;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1294 psa_status_t status;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1295 unsigned char *exported = NULL;
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1296 size_t export_size = expected_public_key->len + export_size_delta;
Jaeden Amero2a671e92018-06-27 17:47:40 +0100[diff] [blame]1297 size_t exported_length = INVALID_EXPORT_LENGTH;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]1298 psa_key_policy_t policy;
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1299
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1300 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1301
1302 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1303 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1304 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1305
1306 /* Import the key */
1307 TEST_ASSERT( psa_import_key( slot, type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]1308 data->x, data->len ) == PSA_SUCCESS );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1309
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1310 /* Export the public key */
1311 ASSERT_ALLOC( exported, export_size );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1312 status = psa_export_public_key( slot,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]1313 exported, export_size,
1314 &exported_length );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1315 TEST_ASSERT( status == expected_export_status );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1316 if( status == PSA_SUCCESS )
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1317 {
1318 psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR( type );
1319 size_t bits;
1320 TEST_ASSERT( psa_get_key_information( slot, NULL, &bits ) ==
1321 PSA_SUCCESS );
1322 TEST_ASSERT( expected_public_key->len <=
1323 PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1324 ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
1325 exported, exported_length );
Gilles Peskined8b7d4f2018-10-29 15:18:41 +0100[diff] [blame]1326 }
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1327
1328exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]1329 mbedtls_free( exported );
Gilles Peskine49c25912018-10-29 15:15:31 +0100[diff] [blame]1330 psa_destroy_key( slot );
Moran Pekerf709f4a2018-06-06 17:26:04 +0300[diff] [blame]1331 mbedtls_psa_crypto_free( );
1332}
1333/* END_CASE */
1334
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1335/* BEGIN_CASE */
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1336void import_and_exercise_key( data_t *data,
1337 int type_arg,
1338 int bits_arg,
1339 int alg_arg )
1340{
1341 int slot = 1;
1342 psa_key_type_t type = type_arg;
1343 size_t bits = bits_arg;
1344 psa_algorithm_t alg = alg_arg;
Gilles Peskine10df3412018-10-25 22:35:43 +0200[diff] [blame]1345 psa_key_usage_t usage = usage_to_exercise( type, alg );
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1346 psa_key_policy_t policy;
1347 psa_key_type_t got_type;
1348 size_t got_bits;
1349 psa_status_t status;
1350
1351 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1352
1353 psa_key_policy_init( &policy );
1354 psa_key_policy_set_usage( &policy, usage, alg );
1355 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
1356
1357 /* Import the key */
1358 status = psa_import_key( slot, type, data->x, data->len );
1359 TEST_ASSERT( status == PSA_SUCCESS );
1360
1361 /* Test the key information */
1362 TEST_ASSERT( psa_get_key_information( slot,
1363 &got_type,
1364 &got_bits ) == PSA_SUCCESS );
1365 TEST_ASSERT( got_type == type );
1366 TEST_ASSERT( got_bits == bits );
1367
1368 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]1369 if( ! exercise_key( slot, usage, alg ) )
1370 goto exit;
Gilles Peskinea680c7a2018-06-26 16:12:43 +0200[diff] [blame]1371
1372exit:
1373 psa_destroy_key( slot );
1374 mbedtls_psa_crypto_free( );
1375}
1376/* END_CASE */
1377
1378/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1379void key_policy( int usage_arg, int alg_arg )
1380{
1381 int key_slot = 1;
1382 psa_algorithm_t alg = alg_arg;
1383 psa_key_usage_t usage = usage_arg;
1384 psa_key_type_t key_type = PSA_KEY_TYPE_AES;
1385 unsigned char key[32] = {0};
1386 psa_key_policy_t policy_set;
1387 psa_key_policy_t policy_get;
1388
1389 memset( key, 0x2a, sizeof( key ) );
1390
1391 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1392
1393 psa_key_policy_init( &policy_set );
1394 psa_key_policy_init( &policy_get );
1395
1396 psa_key_policy_set_usage( &policy_set, usage, alg );
1397
1398 TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage );
1399 TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg );
1400 TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );
1401
1402 TEST_ASSERT( psa_import_key( key_slot, key_type,
1403 key, sizeof( key ) ) == PSA_SUCCESS );
1404
1405 TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );
1406
1407 TEST_ASSERT( policy_get.usage == policy_set.usage );
1408 TEST_ASSERT( policy_get.alg == policy_set.alg );
1409
1410exit:
1411 psa_destroy_key( key_slot );
1412 mbedtls_psa_crypto_free( );
1413}
1414/* END_CASE */
1415
1416/* BEGIN_CASE */
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1417void mac_key_policy( int policy_usage,
1418 int policy_alg,
1419 int key_type,
1420 data_t *key_data,
1421 int exercise_alg )
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1422{
1423 int key_slot = 1;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1424 psa_key_policy_t policy;
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1425 psa_mac_operation_t operation;
1426 psa_status_t status;
1427 unsigned char mac[PSA_MAC_MAX_SIZE];
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1428
1429 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1430
1431 psa_key_policy_init( &policy );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1432 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1433 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1434
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1435 TEST_ASSERT( psa_import_key( key_slot, key_type,
1436 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1437
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1438 status = psa_mac_sign_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1439 if( policy_alg == exercise_alg &&
1440 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1441 TEST_ASSERT( status == PSA_SUCCESS );
1442 else
1443 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1444 psa_mac_abort( &operation );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1445
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1446 memset( mac, 0, sizeof( mac ) );
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1447 status = psa_mac_verify_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1448 if( policy_alg == exercise_alg &&
1449 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1450 TEST_ASSERT( status == PSA_SUCCESS );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1451 else
1452 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1453
1454exit:
1455 psa_mac_abort( &operation );
1456 psa_destroy_key( key_slot );
1457 mbedtls_psa_crypto_free( );
1458}
1459/* END_CASE */
1460
1461/* BEGIN_CASE */
1462void cipher_key_policy( int policy_usage,
1463 int policy_alg,
1464 int key_type,
1465 data_t *key_data,
1466 int exercise_alg )
1467{
1468 int key_slot = 1;
1469 psa_key_policy_t policy;
1470 psa_cipher_operation_t operation;
1471 psa_status_t status;
1472
1473 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1474
1475 psa_key_policy_init( &policy );
1476 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1477 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1478
1479 TEST_ASSERT( psa_import_key( key_slot, key_type,
1480 key_data->x, key_data->len ) == PSA_SUCCESS );
1481
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1482 status = psa_cipher_encrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1483 if( policy_alg == exercise_alg &&
1484 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1485 TEST_ASSERT( status == PSA_SUCCESS );
1486 else
1487 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1488 psa_cipher_abort( &operation );
1489
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]1490 status = psa_cipher_decrypt_setup( &operation, key_slot, exercise_alg );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1491 if( policy_alg == exercise_alg &&
1492 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1493 TEST_ASSERT( status == PSA_SUCCESS );
1494 else
1495 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1496
1497exit:
1498 psa_cipher_abort( &operation );
1499 psa_destroy_key( key_slot );
1500 mbedtls_psa_crypto_free( );
1501}
1502/* END_CASE */
1503
1504/* BEGIN_CASE */
1505void aead_key_policy( int policy_usage,
1506 int policy_alg,
1507 int key_type,
1508 data_t *key_data,
1509 int nonce_length_arg,
1510 int tag_length_arg,
1511 int exercise_alg )
1512{
1513 int key_slot = 1;
1514 psa_key_policy_t policy;
1515 psa_status_t status;
1516 unsigned char nonce[16] = {0};
1517 size_t nonce_length = nonce_length_arg;
1518 unsigned char tag[16];
1519 size_t tag_length = tag_length_arg;
1520 size_t output_length;
1521
1522 TEST_ASSERT( nonce_length <= sizeof( nonce ) );
1523 TEST_ASSERT( tag_length <= sizeof( tag ) );
1524
1525 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1526
1527 psa_key_policy_init( &policy );
1528 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1529 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1530
1531 TEST_ASSERT( psa_import_key( key_slot, key_type,
1532 key_data->x, key_data->len ) == PSA_SUCCESS );
1533
1534 status = psa_aead_encrypt( key_slot, exercise_alg,
1535 nonce, nonce_length,
1536 NULL, 0,
1537 NULL, 0,
1538 tag, tag_length,
1539 &output_length );
1540 if( policy_alg == exercise_alg &&
1541 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1542 TEST_ASSERT( status == PSA_SUCCESS );
1543 else
1544 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1545
1546 memset( tag, 0, sizeof( tag ) );
1547 status = psa_aead_decrypt( key_slot, exercise_alg,
1548 nonce, nonce_length,
1549 NULL, 0,
1550 tag, tag_length,
1551 NULL, 0,
1552 &output_length );
1553 if( policy_alg == exercise_alg &&
1554 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1555 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1556 else
1557 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1558
1559exit:
1560 psa_destroy_key( key_slot );
1561 mbedtls_psa_crypto_free( );
1562}
1563/* END_CASE */
1564
1565/* BEGIN_CASE */
1566void asymmetric_encryption_key_policy( int policy_usage,
1567 int policy_alg,
1568 int key_type,
1569 data_t *key_data,
1570 int exercise_alg )
1571{
1572 int key_slot = 1;
1573 psa_key_policy_t policy;
1574 psa_status_t status;
1575 size_t key_bits;
1576 size_t buffer_length;
1577 unsigned char *buffer = NULL;
1578 size_t output_length;
1579
1580 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1581
1582 psa_key_policy_init( &policy );
1583 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1584 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1585
1586 TEST_ASSERT( psa_import_key( key_slot, key_type,
1587 key_data->x, key_data->len ) == PSA_SUCCESS );
1588
1589 TEST_ASSERT( psa_get_key_information( key_slot,
1590 NULL,
1591 &key_bits ) == PSA_SUCCESS );
1592 buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
1593 exercise_alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]1594 ASSERT_ALLOC( buffer, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1595
1596 status = psa_asymmetric_encrypt( key_slot, exercise_alg,
1597 NULL, 0,
1598 NULL, 0,
1599 buffer, buffer_length,
1600 &output_length );
1601 if( policy_alg == exercise_alg &&
1602 ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
1603 TEST_ASSERT( status == PSA_SUCCESS );
1604 else
1605 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1606
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]1607 if( buffer_length != 0 )
1608 memset( buffer, 0, buffer_length );
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1609 status = psa_asymmetric_decrypt( key_slot, exercise_alg,
1610 buffer, buffer_length,
1611 NULL, 0,
1612 buffer, buffer_length,
1613 &output_length );
1614 if( policy_alg == exercise_alg &&
1615 ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 )
1616 TEST_ASSERT( status == PSA_ERROR_INVALID_PADDING );
1617 else
1618 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1619
1620exit:
1621 psa_destroy_key( key_slot );
1622 mbedtls_psa_crypto_free( );
1623 mbedtls_free( buffer );
1624}
1625/* END_CASE */
1626
1627/* BEGIN_CASE */
1628void asymmetric_signature_key_policy( int policy_usage,
1629 int policy_alg,
1630 int key_type,
1631 data_t *key_data,
1632 int exercise_alg )
1633{
1634 int key_slot = 1;
1635 psa_key_policy_t policy;
1636 psa_status_t status;
1637 unsigned char payload[16] = {1};
1638 size_t payload_length = sizeof( payload );
1639 unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
1640 size_t signature_length;
1641
1642 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1643
1644 psa_key_policy_init( &policy );
1645 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1646 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1647
1648 TEST_ASSERT( psa_import_key( key_slot, key_type,
1649 key_data->x, key_data->len ) == PSA_SUCCESS );
1650
1651 status = psa_asymmetric_sign( key_slot, exercise_alg,
1652 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1653 signature, sizeof( signature ),
1654 &signature_length );
1655 if( policy_alg == exercise_alg &&
1656 ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
1657 TEST_ASSERT( status == PSA_SUCCESS );
1658 else
1659 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1660
1661 memset( signature, 0, sizeof( signature ) );
1662 status = psa_asymmetric_verify( key_slot, exercise_alg,
1663 payload, payload_length,
Gilles Peskine76f5c7b2018-07-06 16:53:09 +0200[diff] [blame]1664 signature, sizeof( signature ) );
1665 if( policy_alg == exercise_alg &&
1666 ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1667 TEST_ASSERT( status == PSA_ERROR_INVALID_SIGNATURE );
1668 else
1669 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1670
1671exit:
1672 psa_destroy_key( key_slot );
1673 mbedtls_psa_crypto_free( );
1674}
1675/* END_CASE */
1676
1677/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]1678void derive_key_policy( int policy_usage,
1679 int policy_alg,
1680 int key_type,
1681 data_t *key_data,
1682 int exercise_alg )
1683{
1684 int key_slot = 1;
1685 psa_key_policy_t policy;
1686 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1687 psa_status_t status;
1688
1689 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1690
1691 psa_key_policy_init( &policy );
1692 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1693 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1694
1695 TEST_ASSERT( psa_import_key( key_slot, key_type,
1696 key_data->x, key_data->len ) == PSA_SUCCESS );
1697
1698 status = psa_key_derivation( &generator, key_slot,
1699 exercise_alg,
1700 NULL, 0,
1701 NULL, 0,
1702 1 );
1703 if( policy_alg == exercise_alg &&
1704 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1705 TEST_ASSERT( status == PSA_SUCCESS );
1706 else
1707 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1708
1709exit:
1710 psa_generator_abort( &generator );
1711 psa_destroy_key( key_slot );
1712 mbedtls_psa_crypto_free( );
1713}
1714/* END_CASE */
1715
1716/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1717void agreement_key_policy( int policy_usage,
1718 int policy_alg,
1719 int key_type_arg,
1720 data_t *key_data,
1721 int exercise_alg )
1722{
1723 int key_slot = 1;
1724 psa_key_policy_t policy;
1725 psa_key_type_t key_type = key_type_arg;
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1726 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
1727 psa_status_t status;
1728
1729 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1730
1731 psa_key_policy_init( &policy );
1732 psa_key_policy_set_usage( &policy, policy_usage, policy_alg );
1733 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1734
1735 TEST_ASSERT( psa_import_key( key_slot, key_type,
1736 key_data->x, key_data->len ) == PSA_SUCCESS );
1737
Gilles Peskinec7998b72018-11-07 18:45:02 +0100[diff] [blame]1738 status = key_agreement_with_self( &generator, key_slot, exercise_alg );
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1739
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]1740 if( policy_alg == exercise_alg &&
1741 ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
1742 TEST_ASSERT( status == PSA_SUCCESS );
1743 else
1744 TEST_ASSERT( status == PSA_ERROR_NOT_PERMITTED );
1745
1746exit:
1747 psa_generator_abort( &generator );
1748 psa_destroy_key( key_slot );
1749 mbedtls_psa_crypto_free( );
1750}
1751/* END_CASE */
1752
1753/* BEGIN_CASE */
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1754void key_lifetime( int lifetime_arg )
1755{
1756 int key_slot = 1;
Gilles Peskinec32f0302018-08-10 16:02:11 +0200[diff] [blame]1757 psa_key_type_t key_type = PSA_KEY_TYPE_RAW_DATA;
Gilles Peskined5b33222018-06-18 22:20:03 +0200[diff] [blame]1758 unsigned char key[32] = {0};
1759 psa_key_lifetime_t lifetime_set = lifetime_arg;
1760 psa_key_lifetime_t lifetime_get;
1761
1762 memset( key, 0x2a, sizeof( key ) );
1763
1764 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1765
1766 TEST_ASSERT( psa_set_key_lifetime( key_slot,
1767 lifetime_set ) == PSA_SUCCESS );
1768
1769 TEST_ASSERT( psa_import_key( key_slot, key_type,
1770 key, sizeof( key ) ) == PSA_SUCCESS );
1771
1772 TEST_ASSERT( psa_get_key_lifetime( key_slot,
1773 &lifetime_get ) == PSA_SUCCESS );
1774
1775 TEST_ASSERT( lifetime_get == lifetime_set );
1776
1777exit:
1778 psa_destroy_key( key_slot );
1779 mbedtls_psa_crypto_free( );
1780}
1781/* END_CASE */
1782
1783/* BEGIN_CASE */
1784void key_lifetime_set_fail( int key_slot_arg,
1785 int lifetime_arg,
1786 int expected_status_arg )
1787{
1788 psa_key_slot_t key_slot = key_slot_arg;
1789 psa_key_lifetime_t lifetime_set = lifetime_arg;
1790 psa_status_t actual_status;
1791 psa_status_t expected_status = expected_status_arg;
1792
1793 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1794
1795 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1796
1797 if( actual_status == PSA_SUCCESS )
1798 actual_status = psa_set_key_lifetime( key_slot, lifetime_set );
1799
1800 TEST_ASSERT( expected_status == actual_status );
1801
1802exit:
1803 psa_destroy_key( key_slot );
1804 mbedtls_psa_crypto_free( );
1805}
1806/* END_CASE */
1807
1808/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1809void hash_setup( int alg_arg,
1810 int expected_status_arg )
1811{
1812 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1813 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1814 psa_hash_operation_t operation;
1815 psa_status_t status;
1816
1817 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1818
Gilles Peskineda8191d1c2018-07-08 19:46:38 +0200[diff] [blame]1819 status = psa_hash_setup( &operation, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1820 psa_hash_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1821 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1822
1823exit:
1824 mbedtls_psa_crypto_free( );
1825}
1826/* END_CASE */
1827
1828/* BEGIN_CASE */
itayzafrirf86548d2018-11-01 10:44:32 +0200[diff] [blame]1829void hash_bad_order( )
1830{
1831 unsigned char input[] = "";
1832 /* SHA-256 hash of an empty string */
1833 unsigned char hash[] = {
1834 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1835 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1836 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 };
1837 size_t hash_len;
1838 psa_hash_operation_t operation;
1839
1840 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1841
1842 /* psa_hash_update without calling psa_hash_setup beforehand */
1843 memset( &operation, 0, sizeof( operation ) );
1844 TEST_ASSERT( psa_hash_update( &operation,
1845 input, sizeof( input ) ) ==
1846 PSA_ERROR_INVALID_ARGUMENT );
1847
1848 /* psa_hash_verify without calling psa_hash_setup beforehand */
1849 memset( &operation, 0, sizeof( operation ) );
1850 TEST_ASSERT( psa_hash_verify( &operation,
1851 hash, sizeof( hash ) ) ==
1852 PSA_ERROR_INVALID_ARGUMENT );
1853
1854 /* psa_hash_finish without calling psa_hash_setup beforehand */
1855 memset( &operation, 0, sizeof( operation ) );
1856 TEST_ASSERT( psa_hash_finish( &operation,
1857 hash, sizeof( hash ), &hash_len ) ==
1858 PSA_ERROR_INVALID_ARGUMENT );
1859
1860exit:
1861 mbedtls_psa_crypto_free( );
1862}
1863/* END_CASE */
1864
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1865/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1866void hash_verify_bad_args( )
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1867{
1868 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1869 /* SHA-256 hash of an empty string with 2 extra bytes (0xaa and 0xbb)
1870 * appended to it */
1871 unsigned char hash[] = {
1872 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8,
1873 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
1874 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55, 0xaa, 0xbb };
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1875 size_t expected_size = PSA_HASH_SIZE( alg );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1876 psa_hash_operation_t operation;
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1877
1878 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1879
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1880 /* psa_hash_verify with a smaller hash than expected */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1881 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1882 TEST_ASSERT( psa_hash_verify( &operation,
1883 hash, expected_size - 1 ) ==
1884 PSA_ERROR_INVALID_SIGNATURE );
1885
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1886 /* psa_hash_verify with a non-matching hash */
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1887 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1888 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1889 hash + 1, expected_size ) ==
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1890 PSA_ERROR_INVALID_SIGNATURE );
1891
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1892 /* psa_hash_verify with a hash longer than expected */
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1893 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1894 TEST_ASSERT( psa_hash_verify( &operation,
itayzafrir27e69452018-11-01 14:26:34 +0200[diff] [blame]1895 hash, sizeof( hash ) ) ==
itayzafrir4271df92018-10-24 18:16:19 +0300[diff] [blame]1896 PSA_ERROR_INVALID_SIGNATURE );
1897
itayzafrirec93d302018-10-18 18:01:10 +0300[diff] [blame]1898exit:
1899 mbedtls_psa_crypto_free( );
1900}
1901/* END_CASE */
1902
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1903/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
1904void hash_finish_bad_args( )
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1905{
1906 psa_algorithm_t alg = PSA_ALG_SHA_256;
itayzafrirb2dd5ed2018-11-01 11:58:59 +0200[diff] [blame]1907 unsigned char hash[PSA_HASH_MAX_SIZE];
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1908 size_t expected_size = PSA_HASH_SIZE( alg );
1909 psa_hash_operation_t operation;
1910 size_t hash_len;
1911
1912 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1913
itayzafrir58028322018-10-25 10:22:01 +0300[diff] [blame]1914 /* psa_hash_finish with a smaller hash buffer than expected */
1915 TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
1916 TEST_ASSERT( psa_hash_finish( &operation,
1917 hash, expected_size - 1,
1918 &hash_len ) == PSA_ERROR_BUFFER_TOO_SMALL );
1919
1920exit:
1921 mbedtls_psa_crypto_free( );
1922}
1923/* END_CASE */
1924
1925/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1926void mac_setup( int key_type_arg,
1927 data_t *key,
1928 int alg_arg,
1929 int expected_status_arg )
1930{
1931 int key_slot = 1;
1932 psa_key_type_t key_type = key_type_arg;
1933 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1934 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1935 psa_mac_operation_t operation;
1936 psa_key_policy_t policy;
1937 psa_status_t status;
1938
1939 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1940
1941 psa_key_policy_init( &policy );
1942 psa_key_policy_set_usage( &policy,
1943 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
1944 alg );
1945 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1946
1947 TEST_ASSERT( psa_import_key( key_slot, key_type,
1948 key->x, key->len ) == PSA_SUCCESS );
1949
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]1950 status = psa_mac_sign_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1951 psa_mac_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]1952 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]1953
1954exit:
1955 psa_destroy_key( key_slot );
1956 mbedtls_psa_crypto_free( );
1957}
1958/* END_CASE */
1959
1960/* BEGIN_CASE */
Gilles Peskinea7aa4422018-08-14 15:17:54 +0200[diff] [blame]1961void mac_sign( int key_type_arg,
1962 data_t *key,
1963 int alg_arg,
1964 data_t *input,
1965 data_t *expected_mac )
1966{
1967 int key_slot = 1;
1968 psa_key_type_t key_type = key_type_arg;
1969 psa_algorithm_t alg = alg_arg;
1970 psa_mac_operation_t operation;
1971 psa_key_policy_t policy;
1972 /* Leave a little extra room in the output buffer. At the end of the
1973 * test, we'll check that the implementation didn't overwrite onto
1974 * this extra room. */
1975 uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10];
1976 size_t mac_buffer_size =
1977 PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg );
1978 size_t mac_length = 0;
1979
1980 memset( actual_mac, '+', sizeof( actual_mac ) );
1981 TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
1982 TEST_ASSERT( expected_mac->len <= mac_buffer_size );
1983
1984 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
1985
1986 psa_key_policy_init( &policy );
1987 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
1988 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
1989
1990 TEST_ASSERT( psa_import_key( key_slot, key_type,
1991 key->x, key->len ) == PSA_SUCCESS );
1992
1993 /* Calculate the MAC. */
1994 TEST_ASSERT( psa_mac_sign_setup( &operation,
1995 key_slot, alg ) == PSA_SUCCESS );
1996 TEST_ASSERT( psa_mac_update( &operation,
1997 input->x, input->len ) == PSA_SUCCESS );
1998 TEST_ASSERT( psa_mac_sign_finish( &operation,
1999 actual_mac, mac_buffer_size,
2000 &mac_length ) == PSA_SUCCESS );
2001
2002 /* Compare with the expected value. */
2003 TEST_ASSERT( mac_length == expected_mac->len );
2004 TEST_ASSERT( memcmp( actual_mac, expected_mac->x, mac_length ) == 0 );
2005
2006 /* Verify that the end of the buffer is untouched. */
2007 TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+',
2008 sizeof( actual_mac ) - mac_length ) );
2009
2010exit:
2011 psa_destroy_key( key_slot );
2012 mbedtls_psa_crypto_free( );
2013}
2014/* END_CASE */
2015
2016/* BEGIN_CASE */
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]2017void mac_verify( int key_type_arg,
2018 data_t *key,
2019 int alg_arg,
2020 data_t *input,
2021 data_t *expected_mac )
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2022{
2023 int key_slot = 1;
2024 psa_key_type_t key_type = key_type_arg;
2025 psa_algorithm_t alg = alg_arg;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2026 psa_mac_operation_t operation;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]2027 psa_key_policy_t policy;
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2028
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2029 TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
2030
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2031 TEST_ASSERT( key != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2032 TEST_ASSERT( input != NULL );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2033 TEST_ASSERT( expected_mac != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2034 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2035 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2036 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2037
2038 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2039
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]2040 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2041 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]2042 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2043
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2044 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2045 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskinec0ec9722018-06-18 17:03:37 +0200[diff] [blame]2046
Gilles Peskine89167cb2018-07-08 20:12:23 +0200[diff] [blame]2047 TEST_ASSERT( psa_mac_verify_setup( &operation,
2048 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2049 TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
2050 TEST_ASSERT( psa_mac_update( &operation,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2051 input->x, input->len ) == PSA_SUCCESS );
Gilles Peskineacd4be32018-07-08 19:56:25 +0200[diff] [blame]2052 TEST_ASSERT( psa_mac_verify_finish( &operation,
2053 expected_mac->x,
2054 expected_mac->len ) == PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2055
2056exit:
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]2057 psa_destroy_key( key_slot );
2058 mbedtls_psa_crypto_free( );
2059}
2060/* END_CASE */
2061
2062/* BEGIN_CASE */
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2063void cipher_setup( int key_type_arg,
2064 data_t *key,
2065 int alg_arg,
2066 int expected_status_arg )
2067{
2068 int key_slot = 1;
2069 psa_key_type_t key_type = key_type_arg;
2070 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2071 psa_status_t expected_status = expected_status_arg;
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2072 psa_cipher_operation_t operation;
2073 psa_key_policy_t policy;
2074 psa_status_t status;
2075
2076 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2077
2078 psa_key_policy_init( &policy );
2079 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2080 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2081
2082 TEST_ASSERT( psa_import_key( key_slot, key_type,
2083 key->x, key->len ) == PSA_SUCCESS );
2084
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2085 status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2086 psa_cipher_abort( &operation );
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2087 TEST_ASSERT( status == expected_status );
Gilles Peskine16c0f4f2018-06-20 16:05:20 +0200[diff] [blame]2088
2089exit:
2090 psa_destroy_key( key_slot );
2091 mbedtls_psa_crypto_free( );
2092}
2093/* END_CASE */
2094
2095/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2096void cipher_encrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2097 data_t *key,
2098 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2099 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2100{
2101 int key_slot = 1;
2102 psa_status_t status;
2103 psa_key_type_t key_type = key_type_arg;
2104 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2105 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2106 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2107 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2108 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2109 size_t output_buffer_size = 0;
2110 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2111 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2112 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2113 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2114
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2115 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2116 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2117 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2118 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2119 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2120 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2121
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2122 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2123 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2124
2125 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2126
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2127 psa_key_policy_init( &policy );
2128 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2129 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2130
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2131 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2132 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2133
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2134 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
2135 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2136
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2137 TEST_ASSERT( psa_cipher_set_iv( &operation,
2138 iv, iv_size ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2139 output_buffer_size = (size_t) input->len +
2140 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2141 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2142
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2143 TEST_ASSERT( psa_cipher_update( &operation,
2144 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2145 output, output_buffer_size,
2146 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2147 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2148 status = psa_cipher_finish( &operation,
2149 output + function_output_length,
2150 output_buffer_size,
2151 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2152 total_output_length += function_output_length;
2153
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2154 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2155 if( expected_status == PSA_SUCCESS )
2156 {
2157 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2158 ASSERT_COMPARE( expected_output->x, expected_output->len,
2159 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2160 }
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2161
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2162exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2163 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2164 psa_destroy_key( key_slot );
2165 mbedtls_psa_crypto_free( );
2166}
2167/* END_CASE */
2168
2169/* BEGIN_CASE */
2170void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2171 data_t *key,
2172 data_t *input,
2173 int first_part_size,
2174 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2175{
2176 int key_slot = 1;
2177 psa_key_type_t key_type = key_type_arg;
2178 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2179 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2180 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2181 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2182 size_t output_buffer_size = 0;
2183 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2184 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2185 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2186 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2187
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2188 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2189 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2190 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2191 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2192 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2193 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2194
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2195 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2196 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2197
2198 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2199
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2200 psa_key_policy_init( &policy );
2201 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
2202 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2203
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2204 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2205 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2206
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2207 TEST_ASSERT( psa_cipher_encrypt_setup( &operation,
2208 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2209
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2210 TEST_ASSERT( psa_cipher_set_iv( &operation,
2211 iv, sizeof( iv ) ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2212 output_buffer_size = (size_t) input->len +
2213 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2214 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2215
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2216 TEST_ASSERT( (unsigned int) first_part_size < input->len );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2217 TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2218 output, output_buffer_size,
2219 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2220 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2221 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2222 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2223 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2224 output, output_buffer_size,
2225 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2226 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2227 TEST_ASSERT( psa_cipher_finish( &operation,
2228 output + function_output_length,
2229 output_buffer_size,
2230 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2231 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2232 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2233
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2234 ASSERT_COMPARE( expected_output->x, expected_output->len,
2235 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2236
2237exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2238 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2239 psa_destroy_key( key_slot );
2240 mbedtls_psa_crypto_free( );
2241}
2242/* END_CASE */
2243
2244/* BEGIN_CASE */
2245void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2246 data_t *key,
2247 data_t *input,
2248 int first_part_size,
2249 data_t *expected_output )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2250{
2251 int key_slot = 1;
2252
2253 psa_key_type_t key_type = key_type_arg;
2254 psa_algorithm_t alg = alg_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2255 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2256 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2257 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2258 size_t output_buffer_size = 0;
2259 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2260 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2261 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2262 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2263
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2264 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2265 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2266 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2267 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2268 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2269 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2270
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2271 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2272 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2273
2274 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2275
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2276 psa_key_policy_init( &policy );
2277 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2278 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2279
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2280 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2281 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2282
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2283 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2284 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2285
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2286 TEST_ASSERT( psa_cipher_set_iv( &operation,
2287 iv, sizeof( iv ) ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2288
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2289 output_buffer_size = (size_t) input->len +
2290 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2291 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2292
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2293 TEST_ASSERT( (unsigned int) first_part_size < input->len );
2294 TEST_ASSERT( psa_cipher_update( &operation,
2295 input->x, first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2296 output, output_buffer_size,
2297 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2298 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2299 TEST_ASSERT( psa_cipher_update( &operation,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2300 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2301 input->len - first_part_size,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2302 output, output_buffer_size,
2303 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2304 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2305 TEST_ASSERT( psa_cipher_finish( &operation,
2306 output + function_output_length,
2307 output_buffer_size,
2308 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2309 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2310 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
2311
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2312 ASSERT_COMPARE( expected_output->x, expected_output->len,
2313 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2314
2315exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2316 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2317 psa_destroy_key( key_slot );
2318 mbedtls_psa_crypto_free( );
2319}
2320/* END_CASE */
2321
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2322/* BEGIN_CASE */
2323void cipher_decrypt( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2324 data_t *key,
2325 data_t *input, data_t *expected_output,
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2326 int expected_status_arg )
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2327{
2328 int key_slot = 1;
2329 psa_status_t status;
2330 psa_key_type_t key_type = key_type_arg;
2331 psa_algorithm_t alg = alg_arg;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2332 psa_status_t expected_status = expected_status_arg;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2333 unsigned char iv[16] = {0};
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2334 size_t iv_size;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2335 unsigned char *output = NULL;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2336 size_t output_buffer_size = 0;
2337 size_t function_output_length = 0;
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2338 size_t total_output_length = 0;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2339 psa_cipher_operation_t operation;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2340 psa_key_policy_t policy;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2341
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2342 TEST_ASSERT( key != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2343 TEST_ASSERT( input != NULL );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2344 TEST_ASSERT( expected_output != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2345 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2346 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
2347 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2348
Gilles Peskine9ad29e22018-06-21 09:40:04 +0200[diff] [blame]2349 iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
2350 memset( iv, 0x2a, iv_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2351
2352 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2353
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2354 psa_key_policy_init( &policy );
2355 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
2356 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2357
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2358 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2359 key->x, key->len ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2360
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2361 TEST_ASSERT( psa_cipher_decrypt_setup( &operation,
2362 key_slot, alg ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2363
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2364 TEST_ASSERT( psa_cipher_set_iv( &operation,
2365 iv, iv_size ) == PSA_SUCCESS );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2366
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2367 output_buffer_size = (size_t) input->len +
2368 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2369 ASSERT_ALLOC( output, output_buffer_size );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2370
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2371 TEST_ASSERT( psa_cipher_update( &operation,
2372 input->x, input->len,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2373 output, output_buffer_size,
2374 &function_output_length ) == PSA_SUCCESS );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2375 total_output_length += function_output_length;
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2376 status = psa_cipher_finish( &operation,
2377 output + function_output_length,
2378 output_buffer_size,
2379 &function_output_length );
Gilles Peskinea7ec95f2018-06-08 14:40:59 +0200[diff] [blame]2380 total_output_length += function_output_length;
Gilles Peskineb866e2b2018-06-21 09:25:10 +0200[diff] [blame]2381 TEST_ASSERT( status == expected_status );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2382
2383 if( expected_status == PSA_SUCCESS )
2384 {
2385 TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2386 ASSERT_COMPARE( expected_output->x, expected_output->len,
2387 output, total_output_length );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2388 }
2389
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2390exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2391 mbedtls_free( output );
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2392 psa_destroy_key( key_slot );
2393 mbedtls_psa_crypto_free( );
2394}
2395/* END_CASE */
2396
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2397/* BEGIN_CASE */
2398void cipher_verify_output( int alg_arg, int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2399 data_t *key,
2400 data_t *input )
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2401{
2402 int key_slot = 1;
2403 psa_key_type_t key_type = key_type_arg;
2404 psa_algorithm_t alg = alg_arg;
mohammad1603e6b67a12018-03-12 10:38:49 -0700[diff] [blame]2405 unsigned char iv[16] = {0};
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2406 size_t iv_size = 16;
2407 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2408 unsigned char *output1 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2409 size_t output1_size = 0;
2410 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2411 unsigned char *output2 = NULL;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2412 size_t output2_size = 0;
2413 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2414 size_t function_output_length = 0;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2415 psa_cipher_operation_t operation1;
2416 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2417 psa_key_policy_t policy;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2418
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2419 TEST_ASSERT( key != NULL );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2420 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2421 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2422 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2423
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2424 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2425
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2426 psa_key_policy_init( &policy );
2427 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2428 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2429
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2430 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2431 key->x, key->len ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2432
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2433 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2434 key_slot, alg ) == PSA_SUCCESS );
2435 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2436 key_slot, alg ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2437
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2438 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2439 iv, iv_size,
2440 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2441 output1_size = (size_t) input->len +
2442 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2443 ASSERT_ALLOC( output1, output1_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2444
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2445 TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2446 output1, output1_size,
2447 &output1_length ) == PSA_SUCCESS );
2448 TEST_ASSERT( psa_cipher_finish( &operation1,
2449 output1 + output1_length, output1_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2450 &function_output_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2451
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2452 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2453
2454 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2455
2456 output2_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2457 ASSERT_ALLOC( output2, output2_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2458
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2459 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2460 iv, iv_length ) == PSA_SUCCESS );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2461 TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
2462 output2, output2_size,
2463 &output2_length ) == PSA_SUCCESS );
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2464 function_output_length = 0;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2465 TEST_ASSERT( psa_cipher_finish( &operation2,
2466 output2 + output2_length,
2467 output2_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2468 &function_output_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2469
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2470 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2471
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2472 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2473
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2474 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2475
2476exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2477 mbedtls_free( output1 );
2478 mbedtls_free( output2 );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2479 psa_destroy_key( key_slot );
2480 mbedtls_psa_crypto_free( );
2481}
2482/* END_CASE */
2483
2484/* BEGIN_CASE */
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2485void cipher_verify_output_multipart( int alg_arg,
2486 int key_type_arg,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2487 data_t *key,
2488 data_t *input,
Gilles Peskine50e586b2018-06-08 14:28:46 +0200[diff] [blame]2489 int first_part_size )
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2490{
2491 int key_slot = 1;
2492 psa_key_type_t key_type = key_type_arg;
2493 psa_algorithm_t alg = alg_arg;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2494 unsigned char iv[16] = {0};
2495 size_t iv_size = 16;
2496 size_t iv_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2497 unsigned char *output1 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2498 size_t output1_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2499 size_t output1_length = 0;
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2500 unsigned char *output2 = NULL;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2501 size_t output2_buffer_size = 0;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2502 size_t output2_length = 0;
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2503 size_t function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2504 psa_cipher_operation_t operation1;
2505 psa_cipher_operation_t operation2;
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2506 psa_key_policy_t policy;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2507
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2508 TEST_ASSERT( key != NULL );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2509 TEST_ASSERT( input != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2510 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
2511 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2512
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2513 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2514
Moran Pekered346952018-07-05 15:22:45 +0300[diff] [blame]2515 psa_key_policy_init( &policy );
2516 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT, alg );
2517 TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );
2518
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2519 TEST_ASSERT( psa_import_key( key_slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2520 key->x, key->len ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2521
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2522 TEST_ASSERT( psa_cipher_encrypt_setup( &operation1,
2523 key_slot, alg ) == PSA_SUCCESS );
2524 TEST_ASSERT( psa_cipher_decrypt_setup( &operation2,
2525 key_slot, alg ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2526
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2527 TEST_ASSERT( psa_cipher_generate_iv( &operation1,
2528 iv, iv_size,
2529 &iv_length ) == PSA_SUCCESS );
mohammad16033d91abe2018-07-03 13:15:54 +0300[diff] [blame]2530 output1_buffer_size = (size_t) input->len +
2531 PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2532 ASSERT_ALLOC( output1, output1_buffer_size );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2533
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2534 TEST_ASSERT( (unsigned int) first_part_size < input->len );
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2535
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2536 TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2537 output1, output1_buffer_size,
2538 &function_output_length ) == PSA_SUCCESS );
2539 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2540
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2541 TEST_ASSERT( psa_cipher_update( &operation1,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2542 input->x + first_part_size,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2543 input->len - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2544 output1, output1_buffer_size,
2545 &function_output_length ) == PSA_SUCCESS );
2546 output1_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2547
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2548 TEST_ASSERT( psa_cipher_finish( &operation1,
2549 output1 + output1_length,
2550 output1_buffer_size - output1_length,
2551 &function_output_length ) == PSA_SUCCESS );
2552 output1_length += function_output_length;
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2553
2554 TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );
2555
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2556 output2_buffer_size = output1_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2557 ASSERT_ALLOC( output2, output2_buffer_size );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2558
Gilles Peskinefe119512018-07-08 21:39:34 +0200[diff] [blame]2559 TEST_ASSERT( psa_cipher_set_iv( &operation2,
2560 iv, iv_length ) == PSA_SUCCESS );
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2561
2562 TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2563 output2, output2_buffer_size,
2564 &function_output_length ) == PSA_SUCCESS );
2565 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2566
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2567 TEST_ASSERT( psa_cipher_update( &operation2,
2568 output1 + first_part_size,
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2569 output1_length - first_part_size,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2570 output2, output2_buffer_size,
2571 &function_output_length ) == PSA_SUCCESS );
2572 output2_length += function_output_length;
Moran Pekerded84402018-06-06 16:36:50 +0300[diff] [blame]2573
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2574 TEST_ASSERT( psa_cipher_finish( &operation2,
2575 output2 + output2_length,
Gilles Peskine048b7f02018-06-08 14:20:49 +0200[diff] [blame]2576 output2_buffer_size - output2_length,
2577 &function_output_length ) == PSA_SUCCESS );
2578 output2_length += function_output_length;
Gilles Peskine4ca9c3f2018-06-06 18:44:09 +0200[diff] [blame]2579
Janos Follath25c4fa82018-07-06 16:23:25 +0100[diff] [blame]2580 TEST_ASSERT( psa_cipher_abort( &operation2 ) == PSA_SUCCESS );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2581
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2582 ASSERT_COMPARE( input->x, input->len, output2, output2_length );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2583
2584exit:
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2585 mbedtls_free( output1 );
2586 mbedtls_free( output2 );
mohammad1603d7d7ba52018-03-12 18:51:53 +0200[diff] [blame]2587 psa_destroy_key( key_slot );
2588 mbedtls_psa_crypto_free( );
2589}
2590/* END_CASE */
Gilles Peskine7268afc2018-06-06 15:19:24 +0200[diff] [blame]2591
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2592/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2593void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2594 int alg_arg,
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2595 data_t *nonce,
2596 data_t *additional_data,
2597 data_t *input_data,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2598 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2599{
2600 int slot = 1;
2601 psa_key_type_t key_type = key_type_arg;
2602 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2603 unsigned char *output_data = NULL;
2604 size_t output_size = 0;
2605 size_t output_length = 0;
2606 unsigned char *output_data2 = NULL;
2607 size_t output_length2 = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2608 size_t tag_length = 16;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2609 psa_status_t expected_result = expected_result_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2610 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2611
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2612 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2613 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2614 TEST_ASSERT( nonce != NULL );
2615 TEST_ASSERT( additional_data != NULL );
2616 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2617 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2618 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2619 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2620
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2621 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2622 ASSERT_ALLOC( output_data, output_size );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2623
2624 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2625
2626 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2627 psa_key_policy_set_usage( &policy,
2628 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
2629 alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2630 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2631
2632 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2633 key_data->x, key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2634
2635 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2636 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2637 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2638 additional_data->len,
2639 input_data->x, input_data->len,
2640 output_data, output_size,
2641 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2642
2643 if( PSA_SUCCESS == expected_result )
2644 {
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2645 ASSERT_ALLOC( output_data2, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2646
2647 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2648 nonce->x, nonce->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2649 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2650 additional_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2651 output_data, output_length,
2652 output_data2, output_length,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2653 &output_length2 ) == expected_result );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2654
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2655 ASSERT_COMPARE( input_data->x, input_data->len,
2656 output_data2, output_length2 );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2657 }
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2658
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2659exit:
2660 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2661 mbedtls_free( output_data );
2662 mbedtls_free( output_data2 );
2663 mbedtls_psa_crypto_free( );
2664}
2665/* END_CASE */
2666
2667/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2668void aead_encrypt( int key_type_arg, data_t *key_data,
2669 int alg_arg,
2670 data_t *nonce,
2671 data_t *additional_data,
2672 data_t *input_data,
2673 data_t *expected_result )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2674{
2675 int slot = 1;
2676 psa_key_type_t key_type = key_type_arg;
2677 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2678 unsigned char *output_data = NULL;
2679 size_t output_size = 0;
2680 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2681 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2682 psa_key_policy_t policy;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2683
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2684 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2685 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2686 TEST_ASSERT( additional_data != NULL );
2687 TEST_ASSERT( nonce != NULL );
2688 TEST_ASSERT( expected_result != NULL );
2689 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2690 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2691 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2692 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2693 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) );
2694
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2695 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2696 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2697
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2698 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2699
2700 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2701 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2702 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2703
2704 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2705 key_data->x,
2706 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2707
2708 TEST_ASSERT( psa_aead_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2709 nonce->x, nonce->len,
2710 additional_data->x, additional_data->len,
2711 input_data->x, input_data->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2712 output_data, output_size,
2713 &output_length ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2714
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2715 ASSERT_COMPARE( expected_result->x, expected_result->len,
2716 output_data, output_length );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2717
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2718exit:
2719 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2720 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2721 mbedtls_psa_crypto_free( );
2722}
2723/* END_CASE */
2724
2725/* BEGIN_CASE */
Gilles Peskine7da96b02018-08-17 18:45:42 +0200[diff] [blame]2726void aead_decrypt( int key_type_arg, data_t *key_data,
2727 int alg_arg,
2728 data_t *nonce,
2729 data_t *additional_data,
2730 data_t *input_data,
2731 data_t *expected_data,
2732 int expected_result_arg )
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2733{
2734 int slot = 1;
2735 psa_key_type_t key_type = key_type_arg;
2736 psa_algorithm_t alg = alg_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2737 unsigned char *output_data = NULL;
2738 size_t output_size = 0;
2739 size_t output_length = 0;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2740 size_t tag_length = 16;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2741 psa_key_policy_t policy;
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2742 psa_status_t expected_result = expected_result_arg;
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2743
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2744 TEST_ASSERT( key_data != NULL );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2745 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2746 TEST_ASSERT( additional_data != NULL );
2747 TEST_ASSERT( nonce != NULL );
2748 TEST_ASSERT( expected_data != NULL );
2749 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2750 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2751 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
2752 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
2753 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
2754
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2755 output_size = input_data->len + tag_length;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2756 ASSERT_ALLOC( output_data, output_size );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2757
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2758 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2759
2760 psa_key_policy_init( &policy );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2761 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2762 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2763
2764 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2765 key_data->x,
2766 key_data->len ) == PSA_SUCCESS );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2767
2768 TEST_ASSERT( psa_aead_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2769 nonce->x, nonce->len,
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2770 additional_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2771 additional_data->len,
2772 input_data->x, input_data->len,
2773 output_data, output_size,
2774 &output_length ) == expected_result );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2775
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2776 if( expected_result == PSA_SUCCESS )
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2777 ASSERT_COMPARE( expected_data->x, expected_data->len,
2778 output_data, output_length );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2779
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2780exit:
2781 psa_destroy_key( slot );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2782 mbedtls_free( output_data );
Gilles Peskinea1cac842018-06-11 19:33:02 +0200[diff] [blame]2783 mbedtls_psa_crypto_free( );
2784}
2785/* END_CASE */
2786
2787/* BEGIN_CASE */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2788void signature_size( int type_arg,
2789 int bits,
2790 int alg_arg,
2791 int expected_size_arg )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2792{
2793 psa_key_type_t type = type_arg;
2794 psa_algorithm_t alg = alg_arg;
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]2795 size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2796 TEST_ASSERT( actual_size == (size_t) expected_size_arg );
2797exit:
2798 ;
2799}
2800/* END_CASE */
2801
2802/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2803void sign_deterministic( int key_type_arg, data_t *key_data,
2804 int alg_arg, data_t *input_data,
2805 data_t *output_data )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]2806{
2807 int slot = 1;
2808 psa_key_type_t key_type = key_type_arg;
2809 psa_algorithm_t alg = alg_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2810 size_t key_bits;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2811 unsigned char *signature = NULL;
2812 size_t signature_size;
2813 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2814 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2815
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2816 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2817 TEST_ASSERT( input_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2818 TEST_ASSERT( output_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2819 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2820 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2821 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2822
2823 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2824
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2825 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2826 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2827 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2828
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2829 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2830 key_data->x,
2831 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2832 TEST_ASSERT( psa_get_key_information( slot,
2833 NULL,
2834 &key_bits ) == PSA_SUCCESS );
2835
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2836 /* Allocate a buffer which has the size advertized by the
2837 * library. */
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]2838 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2839 key_bits, alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2840 TEST_ASSERT( signature_size != 0 );
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2841 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2842 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2843
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2844 /* Perform the signature. */
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2845 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2846 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2847 signature, signature_size,
2848 &signature_length ) == PSA_SUCCESS );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2849 /* Verify that the signature is what is expected. */
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]2850 ASSERT_COMPARE( output_data->x, output_data->len,
2851 signature, signature_length );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2852
2853exit:
2854 psa_destroy_key( slot );
Gilles Peskine0189e752018-02-03 23:57:22 +0100[diff] [blame]2855 mbedtls_free( signature );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2856 mbedtls_psa_crypto_free( );
2857}
2858/* END_CASE */
2859
2860/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2861void sign_fail( int key_type_arg, data_t *key_data,
2862 int alg_arg, data_t *input_data,
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2863 int signature_size_arg, int expected_status_arg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2864{
2865 int slot = 1;
2866 psa_key_type_t key_type = key_type_arg;
2867 psa_algorithm_t alg = alg_arg;
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2868 size_t signature_size = signature_size_arg;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2869 psa_status_t actual_status;
2870 psa_status_t expected_status = expected_status_arg;
Gilles Peskine40f68b92018-03-07 16:43:36 +0100[diff] [blame]2871 unsigned char *signature = NULL;
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]2872 size_t signature_length = 0xdeadbeef;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2873 psa_key_policy_t policy;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2874
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2875 TEST_ASSERT( key_data != NULL );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2876 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2877 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2878 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
2879
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2880 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2881
2882 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2883
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2884 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2885 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
mohammad1603a97cb8c2018-03-28 03:46:26 -0700[diff] [blame]2886 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2887
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2888 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2889 key_data->x,
2890 key_data->len ) == PSA_SUCCESS );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2891
2892 actual_status = psa_asymmetric_sign( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]2893 input_data->x, input_data->len,
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2894 signature, signature_size,
2895 &signature_length );
2896 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine860ce9d2018-06-28 12:23:00 +0200[diff] [blame]2897 /* The value of *signature_length is unspecified on error, but
2898 * whatever it is, it should be less than signature_size, so that
2899 * if the caller tries to read *signature_length bytes without
2900 * checking the error code then they don't overflow a buffer. */
2901 TEST_ASSERT( signature_length <= signature_size );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2902
2903exit:
2904 psa_destroy_key( slot );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]2905 mbedtls_free( signature );
2906 mbedtls_psa_crypto_free( );
2907}
2908/* END_CASE */
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]2909
2910/* BEGIN_CASE */
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2911void sign_verify( int key_type_arg, data_t *key_data,
2912 int alg_arg, data_t *input_data )
2913{
2914 int slot = 1;
2915 psa_key_type_t key_type = key_type_arg;
2916 psa_algorithm_t alg = alg_arg;
2917 size_t key_bits;
2918 unsigned char *signature = NULL;
2919 size_t signature_size;
2920 size_t signature_length = 0xdeadbeef;
2921 psa_key_policy_t policy;
2922
2923 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
2924
2925 psa_key_policy_init( &policy );
2926 psa_key_policy_set_usage( &policy,
2927 PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
2928 alg );
2929 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
2930
2931 TEST_ASSERT( psa_import_key( slot, key_type,
2932 key_data->x,
2933 key_data->len ) == PSA_SUCCESS );
2934 TEST_ASSERT( psa_get_key_information( slot,
2935 NULL,
2936 &key_bits ) == PSA_SUCCESS );
2937
2938 /* Allocate a buffer which has the size advertized by the
2939 * library. */
2940 signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
2941 key_bits, alg );
2942 TEST_ASSERT( signature_size != 0 );
2943 TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]2944 ASSERT_ALLOC( signature, signature_size );
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2945
2946 /* Perform the signature. */
2947 TEST_ASSERT( psa_asymmetric_sign( slot, alg,
2948 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2949 signature, signature_size,
2950 &signature_length ) == PSA_SUCCESS );
2951 /* Check that the signature length looks sensible. */
2952 TEST_ASSERT( signature_length <= signature_size );
2953 TEST_ASSERT( signature_length > 0 );
2954
2955 /* Use the library to verify that the signature is correct. */
2956 TEST_ASSERT( psa_asymmetric_verify(
2957 slot, alg,
2958 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2959 signature, signature_length ) == PSA_SUCCESS );
2960
2961 if( input_data->len != 0 )
2962 {
2963 /* Flip a bit in the input and verify that the signature is now
2964 * detected as invalid. Flip a bit at the beginning, not at the end,
2965 * because ECDSA may ignore the last few bits of the input. */
2966 input_data->x[0] ^= 1;
2967 TEST_ASSERT( psa_asymmetric_verify(
2968 slot, alg,
2969 input_data->x, input_data->len,
Gilles Peskine9911b022018-06-29 17:30:48 +0200[diff] [blame]2970 signature,
2971 signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
2972 }
2973
2974exit:
2975 psa_destroy_key( slot );
2976 mbedtls_free( signature );
2977 mbedtls_psa_crypto_free( );
2978}
2979/* END_CASE */
2980
2981/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2982void asymmetric_verify( int key_type_arg, data_t *key_data,
2983 int alg_arg, data_t *hash_data,
2984 data_t *signature_data )
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2985{
2986 int slot = 1;
2987 psa_key_type_t key_type = key_type_arg;
2988 psa_algorithm_t alg = alg_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]2989 psa_key_policy_t policy;
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2990
Gilles Peskine69c12672018-06-28 00:07:19 +0200[diff] [blame]2991 TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
2992
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2993 TEST_ASSERT( key_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2994 TEST_ASSERT( hash_data != NULL );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2995 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]2996 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
2997 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
2998 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]2999
3000 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3001
3002 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3003 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3004 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3005
3006 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3007 key_data->x,
3008 key_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3009
3010 TEST_ASSERT( psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3011 hash_data->x, hash_data->len,
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3012 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3013 signature_data->len ) == PSA_SUCCESS );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3014exit:
3015 psa_destroy_key( slot );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]3016 mbedtls_psa_crypto_free( );
3017}
3018/* END_CASE */
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3019
3020/* BEGIN_CASE */
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3021void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
3022 int alg_arg, data_t *hash_data,
3023 data_t *signature_data,
3024 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3025{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3026 int slot = 1;
3027 psa_key_type_t key_type = key_type_arg;
3028 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3029 psa_status_t actual_status;
3030 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3031 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3032
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3033 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3034 TEST_ASSERT( hash_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3035 TEST_ASSERT( signature_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3036 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3037 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
3038 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3039
3040 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3041
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3042 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3043 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3044 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3045
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3046 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3047 key_data->x,
3048 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3049
3050 actual_status = psa_asymmetric_verify( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3051 hash_data->x, hash_data->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3052 signature_data->x,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3053 signature_data->len );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3054
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3055 TEST_ASSERT( actual_status == expected_status );
3056
3057exit:
3058 psa_destroy_key( slot );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3059 mbedtls_psa_crypto_free( );
3060}
3061/* END_CASE */
3062
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3063/* BEGIN_CASE */
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3064void asymmetric_encrypt( int key_type_arg,
3065 data_t *key_data,
3066 int alg_arg,
3067 data_t *input_data,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3068 data_t *label,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3069 int expected_output_length_arg,
3070 int expected_status_arg )
3071{
3072 int slot = 1;
3073 psa_key_type_t key_type = key_type_arg;
3074 psa_algorithm_t alg = alg_arg;
3075 size_t expected_output_length = expected_output_length_arg;
3076 size_t key_bits;
3077 unsigned char *output = NULL;
3078 size_t output_size;
3079 size_t output_length = ~0;
3080 psa_status_t actual_status;
3081 psa_status_t expected_status = expected_status_arg;
3082 psa_key_policy_t policy;
3083
3084 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3085
3086 /* Import the key */
3087 psa_key_policy_init( &policy );
3088 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
3089 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3090 TEST_ASSERT( psa_import_key( slot, key_type,
3091 key_data->x,
3092 key_data->len ) == PSA_SUCCESS );
3093
3094 /* Determine the maximum output length */
3095 TEST_ASSERT( psa_get_key_information( slot,
3096 NULL,
3097 &key_bits ) == PSA_SUCCESS );
3098 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3099 ASSERT_ALLOC( output, output_size );
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3100
3101 /* Encrypt the input */
3102 actual_status = psa_asymmetric_encrypt( slot, alg,
3103 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3104 label->x, label->len,
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3105 output, output_size,
3106 &output_length );
3107 TEST_ASSERT( actual_status == expected_status );
3108 TEST_ASSERT( output_length == expected_output_length );
3109
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3110 /* If the label is empty, the test framework puts a non-null pointer
3111 * in label->x. Test that a null pointer works as well. */
3112 if( label->len == 0 )
3113 {
3114 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3115 if( output_size != 0 )
3116 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3117 actual_status = psa_asymmetric_encrypt( slot, alg,
3118 input_data->x, input_data->len,
3119 NULL, label->len,
3120 output, output_size,
3121 &output_length );
3122 TEST_ASSERT( actual_status == expected_status );
3123 TEST_ASSERT( output_length == expected_output_length );
3124 }
3125
Gilles Peskine656896e2018-06-29 19:12:28 +0200[diff] [blame]3126exit:
3127 psa_destroy_key( slot );
3128 mbedtls_free( output );
3129 mbedtls_psa_crypto_free( );
3130}
3131/* END_CASE */
3132
3133/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3134void asymmetric_encrypt_decrypt( int key_type_arg,
3135 data_t *key_data,
3136 int alg_arg,
3137 data_t *input_data,
3138 data_t *label )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3139{
3140 int slot = 1;
3141 psa_key_type_t key_type = key_type_arg;
3142 psa_algorithm_t alg = alg_arg;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3143 size_t key_bits;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3144 unsigned char *output = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3145 size_t output_size;
3146 size_t output_length = ~0;
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]3147 unsigned char *output2 = NULL;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3148 size_t output2_size;
3149 size_t output2_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3150 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3151
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3152 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3153 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3154 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3155 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3156
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3157 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3158
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3159 psa_key_policy_init( &policy );
Gilles Peskinec1bb6c82018-06-18 16:04:39 +0200[diff] [blame]3160 psa_key_policy_set_usage( &policy,
3161 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3162 alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3163 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3164
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3165 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3166 key_data->x,
3167 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3168
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3169
3170 /* Determine the maximum ciphertext length */
3171 TEST_ASSERT( psa_get_key_information( slot,
3172 NULL,
3173 &key_bits ) == PSA_SUCCESS );
3174 output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3175 ASSERT_ALLOC( output, output_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3176 output2_size = input_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3177 ASSERT_ALLOC( output2, output2_size );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3178
Gilles Peskineeebd7382018-06-08 18:11:54 +0200[diff] [blame]3179 /* We test encryption by checking that encrypt-then-decrypt gives back
3180 * the original plaintext because of the non-optional random
3181 * part of encryption process which prevents using fixed vectors. */
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3182 TEST_ASSERT( psa_asymmetric_encrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3183 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3184 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3185 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3186 &output_length ) == PSA_SUCCESS );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3187 /* We don't know what ciphertext length to expect, but check that
3188 * it looks sensible. */
3189 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]3190
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3191 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3192 output, output_length,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3193 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3194 output2, output2_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3195 &output2_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3196 ASSERT_COMPARE( input_data->x, input_data->len,
3197 output2, output2_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3198
3199exit:
3200 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3201 mbedtls_free( output );
3202 mbedtls_free( output2 );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3203 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3204}
3205/* END_CASE */
3206
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3207/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3208void asymmetric_decrypt( int key_type_arg,
3209 data_t *key_data,
3210 int alg_arg,
3211 data_t *input_data,
3212 data_t *label,
Gilles Peskine66763a02018-06-29 21:54:10 +0200[diff] [blame]3213 data_t *expected_data )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3214{
3215 int slot = 1;
3216 psa_key_type_t key_type = key_type_arg;
3217 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3218 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]3219 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3220 size_t output_length = ~0;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3221 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3222
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3223 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3224 TEST_ASSERT( input_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3225 TEST_ASSERT( expected_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3226 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3227 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3228 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );
3229
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3230 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3231 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3232
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3233 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3234
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3235 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3236 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3237 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3238
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3239 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3240 key_data->x,
3241 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3242
Nir Sonnenschein0f3bdbd2018-05-02 23:56:12 +0300[diff] [blame]3243 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3244 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3245 label->x, label->len,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3246 output,
3247 output_size,
3248 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3249 ASSERT_COMPARE( expected_data->x, expected_data->len,
3250 output, output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3251
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3252 /* If the label is empty, the test framework puts a non-null pointer
3253 * in label->x. Test that a null pointer works as well. */
3254 if( label->len == 0 )
3255 {
3256 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3257 if( output_size != 0 )
3258 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3259 TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
3260 input_data->x, input_data->len,
3261 NULL, label->len,
3262 output,
3263 output_size,
3264 &output_length ) == PSA_SUCCESS );
Gilles Peskinebd7dea92018-09-27 13:57:19 +0200[diff] [blame]3265 ASSERT_COMPARE( expected_data->x, expected_data->len,
3266 output, output_length );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3267 }
3268
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3269exit:
3270 psa_destroy_key( slot );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3271 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3272 mbedtls_psa_crypto_free( );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3273}
3274/* END_CASE */
3275
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3276/* BEGIN_CASE */
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3277void asymmetric_decrypt_fail( int key_type_arg,
3278 data_t *key_data,
3279 int alg_arg,
3280 data_t *input_data,
3281 data_t *label,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3282 int expected_status_arg )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3283{
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3284 int slot = 1;
3285 psa_key_type_t key_type = key_type_arg;
3286 psa_algorithm_t alg = alg_arg;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3287 unsigned char *output = NULL;
Nir Sonnenscheind70bc482018-06-04 16:31:13 +0300[diff] [blame]3288 size_t output_size = 0;
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3289 size_t output_length = ~0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3290 psa_status_t actual_status;
3291 psa_status_t expected_status = expected_status_arg;
Gilles Peskinedec72612018-06-18 18:12:37 +0200[diff] [blame]3292 psa_key_policy_t policy;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3293
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3294 TEST_ASSERT( key_data != NULL );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3295 TEST_ASSERT( input_data != NULL );
itayzafrir3e02b3b2018-06-12 17:06:52 +0300[diff] [blame]3296 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
3297 TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
3298
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3299 output_size = key_data->len;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3300 ASSERT_ALLOC( output, output_size );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3301
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3302 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3303
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3304 psa_key_policy_init( &policy );
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3305 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
Nir Sonnenscheind7082602018-06-04 16:45:27 +0300[diff] [blame]3306 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3307
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3308 TEST_ASSERT( psa_import_key( slot, key_type,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3309 key_data->x,
3310 key_data->len ) == PSA_SUCCESS );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3311
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3312 actual_status = psa_asymmetric_decrypt( slot, alg,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3313 input_data->x, input_data->len,
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3314 label->x, label->len,
Gilles Peskine4abf7412018-06-18 16:35:34 +0200[diff] [blame]3315 output, output_size,
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3316 &output_length );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3317 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3318 TEST_ASSERT( output_length <= output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3319
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3320 /* If the label is empty, the test framework puts a non-null pointer
3321 * in label->x. Test that a null pointer works as well. */
3322 if( label->len == 0 )
3323 {
3324 output_length = ~0;
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3325 if( output_size != 0 )
3326 memset( output, 0, output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3327 actual_status = psa_asymmetric_decrypt( slot, alg,
3328 input_data->x, input_data->len,
3329 NULL, label->len,
3330 output, output_size,
3331 &output_length );
3332 TEST_ASSERT( actual_status == expected_status );
Gilles Peskine55c94dd2018-06-30 18:54:48 +0200[diff] [blame]3333 TEST_ASSERT( output_length <= output_size );
Gilles Peskine68428122018-06-30 18:42:41 +0200[diff] [blame]3334 }
3335
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3336exit:
3337 psa_destroy_key( slot );
Gilles Peskine2d277862018-06-18 15:41:12 +0200[diff] [blame]3338 mbedtls_free( output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]3339 mbedtls_psa_crypto_free( );
3340}
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]3341/* END_CASE */
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3342
3343/* BEGIN_CASE */
Gilles Peskineea0fb492018-07-12 17:17:20 +0200[diff] [blame]3344void derive_setup( int key_type_arg,
3345 data_t *key_data,
3346 int alg_arg,
3347 data_t *salt,
3348 data_t *label,
3349 int requested_capacity_arg,
3350 int expected_status_arg )
3351{
3352 psa_key_slot_t slot = 1;
3353 size_t key_type = key_type_arg;
3354 psa_algorithm_t alg = alg_arg;
3355 size_t requested_capacity = requested_capacity_arg;
3356 psa_status_t expected_status = expected_status_arg;
3357 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3358 psa_key_policy_t policy;
3359
3360 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3361
3362 psa_key_policy_init( &policy );
3363 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3364 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3365
3366 TEST_ASSERT( psa_import_key( slot, key_type,
3367 key_data->x,
3368 key_data->len ) == PSA_SUCCESS );
3369
3370 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3371 salt->x, salt->len,
3372 label->x, label->len,
3373 requested_capacity ) == expected_status );
3374
3375exit:
3376 psa_generator_abort( &generator );
3377 psa_destroy_key( slot );
3378 mbedtls_psa_crypto_free( );
3379}
3380/* END_CASE */
3381
3382/* BEGIN_CASE */
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3383void test_derive_invalid_generator_state( )
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3384{
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3385 psa_key_slot_t base_key = 1;
Nir Sonnenschein4eda37b2018-10-31 12:15:58 +0200[diff] [blame]3386 size_t key_type = PSA_KEY_TYPE_DERIVE;
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3387 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3388 psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3389 uint8_t buffer[42];
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3390 size_t capacity = sizeof( buffer );
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3391 const uint8_t key_data[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
3392 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
3393 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3394 psa_key_policy_t policy;
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3395
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3396 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3397
3398 psa_key_policy_init( &policy );
3399 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3400 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3401
3402 TEST_ASSERT( psa_import_key( base_key, key_type,
Nir Sonnenscheindd69d8b2018-11-01 12:24:23 +0200[diff] [blame]3403 key_data,
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3404 sizeof( key_data ) ) == PSA_SUCCESS );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3405
3406 /* valid key derivation */
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3407 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3408 NULL, 0,
3409 NULL, 0,
3410 capacity ) == PSA_SUCCESS );
3411
3412 /* state of generator shouldn't allow additional generation */
3413 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3414 NULL, 0,
3415 NULL, 0,
3416 capacity ) == PSA_ERROR_BAD_STATE );
3417
3418 TEST_ASSERT( psa_generator_read( &generator, buffer, capacity )
3419 == PSA_SUCCESS );
3420
3421 TEST_ASSERT( psa_generator_read( &generator, buffer, capacity )
3422 == PSA_ERROR_INSUFFICIENT_CAPACITY );
3423
3424
3425exit:
3426 psa_generator_abort( &generator );
3427 psa_destroy_key( base_key );
3428 mbedtls_psa_crypto_free( );
3429}
3430/* END_CASE */
3431
3432
3433/* BEGIN_CASE */
3434void test_derive_invalid_generator_tests( )
3435{
3436 uint8_t output_buffer[16];
3437 size_t buffer_size = 16;
3438 size_t capacity = 0;
3439 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3440
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3441 TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3442 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3443
3444 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3445 == PSA_SUCCESS ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3446
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3447 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3448
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3449 TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3450 == PSA_ERROR_INSUFFICIENT_CAPACITY ); // should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3451
Nir Sonnenschein50789302018-10-31 12:16:38 +0200[diff] [blame]3452 TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
Nir Sonnenschein1caf6d22018-11-01 12:27:20 +0200[diff] [blame]3453 == PSA_SUCCESS );// should be PSA_ERROR_BAD_STATE:#183
Nir Sonnenscheinb46e7ca2018-10-25 14:46:09 +0300[diff] [blame]3454
3455exit:
3456 psa_generator_abort( &generator );
Nir Sonnenscheine5204c92018-10-22 17:24:55 +0300[diff] [blame]3457}
3458/* END_CASE */
3459
3460/* BEGIN_CASE */
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3461void derive_output( int alg_arg,
3462 data_t *key_data,
3463 data_t *salt,
3464 data_t *label,
3465 int requested_capacity_arg,
3466 data_t *expected_output1,
3467 data_t *expected_output2 )
3468{
3469 psa_key_slot_t slot = 1;
3470 psa_algorithm_t alg = alg_arg;
3471 size_t requested_capacity = requested_capacity_arg;
3472 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3473 uint8_t *expected_outputs[2] =
3474 {expected_output1->x, expected_output2->x};
3475 size_t output_sizes[2] =
3476 {expected_output1->len, expected_output2->len};
3477 size_t output_buffer_size = 0;
3478 uint8_t *output_buffer = NULL;
3479 size_t expected_capacity;
3480 size_t current_capacity;
3481 psa_key_policy_t policy;
3482 psa_status_t status;
3483 unsigned i;
3484
3485 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3486 {
3487 if( output_sizes[i] > output_buffer_size )
3488 output_buffer_size = output_sizes[i];
3489 if( output_sizes[i] == 0 )
3490 expected_outputs[i] = NULL;
3491 }
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3492 ASSERT_ALLOC( output_buffer, output_buffer_size );
Gilles Peskine96ee5c72018-07-12 17:24:54 +0200[diff] [blame]3493 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3494
3495 psa_key_policy_init( &policy );
3496 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3497 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3498
3499 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3500 key_data->x,
3501 key_data->len ) == PSA_SUCCESS );
3502
3503 /* Extraction phase. */
3504 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3505 salt->x, salt->len,
3506 label->x, label->len,
3507 requested_capacity ) == PSA_SUCCESS );
3508 TEST_ASSERT( psa_get_generator_capacity( &generator,
3509 &current_capacity ) ==
3510 PSA_SUCCESS );
3511 TEST_ASSERT( current_capacity == requested_capacity );
3512 expected_capacity = requested_capacity;
3513
3514 /* Expansion phase. */
3515 for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
3516 {
3517 /* Read some bytes. */
3518 status = psa_generator_read( &generator,
3519 output_buffer, output_sizes[i] );
3520 if( expected_capacity == 0 && output_sizes[i] == 0 )
3521 {
3522 /* Reading 0 bytes when 0 bytes are available can go either way. */
3523 TEST_ASSERT( status == PSA_SUCCESS ||
3524 status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3525 continue;
3526 }
3527 else if( expected_capacity == 0 ||
3528 output_sizes[i] > expected_capacity )
3529 {
3530 /* Capacity exceeded. */
3531 TEST_ASSERT( status == PSA_ERROR_INSUFFICIENT_CAPACITY );
3532 expected_capacity = 0;
3533 continue;
3534 }
3535 /* Success. Check the read data. */
3536 TEST_ASSERT( status == PSA_SUCCESS );
3537 if( output_sizes[i] != 0 )
3538 TEST_ASSERT( memcmp( output_buffer, expected_outputs[i],
3539 output_sizes[i] ) == 0 );
3540 /* Check the generator status. */
3541 expected_capacity -= output_sizes[i];
3542 TEST_ASSERT( psa_get_generator_capacity( &generator,
3543 &current_capacity ) ==
3544 PSA_SUCCESS );
3545 TEST_ASSERT( expected_capacity == current_capacity );
3546 }
3547 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3548
3549exit:
3550 mbedtls_free( output_buffer );
3551 psa_generator_abort( &generator );
3552 psa_destroy_key( slot );
3553 mbedtls_psa_crypto_free( );
3554}
3555/* END_CASE */
3556
3557/* BEGIN_CASE */
Gilles Peskined54931c2018-07-17 21:06:59 +0200[diff] [blame]3558void derive_full( int alg_arg,
3559 data_t *key_data,
3560 data_t *salt,
3561 data_t *label,
3562 int requested_capacity_arg )
3563{
3564 psa_key_slot_t slot = 1;
3565 psa_algorithm_t alg = alg_arg;
3566 size_t requested_capacity = requested_capacity_arg;
3567 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3568 unsigned char output_buffer[16];
3569 size_t expected_capacity = requested_capacity;
3570 size_t current_capacity;
3571 psa_key_policy_t policy;
3572
3573 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3574
3575 psa_key_policy_init( &policy );
3576 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3577 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3578
3579 TEST_ASSERT( psa_import_key( slot, PSA_KEY_TYPE_DERIVE,
3580 key_data->x,
3581 key_data->len ) == PSA_SUCCESS );
3582
3583 /* Extraction phase. */
3584 TEST_ASSERT( psa_key_derivation( &generator, slot, alg,
3585 salt->x, salt->len,
3586 label->x, label->len,
3587 requested_capacity ) == PSA_SUCCESS );
3588 TEST_ASSERT( psa_get_generator_capacity( &generator,
3589 &current_capacity ) ==
3590 PSA_SUCCESS );
3591 TEST_ASSERT( current_capacity == expected_capacity );
3592
3593 /* Expansion phase. */
3594 while( current_capacity > 0 )
3595 {
3596 size_t read_size = sizeof( output_buffer );
3597 if( read_size > current_capacity )
3598 read_size = current_capacity;
3599 TEST_ASSERT( psa_generator_read( &generator,
3600 output_buffer,
3601 read_size ) == PSA_SUCCESS );
3602 expected_capacity -= read_size;
3603 TEST_ASSERT( psa_get_generator_capacity( &generator,
3604 &current_capacity ) ==
3605 PSA_SUCCESS );
3606 TEST_ASSERT( current_capacity == expected_capacity );
3607 }
3608
3609 /* Check that the generator refuses to go over capacity. */
3610 TEST_ASSERT( psa_generator_read( &generator,
3611 output_buffer,
3612 1 ) == PSA_ERROR_INSUFFICIENT_CAPACITY );
3613
3614 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3615
3616exit:
3617 psa_generator_abort( &generator );
3618 psa_destroy_key( slot );
3619 mbedtls_psa_crypto_free( );
3620}
3621/* END_CASE */
3622
3623/* BEGIN_CASE */
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3624void derive_key_exercise( int alg_arg,
3625 data_t *key_data,
3626 data_t *salt,
3627 data_t *label,
3628 int derived_type_arg,
3629 int derived_bits_arg,
3630 int derived_usage_arg,
3631 int derived_alg_arg )
3632{
3633 psa_key_slot_t base_key = 1;
3634 psa_key_slot_t derived_key = 2;
3635 psa_algorithm_t alg = alg_arg;
3636 psa_key_type_t derived_type = derived_type_arg;
3637 size_t derived_bits = derived_bits_arg;
3638 psa_key_usage_t derived_usage = derived_usage_arg;
3639 psa_algorithm_t derived_alg = derived_alg_arg;
3640 size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
3641 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3642 psa_key_policy_t policy;
3643 psa_key_type_t got_type;
3644 size_t got_bits;
3645
3646 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3647
3648 psa_key_policy_init( &policy );
3649 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3650 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3651 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3652 key_data->x,
3653 key_data->len ) == PSA_SUCCESS );
3654
3655 /* Derive a key. */
3656 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3657 salt->x, salt->len,
3658 label->x, label->len,
3659 capacity ) == PSA_SUCCESS );
3660 psa_key_policy_set_usage( &policy, derived_usage, derived_alg );
3661 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3662 TEST_ASSERT( psa_generator_import_key( derived_key,
3663 derived_type,
3664 derived_bits,
3665 &generator ) == PSA_SUCCESS );
3666
3667 /* Test the key information */
3668 TEST_ASSERT( psa_get_key_information( derived_key,
3669 &got_type,
3670 &got_bits ) == PSA_SUCCESS );
3671 TEST_ASSERT( got_type == derived_type );
3672 TEST_ASSERT( got_bits == derived_bits );
3673
3674 /* Exercise the derived key. */
3675 if( ! exercise_key( derived_key, derived_usage, derived_alg ) )
3676 goto exit;
3677
3678exit:
3679 psa_generator_abort( &generator );
3680 psa_destroy_key( base_key );
3681 psa_destroy_key( derived_key );
3682 mbedtls_psa_crypto_free( );
3683}
3684/* END_CASE */
3685
3686/* BEGIN_CASE */
3687void derive_key_export( int alg_arg,
3688 data_t *key_data,
3689 data_t *salt,
3690 data_t *label,
3691 int bytes1_arg,
3692 int bytes2_arg )
3693{
3694 psa_key_slot_t base_key = 1;
3695 psa_key_slot_t derived_key = 2;
3696 psa_algorithm_t alg = alg_arg;
3697 size_t bytes1 = bytes1_arg;
3698 size_t bytes2 = bytes2_arg;
3699 size_t capacity = bytes1 + bytes2;
3700 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3701 uint8_t *output_buffer = NULL;
3702 uint8_t *export_buffer = NULL;
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3703 psa_key_policy_t policy;
3704 size_t length;
3705
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3706 ASSERT_ALLOC( output_buffer, capacity );
3707 ASSERT_ALLOC( export_buffer, capacity );
Gilles Peskine0386fba2018-07-12 17:29:22 +0200[diff] [blame]3708 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3709
3710 psa_key_policy_init( &policy );
3711 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3712 TEST_ASSERT( psa_set_key_policy( base_key, &policy ) == PSA_SUCCESS );
3713 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
3714 key_data->x,
3715 key_data->len ) == PSA_SUCCESS );
3716
3717 /* Derive some material and output it. */
3718 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3719 salt->x, salt->len,
3720 label->x, label->len,
3721 capacity ) == PSA_SUCCESS );
3722 TEST_ASSERT( psa_generator_read( &generator,
3723 output_buffer,
3724 capacity ) == PSA_SUCCESS );
3725 TEST_ASSERT( psa_generator_abort( &generator ) == PSA_SUCCESS );
3726
3727 /* Derive the same output again, but this time store it in key objects. */
3728 TEST_ASSERT( psa_key_derivation( &generator, base_key, alg,
3729 salt->x, salt->len,
3730 label->x, label->len,
3731 capacity ) == PSA_SUCCESS );
3732 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, 0 );
3733 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3734 TEST_ASSERT( psa_generator_import_key( derived_key,
3735 PSA_KEY_TYPE_RAW_DATA,
3736 PSA_BYTES_TO_BITS( bytes1 ),
3737 &generator ) == PSA_SUCCESS );
3738 TEST_ASSERT( psa_export_key( derived_key,
3739 export_buffer, bytes1,
3740 &length ) == PSA_SUCCESS );
3741 TEST_ASSERT( length == bytes1 );
3742 TEST_ASSERT( psa_destroy_key( derived_key ) == PSA_SUCCESS );
3743 TEST_ASSERT( psa_set_key_policy( derived_key, &policy ) == PSA_SUCCESS );
3744 TEST_ASSERT( psa_generator_import_key( derived_key,
3745 PSA_KEY_TYPE_RAW_DATA,
3746 PSA_BYTES_TO_BITS( bytes2 ),
3747 &generator ) == PSA_SUCCESS );
3748 TEST_ASSERT( psa_export_key( derived_key,
3749 export_buffer + bytes1, bytes2,
3750 &length ) == PSA_SUCCESS );
3751 TEST_ASSERT( length == bytes2 );
3752
3753 /* Compare the outputs from the two runs. */
3754 TEST_ASSERT( memcmp( output_buffer, export_buffer, capacity ) == 0 );
3755
3756exit:
3757 mbedtls_free( output_buffer );
3758 mbedtls_free( export_buffer );
3759 psa_generator_abort( &generator );
3760 psa_destroy_key( base_key );
3761 psa_destroy_key( derived_key );
3762 mbedtls_psa_crypto_free( );
3763}
3764/* END_CASE */
3765
3766/* BEGIN_CASE */
Gilles Peskine01d718c2018-09-18 12:01:02 +0200[diff] [blame]3767void key_agreement_setup( int alg_arg,
3768 int our_key_type_arg, data_t *our_key_data,
3769 data_t *peer_key_data,
3770 int expected_status_arg )
3771{
3772 psa_key_slot_t our_key = 1;
3773 psa_algorithm_t alg = alg_arg;
3774 psa_key_type_t our_key_type = our_key_type_arg;
3775 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3776 psa_key_policy_t policy;
3777
3778 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3779
3780 psa_key_policy_init( &policy );
3781 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3782 TEST_ASSERT( psa_set_key_policy( our_key, &policy ) == PSA_SUCCESS );
3783 TEST_ASSERT( psa_import_key( our_key, our_key_type,
3784 our_key_data->x,
3785 our_key_data->len ) == PSA_SUCCESS );
3786
3787 TEST_ASSERT( psa_key_agreement( &generator,
3788 our_key,
3789 peer_key_data->x, peer_key_data->len,
3790 alg ) == expected_status_arg );
3791
3792exit:
3793 psa_generator_abort( &generator );
3794 psa_destroy_key( our_key );
3795 mbedtls_psa_crypto_free( );
3796}
3797/* END_CASE */
3798
3799/* BEGIN_CASE */
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3800void key_agreement_capacity( int alg_arg,
3801 int our_key_type_arg, data_t *our_key_data,
3802 data_t *peer_key_data,
3803 int expected_capacity_arg )
3804{
3805 psa_key_slot_t our_key = 1;
3806 psa_algorithm_t alg = alg_arg;
3807 psa_key_type_t our_key_type = our_key_type_arg;
3808 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3809 psa_key_policy_t policy;
3810 size_t actual_capacity;
Gilles Peskinebf491972018-10-25 22:36:12 +0200[diff] [blame]3811 unsigned char output[16];
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3812
3813 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3814
3815 psa_key_policy_init( &policy );
3816 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3817 TEST_ASSERT( psa_set_key_policy( our_key, &policy ) == PSA_SUCCESS );
3818 TEST_ASSERT( psa_import_key( our_key, our_key_type,
3819 our_key_data->x,
3820 our_key_data->len ) == PSA_SUCCESS );
3821
3822 TEST_ASSERT( psa_key_agreement( &generator,
3823 our_key,
3824 peer_key_data->x, peer_key_data->len,
3825 alg ) == PSA_SUCCESS );
3826
Gilles Peskinebf491972018-10-25 22:36:12 +0200[diff] [blame]3827 /* Test the advertized capacity. */
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3828 TEST_ASSERT( psa_get_generator_capacity(
3829 &generator, &actual_capacity ) == PSA_SUCCESS );
3830 TEST_ASSERT( actual_capacity == (size_t) expected_capacity_arg );
3831
Gilles Peskinebf491972018-10-25 22:36:12 +0200[diff] [blame]3832 /* Test the actual capacity by reading the output. */
3833 while( actual_capacity > sizeof( output ) )
3834 {
3835 TEST_ASSERT( psa_generator_read( &generator,
3836 output, sizeof( output ) ) ==
3837 PSA_SUCCESS );
3838 actual_capacity -= sizeof( output );
3839 }
3840 TEST_ASSERT( psa_generator_read( &generator,
3841 output, actual_capacity ) ==
3842 PSA_SUCCESS );
3843 TEST_ASSERT( psa_generator_read( &generator, output, 1 ) ==
3844 PSA_ERROR_INSUFFICIENT_CAPACITY );
3845
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3846exit:
3847 psa_generator_abort( &generator );
3848 psa_destroy_key( our_key );
3849 mbedtls_psa_crypto_free( );
3850}
3851/* END_CASE */
3852
3853/* BEGIN_CASE */
3854void key_agreement_output( int alg_arg,
3855 int our_key_type_arg, data_t *our_key_data,
3856 data_t *peer_key_data,
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3857 data_t *expected_output1, data_t *expected_output2 )
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3858{
3859 psa_key_slot_t our_key = 1;
3860 psa_algorithm_t alg = alg_arg;
3861 psa_key_type_t our_key_type = our_key_type_arg;
3862 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
3863 psa_key_policy_t policy;
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3864 uint8_t *actual_output = NULL;
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3865
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3866 ASSERT_ALLOC( actual_output, MAX( expected_output1->len,
3867 expected_output2->len ) );
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3868
3869 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3870
3871 psa_key_policy_init( &policy );
3872 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
3873 TEST_ASSERT( psa_set_key_policy( our_key, &policy ) == PSA_SUCCESS );
3874 TEST_ASSERT( psa_import_key( our_key, our_key_type,
3875 our_key_data->x,
3876 our_key_data->len ) == PSA_SUCCESS );
3877
3878 TEST_ASSERT( psa_key_agreement( &generator,
3879 our_key,
3880 peer_key_data->x, peer_key_data->len,
3881 alg ) == PSA_SUCCESS );
3882
Gilles Peskine3ec8ed82018-10-25 22:37:15 +0200[diff] [blame]3883 TEST_ASSERT(
3884 psa_generator_read( &generator,
3885 actual_output,
3886 expected_output1->len ) == PSA_SUCCESS );
3887 TEST_ASSERT( memcmp( actual_output, expected_output1->x,
3888 expected_output1->len ) == 0 );
3889 if( expected_output2->len != 0 )
3890 {
3891 TEST_ASSERT(
3892 psa_generator_read( &generator,
3893 actual_output,
3894 expected_output2->len ) == PSA_SUCCESS );
3895 TEST_ASSERT( memcmp( actual_output, expected_output2->x,
3896 expected_output2->len ) == 0 );
3897 }
Gilles Peskine59685592018-09-18 12:11:34 +0200[diff] [blame]3898
3899exit:
3900 psa_generator_abort( &generator );
3901 psa_destroy_key( our_key );
3902 mbedtls_psa_crypto_free( );
3903 mbedtls_free( actual_output );
3904}
3905/* END_CASE */
3906
3907/* BEGIN_CASE */
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3908void generate_random( int bytes_arg )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3909{
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3910 size_t bytes = bytes_arg;
3911 const unsigned char trail[] = "don't overwrite me";
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3912 unsigned char *output = NULL;
3913 unsigned char *changed = NULL;
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3914 size_t i;
3915 unsigned run;
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3916
Gilles Peskine8cebbba2018-09-27 13:54:18 +0200[diff] [blame]3917 ASSERT_ALLOC( output, bytes + sizeof( trail ) );
3918 ASSERT_ALLOC( changed, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3919 memcpy( output + bytes, trail, sizeof( trail ) );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3920
3921 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3922
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3923 /* Run several times, to ensure that every output byte will be
3924 * nonzero at least once with overwhelming probability
3925 * (2^(-8*number_of_runs)). */
3926 for( run = 0; run < 10; run++ )
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3927 {
Gilles Peskinef7ab5ad2018-09-26 18:19:24 +0200[diff] [blame]3928 if( bytes != 0 )
3929 memset( output, 0, bytes );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3930 TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS );
3931
3932 /* Check that no more than bytes have been overwritten */
3933 TEST_ASSERT( memcmp( output + bytes, trail, sizeof( trail ) ) == 0 );
3934
3935 for( i = 0; i < bytes; i++ )
3936 {
3937 if( output[i] != 0 )
3938 ++changed[i];
3939 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3940 }
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3941
3942 /* Check that every byte was changed to nonzero at least once. This
3943 * validates that psa_generate_random is overwriting every byte of
3944 * the output buffer. */
3945 for( i = 0; i < bytes; i++ )
3946 {
3947 TEST_ASSERT( changed[i] != 0 );
3948 }
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3949
3950exit:
3951 mbedtls_psa_crypto_free( );
Gilles Peskinea50d7392018-06-21 10:22:13 +0200[diff] [blame]3952 mbedtls_free( output );
3953 mbedtls_free( changed );
Gilles Peskine05d69892018-06-19 22:00:52 +0200[diff] [blame]3954}
3955/* END_CASE */
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3956
3957/* BEGIN_CASE */
3958void generate_key( int type_arg,
3959 int bits_arg,
3960 int usage_arg,
3961 int alg_arg,
3962 int expected_status_arg )
3963{
3964 int slot = 1;
3965 psa_key_type_t type = type_arg;
3966 psa_key_usage_t usage = usage_arg;
3967 size_t bits = bits_arg;
3968 psa_algorithm_t alg = alg_arg;
3969 psa_status_t expected_status = expected_status_arg;
3970 psa_key_type_t got_type;
3971 size_t got_bits;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3972 psa_status_t expected_info_status =
3973 expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT;
3974 psa_key_policy_t policy;
3975
3976 TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
3977
3978 psa_key_policy_init( &policy );
3979 psa_key_policy_set_usage( &policy, usage, alg );
3980 TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
3981
3982 /* Generate a key */
3983 TEST_ASSERT( psa_generate_key( slot, type, bits,
3984 NULL, 0 ) == expected_status );
3985
3986 /* Test the key information */
3987 TEST_ASSERT( psa_get_key_information( slot,
3988 &got_type,
3989 &got_bits ) == expected_info_status );
3990 if( expected_info_status != PSA_SUCCESS )
3991 goto exit;
3992 TEST_ASSERT( got_type == type );
3993 TEST_ASSERT( got_bits == bits );
3994
Gilles Peskine818ca122018-06-20 18:16:48 +0200[diff] [blame]3995 /* Do something with the key according to its type and permitted usage. */
Gilles Peskine02b75072018-07-01 22:31:34 +0200[diff] [blame]3996 if( ! exercise_key( slot, usage, alg ) )
3997 goto exit;
Gilles Peskine12313cd2018-06-20 00:20:32 +0200[diff] [blame]3998
3999exit:
4000 psa_destroy_key( slot );
4001 mbedtls_psa_crypto_free( );
4002}
4003/* END_CASE */
itayzafrir0adf0fc2018-09-06 16:24:41 +0300[diff] [blame]4004
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4005/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
4006void persistent_key_load_key_from_storage( data_t *data, int type_arg,
4007 int bits, int usage_arg,
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4008 int alg_arg, int generation_method,
4009 int export_status )
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4010{
4011 psa_key_slot_t slot = 1;
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4012 psa_key_slot_t base_key = 2;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4013 psa_key_type_t type = (psa_key_type_t) type_arg;
4014 psa_key_type_t type_get;
4015 size_t bits_get;
4016 psa_key_policy_t policy_set;
4017 psa_key_policy_t policy_get;
4018 psa_key_usage_t policy_usage = (psa_key_usage_t) usage_arg;
4019 psa_algorithm_t policy_alg = (psa_algorithm_t) alg_arg;
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4020 psa_key_policy_t base_policy_set;
4021 psa_algorithm_t base_policy_alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
4022 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4023 unsigned char *first_export = NULL;
4024 unsigned char *second_export = NULL;
4025 size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
4026 size_t first_exported_length;
4027 size_t second_exported_length;
4028
4029 ASSERT_ALLOC( first_export, export_size );
4030 ASSERT_ALLOC( second_export, export_size );
4031
4032 TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
4033
4034 TEST_ASSERT( psa_set_key_lifetime(
4035 slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
4036
4037 psa_key_policy_init( &policy_set );
4038
4039 psa_key_policy_set_usage( &policy_set, policy_usage,
4040 policy_alg );
4041
4042 TEST_ASSERT( psa_set_key_policy( slot, &policy_set ) == PSA_SUCCESS );
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4043 switch( generation_method )
4044 {
4045 case IMPORT_KEY:
4046 /* Import the key */
4047 TEST_ASSERT( psa_import_key( slot, type,
4048 data->x, data->len ) == PSA_SUCCESS );
4049 break;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4050
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4051 case GENERATE_KEY:
4052 /* Generate a key */
4053 TEST_ASSERT( psa_generate_key( slot, type, bits,
4054 NULL, 0 ) == PSA_SUCCESS );
4055 break;
4056
4057 case DERIVE_KEY:
4058 /* Create base key */
4059 psa_key_policy_init( &base_policy_set );
4060
4061 psa_key_policy_set_usage( &base_policy_set, PSA_KEY_USAGE_DERIVE,
4062 base_policy_alg );
4063 TEST_ASSERT( psa_set_key_policy(
4064 base_key, &base_policy_set ) == PSA_SUCCESS );
4065 TEST_ASSERT( psa_import_key( base_key, PSA_KEY_TYPE_DERIVE,
4066 data->x, data->len ) == PSA_SUCCESS );
4067 /* Derive a key. */
4068 TEST_ASSERT( psa_key_derivation( &generator, base_key,
4069 base_policy_alg,
4070 NULL, 0, NULL, 0,
4071 export_size ) == PSA_SUCCESS );
4072 TEST_ASSERT( psa_generator_import_key(
4073 slot, PSA_KEY_TYPE_RAW_DATA,
4074 bits, &generator ) == PSA_SUCCESS );
4075 break;
4076 }
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4077
4078 /* Export the key */
4079 TEST_ASSERT( psa_export_key( slot, first_export, export_size,
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4080 &first_exported_length ) == export_status );
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4081
4082 /* Shutdown and restart */
4083 mbedtls_psa_crypto_free();
4084
4085 TEST_ASSERT( psa_crypto_init() == PSA_SUCCESS );
4086
4087 /* Mark slot as persistent again */
4088 TEST_ASSERT( psa_set_key_lifetime(
4089 slot, PSA_KEY_LIFETIME_PERSISTENT ) == PSA_SUCCESS );
4090
4091 /* Check key slot still contains key data */
4092 TEST_ASSERT( psa_get_key_information(
4093 slot, &type_get, &bits_get ) == PSA_SUCCESS );
4094 TEST_ASSERT( type_get == type );
4095 TEST_ASSERT( bits_get == (size_t) bits );
4096
4097 TEST_ASSERT( psa_get_key_policy( slot, &policy_get ) == PSA_SUCCESS );
4098 TEST_ASSERT( psa_key_policy_get_usage(
4099 &policy_get ) == policy_usage );
4100 TEST_ASSERT( psa_key_policy_get_algorithm(
4101 &policy_get ) == policy_alg );
4102
4103 /* Export the key again */
4104 TEST_ASSERT( psa_export_key( slot, second_export, export_size,
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4105 &second_exported_length ) == export_status );
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4106
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4107 if( export_status == PSA_SUCCESS )
4108 {
4109 ASSERT_COMPARE( first_export, first_exported_length,
4110 second_export, second_exported_length );
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4111
Darryl Green0c6575a2018-11-07 16:05:30 +0000[diff] [blame]4112 switch( generation_method )
4113 {
4114 case IMPORT_KEY:
4115 ASSERT_COMPARE( data->x, data->len,
4116 first_export, first_exported_length );
4117 break;
4118 default:
4119 break;
4120 }
4121 }
4122
4123 /* Do something with the key according to its type and permitted usage. */
4124 if( ! exercise_key( slot, policy_usage, policy_alg ) )
4125 goto exit;
Darryl Greend49a4992018-06-18 17:27:26 +0100[diff] [blame]4126
4127exit:
4128 mbedtls_free( first_export );
4129 mbedtls_free( second_export );
4130 psa_destroy_key( slot );
4131 mbedtls_psa_crypto_free();
4132}
4133/* END_CASE */