tests/suites/test_suite_psa_crypto.function

/* BEGIN_HEADER */
#include <stdint.h>
#include "psa/crypto.h"

#if(UINT32_MAX > SIZE_MAX)
#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) ( ( x ) <= SIZE_MAX )
#else
#define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1
#endif
/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_PSA_CRYPTO_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void init_deinit( )
{
    psa_status_t status;
    int i;
    for( i = 0; i <= 1; i++ )
    {
        status = psa_crypto_init( );
        TEST_ASSERT( status == PSA_SUCCESS );
        status = psa_crypto_init( );
        TEST_ASSERT( status == PSA_SUCCESS );
        mbedtls_psa_crypto_free( );
    }
}
/* END_CASE */

/* BEGIN_CASE */
void import( data_t *data, int type, int expected_status )
{
    int slot = 1;
    psa_status_t status;

    TEST_ASSERT( data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    status = psa_import_key( slot, type, data->x, data->len );
    TEST_ASSERT( status == (psa_status_t) expected_status );
    if( status == PSA_SUCCESS )
        TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );

exit:
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void import_export( data_t *data,
                    int type_arg,
                    int alg_arg,
                    int usage_arg,
                    int expected_bits,
                    int export_size_delta,
                    int expected_export_status,
                    int canonical_input )
{
    int slot = 1;
    int slot2 = slot + 1;
    psa_key_type_t type = type_arg;
    psa_algorithm_t alg = alg_arg;
    psa_status_t status;
    unsigned char *exported = NULL;
    unsigned char *reexported = NULL;
    size_t export_size;
    size_t exported_length;
    size_t reexported_length;
    psa_key_type_t got_type;
    size_t got_bits;
    psa_key_policy_t policy;

    TEST_ASSERT( data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
    export_size = (ssize_t) data->len + export_size_delta;
    exported = mbedtls_calloc( 1, export_size );
    TEST_ASSERT( exported != NULL );
    if( ! canonical_input )
    {
        reexported = mbedtls_calloc( 1, export_size );
        TEST_ASSERT( reexported != NULL );
    }
    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, usage_arg, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    /* Import the key */
    TEST_ASSERT( psa_import_key( slot, type,
                                 data->x, data->len ) == PSA_SUCCESS );

    /* Test the key information */
    TEST_ASSERT( psa_get_key_information( slot,
                                          &got_type,
                                          &got_bits ) == PSA_SUCCESS );
    TEST_ASSERT( got_type == type );
    TEST_ASSERT( got_bits == (size_t) expected_bits );

    /* Export the key */
    status = psa_export_key( slot,
                             exported, export_size,
                             &exported_length );
    TEST_ASSERT( status == (psa_status_t) expected_export_status );
    if( status != PSA_SUCCESS )
        goto destroy;

    if( canonical_input )
    {
        TEST_ASSERT( exported_length == data->len );
        TEST_ASSERT( memcmp( exported, data->x, data->len ) == 0 );
    }
    else
    {
        TEST_ASSERT( psa_set_key_policy( slot2, &policy ) == PSA_SUCCESS );

        TEST_ASSERT( psa_import_key( slot2, type,
                                     exported,
                                     export_size ) == PSA_SUCCESS );
        TEST_ASSERT( psa_export_key( slot2,
                                     reexported,
                                     export_size,
                                     &reexported_length ) == PSA_SUCCESS );
        TEST_ASSERT( reexported_length == exported_length );
        TEST_ASSERT( memcmp( reexported, exported,
                             exported_length ) == 0 );
    }

destroy:
    /* Destroy the key */
    TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
    TEST_ASSERT( psa_get_key_information(
                     slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );

exit:
    mbedtls_free( exported );
    mbedtls_free( reexported );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void import_export_public_key( data_t *data,
                               int type_arg,
                               int alg_arg,
                               int expected_bits,
                               int public_key_expected_length,
                               int expected_export_status )
{
    int slot = 1;
    psa_key_type_t type = type_arg;
    psa_algorithm_t alg = alg_arg;
    psa_status_t status;
    unsigned char *exported = NULL;
    size_t export_size;
    size_t exported_length;
    psa_key_type_t got_type;
    size_t got_bits;
    psa_key_policy_t policy;

    TEST_ASSERT( data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
    export_size = (ssize_t) data->len;
    exported = mbedtls_calloc( 1, export_size );
    TEST_ASSERT( exported != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_EXPORT, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    /* Import the key */
    TEST_ASSERT( psa_import_key( slot, type,
                                 data->x, data->len ) == PSA_SUCCESS );

    /* Test the key information */
    TEST_ASSERT( psa_get_key_information( slot,
                                          &got_type,
                                          &got_bits ) == PSA_SUCCESS );
    TEST_ASSERT( got_type == type );
    TEST_ASSERT( got_bits == (size_t) expected_bits );

    /* Export the key */
    status = psa_export_public_key( slot,
                                    exported, export_size,
                                    &exported_length );
    TEST_ASSERT( status == (psa_status_t) expected_export_status );
    if( status != PSA_SUCCESS )
        goto destroy;

    TEST_ASSERT( exported_length == (size_t) public_key_expected_length );

destroy:
    /* Destroy the key */
    TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS );
    TEST_ASSERT( psa_get_key_information(
                     slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT );

exit:
    mbedtls_free( exported );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void hash_finish( int alg_arg, data_t *input, data_t *expected_hash )
{
    psa_algorithm_t alg = alg_arg;
    unsigned char actual_hash[PSA_HASH_MAX_SIZE];
    size_t actual_hash_length;
    psa_hash_operation_t operation;

    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_hash != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_hash->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
    TEST_ASSERT( psa_hash_update( &operation,
                                  input->x, input->len ) == PSA_SUCCESS );
    TEST_ASSERT( psa_hash_finish( &operation,
                                  actual_hash, sizeof( actual_hash ),
                                  &actual_hash_length ) == PSA_SUCCESS );
    TEST_ASSERT( actual_hash_length == expected_hash->len );
    TEST_ASSERT( memcmp( expected_hash->x, actual_hash,
                         expected_hash->len ) == 0 );

exit:
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void hash_verify( int alg_arg, data_t *input, data_t *expected_hash )
{
    psa_algorithm_t alg = alg_arg;
    psa_hash_operation_t operation;

    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_hash != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_hash->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
    TEST_ASSERT( psa_hash_update( &operation,
                                  input->x,
                                  input->len ) == PSA_SUCCESS );
    TEST_ASSERT( psa_hash_verify( &operation,
                                  expected_hash->x,
                                  expected_hash->len ) == PSA_SUCCESS );

exit:
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void mac_verify( int key_type_arg,
                 data_t *key,
                 int alg_arg,
                 data_t *input,
                 data_t *expected_mac )
{
    int key_slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    psa_mac_operation_t operation;
    psa_key_policy_t policy;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_mac != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_mac->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
    TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_mac_start( &operation, key_slot, alg ) == PSA_SUCCESS );
    TEST_ASSERT( psa_destroy_key( key_slot ) == PSA_SUCCESS );
    TEST_ASSERT( psa_mac_update( &operation,
                                 input->x, input->len ) == PSA_SUCCESS );
    TEST_ASSERT( psa_mac_verify( &operation,
                                 expected_mac->x,
                                 expected_mac->len ) == PSA_SUCCESS );

exit:
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_encrypt( int alg_arg, int key_type_arg,
                     data_t *key,
                     data_t *input, data_t *expected_output,
                     int expected_status )
{
    int key_slot = 1;
    psa_status_t status;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char iv[16] = {0};
    unsigned char *output = NULL;
    size_t output_buffer_size = 0;
    size_t function_output_length = 0;
    size_t total_output_length = 0;
    psa_cipher_operation_t operation;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_output != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );

    memset( iv, 0x2a, sizeof( iv ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_setup( &operation,
                                    key_slot, alg ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_set_iv( &operation,
                                     iv, sizeof( iv ) ) == PSA_SUCCESS );
    output_buffer_size = input->len + operation.block_size;
    output = mbedtls_calloc( 1, output_buffer_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( psa_cipher_update( &operation,
                                    input->x, input->len,
                                    output, output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    status = psa_cipher_finish( &operation,
                                output + function_output_length,
                                output_buffer_size,
                                &function_output_length );
    total_output_length += function_output_length;

    TEST_ASSERT( status == (psa_status_t) expected_status );
    if( expected_status == PSA_SUCCESS )
    {
        TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
        TEST_ASSERT( total_output_length == expected_output->len );
        TEST_ASSERT( memcmp( expected_output->x, output,
                             expected_output->len ) == 0 );
    }

exit:
    mbedtls_free( output );
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
                               data_t *key,
                               data_t *input,
                               int first_part_size,
                               data_t *expected_output )
{
    int key_slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char iv[16] = {0};
    unsigned char *output = NULL;
    size_t output_buffer_size = 0;
    size_t function_output_length = 0;
    size_t total_output_length = 0;
    psa_cipher_operation_t operation;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_output != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );

    memset( iv, 0x2a, sizeof( iv ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_setup( &operation,
                                    key_slot, alg ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_set_iv( &operation,
                                     iv, sizeof( iv ) ) == PSA_SUCCESS );
    output_buffer_size = input->len + operation.block_size;
    output = mbedtls_calloc( 1, output_buffer_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( (unsigned int) first_part_size < input->len );
    TEST_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
                                    output, output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    TEST_ASSERT( psa_cipher_update( &operation,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
                                    output, output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    TEST_ASSERT( psa_cipher_finish( &operation,
                                    output + function_output_length,
                                    output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );

    TEST_ASSERT( total_output_length == expected_output->len );
    TEST_ASSERT( memcmp( expected_output->x, output,
                         expected_output->len ) == 0 );

exit:
    mbedtls_free( output );
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
                               data_t *key,
                               data_t *input,
                               int first_part_size,
                               data_t *expected_output )
{
    int key_slot = 1;

    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char iv[16] = {0};
    unsigned char *output = NULL;
    size_t output_buffer_size = 0;
    size_t function_output_length = 0;
    size_t total_output_length = 0;
    psa_cipher_operation_t operation;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_output != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );

    memset( iv, 0x2a, sizeof( iv ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_decrypt_setup( &operation,
                                    key_slot, alg ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_set_iv( &operation,
                                     iv, sizeof( iv ) ) == PSA_SUCCESS );

    output_buffer_size = input->len + operation.block_size;
    output = mbedtls_calloc( 1, output_buffer_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( (unsigned int) first_part_size < input->len );
    TEST_ASSERT( psa_cipher_update( &operation,
                                    input->x, first_part_size,
                                    output, output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    TEST_ASSERT( psa_cipher_update( &operation,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
                                    output, output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    TEST_ASSERT( psa_cipher_finish( &operation,
                                    output + function_output_length,
                                    output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );

    TEST_ASSERT( total_output_length == expected_output->len );
    TEST_ASSERT( memcmp( expected_output->x, output,
                         expected_output->len ) == 0 );

exit:
    mbedtls_free( output );
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_decrypt( int alg_arg, int key_type_arg,
                     data_t *key,
                     data_t *input, data_t *expected_output,
                     int expected_status )
{
    int key_slot = 1;
    psa_status_t status;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char iv[16] = {0};
    unsigned char *output = NULL;
    size_t output_buffer_size = 0;
    size_t function_output_length = 0;
    size_t total_output_length = 0;
    psa_cipher_operation_t operation;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( expected_output != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );

    memset( iv, 0x2a, sizeof( iv ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_decrypt_setup( &operation,
                                    key_slot, alg ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_set_iv( &operation,
                                     iv, sizeof( iv ) ) == PSA_SUCCESS );

    output_buffer_size = input->len + operation.block_size;
    output = mbedtls_calloc( 1, output_buffer_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( psa_cipher_update( &operation,
                                    input->x, input->len,
                                    output, output_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    total_output_length += function_output_length;
    status = psa_cipher_finish( &operation,
                                output + function_output_length,
                                output_buffer_size,
                                &function_output_length );
    total_output_length += function_output_length;
    TEST_ASSERT( status == (psa_status_t) expected_status );

    if( expected_status == PSA_SUCCESS )
    {
        TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS );
        TEST_ASSERT( total_output_length == expected_output->len );
        TEST_ASSERT( memcmp( expected_output->x, output,
                             expected_output->len ) == 0 );
    }

exit:
    mbedtls_free( output );
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_verify_output( int alg_arg, int key_type_arg,
                           data_t *key,
                           data_t *input )
{
    int key_slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char iv[16] = {0};
    size_t iv_size = 16;
    size_t iv_length = 0;
    unsigned char *output1 = NULL;
    size_t output1_size = 0;
    size_t output1_length = 0;
    unsigned char *output2 = NULL;
    size_t output2_size = 0;
    size_t output2_length = 0;
    size_t function_output_length = 0;
    psa_cipher_operation_t operation1;
    psa_cipher_operation_t operation2;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_setup( &operation1,
                                    key_slot, alg ) == PSA_SUCCESS );
    TEST_ASSERT( psa_decrypt_setup( &operation2,
                                    key_slot, alg ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_generate_iv( &operation1,
                                          iv, iv_size,
                                          &iv_length ) == PSA_SUCCESS );
    output1_size = input->len + operation1.block_size;
    output1 = mbedtls_calloc( 1, output1_size );
    TEST_ASSERT( output1 != NULL );

    TEST_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
                                    output1, output1_size,
                                    &output1_length ) == PSA_SUCCESS );
    TEST_ASSERT( psa_cipher_finish( &operation1,
                                    output1 + output1_length, output1_size,
                                    &function_output_length ) == PSA_SUCCESS );

    output1_length += function_output_length;

    TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );

    output2_size = output1_length;
    output2 = mbedtls_calloc( 1, output2_size );
    TEST_ASSERT( output2 != NULL );

    TEST_ASSERT( psa_encrypt_set_iv( &operation2,
                                     iv, iv_length ) == PSA_SUCCESS );
    TEST_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
                                    output2, output2_size,
                                    &output2_length ) == PSA_SUCCESS );
    function_output_length = 0;
    TEST_ASSERT( psa_cipher_finish( &operation2,
                                    output2 + output2_length,
                                    output2_size,
                                    &function_output_length ) == PSA_SUCCESS );

    output2_length += function_output_length;

    TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );

    TEST_ASSERT( input->len == output2_length );
    TEST_ASSERT( memcmp( input->x, output2, input->len ) == 0 );

exit:
    mbedtls_free( output1 );
    mbedtls_free( output2 );
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_verify_output_multipart( int alg_arg,
                                     int key_type_arg,
                                     data_t *key,
                                     data_t *input,
                                     int first_part_size )
{
    int key_slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char iv[16] = {0};
    size_t iv_size = 16;
    size_t iv_length = 0;
    unsigned char *output1 = NULL;
    size_t output1_buffer_size = 0;
    size_t output1_length = 0;
    unsigned char *output2 = NULL;
    size_t output2_buffer_size = 0;
    size_t output2_length = 0;
    size_t function_output_length;
    psa_cipher_operation_t operation1;
    psa_cipher_operation_t operation2;

    TEST_ASSERT( key != NULL );
    TEST_ASSERT( input != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key->x, key->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_setup( &operation1,
                                    key_slot, alg ) == PSA_SUCCESS );
    TEST_ASSERT( psa_decrypt_setup( &operation2,
                                    key_slot, alg ) == PSA_SUCCESS );

    TEST_ASSERT( psa_encrypt_generate_iv( &operation1,
                                          iv, iv_size,
                                          &iv_length ) == PSA_SUCCESS );
    output1_buffer_size = input->len + operation1.block_size;
    output1 = mbedtls_calloc( 1, output1_buffer_size );
    TEST_ASSERT( output1 != NULL );

    TEST_ASSERT( (unsigned int) first_part_size < input->len );

    TEST_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
                                    output1, output1_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    output1_length += function_output_length;

    TEST_ASSERT( psa_cipher_update( &operation1,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
                                    output1, output1_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    output1_length += function_output_length;

    TEST_ASSERT( psa_cipher_finish( &operation1,
                                    output1 + output1_length,
                                    output1_buffer_size - output1_length,
                                    &function_output_length ) == PSA_SUCCESS );
    output1_length += function_output_length;

    TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );

    output2_buffer_size = output1_length;
    output2 = mbedtls_calloc( 1, output2_buffer_size );
    TEST_ASSERT( output2 != NULL );

    TEST_ASSERT( psa_encrypt_set_iv( &operation2,
                                     iv, iv_length ) == PSA_SUCCESS );

    TEST_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
                                    output2, output2_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    output2_length += function_output_length;

    TEST_ASSERT( psa_cipher_update( &operation2,
                                    output1 + first_part_size,
                                    output1_length - first_part_size,
                                    output2, output2_buffer_size,
                                    &function_output_length ) == PSA_SUCCESS );
    output2_length += function_output_length;

    TEST_ASSERT( psa_cipher_finish( &operation2,
                                    output2 + output2_length,
                                    output2_buffer_size - output2_length,
                                    &function_output_length ) == PSA_SUCCESS );
    output2_length += function_output_length;

    TEST_ASSERT( psa_cipher_abort( &operation1 ) == PSA_SUCCESS );

    TEST_ASSERT( input->len == output2_length );
    TEST_ASSERT( memcmp( input->x, output2, input->len ) == 0 );

exit:
    mbedtls_free( output1 );
    mbedtls_free( output2 );
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void aead_encrypt_decrypt( int key_type_arg,
                           data_t * key_data,
                           int alg_arg,
                           data_t * input_data,
                           data_t * nonce,
                           data_t * additional_data,
                           int expected_result_arg )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output_data = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    unsigned char *output_data2 = NULL;
    size_t output_length2 = 0;
    size_t tag_length = 16;
    psa_status_t expected_result = expected_result_arg;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( nonce != NULL );
    TEST_ASSERT( additional_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );

    output_size = input_data->len + tag_length;
    output_data = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output_data != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                              alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x, key_data->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_aead_encrypt( slot, alg,
                                   nonce->x, nonce->len,
                                   additional_data->x,
                                   additional_data->len,
                                   input_data->x, input_data->len,
                                   output_data, output_size,
                                   &output_length ) == expected_result );

    if( PSA_SUCCESS == expected_result )
    {
        output_data2 = mbedtls_calloc( 1, output_length );
        TEST_ASSERT( output_data2 != NULL );

        TEST_ASSERT( psa_aead_decrypt( slot, alg,
                                       nonce->x, nonce->len,
                                       additional_data->x,
                                       additional_data->len,
                                       output_data, output_length,
                                       output_data2, output_length,
                                       &output_length2 ) == expected_result );

        TEST_ASSERT( memcmp( input_data->x, output_data2,
                             input_data->len ) == 0 );
    }

exit:
    psa_destroy_key( slot );
    mbedtls_free( output_data );
    mbedtls_free( output_data2 );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void aead_encrypt( int key_type_arg, data_t * key_data,
                   int alg_arg, data_t * input_data,
                   data_t * additional_data, data_t * nonce,
                   data_t * expected_result )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output_data = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    size_t tag_length = 16;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( additional_data != NULL );
    TEST_ASSERT( nonce != NULL );
    TEST_ASSERT( expected_result != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_result->len ) );

    output_size = input_data->len + tag_length;
    output_data = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output_data != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_aead_encrypt( slot, alg,
                                   nonce->x, nonce->len,
                                   additional_data->x, additional_data->len,
                                   input_data->x, input_data->len,
                                   output_data, output_size,
                                   &output_length ) == PSA_SUCCESS );

    TEST_ASSERT( memcmp( output_data, expected_result->x,
                         output_length ) == 0 );

exit:
    psa_destroy_key( slot );
    mbedtls_free( output_data );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void aead_decrypt( int key_type_arg, data_t * key_data,
                   int alg_arg, data_t * input_data,
                   data_t * additional_data, data_t * nonce,
                   data_t * expected_data, int expected_result_arg )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output_data = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    size_t tag_length = 16;
    psa_key_policy_t policy;
    psa_status_t expected_result = expected_result_arg;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( additional_data != NULL );
    TEST_ASSERT( nonce != NULL );
    TEST_ASSERT( expected_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( additional_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( nonce->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );

    output_size = input_data->len + tag_length;
    output_data = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output_data != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_aead_decrypt( slot, alg,
                                   nonce->x, nonce->len,
                                   additional_data->x,
                                   additional_data->len,
                                   input_data->x, input_data->len,
                                   output_data, output_size,
                                   &output_length ) == expected_result );

    if( expected_result == PSA_SUCCESS )
    {
        TEST_ASSERT( memcmp( output_data, expected_data->x,
                             output_length ) == 0 );
    }

exit:
    psa_destroy_key( slot );
    mbedtls_free( output_data );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void signature_size( int type_arg,
                     int bits,
                     int alg_arg,
                     int expected_size_arg )
{
    psa_key_type_t type = type_arg;
    psa_algorithm_t alg = alg_arg;
    size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
    TEST_ASSERT( actual_size == (size_t) expected_size_arg );
exit:
    ;
}
/* END_CASE */

/* BEGIN_CASE */
void sign_deterministic( int key_type_arg, data_t *key_data,
                         int alg_arg, data_t *input_data,
                         data_t *output_data )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    size_t key_bits;
    unsigned char *signature = NULL;
    size_t signature_size;
    size_t signature_length = 0xdeadbeef;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( output_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( output_data->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );
    TEST_ASSERT( psa_get_key_information( slot,
                                          NULL,
                                          &key_bits ) == PSA_SUCCESS );

    signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
                                                      key_bits, alg );
    TEST_ASSERT( signature_size != 0 );
    signature = mbedtls_calloc( 1, signature_size );
    TEST_ASSERT( signature != NULL );

    TEST_ASSERT( psa_asymmetric_sign( slot, alg,
                                      input_data->x, input_data->len,
                                      NULL, 0,
                                      signature, signature_size,
                                      &signature_length ) == PSA_SUCCESS );
    TEST_ASSERT( signature_length == output_data->len );
    TEST_ASSERT( memcmp( signature, output_data->x,
                         output_data->len ) == 0 );

exit:
    psa_destroy_key( slot );
    mbedtls_free( signature );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void sign_fail( int key_type_arg, data_t *key_data,
                int alg_arg, data_t *input_data,
                int signature_size, int expected_status_arg )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;
    unsigned char *signature = NULL;
    size_t signature_length = 0xdeadbeef;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );

    signature = mbedtls_calloc( 1, signature_size );
    TEST_ASSERT( signature != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    actual_status = psa_asymmetric_sign( slot, alg,
                                         input_data->x, input_data->len,
                                         NULL, 0,
                                         signature, signature_size,
                                         &signature_length );
    TEST_ASSERT( actual_status == expected_status );
    TEST_ASSERT( signature_length == 0 );

exit:
    psa_destroy_key( slot );
    mbedtls_free( signature );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void key_policy( int usage_arg, int alg_arg )
{
    int key_slot = 1;
    psa_algorithm_t alg = alg_arg;
    psa_key_usage_t usage = usage_arg;
    psa_key_type_t key_type = PSA_KEY_TYPE_AES;
    unsigned char key[32] = {0};
    psa_key_policy_t policy_set;
    psa_key_policy_t policy_get;

    memset( key, 0x2a, sizeof( key ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy_set );
    psa_key_policy_init( &policy_get );

    psa_key_policy_set_usage( &policy_set, usage, alg );

    TEST_ASSERT( psa_key_policy_get_usage( &policy_set ) == usage );
    TEST_ASSERT( psa_key_policy_get_algorithm( &policy_set ) == alg );
    TEST_ASSERT( psa_set_key_policy( key_slot, &policy_set ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key, sizeof( key ) ) == PSA_SUCCESS );

    TEST_ASSERT( psa_get_key_policy( key_slot, &policy_get ) == PSA_SUCCESS );

    TEST_ASSERT( policy_get.usage == policy_set.usage );
    TEST_ASSERT( policy_get.alg == policy_set.alg );

exit:
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void key_policy_fail( int usage_arg, int alg_arg, int expected_status,
                      data_t *keypair )
{
    int key_slot = 1;
    psa_algorithm_t alg = alg_arg;
    psa_key_usage_t usage = usage_arg;
    size_t signature_length = 0;
    psa_key_policy_t policy;
    int actual_status = PSA_SUCCESS;

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, usage, alg );
    TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS );

    if( usage & PSA_KEY_USAGE_EXPORT )
    {
        TEST_ASSERT( keypair != NULL );
        TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( keypair->len ) );
        TEST_ASSERT( psa_import_key( key_slot,
                                     PSA_KEY_TYPE_RSA_KEYPAIR,
                                     keypair->x,
                                     keypair->len ) == PSA_SUCCESS );
        actual_status = psa_asymmetric_sign( key_slot, alg,
                                             NULL, 0,
                                             NULL, 0,
                                             NULL, 0, &signature_length );
    }

    if( usage & PSA_KEY_USAGE_SIGN )
    {
        TEST_ASSERT( keypair != NULL );
        TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( keypair->len ) );
        TEST_ASSERT( psa_import_key( key_slot,
                                     PSA_KEY_TYPE_RSA_KEYPAIR,
                                     keypair->x,
                                     keypair->len ) == PSA_SUCCESS );
        actual_status = psa_export_key( key_slot, NULL, 0, NULL );
    }

    TEST_ASSERT( actual_status == expected_status );

exit:
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void key_lifetime( int lifetime_arg )
{
    int key_slot = 1;
    psa_key_type_t key_type = PSA_ALG_CBC_BASE;
    unsigned char key[32] = {0};
    psa_key_lifetime_t lifetime_set = lifetime_arg;
    psa_key_lifetime_t lifetime_get;

    memset( key, 0x2a, sizeof( key ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    TEST_ASSERT( psa_set_key_lifetime( key_slot,
                                       lifetime_set ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( key_slot, key_type,
                                 key, sizeof( key ) ) == PSA_SUCCESS );

    TEST_ASSERT( psa_get_key_lifetime( key_slot,
                                       &lifetime_get ) == PSA_SUCCESS );

    TEST_ASSERT( lifetime_get == lifetime_set );

exit:
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void key_lifetime_set_fail( int key_slot_arg,
                            int lifetime_arg,
                            int expected_status_arg )
{
    psa_key_slot_t key_slot = key_slot_arg;
    psa_key_lifetime_t lifetime_set = lifetime_arg;
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    actual_status = psa_set_key_lifetime( key_slot, lifetime_set );

    if( actual_status == PSA_SUCCESS )
        actual_status = psa_set_key_lifetime( key_slot, lifetime_set );

    TEST_ASSERT( expected_status == actual_status );

exit:
    psa_destroy_key( key_slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_verify( int key_type_arg, data_t *key_data,
                        int alg_arg, data_t *hash_data,
                        data_t *signature_data )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( hash_data != NULL );
    TEST_ASSERT( signature_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_asymmetric_verify( slot, alg,
                                        hash_data->x, hash_data->len,
                                        NULL, 0,
                                        signature_data->x,
                                        signature_data->len ) == PSA_SUCCESS );
exit:
    psa_destroy_key( slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
                             int alg_arg, data_t *hash_data,
                             data_t *signature_data,
                             int expected_status_arg )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( hash_data != NULL );
    TEST_ASSERT( signature_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( hash_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( signature_data->len ) );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    actual_status = psa_asymmetric_verify( slot, alg,
                                           hash_data->x, hash_data->len,
                                           NULL, 0,
                                           signature_data->x,
                                           signature_data->len );

    TEST_ASSERT( actual_status == expected_status );

exit:
    psa_destroy_key( slot );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_encrypt_decrypt( int key_type_arg, data_t *key_data,
                                 int alg_arg, data_t *input_data )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    unsigned char *output2 = NULL;
    size_t output2_size = 0;
    size_t output2_length = 0;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );

    output_size = key_data->len;
    output2_size = output_size;
    output = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output != NULL );
    output2 = mbedtls_calloc( 1, output2_size );
    TEST_ASSERT( output2 != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy,
                              PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
                              alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    /* We test encryption by checking that encrypt-then-decrypt gives back
     * the original plaintext because of the non-optional random
     * part of encryption process which prevents using fixed vectors. */
    TEST_ASSERT( psa_asymmetric_encrypt( slot, alg,
                                         input_data->x, input_data->len,
                                         NULL, 0,
                                         output, output_size,
                                         &output_length ) == PSA_SUCCESS );

    TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
                                         output, output_length,
                                         NULL, 0,
                                         output2, output2_size,
                                         &output2_length ) == PSA_SUCCESS );
    TEST_ASSERT( memcmp( input_data->x, output2,
                         input_data->len ) == 0 );

exit:
    psa_destroy_key( slot );
    mbedtls_free( output );
    mbedtls_free( output2 );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_encrypt_fail( int key_type_arg, data_t *key_data,
                              int alg_arg, data_t *input_data,
                              int expected_status_arg )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );

    output_size = key_data->len;
    output = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    actual_status = psa_asymmetric_encrypt( slot, alg,
                                            input_data->x, input_data->len,
                                            NULL, 0,
                                            output, output_size,
                                            &output_length );
    TEST_ASSERT( actual_status == expected_status );

exit:
    psa_destroy_key( slot );
    mbedtls_free( output );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_decrypt( int key_type_arg, data_t *key_data,
                         int alg_arg, data_t *input_data,
                         data_t *expected_data, int expected_size )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( expected_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_data->len ) );

    output_size = key_data->len;
    output = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    TEST_ASSERT( psa_asymmetric_decrypt( slot, alg,
                                         input_data->x, input_data->len,
                                         NULL, 0,
                                         output,
                                         output_size,
                                         &output_length ) == PSA_SUCCESS );
    TEST_ASSERT( (size_t) expected_size == output_length );
    TEST_ASSERT( memcmp( expected_data->x, output, output_length ) == 0 );

exit:
    psa_destroy_key( slot );
    mbedtls_free( output );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */

/* BEGIN_CASE */
void asymmetric_decrypt_fail( int key_type_arg, data_t *key_data,
                              int alg_arg, data_t *input_data,
                              int expected_status_arg  )
{
    int slot = 1;
    psa_key_type_t key_type = key_type_arg;
    psa_algorithm_t alg = alg_arg;
    unsigned char *output = NULL;
    size_t output_size = 0;
    size_t output_length = 0;
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;
    psa_key_policy_t policy;

    TEST_ASSERT( key_data != NULL );
    TEST_ASSERT( input_data != NULL );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( key_data->len ) );
    TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input_data->len ) );

    output_size = key_data->len;
    output = mbedtls_calloc( 1, output_size );
    TEST_ASSERT( output != NULL );

    TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );

    psa_key_policy_init( &policy );
    psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT, alg );
    TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );

    TEST_ASSERT( psa_import_key( slot, key_type,
                                 key_data->x,
                                 key_data->len ) == PSA_SUCCESS );

    actual_status = psa_asymmetric_decrypt( slot, alg,
                                            input_data->x, input_data->len,
                                            NULL, 0,
                                            output, output_size,
                                            &output_length );
    TEST_ASSERT( actual_status == expected_status );

exit:
    psa_destroy_key( slot );
    mbedtls_free( output );
    mbedtls_psa_crypto_free( );
}
/* END_CASE */