Blame - tests/include/test/psa_exercise_key.h - mirror/mbed-tls

blob: 8fd152c0230262d731f9a50259ba101ebb23c57a [file] [log] [blame]

Gilles Peskine	66e7b90	2021-02-12 23:40:58 +0100	[diff] [blame]	1	/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
				2	* and can do what it is supposed to do.
				3	*/
				4	/*
				5	* Copyright The Mbed TLS Contributors
				6	* SPDX-License-Identifier: Apache-2.0
				7	*
				8	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				9	* not use this file except in compliance with the License.
				10	* You may obtain a copy of the License at
				11	*
				12	* http://www.apache.org/licenses/LICENSE-2.0
				13	*
				14	* Unless required by applicable law or agreed to in writing, software
				15	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				16	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	* See the License for the specific language governing permissions and
				18	* limitations under the License.
				19	*/
				20
				21	#ifndef PSA_EXERCISE_KEY_H
				22	#define PSA_EXERCISE_KEY_H
				23
				24	#include "test/helpers.h"
				25	#include "test/psa_crypto_helpers.h"
				26
				27	#include <psa/crypto.h>
				28
Gilles Peskine	e78b002	2021-02-13 00:41:11 +0100	[diff] [blame^]	29	/* A hash algorithm that is known to be supported.
				30	*
				31	* This is used in some smoke tests.
				32	*/
				33	#if defined(PSA_WANT_ALG_MD2)
				34	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2
				35	#elif defined(PSA_WANT_ALG_MD4)
				36	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4
				37	#elif defined(PSA_WANT_ALG_MD5)
				38	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
				39	/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
				40	* exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
				41	* in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
				42	* implausible anyway. */
				43	#elif defined(PSA_WANT_ALG_SHA_1)
				44	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
				45	#elif defined(PSA_WANT_ALG_SHA_256)
				46	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
				47	#elif defined(PSA_WANT_ALG_SHA_384)
				48	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384
				49	#elif defined(PSA_WANT_ALG_SHA_512)
				50	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
				51	#elif defined(PSA_WANT_ALG_SHA3_256)
				52	#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256
				53	#else
				54	#undef KNOWN_SUPPORTED_HASH_ALG
				55	#endif
				56
				57	/* A block cipher that is known to be supported.
				58	*
				59	* For simplicity's sake, stick to block ciphers with 16-byte blocks.
				60	*/
				61	#if defined(MBEDTLS_AES_C)
				62	#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
				63	#elif defined(MBEDTLS_ARIA_C)
				64	#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
				65	#elif defined(MBEDTLS_CAMELLIA_C)
				66	#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
				67	#undef KNOWN_SUPPORTED_BLOCK_CIPHER
				68	#endif
				69
				70	/* A MAC mode that is known to be supported.
				71	*
				72	* It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or
				73	* a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER.
				74	*
				75	* This is used in some smoke tests.
				76	*/
				77	#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC)
				78	#define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) )
				79	#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
				80	#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
				81	#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
				82	#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
				83	#else
				84	#undef KNOWN_SUPPORTED_MAC_ALG
				85	#undef KNOWN_SUPPORTED_MAC_KEY_TYPE
				86	#endif
				87
				88	/* A cipher algorithm and key type that are known to be supported.
				89	*
				90	* This is used in some smoke tests.
				91	*/
				92	#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR)
				93	#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
				94	#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC)
				95	#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
				96	#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB)
				97	#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
				98	#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB)
				99	#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
				100	#else
				101	#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
				102	#endif
				103	#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
				104	#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
				105	#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
				106	#elif defined(MBEDTLS_RC4_C)
				107	#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4
				108	#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4
				109	#else
				110	#undef KNOWN_SUPPORTED_CIPHER_ALG
				111	#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
				112	#endif
				113
				114	int mbedtls_test_psa_setup_key_derivation_wrap(
				115	psa_key_derivation_operation_t* operation,
				116	mbedtls_svc_key_id_t key,
				117	psa_algorithm_t alg,
				118	unsigned char* input1, size_t input1_length,
				119	unsigned char* input2, size_t input2_length,
				120	size_t capacity );
				121
				122	psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
				123	psa_algorithm_t alg,
				124	mbedtls_svc_key_id_t key );
				125
				126	psa_status_t mbedtls_test_psa_key_agreement_with_self(
				127	psa_key_derivation_operation_t *operation,
				128	mbedtls_svc_key_id_t key );
				129
				130	int mbedtls_test_psa_exported_key_sanity_check(
				131	psa_key_type_t type, size_t bits,
				132	uint8_t *exported, size_t exported_length );
				133
				134	/** Do smoke tests on a key.
				135	*
				136	* Perform one of each operation indicated by \p alg (decrypt/encrypt,
				137	* sign/verify, or derivation) that is permitted according to \p usage.
				138	* \p usage and \p alg should correspond to the expected policy on the
				139	* key.
				140	*
				141	* Export the key if permitted by \p usage, and check that the output
				142	* looks sensible. If \p usage forbids export, check that
				143	* \p psa_export_key correctly rejects the attempt. If the key is
				144	* asymmetric, also check \p psa_export_public_key.
				145	*
				146	* If the key fails the tests, this function calls the test framework's
				147	* `mbedtls_test_fail` function and returns false. Otherwise this function
				148	* returns true. Therefore it should be used as follows:
				149	* ```
				150	* if( ! exercise_key( ... ) ) goto exit;
				151	* ```
				152	*
				153	* \param key The key to exercise. It should be capable of performing
				154	* \p alg.
				155	* \param usage The usage flags to assume.
				156	* \param alg The algorithm to exercise.
				157	*
				158	* \retval 0 The key failed the smoke tests.
				159	* \retval 1 The key passed the smoke tests.
				160	*/
				161	int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key,
				162	psa_key_usage_t usage,
				163	psa_algorithm_t alg );
				164
				165	psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type,
				166	psa_algorithm_t alg );
Gilles Peskine	66e7b90	2021-02-12 23:40:58 +0100	[diff] [blame]	167
				168	#endif /* PSA_EXERCISE_KEY_H */