1 /** Code to exercise a PSA key object, i.e. validate that it seems well-formed 2 * and can do what it is supposed to do. 3 */ 4 /* 5 * Copyright The Mbed TLS Contributors 6 * SPDX-License-Identifier: Apache-2.0 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); you may 9 * not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 */ 20 21 #ifndef PSA_EXERCISE_KEY_H 22 #define PSA_EXERCISE_KEY_H 23 24 #include "test/helpers.h" 25 #include "test/psa_crypto_helpers.h" 26 27 #include <psa/crypto.h> 28 29 /** \def KNOWN_SUPPORTED_HASH_ALG 30 * 31 * A hash algorithm that is known to be supported. 32 * 33 * This is used in some smoke tests. 34 */ 35 #if defined(PSA_WANT_ALG_MD5) 36 #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 37 /* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of 38 * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 39 * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be 40 * implausible anyway. */ 41 #elif defined(PSA_WANT_ALG_SHA_1) 42 #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 43 #elif defined(PSA_WANT_ALG_SHA_256) 44 #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 45 #elif defined(PSA_WANT_ALG_SHA_384) 46 #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 47 #elif defined(PSA_WANT_ALG_SHA_512) 48 #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 49 #elif defined(PSA_WANT_ALG_SHA3_256) 50 #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 51 #else 52 #undef KNOWN_SUPPORTED_HASH_ALG 53 #endif 54 55 /** \def KNOWN_SUPPORTED_BLOCK_CIPHER 56 * 57 * A block cipher that is known to be supported. 58 * 59 * For simplicity's sake, stick to block ciphers with 16-byte blocks. 60 */ 61 #if defined(MBEDTLS_AES_C) 62 #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES 63 #elif defined(MBEDTLS_ARIA_C) 64 #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA 65 #elif defined(MBEDTLS_CAMELLIA_C) 66 #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA 67 #undef KNOWN_SUPPORTED_BLOCK_CIPHER 68 #endif 69 70 /** \def KNOWN_SUPPORTED_MAC_ALG 71 * 72 * A MAC mode that is known to be supported. 73 * 74 * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or 75 * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER. 76 * 77 * This is used in some smoke tests. 78 */ 79 #if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC) 80 #define KNOWN_SUPPORTED_MAC_ALG ( PSA_ALG_HMAC( KNOWN_SUPPORTED_HASH_ALG ) ) 81 #define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC 82 #elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C) 83 #define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC 84 #define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER 85 #else 86 #undef KNOWN_SUPPORTED_MAC_ALG 87 #undef KNOWN_SUPPORTED_MAC_KEY_TYPE 88 #endif 89 90 /** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG 91 * 92 * A cipher algorithm and key type that are known to be supported. 93 * 94 * This is used in some smoke tests. 95 */ 96 #if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR) 97 #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR 98 #elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC) 99 #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING 100 #elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB) 101 #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB 102 #elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB) 103 #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB 104 #else 105 #undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG 106 #endif 107 #if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) 108 #define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG 109 #define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER 110 #else 111 #undef KNOWN_SUPPORTED_CIPHER_ALG 112 #undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE 113 #endif 114 115 /** Convenience function to set up a key derivation. 116 * 117 * In case of failure, mark the current test case as failed. 118 * 119 * The inputs \p input1 and \p input2 are, in order: 120 * - HKDF: salt, info. 121 * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. 122 * 123 * \param operation The operation object to use. 124 * It must be in the initialized state. 125 * \param key The key to use. 126 * \param alg The algorithm to use. 127 * \param input1 The first input to pass. 128 * \param input1_length The length of \p input1 in bytes. 129 * \param input2 The first input to pass. 130 * \param input2_length The length of \p input2 in bytes. 131 * \param capacity The capacity to set. 132 * 133 * \return \c 1 on success, \c 0 on failure. 134 */ 135 int mbedtls_test_psa_setup_key_derivation_wrap( 136 psa_key_derivation_operation_t* operation, 137 mbedtls_svc_key_id_t key, 138 psa_algorithm_t alg, 139 const unsigned char* input1, size_t input1_length, 140 const unsigned char* input2, size_t input2_length, 141 size_t capacity ); 142 143 /** Perform a key agreement using the given key pair against its public key 144 * using psa_raw_key_agreement(). 145 * 146 * The result is discarded. The purpose of this function is to smoke-test a key. 147 * 148 * In case of failure, mark the current test case as failed. 149 * 150 * \param alg A key agreement algorithm compatible with \p key. 151 * \param key A key that allows key agreement with \p alg. 152 * 153 * \return \c 1 on success, \c 0 on failure. 154 */ 155 psa_status_t mbedtls_test_psa_raw_key_agreement_with_self( 156 psa_algorithm_t alg, 157 mbedtls_svc_key_id_t key ); 158 159 /** Perform a key agreement using the given key pair against its public key 160 * using psa_key_derivation_raw_key(). 161 * 162 * The result is discarded. The purpose of this function is to smoke-test a key. 163 * 164 * In case of failure, mark the current test case as failed. 165 * 166 * \param operation An operation that has been set up for a key 167 * agreement algorithm that is compatible with 168 * \p key. 169 * \param key A key pair object that is suitable for a key 170 * agreement with \p operation. 171 * 172 * \return \c 1 on success, \c 0 on failure. 173 */ 174 psa_status_t mbedtls_test_psa_key_agreement_with_self( 175 psa_key_derivation_operation_t *operation, 176 mbedtls_svc_key_id_t key ); 177 178 /** Perform sanity checks on the given key representation. 179 * 180 * If any of the checks fail, mark the current test case as failed. 181 * 182 * The checks depend on the key type. 183 * - All types: check the export size against maximum-size macros. 184 * - DES: parity bits. 185 * - RSA: check the ASN.1 structure and the size and parity of the integers. 186 * - ECC private or public key: exact representation length. 187 * - Montgomery public key: first byte. 188 * 189 * \param type The key type. 190 * \param bits The key size in bits. 191 * \param exported A buffer containing the key representation. 192 * \param exported_length The length of \p exported in bytes. 193 * 194 * \return \c 1 if all checks passed, \c 0 on failure. 195 */ 196 int mbedtls_test_psa_exported_key_sanity_check( 197 psa_key_type_t type, size_t bits, 198 const uint8_t *exported, size_t exported_length ); 199 200 /** Do smoke tests on a key. 201 * 202 * Perform one of each operation indicated by \p alg (decrypt/encrypt, 203 * sign/verify, or derivation) that is permitted according to \p usage. 204 * \p usage and \p alg should correspond to the expected policy on the 205 * key. 206 * 207 * Export the key if permitted by \p usage, and check that the output 208 * looks sensible. If \p usage forbids export, check that 209 * \p psa_export_key correctly rejects the attempt. If the key is 210 * asymmetric, also check \p psa_export_public_key. 211 * 212 * If the key fails the tests, this function calls the test framework's 213 * `mbedtls_test_fail` function and returns false. Otherwise this function 214 * returns true. Therefore it should be used as follows: 215 * ``` 216 * if( ! exercise_key( ... ) ) goto exit; 217 * ``` 218 * 219 * \param key The key to exercise. It should be capable of performing 220 * \p alg. 221 * \param usage The usage flags to assume. 222 * \param alg The algorithm to exercise. 223 * 224 * \retval 0 The key failed the smoke tests. 225 * \retval 1 The key passed the smoke tests. 226 */ 227 int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, 228 psa_key_usage_t usage, 229 psa_algorithm_t alg ); 230 231 psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, 232 psa_algorithm_t alg ); 233 234 #endif /* PSA_EXERCISE_KEY_H */ 235